Index: kernel/generic/include/arch.h
===================================================================
--- kernel/generic/include/arch.h	(revision deaa22f01020fc8d432df92b990024d02d453083)
+++ kernel/generic/include/arch.h	(revision ec2c55a4c241975f1e193ce31dbbbe525c29fdf1)
@@ -44,9 +44,14 @@
 #include <arch/asm.h> 
 
+#define DEFAULT_CONTEXT		0
+
 #define CPU			THE->cpu
 #define THREAD			THE->thread
 #define TASK			THE->task
 #define AS			THE->as
+#define CONTEXT		(THE->task ? THE->task->context : DEFAULT_CONTEXT)
 #define PREEMPTION_DISABLED	THE->preemption_disabled
+
+#define context_check(ctx1, ctx2)	((ctx1) == (ctx2))
 
 /**
@@ -61,8 +66,7 @@
 	cpu_t *cpu;			/**< Executing cpu. */
 	as_t *as;			/**< Current address space. */
-	context_id_t context;	/**< Current security context. */
 };
 
-#define THE		((the_t *)(get_stack_base()))	
+#define THE		((the_t *)(get_stack_base()))
 
 extern void the_initialize(the_t *the);
Index: kernel/generic/include/proc/thread.h
===================================================================
--- kernel/generic/include/proc/thread.h	(revision deaa22f01020fc8d432df92b990024d02d453083)
+++ kernel/generic/include/proc/thread.h	(revision ec2c55a4c241975f1e193ce31dbbbe525c29fdf1)
@@ -147,5 +147,4 @@
 	int priority;				/**< Thread's priority. Implemented as index to CPU->rq */
 	uint32_t tid;				/**< Thread ID. */
-	context_id_t context;		/**< Thread security context */
 	
 	thread_arch_t arch;			/**< Architecture-specific data. */
Index: kernel/generic/src/ddi/ddi.c
===================================================================
--- kernel/generic/src/ddi/ddi.c	(revision deaa22f01020fc8d432df92b990024d02d453083)
+++ kernel/generic/src/ddi/ddi.c	(revision ec2c55a4c241975f1e193ce31dbbbe525c29fdf1)
@@ -130,7 +130,9 @@
 	t = task_find_by_id(id);
 	
-	if (!t) {
+	if ((!t) || (!context_check(CONTEXT, t->context))) {
 		/*
-		 * There is no task with the specified ID.
+		 * There is no task with the specified ID
+		 * or the task belongs to a different security
+		 * context.
 		 */
 		spinlock_unlock(&tasks_lock);
Index: kernel/generic/src/proc/task.c
===================================================================
--- kernel/generic/src/proc/task.c	(revision deaa22f01020fc8d432df92b990024d02d453083)
+++ kernel/generic/src/proc/task.c	(revision ec2c55a4c241975f1e193ce31dbbbe525c29fdf1)
@@ -116,5 +116,5 @@
 	ta->main_thread = NULL;
 	ta->refcount = 0;
-	ta->context = THE->context;
+	ta->context = CONTEXT;
 
 	ta->capabilities = 0;
@@ -122,7 +122,7 @@
 	
 	ipc_answerbox_init(&ta->answerbox);
-	for (i=0; i < IPC_MAX_PHONES;i++)
+	for (i = 0; i < IPC_MAX_PHONES; i++)
 		ipc_phone_init(&ta->phones[i]);
-	if (ipc_phone_0)
+	if ((ipc_phone_0) && (context_check(ipc_phone_0->task->context, ta->context)))
 		ipc_phone_connect(&ta->phones[0], ipc_phone_0);
 	atomic_set(&ta->active_calls, 0);
Index: kernel/generic/src/proc/the.c
===================================================================
--- kernel/generic/src/proc/the.c	(revision deaa22f01020fc8d432df92b990024d02d453083)
+++ kernel/generic/src/proc/the.c	(revision ec2c55a4c241975f1e193ce31dbbbe525c29fdf1)
@@ -59,5 +59,4 @@
 	the->task = NULL;
 	the->as = NULL;
-	the->context = 0;
 }
 
Index: kernel/generic/src/proc/thread.c
===================================================================
--- kernel/generic/src/proc/thread.c	(revision deaa22f01020fc8d432df92b990024d02d453083)
+++ kernel/generic/src/proc/thread.c	(revision ec2c55a4c241975f1e193ce31dbbbe525c29fdf1)
@@ -319,5 +319,4 @@
 	memcpy(t->name, name, THREAD_NAME_BUFLEN);
 	
-	t->context = THE->context;
 	t->thread_code = func;
 	t->thread_arg = arg;
@@ -535,6 +534,6 @@
 		
 			t = (thread_t *) node->value[i];
-			printf("%s: address=%#zx, tid=%zd, context=%ld, state=%s, task=%#zx, code=%#zx, stack=%#zx, cpu=",
-				t->name, t, t->tid, t->context, thread_states[t->state], t->task, t->thread_code, t->kstack);
+			printf("%s: address=%#zx, tid=%zd, state=%s, task=%#zx, context=%ld, code=%#zx, stack=%#zx, cpu=",
+				t->name, t, t->tid, thread_states[t->state], t->task, t->task->context, t->thread_code, t->kstack);
 			if (t->cpu)
 				printf("cpu%zd", t->cpu->id);
Index: kernel/generic/src/security/cap.c
===================================================================
--- kernel/generic/src/security/cap.c	(revision deaa22f01020fc8d432df92b990024d02d453083)
+++ kernel/generic/src/security/cap.c	(revision ec2c55a4c241975f1e193ce31dbbbe525c29fdf1)
@@ -112,5 +112,5 @@
 	spinlock_lock(&tasks_lock);
 	t = task_find_by_id((task_id_t) taskid_arg.value);
-	if (!t) {
+	if ((!t) || (!context_check(CONTEXT, t->context))) {
 		spinlock_unlock(&tasks_lock);
 		interrupts_restore(ipl);
@@ -123,7 +123,4 @@
 	
 	spinlock_unlock(&tasks_lock);
-	
-
-	
 	interrupts_restore(ipl);	
 	return 0;
@@ -154,5 +151,5 @@
 	spinlock_lock(&tasks_lock);	
 	t = task_find_by_id((task_id_t) taskid_arg.value);
-	if (!t) {
+	if ((!t) || (!context_check(CONTEXT, t->context))) {
 		spinlock_unlock(&tasks_lock);
 		interrupts_restore(ipl);