[tahoe-dev] Tahoe and restricting uploads
Nathan
nejucomo at gmail.com
Sat Nov 22 17:16:33 PST 2008
Hello,
It occurred to me there might be a simpler scheme to restrict uploads
to a grid versus the current accounting design. (It may actually
entail something just as complicated, but I'm interested to hear
responses.)
As a caveat, I haven't read the design doc, but skimmed it and recall
from conversations that it involves accounting, reference counting,
plus various cryptographic mechanisms.
The idea is to represent the ability to create a new file or directory
as a capability.
A minimalist implementation would re-use the same mechanism that
enforces write-cap ownership to alter files or directories. However,
instead of a proof of write-cap ownership depending on a particular
file or directory, it would depend on something grid-wide.
I imagine altering this idealized API:
mkdir() -> writecap
new_file() -> writecap
update_file(writecap, contents) -> nil
update_directory(writecap, linkname, destcap_or_nil) -> nil
The alteration would only change the mkdir and new_file operations to:
mkdir(creationcap) -> writecap
new_file(creationcap) -> writecap
A minimal implementation might configure the creationcap by requiring
the user to place a public key representing the grid-wide creation
capability prover into their tahoe config. The grid owner would
carefully hand out the private key.
Note, this api design would allow nodes which have a writecap but
*not* a creationcap to alter directory links or update file contents.
Is implementing this simple? Does it represent a meaningful axis for
representing capabilities?
To me, it seems it solves the particular use case.
More information about the tahoe-dev
mailing list