[tahoe-dev] Access control and permissions on a tahoe grid
Zooko Wilcox-O'Hearn
zooko at zooko.com
Sat Jun 13 13:56:43 PDT 2009
On Jun 13, 2009, at 11:53 AM, Terrell Russell wrote:
>> Fortunately this last one is also the easiest to implement in a
>> robust way -- we simply need to define a special "freeze" message
>> that puts a mutable file or directory into a state where it can't
>> be changed again (including that it can't be unfrozen). If I had
>> that, then after updating my old blog to announce that it had
>> moved to a new location, I could freeze it and would then be safe
>> from the danger that someone else would take it over and make
>> updates to it in my name.
>
> Is this not the same as simply 'forwarding' the write capability to
> the read capability?
Hm. The "freezing" that I want is an action on the part of the
storage servers (and possibly also the clients who are reading), not
on the part of the holder of the capability. The point is that there
are some people out there -- in the case of my blog a potentially
large number of people that I don't know -- who each have a read-cap
to my blog, and I have a write-cap, and then someone else illicitly
stole a copy of my write cap. Now I need to revoke the ability of
that copy of my write-cap (and therefore also of my own write-cap) to
write updates to my blog. I can't contact all the people who might
have the read-cap.
Regards,
Zooko
More information about the tahoe-dev
mailing list