[tahoe-dev] Access control and permissions on a tahoe grid

Kevin Reid kpreid at mac.com
Mon Jun 15 10:03:17 PDT 2009 

On Jun 15, 2009, at 12:36, Rufus Pollock wrote:
> 2009/6/12 Kevin Reid <kpreid at mac.com>:
>> To implement your "data of general interest" policy, you could  
>> provide
>> someone with a storage authority which permits them to use U+A  
>> bytes, where
>> A is the margin for uploading new files, and U is the total size of  
>> files
>> which they have published links to in your catalog (directly or  
>> indirectly
>> by a Tahoe directory) which have been reviewed as being of general  
>> interest.
>
> That seems like a neat idea. Does the accounting system allow you to
> "identify" the owner of a given share/file? If so that might be enough
> for what we want.

There is no such thing as the owner of a file: consider even that  
convergent encryption means that if the same (immutable) file is  
uploaded twice the same file-cap results.

OK, so this means that my scheme as is isn't proof against claiming  
credit for someone else's upload.

You need the storage servers to participate, then. Here's one way:

Give the storage servers a facility which hands out certificates that  
say: "The first client to send me a share for the file whose verifycap  
is <X> also gave me data <Y>". Then the uploading client makes Y a  
statement which is evaluated by the open-data-accounting-authority:  
"Give account <Z> more space proportional to this file, provided it is  
approved."

The storage servers are relied upon to honestly report credit for  
first upload (so a colluding storage server can hand out false credit,  
but the duplication would be noticed); it's up to the client to choose  
"who" gets credit but that's harmless.

Please note that none of this involves "real" user identities; all  
that is needed is to be able to designate previous storage-authority  
recipients to receiver further storage.

>>> 2. How do you control who can join a grid?
>>>
>>> Is there any way to configure my node only to talk to these other
>>> nodes?
>>
>>  - Restricting uploading of new files?
>
> More along these lines.

Accounting should be all you need for that; entrance restrictions  
would not prohibit arbitrary upload after the fact, so you'd need  
additional checks -- which ends up just being accounting.

-- 
Kevin Reid                                  <http://switchb.org/kpreid/>

More information about the tahoe-dev mailing list