[tahoe-dev] several newbie questions

Miles Fidelman mfidelman at meetinghouse.net
Thu Apr 21 07:52:28 PDT 2011


Hi Zooko,

Thanks for the detailed reply!

Zooko O'Whielacronx wrote:
> On Thu, Apr 21, 2011 at 6:58 AM, Miles Fidelman
> <mfidelman at meetinghouse.net>  wrote:
>    
>> 2. Looking at the capability mechanisms, it's not clear to what extent
>> capabilities are bound to individuals.  The standard problem with key-based
>> capabilities mechanisms is that they can be copied.
>>      
> On the other hand, various techniques which go under the rubric of
> "DRM" can incompletely prevent people from doing that, and as far as
> I've thought about it, Tahoe-LAFS does not prevent you from using
> those techniques to deter people from sharing access to data.
>    

One of the long-standing arguments against capability-based security has 
been transitivity (I give you a capability, you can just pass it along) 
- vs. centralized access control servers (e.g., Kerberos).

In response, there's been a lot of work that's focused on 
cryptographically binding capabilities to individuals - e.g. by using an 
individual's public key to generate a capability that's unique to that 
individual.  There's a really good summary, with literature links, at 
http://www.erights.org/elib/capability/ode/overview.html.

> This is one of those topics where generalized statements about what is
> good and bad generate more heat than light, but concrete technical
> details can help everyone understand better.
>
> So, if you want to pursue this topic, please share with us what you
> goals are and we can discuss details about how such goals could be
> met.
>    

Well... since you asked....  I'm  basically looking for the holy grail - 
a massively distributed file, multi-access, p2p, secure file store :-)

More seriously, I've been looking for a file system to underlie some 
technology development for very dispersed P2P collaboration - a general 
purpose, massively distributed, disconnection-tolerant filesystem is 
really a key component.  I've been exploring several different avenues:

- traditional cluster file systems - but I've yet to see one that works 
across the wide area (Ceph looks interesting but is still way early in 
its development)

- noSQL databases (particularly CouchDB for documents, RIAK for 
key-value stores) - these are pretty viable and production ready at this 
point (massive replication is a sort-of-understood approach, dating back 
to nntp, but isn't all that secure, and wastes a lot of storage space)

- some of the DHT-based approaches look really interesting - but none of 
them seem to have really developed into mature capabilities (e.g., 
WheelFS as the most recent incarnation)

- P2P networks (e.g., gnutella)

- distributed version control systems (notably GIT and DARCS)

- and then there's the train of development based on dispersed storage 
and erasure coding - dating back to Oceanstore, with Cleversafe and 
Tahoe-lafs as the latest incarnations - and I keep getting drawn back to 
Tahoe - the Tiddlywiki in Tahoe implementation is along the same lines 
as what we're pursuing, which leads to two fairly strict requirements: 
consistency control / conflict resolution mechanisms, and fairly 
granular access control -- hence my inquiries

I expect we'll end up going with either a noSQL, gnutella, or DCVS 
approach (or a hybrid thereof) - but I keep hoping to find a more 
general underlying platform - and Tahoe is the closest I've found.

Thanks,

Miles Fidelman

-- 
In theory, there is no difference between theory and practice.
In<fnord>  practice, there is.   .... Yogi Berra




More information about the tahoe-dev mailing list