Changes between Initial Version and Version 1 of Capabilities


Ignore:
Timestamp:
2009-02-05T21:54:14Z (15 years ago)
Author:
terrell
Comment:

a clean description of capabilities, their derivation, and naming conventions in tahoe

Legend:

Unmodified
Added
Removed
Modified

  • Capabilities

    v1 v1  
     1from the mailing list archives - [http://allmydata.org/pipermail/tahoe-dev/2009-February/001110.html Feb 2009 - Brian Warner]
     2
     3{{{
     4 1: immutable file read-only capability string  URI:CHK:
     5 2: immutable file verify capability string     URI:CHK-Verifier:
     6
     7 3: mutable file read-write capability string   URI:SSK:
     8 4: mutable file read-only capability string    URI:SSK-RO:
     9 5: mutable file verify capability string       URI:SSK-Verifier:
     10
     11 6: directory read-write capability string      URI:DIR2:
     12 7: directory read-only capability string       URI:DIR2-RO:
     13 8: directory verify capability string          URI:DIR2-Verifier:
     14
     15In Tahoe, directories are built out of mutable files (a directory is really
     16just a particular way to interpret the contents of a given mutable file), and
     17non-directory mutable files aren't used very much. All normal data files are
     18uploaded into immutable files by default.
     19
     20Some capabilities can be used to derive others. If you have #1, you can
     21derive #2 (but not the other way around). The full table is:
     22
     23 #1->#2
     24 #3->#4->#5
     25 #6->#7->#8
     26
     27So we use "filecap" to talk about #1+#3+#4, but (since most files are
     28immutable) we're usually talking about #1. We use "dircap" to talk about #6
     29and #7. We use "readcap" to talk about #1,#4, and #7, but usually we refer to
     30#7 as a "directory readcap". We use "writecap" to talk about #3 and #6.
     31
     32A "verifycap" is the weakest capability that still allows every bit of every
     33share to be validated (hashes checked, signatures verified, etc). That means
     34#2, #5, and #8.
     35
     36When we talk about a "repaircap", we mean "the weakest capability that can
     37still be used to repair the file". Given the current limitations of the
     38repairer and our webapi, that means we're talking about #1, #3, or #6.
     39Eventually we'll fix this limitation, and any verifycap should be useable as
     40a repaircap too. (there's much less work involved to let #2 repair a file..
     41it's just an incomplete API, rather than a fundamental redesign of the server
     42protocol).
     43
     44We then use the somewhat-vague term "rootcap" to refer to a cap (usually a
     45directory write cap) that is not present inside any directory, so the only
     46way to ever reach it is to remember it somewhere outside of Tahoe. It might
     47be remembered in the allmydata.com rootcap database (indexed by account name
     48plus password), or it might be remembered in a ~/.tahoe/private/aliases file,
     49or it might just be written down on a piece of paper. The point is that you
     50have to start from somewhere, and we refer to such a starting point as a
     51"rootcap".
     52
     53}}}