Authorization and access control in a distributed file repository

摘要

A distributed file repository is described. It supports interaction between different machines used by a single user, as well as between users that share data. Files can be replicated and consistency will be maintained, or files can be shipped (copied) to a remote site. As with more traditional systems, the servers are trusted not to leak information. However, the rôle servers play is not as much the hub in the system. In particular, users are in charge of delegating acccess to files. For flexibility, delegations might take place outside of the realm of the system proper; by any means available to the users. Users can delegate access rights to local and remote users, including remote users in other domains. ACLs are used to maintain local access control; capabilities are used to access remote files. These capabilities are valid within epochs, but are immediately revoked when being used, thus being valid at-most-once. In essence, we have realized a flexible infrastructure where users can implement their own security policy.