Sage, > I suspect most users will be satisfied with the ability to delegate trust to > (root on) a client host mounting the fs, as they're accustomed to doing > with NFS.
Don't assume that I'm satisfied with anything I'm accustomed to doing with NFS ;) Okay, back to lurking. Adam On Fri, Aug 14, 2009 at 2:38 PM, Sage Weil <s...@newdream.net> wrote: > > Hi Ethan! > > On Fri, 14 Aug 2009, Ethan L. Miller wrote: > > Andrew Leung, Stephanie Jones, and I designed a protocol to do this in > > 2007. You should look at the paper we wrote: > > <http://www.ssrc.ucsc.edu/pub/leung07-sc.html> > > This protocol deals primarily with the problem of authorizing clients to > access individual (sets of) objects (based on file ownership, etc.) within > the object store. We're initially solving the more basic problem of > authentication and authorization of the client to talk to the MDSs/OSDs > (i.e., mount the file system) in the first place. Andrew's prototype more > or less assumes that problem is already solved. (In particular, the > monitor hands out user tickets to anyone who asks.) > > The initial goal is simply to avoid a userland client instance from > getting complete access to the file system. And to restrict librados > users to individual object storage pools. > > Once that problem is solved, implementing fine grained per-file access > control is certainly possible, but at this stage I suspect most users will > be satisfied with the ability to delegate trust to (root on) a client host > mounting the fs, as they're accustomed to doing with NFS. > > sage > > > > The protocol we designed used the MDS to hand out keys, and supported > > group authentication as well as expiring keys with group renewals. It > > also supported delegation: a user could generate a public/private key > > pair and delegate access to only specific files to anyone with the > > private key that was generated. The result was a highly scalable > > security system with less than 5% overhead (sometimes much less) on > > the benchmarks we ran. > > > > The code was implemented in Ceph, and Andrew likely has it around > > somewhere. It probably needs to be updated to work with the current > > version of Ceph, and will need bulletproofing, but it's a good start. > > > > > We're currently working on an authentication module for ceph. This > > > will allow us both keeping the cluster secured internally, as no bad > > > servers will be able to join the cluster, and both externally. E.g., > > > only permitted clients will be able to do certain specified > > > operations. This is just a rough description of what we consider right > > > now, but here it is: > > > > > > The following are the basic requirements: > > > * Robust, scalable, keeps up with the cluster's consistency. > > > * Identify the different cluster modules (e.g., mon, mds and osd) and > > > allow only the permitted entities to participate in the cluster > > > * Identify the clients, and set up a mechanism to authenticate them. > > > Establish a session between the client and the cluster > > > * The created session will allow the client to communicate with the > > > different cluster entities > > > * It will be possible to sign (and possibly encrypt) all protocol > > > operations > > > > > I'd love to hear any comment, idea or request that you might have as > > > we're about to start implementing this stuff. > > > > ( Ethan L. Miller Email: e...@cs.ucsc.edu ) > > ( Professor, Computer Science Web: http://www.cs.ucsc.edu/~elm/ ) > > ( University of California Phone: +1 831 459-1222 ) > > ( Santa Cruz, CA 95064 USA Fax: +1 831 459-1041 ) > > ( PGP keyprint: 76C7 D699 1FF6 A1A4 B7A1 9629 2EBF 1273 A6ED 6A09 ) > > > > > > ------------------------------------------------------------------------------ > > Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day > > trial. Simplify your report design, integration and deployment - and focus > > on > > what you do best, core application coding. Discover what's new with > > Crystal Reports now. http://p.sf.net/sfu/bobj-july > > _______________________________________________ > > Ceph-devel mailing list > > Ceph-devel@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/ceph-devel > > > > > > ------------------------------------------------------------------------------ > Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day > trial. Simplify your report design, integration and deployment - and focus on > what you do best, core application coding. Discover what's new with > Crystal Reports now. http://p.sf.net/sfu/bobj-july > _______________________________________________ > Ceph-devel mailing list > Ceph-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/ceph-devel ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Ceph-devel mailing list Ceph-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ceph-devel
