I've just been reading the OceanStore paper, which I highly recommend to everyone -- http://oceanstore.cs.berkeley.edu/ -- they've got a whole lot of great ideas. interestingly, their naming scheme seems to be exactly like ours: SVKs, CHKS, and redirects, although of course they don't call them that.
Anyway, they control permissions for updates by associating to each file a certificate signed by the owner saying "use access control list X" for this object, where X can be some default setting or another file. An entry in an ACL consists of a granted permission level plus the grantee's public key. This seems like a more flexible idea that our current owner-signs-update model. To create a publically-writeable subspace, for example, insert a special file named ACL which says that anyone can create a new file but not overwrite an existing one. This gets around the cryptographic weakness of using a private key as the SVK key, and prevents people from overwriting each other. The downside is that you'd have to retrieve the ACL each time you wanted to verify a file. Thoughts? theo _______________________________________________ Devl mailing list Devl at freenetproject.org http://www.uprizer.com/mailman/listinfo/devl
