(2010/01/07 13:02), Matt Ingenthron wrote: > dormando wrote: >>> Getting down to the item level would be tough to accept due to the >>> overhead >>> involved, one would think though. There may be some ways of getting >>> closer to >>> access control though without going down to the item level. >> >> This seems like it'll be solved by an engine dealio. Mapping a user to an >> internal instance of the storage system. Sort of like running multiple >> instances, *cough*. Getting super granular access levels for a web cache >> (more than a few dozen users) would be insane, but if someone really >> wants >> to they could implement a storage engine for it. > > My thoughts exactly. That's what engine is for!
Does the engine mean something pluggable or modular? If so, it is similar to what I think. One question. Is the storage engine an appropriate layer for access controls on item level? It might be possible to provide strict separation between users. Is it possible to provide read-only or append-only rules for a certain users in the item level granularity? >> It'd be incredibly inefficient on memory, compared to keeping the number >> of users down or even running multiple instances. > > Only if you were trying to go all the way down to the item level. It's > possible to have groups of slabs that are dedicated to one label/auth or > something like that, right? It may be possible. However, if the usage of slabs are not balanced, it may remove cached object, although we have unallocated cache in the slab owned by other label/auth. right? Thanks, -- OSS Platform Development Division, NEC KaiGai Kohei <[email protected]>
