On 2011-06-06 3:57 AM, Brandon Meskimen wrote:
I would like to stay away from the HTTP Proxy server because if i understand
correctly, whoever has control of the HTTP Proxiy could leak that
information. I would like to keep the more complex file properties like who
access it (already has), when i
I would like to stay away from the HTTP Proxy server because if i understand
correctly, whoever has control of the HTTP Proxiy could leak that
information. I would like to keep the more complex file properties like who
access it (already has), when it was created(already has), and most
importantly,
Peter,
Thanks for the example. Is it possible to change the file so
instead of ReadWrite access you change it to Read only? If i wanted to
prevent someone from accessing that file could i just delete the link? The
tree graph design is very good by the way.
Regards
Brandon
On Thu, Jun 2,
On 03/06/11 01:38, Greg Troxel wrote:
> Shawn Willden writes:
>> On Thu, Jun 2, 2011 at 4:48 PM, Greg Troxel wrote:
>>
>>> But when they look up a subdirectory in the
>>> directory, do they somehow get a readcap, or do they get the writecap?
>>
>> They get a readcap.
>
> So with a writecap, a re
Brian Warner writes:
> Yes, just like that. There's a table with three columns: name, readcap,
> encrypted-writecap. The whole table is serialized and stored in a
> regular mutable file (meaning the table is encrypted by the directory's
> encryption key, contained in the directory's writecap).
I don't like attenuate or diminish, because it doesn't capture what the
input is expected to be or what the output should be. Right now we have
two flavors, but with deep-verify we could end up with more, and a
lattice rather than a total ordering.
So I think perhaps
tahoe cap-make-readonly
"Zooko O'Whielacronx" writes:
> Have you seen
> http://tahoe-lafs.org/trac/tahoe-lafs/browser/trunk/docs/specifications/dirnodes.rst
No. Probably should be linked from the page I did find.
>
>> "tahoe get" on a directory didn't work:
>> Error during GET: 302 Found
>
> That's kind of a strang
Brian Warner writes:
> On 6/3/11 11:45 AM, Zooko O'Whielacronx wrote:
>> On Fri, Jun 3, 2011 at 4:28 AM, Greg Troxel wrote:
>>>
>>> But, in wiki:Capabilities, it says that a directory is just a mutable
>>> file with special interpretation.
>>
>> This is perhaps a misleading statement. The "spe
Brian Warner writes:
> On 6/3/11 11:45 AM, Zooko O'Whielacronx wrote:
>> On Fri, Jun 3, 2011 at 4:28 AM, Greg Troxel wrote:
>>>
>>> But, in wiki:Capabilities, it says that a directory is just a mutable
>>> file with special interpretation.
>>
>> This is perhaps a misleading statement. The "spe
On 6/3/11 11:45 AM, Zooko O'Whielacronx wrote:
> On Fri, Jun 3, 2011 at 4:28 AM, Greg Troxel wrote:
>>
>> But, in wiki:Capabilities, it says that a directory is just a mutable
>> file with special interpretation.
>
> This is perhaps a misleading statement. The "special interpretation"
> includes
On Fri, Jun 3, 2011 at 12:36 PM, Brian Warner wrote:
>
> If there were a dedicated CLI command, maybe "tahoe attenuate-cap"?
Nit-pick: "attenuate" means the action of a general sort of object
which owns a greater authority and offers a lesser authority. A
typical example is an object in a ocap la
On Fri, Jun 3, 2011 at 4:28 AM, Greg Troxel wrote:
>
> But, in wiki:Capabilities, it says that a directory is just a mutable
> file with special interpretation.
This is perhaps a misleading statement. The "special interpretation"
includes an added layer of decryption. Probably that statement shou
On 6/3/11 3:28 AM, Greg Troxel wrote:
> So, it seems that a directory writecap enables one to:
>
> change the directory (as expected)
>
> read the write part of writecaps stored in the directory
>
> while a directory readcap enables one only to
>
> read the read part of writecaps stored
Thanks - I see that in docs/about.rst#access-control the functionality
is explained. Certainly I see that if the dir has a readcap as the
link, even a dir writecap doesn't magically augment that. I was focused
on the case where the tree is rw and someone has a readcap.
But, in wiki:Capabiliti
Dear Brandon:
> Thank you for all the feedback. Is it possible to have multiple options like
> update, read, or delete as well?
There are two types of objects: files and directories.
A file or a directory can be either immutable or mutable.
There are three types of caps: read-caps to immutable
> So with a writecap, a read operation returns the subdir writecap?
> Do directories have both, always?
Not always. If you have a writecap to a file and you are going to add
a link to that file as a child link in a directory, you get to choose
whether to make the child link be a writecap or a read
Thank you for all the feedback. Is it possible to have multiple options like
update, read, or delete as well?
On Jun 2, 2011, at 22:30, Jeffrey Schiller wrote:
> Yep, when you have a writecap, when you list a directory you get a listing of
> writecaps of subdirs. You can downgrade any of thes
Yep, when you have a writecap, when you list a directory you get a listing
of writecaps of subdirs. You can downgrade any of these to a readcap if you
wish.
-Jeff
On Thu, Jun 2, 2011 at 8:38 PM, Greg Troxel wrote:
>
> Shawn Willden writes:
>
> > On Thu, Jun 2
Shawn Willden writes:
> On Thu, Jun 2, 2011 at 4:48 PM, Greg Troxel wrote:
>
>> But when they look up a subdirectory in the
>> directory, do they somehow get a readcap, or do they get the writecap?
>>
>
> They get a readcap.
So with a writecap, a read operation returns the subdir writecap?
Do
On Thu, Jun 2, 2011 at 4:48 PM, Greg Troxel wrote:
> But when they look up a subdirectory in the
> directory, do they somehow get a readcap, or do they get the writecap?
>
They get a readcap.
--
Shawn
___
tahoe-dev mailing list
tahoe-dev@tahoe-lafs.
One thing I've never understood, and is relevant to Brandon's qusetion:
If you give someone a readcap for a dir, I get it that they can read the
directory but not write it. But when they look up a subdirectory in the
directory, do they somehow get a readcap, or do they get the writecap?
pgpcQl
With a small correction to terminology, yes this is possible and can be done
currently. The small correction is that you can share a directory and give
RO or RW delegation to the recipient, and then they have the delegated
access to that directory and its contents including subdirectories.
For exa
I'm doing a research project this summer on using Tahoe to store electronic
medical records. My goal, if possible, would be to have the files stored in
a hierarchy tree graph with delegation by a parent child relationship. This
would mean that if you give a doctor delegation of a file they could ac
On Wed, Jun 1, 2011 at 8:03 AM, Brandon Meskimen
wrote:
> Is it possilbe to modify the mutable and immutable files access
> control to be more complex? Is it possible to give one person permission to
> access the file but not others if multiple people use the same account?
You could run a
Hello,
Is it possilbe to modify the mutable and immutable files access
control to be more complex? Is it possible to give one person permission to
access the file but not others if multiple people use the same account? Once
that permission is given can you remove? Is it possible to have a m
25 matches
Mail list logo
