Hello, It occurred to me there might be a simpler scheme to restrict uploads to a grid versus the current accounting design. (It may actually entail something just as complicated, but I'm interested to hear responses.)
As a caveat, I haven't read the design doc, but skimmed it and recall from conversations that it involves accounting, reference counting, plus various cryptographic mechanisms. The idea is to represent the ability to create a new file or directory as a capability. A minimalist implementation would re-use the same mechanism that enforces write-cap ownership to alter files or directories. However, instead of a proof of write-cap ownership depending on a particular file or directory, it would depend on something grid-wide. I imagine altering this idealized API: mkdir() -> writecap new_file() -> writecap update_file(writecap, contents) -> nil update_directory(writecap, linkname, destcap_or_nil) -> nil The alteration would only change the mkdir and new_file operations to: mkdir(creationcap) -> writecap new_file(creationcap) -> writecap A minimal implementation might configure the creationcap by requiring the user to place a public key representing the grid-wide creation capability prover into their tahoe config. The grid owner would carefully hand out the private key. Note, this api design would allow nodes which have a writecap but *not* a creationcap to alter directory links or update file contents. Is implementing this simple? Does it represent a meaningful axis for representing capabilities? To me, it seems it solves the particular use case. _______________________________________________ tahoe-dev mailing list [email protected] http://allmydata.org/cgi-bin/mailman/listinfo/tahoe-dev
