translating the languages of data storage and transmission
The obstor architecture implements strong, fine grained security mechanisms modeled upon UN*X style permissions. There is full support for authentication, authorization, nonrepudiation, integrity, and privacy.
The data access interface relies on a cryptographically secure capability to control accesses at the Object Storage Device (OSD). These capabilities are generated by the Filesystem Manager after it checks access control for a Client. They are returned to the Client and passed to the OSD , which verifies that the capability allows the requested operation. Each capability is specific to a particular object, an operation on that object, a byte range within the object, and has an explicit expiration time. The capabilities are signed with a secret key that is shared by the OSD and the Filesystem Manager.