The obstor architecture implements strong, fine grained security mechanisms modeled upon UN*X style permissions. There is full support for authentication, authorization, nonrepudiation, integrity, and privacy.

The data access interface relies on a cryptographically secure capability to control accesses at the Object Storage Device (OSD). These capabilities are generated by the Filesystem Manager after it checks access control for a Client. They are returned to the Client and passed to the OSD , which verifies that the capability allows the requested operation. Each capability is specific to a particular object, an operation on that object, a byte range within the object, and has an explicit expiration time. The capabilities are signed with a secret key that is shared by the OSD and the Filesystem Manager.

[Home] [Technologies] [Fibre Channel] [obstor] [Contact]

copyright 2004 lingua data - ‘obstor’, ‘tribell’ logo and graphic are tm of lingua data