[tahoe-dev] Access control and permissions on a tahoe grid

Zooko Wilcox-O'Hearn zooko at zooko.com
Sat Jun 13 20:56:43 UTC 2009


On Jun 13, 2009, at 11:53 AM, Terrell Russell wrote:

>> Fortunately this last one is also the easiest to implement in a  
>> robust way -- we simply need to define a special "freeze" message  
>> that puts a mutable file or directory into a state where it can't  
>> be changed again (including that it can't be unfrozen).  If I had  
>> that, then after updating my old blog to announce that it had  
>> moved to a new location, I could freeze it and would then be safe  
>> from the danger that someone else would take it over and make  
>> updates to it in my name.
>
> Is this not the same as simply 'forwarding' the write capability to  
> the read capability?

Hm.  The "freezing" that I want is an action on the part of the  
storage servers (and possibly also the clients who are reading), not  
on the part of the holder of the capability.  The point is that there  
are some people out there -- in the case of my blog a potentially  
large number of people that I don't know -- who each have a read-cap  
to my blog, and I have a write-cap, and then someone else illicitly  
stole a copy of my write cap.  Now I need to revoke the ability of  
that copy of my write-cap (and therefore also of my own write-cap) to  
write updates to my blog.  I can't contact all the people who might  
have the read-cap.

Regards,

Zooko



More information about the tahoe-dev mailing list