Advancing the state of Tahoe-LAFS storage server access control

Jean-Paul Calderone jean-paul+tahoe-dev at leastauthority.com
Wed Nov 13 20:10:45 UTC 2019


Hi all,

I have now finished a first pass of a plugin system for Tahoe-LAFS which
allows third-parties to supply objects which define the storage protocol.
I also have a rudimentary but working plugin for this interface which
applies a PrivacyPass-like cryptographic protocol as an authorization
mechanism to storage operations which allocate storage.

The former is available in the form of a PR against Tahoe-LAFS master.
This PR is for an integration branch which has had many smaller PRs merged
into it, each of which has been reviewed in the usual way for Tahoe-LAFS
development.  Thus, all of the changes this PR proposes for master have
already been reviewed.  I'm still interested in any feedback on this work
but in particular I'd like some sign that there's no objection to having
these changes merged.  I think this should be uncontroversial as all of the
existing behavior is preserved (so far as I can tell) and any clients and
storage nodes not opting in to use of a plugin won't notice any change.
The PR is at https://github.com/tahoe-lafs/tahoe-lafs/pull/631.  I hope to
get some feedback but I'll also take a few days of silence to mean no one
objects. :)  Again, all the code *has* been reviewed already.

The latter is at https://github.com/privatestorageio/zkapauthorizer for
anyone interested in that part of things.

Thanks,
Jean-Paul
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://tahoe-lafs.org/pipermail/tahoe-dev/attachments/20191113/7876c63a/attachment.html>


More information about the tahoe-dev mailing list