[Openstack] [Swift] S3 like ACL for Swift
John Dickinson
me at not.mn
Wed Jun 20 16:08:55 UTC 2012
On Jun 20, 2012, at 11:02 AM, Victor Rodionov wrote:
>
> Also, I want ask do you think it's good idea to store object ACL in object metadata?
I'd suggest looking at container-level ACLs rather than object-level. But either way, the data does need to be stored in the metadata in swift itself. Storing the ACL information for tens of millions of containers or a hundred billion objects can't really be done well in the auth system. This is why the information needs to be stored in swift itself. The auth middleware then queries the auth system with the auth token and URL and gets back the allowed groups. The middleware then compares the groups returned from the auth system to the groups stored in the metadata. This is essentially the design of ACLs in tempauth and swauth.
--John
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4329 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20120620/9dcd320c/attachment.bin>
More information about the Openstack
mailing list