DISPERSED STORAGE NETWORK WITH ACCESS CONTROL AND METHODS FOR USE THEREWITH
First Claim
1. A method for authenticating, through use of a dispersed storage unit, a user device request from a user device to access a dispersed storage network (DSN), the method comprising:
- receiving, from a first proxy system element of the DSN, a first authentication request regarding executing a first portion of the user device request;
verifying the first authentication request;
when the first authentication request is validated, determining when a permissions list indicates that the user device has access permission corresponding to the user device request;
sending, to the first proxy system element, a first favorable response such that the first proxy system element is allowed to execute the first portion of the user device request when the permissions list indicates that the user device has access permission corresponding to the user device request;
receiving, from a second proxy system element, a second authentication request regarding executing a second portion of the user device request;
verifying the second authentication request;
when the second authentication request is validated, determining when the permissions list indicates that the user device has access permission corresponding to the user device request;
sending, to the second proxy system element, a second favorable response such that the second proxy system element is allowed to execute the second portion of the user device request when the permissions list indicates that the user device has access permission corresponding to the user device request.
4 Assignments
0 Petitions
Accused Products
Abstract
In a dispersed storage network where slices of secure user data are stored on geographically separated storage units (44), a managing unit (18) connected to the network (20) may seek to broadcast and update secure access control list information across the network (20). Upon a target device (e.g., devices 12, 14, 16, 18, or 44) receiving the broadcast, the target device creates and sends an access control list change notification message to all other system devices that should have received the same broadcast if the broadcast is a valid request to update access control list information. The target device waits for responses from the other system devices to validate that the broadcast has been properly sent to a threshold number of other system devices before taking action to operationally change local data in accordance with the broadcast.
-
Citations
20 Claims
-
1. A method for authenticating, through use of a dispersed storage unit, a user device request from a user device to access a dispersed storage network (DSN), the method comprising:
-
receiving, from a first proxy system element of the DSN, a first authentication request regarding executing a first portion of the user device request; verifying the first authentication request; when the first authentication request is validated, determining when a permissions list indicates that the user device has access permission corresponding to the user device request; sending, to the first proxy system element, a first favorable response such that the first proxy system element is allowed to execute the first portion of the user device request when the permissions list indicates that the user device has access permission corresponding to the user device request; receiving, from a second proxy system element, a second authentication request regarding executing a second portion of the user device request; verifying the second authentication request; when the second authentication request is validated, determining when the permissions list indicates that the user device has access permission corresponding to the user device request; sending, to the second proxy system element, a second favorable response such that the second proxy system element is allowed to execute the second portion of the user device request when the permissions list indicates that the user device has access permission corresponding to the user device request. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A dispersed storage unit adapted to be coupled to a dispersed storage network (DSN), the dispersed storage unit comprising:
-
input/output interface circuitry adapted to be coupled to the DSN; memory; and a processing module operably coupled to the memory and to the input/output interface circuitry, wherein the processing module is operable to; receive from a first proxy system element of the DSN, a first authentication request regarding executing a first portion of a user device request from a user device; verify the first authentication request; when the first authentication request is validated, determine when a permissions list indicates that the user device has access permission corresponding to the user device request; send to the first proxy system element, a first favorable response such that the first proxy system element is allowed to execute the first portion of the user device request when the permissions list indicates that the user device has access permission corresponding to the user device request; receive from a second proxy system element, a second authentication request regarding executing a second portion of the user device request; verify the second authentication request; when the second authentication request is validated, determine when the permissions list indicates that the user device has access permission corresponding to the user device request; send to the second proxy system element, a second favorable response such that the second proxy system element is allowed to execute the second portion of the user device request when the permissions list indicates that the user device has access permission corresponding to the user device request. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification