System and method for multi-level token management for distributed file systems

US 5,634,122 A
Filed: 12/30/1994
Issued: 05/27/1997
Est. Priority Date: 12/30/1994
Status: Expired due to Term

First Claim

Patent Images

1. A system for managing shared data in a data processing system, the system comprising:

first means for managing requests for authorization for a computer implemented process to perform an operation on shared data generated by a first means for requesting according to a first file system protocol;

second means for managing requests for authorization for a computer implemented process to perform an operation on shared data generated by a second means for requesting according to a second file system protocol, said second means for managing including a second means for granting authorization tokens to a file system client in response to a client operation request;

first means for granting authorization tokens allowing an operation to be performed on said shared data, said means for granting being responsive to said first and second means for managing.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for controlling access to shared resources in a distributed computer system. Access to shared resources is controlled by a local authorization token manager. Only computer processes holding authorization tokens for the requested operation may perform that operation. Each requested operation checks for the proper token. If the token is not held by the process, it is requested. The local token manager resolves token conflicts before granting tokens. A token manager of a distributed file system export protocol also is able to request authorization tokens from the local token manager. The export protocol token manager controls authorization tokens for that particular distributed file system protocol. Multiple different export protocols may request tokens from the local token manager. The shared resources may therefore be shared by multiple different export protocols without conflict. Local processes and processes requesting shared resource operations through an export protocol that does not itself manage tokens are granted tokens through the operation token request mechanism. This mechanism enables local processes to use shared resources without the performance penalty of having to request through a local distributed client process.

Citations

17 Claims

1. A system for managing shared data in a data processing system, the system comprising:
- first means for managing requests for authorization for a computer implemented process to perform an operation on shared data generated by a first means for requesting according to a first file system protocol;
  
  second means for managing requests for authorization for a computer implemented process to perform an operation on shared data generated by a second means for requesting according to a second file system protocol, said second means for managing including a second means for granting authorization tokens to a file system client in response to a client operation request;
  
  first means for granting authorization tokens allowing an operation to be performed on said shared data, said means for granting being responsive to said first and second means for managing.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The system of claim 1, further comprising:
    - means for performing an operation on shared data, said means for performing including;
      
      means for testing for the presence of an authorization token from said first means for granting authorization tokens.
  - 3. The system of claim 1, wherein said means for granting comprises:
    - interface means for accepting authorization token requests in a specified format; and
      
      local token management means for managing granted authorization tokens.
  - 4. The system of claim 3, wherein said local token management means includes:
    - means for accepting an authorization token request;
      
      means for testing said authorization token request to determine whether said request conflicts with tokens already granted;
      
      means for granting said authorization request if no conflicts exists; and
      
      means for resolving request conflicts.
  - 5. The system of claim 4, wherein said means for resolving comprises:
    - means for determining an identity of a computer implemented process previously granted a conflicting authorization token; and
      
      means for revoking said previously granted authorization token.means for transforming said token request into a second format.
  - 6. The system of claim 3, wherein said second means for managing comprises:
    - means for accepting an authorization token request in a first format;
      
      means for transforming said token request into a second format compatible with said interface means; and
      
      means for sending a reformatted authorization token request to said first means for granting authorization tokens.

7. A method for controlling access to resources in a computer system having a processor, memory and a plurality of resources, the system having at least one distributed file system protocol exporter with a token manager using explicit authorization tokens for synchronizing file system operations of distributed file system clients, the method comprising the steps of:
- restricting access to said shared resources to computer implemented processes having an authorization token for a requested operation on said shared resources;
  
  receiving a request from a distributed file system token manager for a local authorization token for a shared resource;
  
  granting a local authorization token if no conflicting tokens are outstanding, otherwise, resolving the conflicting tokens;
  
  intercepting each request for an operation on said shared resources;
  
  testing said request to determine whether said request is a request from a distributed file system protocol exporter using explicit authorization tokens;
  
  requesting a local authorization token for said intercepted request, if said request is not from such a distributed file system protocol exporter;
  
  granting a local authorization token if no conflicting tokens are outstanding, otherwise, resolving the conflicting tokens; and
  
  authorizing performance of said operation if said request has a granted local authorization token.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The method of claim 7, wherein said requests may originate from a plurality of different file system export protocols.
  - 9. The method of claim 7, further comprising the steps of:
    - accepting by said distributed file system token manager of an authorization token request from a distributed file system protocol exporter client process;
      
      testing said request against local authorization tokens held by said token manager and granting said request if a compatible token is held, resolving a conflict if a conflicting token is held, and requesting a token from if no token is held;
      
      wherein the step of requesting a token includes the steps of;
      
      transforming the authorization request into a form required by said granting step; and
      
      sending a request for an authorization token to a next token manager.
  - 10. The method of claim 9, wherein the next token manager is a local token manager.
  - 11. The method of claim 7 wherein said authorization tokens include a "stashing" token and a "reintegration" token to support disconnected operations.

12. A computer program product having a computer readable medium having computer program logic recorded thereon for controlling access to managing shared resources in a data processing system that includes at least one distributed file system protocol exporter, said computer program product comprising:
- first program product means for managing requests for authorization for a computer implemented process to perform an operation on shared data generated by a first program product means for requesting according to a first file system protocol;
  
  second program product means for managing requests for authorization for a computer implemented process to perform an operation on shared data generated by a second program product means for requesting according to a second file system protocol, said second program product means for managing including a second program product means for granting authorization tokens to a file system client in response to a client operation request;
  
  first program product means for granting authorization tokens allowing an operation to be performed on said shared data, said program product means for granting being responsive to said first and second program product means for managing.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The program product of claim 12, further comprising:
    - program product means for performing an operation on shared data, said program product means for performing including;
      
      program product means for testing for the presence of an authorization token from said first program product means for granting authorization tokens.
  - 14. The program product of claim 12, wherein said program product means for granting comprises:
    - interface program product means for accepting authorization token requests in a specified format; and
      
      local token management program product means for managing granted authorization tokens.
  - 15. The program product of claim 14, wherein said local token management program product means includes:
    - program product means for accepting an authorization token request;
      
      program product means for testing said authorization token request to determine whether said request conflicts with tokens already granted;
      
      program product means for granting said authorization request if no conflicts exists; and
      
      program product means for resolving request conflicts.
  - 16. The program product of claim 15, wherein said program product means for resolving comprises:
    - program product means for determining an identity of a computer implemented process previously granted a conflicting authorization token; and
      
      program product means for revoking said previously granted authorization token.
  - 17. The program product of claim 14, wherein said second program product means for managing comprises:
    - program product means for accepting an authorization token request in a first format;
      
      program product means for transforming said token request into a second format compatible with said interface program product means; and
      
      program product means for sending a reformatted authorization token request to said first program product means for granting authorization tokens.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Shaheen, Amal A., Loucks, Larry K.
Primary Examiner(s)
Black, Thomas G.
Assistant Examiner(s)
Min, Donald

Application Number

US08/366,858
Time in Patent Office

879 Days
Field of Search

395/600
US Class Current

1/1
CPC Class Codes

G06F 9/52 Program synchronisation; Mu...

System and method for multi-level token management for distributed file systems

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for multi-level token management for distributed file systems

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links