System and method for multi-level token management for distributed file systems
First Claim
1. A system for managing shared data in a data processing system, the system comprising:
- first means for managing requests for authorization for a computer implemented process to perform an operation on shared data generated by a first means for requesting according to a first file system protocol;
second means for managing requests for authorization for a computer implemented process to perform an operation on shared data generated by a second means for requesting according to a second file system protocol, said second means for managing including a second means for granting authorization tokens to a file system client in response to a client operation request;
first means for granting authorization tokens allowing an operation to be performed on said shared data, said means for granting being responsive to said first and second means for managing.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for controlling access to shared resources in a distributed computer system. Access to shared resources is controlled by a local authorization token manager. Only computer processes holding authorization tokens for the requested operation may perform that operation. Each requested operation checks for the proper token. If the token is not held by the process, it is requested. The local token manager resolves token conflicts before granting tokens. A token manager of a distributed file system export protocol also is able to request authorization tokens from the local token manager. The export protocol token manager controls authorization tokens for that particular distributed file system protocol. Multiple different export protocols may request tokens from the local token manager. The shared resources may therefore be shared by multiple different export protocols without conflict. Local processes and processes requesting shared resource operations through an export protocol that does not itself manage tokens are granted tokens through the operation token request mechanism. This mechanism enables local processes to use shared resources without the performance penalty of having to request through a local distributed client process.
-
Citations
17 Claims
-
1. A system for managing shared data in a data processing system, the system comprising:
-
first means for managing requests for authorization for a computer implemented process to perform an operation on shared data generated by a first means for requesting according to a first file system protocol; second means for managing requests for authorization for a computer implemented process to perform an operation on shared data generated by a second means for requesting according to a second file system protocol, said second means for managing including a second means for granting authorization tokens to a file system client in response to a client operation request; first means for granting authorization tokens allowing an operation to be performed on said shared data, said means for granting being responsive to said first and second means for managing. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for controlling access to resources in a computer system having a processor, memory and a plurality of resources, the system having at least one distributed file system protocol exporter with a token manager using explicit authorization tokens for synchronizing file system operations of distributed file system clients, the method comprising the steps of:
-
restricting access to said shared resources to computer implemented processes having an authorization token for a requested operation on said shared resources; receiving a request from a distributed file system token manager for a local authorization token for a shared resource; granting a local authorization token if no conflicting tokens are outstanding, otherwise, resolving the conflicting tokens; intercepting each request for an operation on said shared resources; testing said request to determine whether said request is a request from a distributed file system protocol exporter using explicit authorization tokens; requesting a local authorization token for said intercepted request, if said request is not from such a distributed file system protocol exporter; granting a local authorization token if no conflicting tokens are outstanding, otherwise, resolving the conflicting tokens; and authorizing performance of said operation if said request has a granted local authorization token. - View Dependent Claims (8, 9, 10, 11)
-
-
12. A computer program product having a computer readable medium having computer program logic recorded thereon for controlling access to managing shared resources in a data processing system that includes at least one distributed file system protocol exporter, said computer program product comprising:
-
first program product means for managing requests for authorization for a computer implemented process to perform an operation on shared data generated by a first program product means for requesting according to a first file system protocol; second program product means for managing requests for authorization for a computer implemented process to perform an operation on shared data generated by a second program product means for requesting according to a second file system protocol, said second program product means for managing including a second program product means for granting authorization tokens to a file system client in response to a client operation request; first program product means for granting authorization tokens allowing an operation to be performed on said shared data, said program product means for granting being responsive to said first and second program product means for managing. - View Dependent Claims (13, 14, 15, 16, 17)
-
Specification