Processing a dispersed storage network access request utilizing certificate chain validation information
First Claim
1. A method for execution by one or more processing devices of one or more computers of a dispersed storage network, the method comprises:
- receiving, by the one or more processing device of one or more computers, a dispersed storage network (DSN) access request that includes a requester identifier (ID), wherein the requester ID is associated with a certificate chain;
when the certificate chain is valid, accessing registry information for the DSN, wherein the registry information includes a plurality of access control lists, wherein an access control list of the plurality of access control lists includes a plurality of entries, andwherein an entry of the plurality of entries includes a realm ID, a subject name ID, and a set of permissions;
identifying one of the plurality of access control lists based on at least one of information associated with the requester ID and information associated with the certificate chain;
identifying one or more entries of the one of the plurality of access control lists based on the information associated with the certificate chain to produce one or more identified entries; and
generating, for the DSN access request, permissions from one or more sets of permissions associated with the one or more identified entries.
2 Assignments
0 Petitions
Accused Products
Abstract
A method begins by a processing module receiving a dispersed storage network (DSN) access request that includes a requester identifier (ID), wherein the requester ID is associated with a certificate chain. When the certificate chain is valid, the method continues with the processing module accessing registry information for the DSN. The method continues with the processing module identifying one of a plurality of access control lists based on at least one of information associated with the requester ID and information associated with the certificate chain, identifying one or more entries of the one of the plurality of access control lists based on the information associated with the certificate chain to produce one or more identified entries, and generating, for the DSN access request, permissions from one or more sets of permissions associated with the one or more identified entries.
79 Citations
18 Claims
-
1. A method for execution by one or more processing devices of one or more computers of a dispersed storage network, the method comprises:
-
receiving, by the one or more processing device of one or more computers, a dispersed storage network (DSN) access request that includes a requester identifier (ID), wherein the requester ID is associated with a certificate chain; when the certificate chain is valid, accessing registry information for the DSN, wherein the registry information includes a plurality of access control lists, wherein an access control list of the plurality of access control lists includes a plurality of entries, and wherein an entry of the plurality of entries includes a realm ID, a subject name ID, and a set of permissions; identifying one of the plurality of access control lists based on at least one of information associated with the requester ID and information associated with the certificate chain; identifying one or more entries of the one of the plurality of access control lists based on the information associated with the certificate chain to produce one or more identified entries; and generating, for the DSN access request, permissions from one or more sets of permissions associated with the one or more identified entries. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer comprises:
-
an interface; a memory; and a processing module operable to; receive, via the interface, a dispersed storage network (DSN) access request that includes a requester identifier (ID), wherein the requester ID is associated with a certificate chain; when the certificate chain is valid, access registry information for the DSN, wherein the registry information includes a plurality of access control lists, wherein an access control list of the plurality of access control lists includes a plurality of entries, and wherein an entry of the plurality of entries includes a realm ID, a subject name ID, and a set of permissions; identify one of the plurality of access control lists based on at least one of information associated with the requester ID and information associated with the certificate chain; identify one or more entries of the one of the plurality of access control lists based on the information associated with the certificate chain to produce one or more identified entries; and generate, for the DSN access request, permissions from one or more sets of permissions associated with the one or more identified entries. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
Specification