Updating dispersed storage network access control information
First Claim
1. A method comprises:
- receiving, by each dispersed storage (DS) of a set of DS units of a distributed computing system, a corresponding one of a set of access requests regarding a set of error coded data slices, wherein a data segment is encoded using an error coding algorithm to produce the set of error coded data slices, wherein each DS unit of the set of DS units stores a corresponding error coded data slice of the set of error coded data slices, wherein the corresponding one of the set of access requests is regarding the corresponding error coded data slice of the set of error coded data slices;
determining, via a computing core of each DS unit of the set of DS units, whether a local access control list is fresh with respect to the corresponding encoded data slices of the set of encoded data slices, wherein the local access control list includes access permissions;
when, for one of the set of DS units, the local access control list is not fresh with respect to a corresponding one or more of the encoded data slices;
requesting, by the one of the set of DS units, a fresh access control list from a DS managing unit, wherein the DS managing unit maintains an access control list for the distributed computing system;
storing, by the one of the set of DS units, the fresh access control list as the local access control list;
verifying, by each of the DS units in the set of DS units, the corresponding one of the set of access requests in accordance with the access permissions of corresponding local access control lists; and
executing, by the computing core of each of the DS units in the set of DS units, the corresponding one of the set of access requests regarding the corresponding error coded data slice when the corresponding one of the set of access requests are verified.
5 Assignments
0 Petitions
Accused Products
Abstract
In a dispersed storage network where slices of secure user data are stored on geographically separated storage units, a managing unit connected to the network may seek to broadcast and update secure access control list information across the network. Upon a target device receiving the broadcast the target device creates and sends an access control list change notification message to all other system devices that should have received the same broadcast if the broadcast is a valid request to update access control list information. The target device waits for responses from the other system devices to validate that the broadcast has been properly sent to a threshold number of other system devices before taking action to operationally change local data in accordance with the broadcast.
106 Citations
13 Claims
-
1. A method comprises:
-
receiving, by each dispersed storage (DS) of a set of DS units of a distributed computing system, a corresponding one of a set of access requests regarding a set of error coded data slices, wherein a data segment is encoded using an error coding algorithm to produce the set of error coded data slices, wherein each DS unit of the set of DS units stores a corresponding error coded data slice of the set of error coded data slices, wherein the corresponding one of the set of access requests is regarding the corresponding error coded data slice of the set of error coded data slices; determining, via a computing core of each DS unit of the set of DS units, whether a local access control list is fresh with respect to the corresponding encoded data slices of the set of encoded data slices, wherein the local access control list includes access permissions; when, for one of the set of DS units, the local access control list is not fresh with respect to a corresponding one or more of the encoded data slices; requesting, by the one of the set of DS units, a fresh access control list from a DS managing unit, wherein the DS managing unit maintains an access control list for the distributed computing system; storing, by the one of the set of DS units, the fresh access control list as the local access control list; verifying, by each of the DS units in the set of DS units, the corresponding one of the set of access requests in accordance with the access permissions of corresponding local access control lists; and executing, by the computing core of each of the DS units in the set of DS units, the corresponding one of the set of access requests regarding the corresponding error coded data slice when the corresponding one of the set of access requests are verified. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A dispersed storage (DS) unit of a set of DS units in a distributed computing system, the DS unit comprises:
-
a network interface; memory; and a processing module operable to; receive, via the network interface, a corresponding one of a set of access requests regarding a corresponding one of a set of error coded data slices, wherein a data segment is encoded using an error coding algorithm to produce the set of error coded data slices, wherein each DS unit of the set of DS units stores a corresponding error coded data slice of the set of error coded data slices, wherein the corresponding one of the set of access requests is regarding the corresponding error coded data slice of the set of error coded data slices; determine whether a local access control list is fresh with respect to the corresponding one of the set of error coded data slices, wherein the local access control list includes access permissions; when, the local access control list is not fresh with respect to a corresponding one or more of the encoded data slices; request a fresh access control list from a DS managing unit, wherein the DS managing unit maintains an access control list for the distributed computing system; store the fresh access control list as the local access control list; verify the corresponding one of the set of access requests in accordance with the access permissions of the local access control lists; and execute the corresponding one of the set of access requests regarding the corresponding error coded data slice when the corresponding one of the set of access requests is verified. - View Dependent Claims (9, 10, 11, 12, 13)
-
Specification