Fine-grained access control for synchronized data stores
First Claim
Patent Images
1. A system comprising:
- one or more computing nodes comprising a first one or more storage devices configured to store thereon a collection of items, the one or more computing nodes further configured at least to;
receive information indicative of a first update to a first item in the collection of items, the first item corresponding to an item in a first subcollection of items stored on a first computing device remote to the one or more computing nodes, the first computing device associated with a first user;
receive information indicative of a second update to a second item in the collection of items, the second item corresponding to an item in a second subcollection of items stored on a second computing device remote to the one or more computing nodes, the second computing device associated with a second user;
obtain a verified identity of the first user based at least in part on an identity server selected based at least in part on credentials associated with the first user;
determine to update the first item in the collection of items, based at least in part on information indicative of the verified identity of the first user and based at least in part on the first user having at least a write privilege for the first item of the collection of items;
determine to update the second item in the collection of items, based at least in part on information indicative of a second verified identity of the second user and based at least in part on the second user having at least a write privilege for the second item in the collection of items; and
send information indicative of the update to the second item to the first computing device upon determining that the first user has at least a read privilege for the second item of the collection.
1 Assignment
0 Petitions
Accused Products
Abstract
A remote distributed data store may be configured to process data updates received through invocation of a common API with reference to a common schema. Local data stores may also be configured to process updates using a common API and schema. Data for multiple users may be stored in a common collection of items maintained by a remote distributed data store. User identity may be verified through a public identity service. User identity and access permissions may be associated with items stored in a remote distributed data store.
-
Citations
19 Claims
-
1. A system comprising:
one or more computing nodes comprising a first one or more storage devices configured to store thereon a collection of items, the one or more computing nodes further configured at least to; receive information indicative of a first update to a first item in the collection of items, the first item corresponding to an item in a first subcollection of items stored on a first computing device remote to the one or more computing nodes, the first computing device associated with a first user; receive information indicative of a second update to a second item in the collection of items, the second item corresponding to an item in a second subcollection of items stored on a second computing device remote to the one or more computing nodes, the second computing device associated with a second user; obtain a verified identity of the first user based at least in part on an identity server selected based at least in part on credentials associated with the first user; determine to update the first item in the collection of items, based at least in part on information indicative of the verified identity of the first user and based at least in part on the first user having at least a write privilege for the first item of the collection of items; determine to update the second item in the collection of items, based at least in part on information indicative of a second verified identity of the second user and based at least in part on the second user having at least a write privilege for the second item in the collection of items; and send information indicative of the update to the second item to the first computing device upon determining that the first user has at least a read privilege for the second item of the collection. - View Dependent Claims (2, 3, 4, 5)
-
6. A method comprising:
-
receiving information indicative of a first update to a first item in a collection of items, the first item corresponding to an item in a first subcollection of items stored on a first computing device remote to the one or more computing nodes, the first computing device associated with a first user; receiving information indicative of a second update to a second item in the collection of items, the second item corresponding to an item in a second subcollection of items stored on a second computing device remote to the one or more computing nodes, the second computing device associated with a second user; obtain a verified identity of the first user based at least in part on an identity server selected based at least in part on credentials associated with the first user; determining to update the first item in the collection of items, based at least in part on information indicative of the verified identity of the first user and based at least in part on the first user having at least a write privilege for the first item of the collection of items; determining to update the second item in the collection of items, based at least in part on information indicative of a second verified identity of the second user and based at least in part on the second user having at least a write privilege for the second item in the collection of items; and sending information indicative of the update to the second item to the first computing device upon determining that the first user has at least a read privilege for the second item of the collection of items. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13)
-
-
14. A non-transitory computer-readable storage medium having stored thereon instructions that, upon execution by one or more computing devices, cause the one or more computing devices at least to:
-
receive information indicative of a first update to a first item in a collection of items, the first item corresponding to an item in a first subcollection of items stored on a first computing device remote to the one or more computing nodes, the first computing device associated with a first user; receive information indicative of a second update to a second item in the collection of items, the second item corresponding to an item in a second subcollection of items stored on a second computing device remote to the one or more computing nodes, the second computing device associated with a second user; obtain a verified identity of the first user based at least in part on an identity server selected based at least in part on credentials associated with the first user; determine to update the first item in the collection of items, based at least in part on information indicative of the verified identity of the first user and based at least in part on the first user having at least a write privilege for the first item of the collection of items; determine to update the second item in the collection of items, based at least in part on information indicative of a second verified identity of the second user and based at least in part on the second user having at least a write privilege for the second item in the collection of items; and send information indicative of the update to the second item to the first computing device upon determining that the first user has at least a read privilege for the second item of the collection. - View Dependent Claims (15, 16, 17, 18, 19)
-
Specification