Controlling access to XAM metadata

US 9,449,007 B1
Filed: 06/29/2010
Issued: 09/20/2016
Est. Priority Date: 06/29/2010
Status: Active Grant

First Claim

Patent Images

1. A method for use in controlling access to eXtensible Access Method (XAM) metadata stored in an object addressable data storage system, the method comprising:

storing, in the object addressable data storage system, an object derived from a set of content, the object having an object identifier;

adding, via the object addressable storage system, storage system specific filtered transiently attached metadata to the object, the storage system specific filtered transiently attached metadata being accessible when the object is retrieved using the object identifier, wherein the metadata includes first fields having respective flags indicating that the fields are automatically generated internally or externally to the object addressable storage system and second fields indicating which application can access respective pieces of metadata; and

based on sub-object access control, allowing a retrieving application to have access to only a subset of the object'"'"'s storage system specific filtered transiently attached metadata and preventing access to at least one other subset of the object'"'"'s storage system specific filtered transiently attached metadata, wherein sub-object access control is based on flags indicating which applications can access associated pieces of metadata.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method is used in controlling access to XAM metadata. An object derived from a set of content is stored in an object addressable data storage system. The object has an object identifier. Storage system specific metadata is added to the object. The storage system specific metadata is accessible when the object is retrieved using the object identifier. Based on sub-object access control, a retrieving application is allowed to have access to only a subset of the object.

43 Citations

View as Search Results

20 Claims

1. A method for use in controlling access to eXtensible Access Method (XAM) metadata stored in an object addressable data storage system, the method comprising:
- storing, in the object addressable data storage system, an object derived from a set of content, the object having an object identifier;
  
  adding, via the object addressable storage system, storage system specific filtered transiently attached metadata to the object, the storage system specific filtered transiently attached metadata being accessible when the object is retrieved using the object identifier, wherein the metadata includes first fields having respective flags indicating that the fields are automatically generated internally or externally to the object addressable storage system and second fields indicating which application can access respective pieces of metadata; and
  
  based on sub-object access control, allowing a retrieving application to have access to only a subset of the object'"'"'s storage system specific filtered transiently attached metadata and preventing access to at least one other subset of the object'"'"'s storage system specific filtered transiently attached metadata, wherein sub-object access control is based on flags indicating which applications can access associated pieces of metadata.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method of claim 1, wherein the storage system specific metadata comprises filtered transiently attached metadata within indexed storage systems.
  - 3. The method of claim 1, wherein the object addressable data storage system comprises an indexed storage system that employs object processes to attach metadata to content arriving via different protocols.
  - 4. The method of claim 1, wherein the object addressable data storage system comprises an indexed storage system that automatically adds transient metadata to the set of content.
  - 5. The method of claim 1, wherein a client retrieving the set of content cannot access internally generated transient metadata.
  - 6. The method of claim 1, wherein multiple clients attach metadata that cannot be accessed by other clients.
  - 7. The method of claim 1, wherein security zones are provided inside an XSET object.
  - 8. The method of claim 1, wherein different parts of the object addressable data storage system can generate metadata to attach to an XSET object with control over access to such generated metadata.
  - 9. The method of claim 1, wherein fields within metadata have respective flags to indicate that such fields are automatically generated internally.
  - 10. The method of claim 1, wherein a field represents an access log keeping a running tally of every time an application requests an object, and when the field is attached to the object, a corresponding flag is set to indicate that this is an internal attachment.
  - 11. The method of claim 1, wherein a flag is checked when an object is accessed so that filtering is performed to help prevent undesired exposure of a field of metadata of an object.
  - 12. The method of claim 1, wherein filtering of metadata is performed within the system.
  - 13. The method of claim 1, wherein an application requests to read an entire Xset object, the application is an authenticated, logged-in application, it is determined that the application does not have permission to read any metadata with flags set.
  - 14. The method of claim 1, wherein an application requests to read an entire Xset object, and metadata is filtered out before the Xset object is returned to the application.
  - 15. The method of claim 1, wherein if an application specifically requests metadata for which the application lacks permission to access, an error is returned indicating no such metadata.
  - 16. The method of claim 1, wherein authentication that has occurred between a requesting application and the object addressable data storage system helps prevent unnecessary exposure of metadata outside the system.

17. A system for use in controlling access to eXtensible Access Method (XAM) metadata stored in an object addressable data storage system, the system comprising:
- first hardware logic configured to store, in the object addressable data storage system, an object derived from a set of content, the object having an object identifier;
  
  second hardware logic configured to add, via the storage system, object addressable storage system specific filtered transiently attached metadata to the object, the storage system specific filtered transiently attached metadata being accessible when the object is retrieved using the object identifier, wherein the metadata includes first fields having respective flags indicating that the fields are automatically generated internally or externally to the object addressable storage system and second fields indicating which application can access respective pieces of metadata; and
  
  third hardware logic configured to allow, based on sub-object access control, a retrieving application to have access to only a subset of the object'"'"'s storage system specific filtered transiently attached metadata and to prevent access to at least one other subset of the object'"'"'s storage system specific filtered transiently attached metadata, wherein sub-object access control is based on flags indicating which applications can access associated pieces of metadata.
- View Dependent Claims (18, 19, 20)
- - 18. The system of claim 17, wherein the storage system specific metadata comprises filtered transiently attached metadata within indexed storage systems.
  - 19. The system of claim 17, wherein the object addressable data storage system comprises an indexed storage system that employs object processes to attach metadata to content arriving via different protocols.
  - 20. The system of claim 17, wherein the object addressable data storage system comprises an indexed storage system that automatically adds transient metadata to the set of content.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Original Assignee
EMC Corporation (Dell Technologies Inc.)
Inventors
Wood, Douglas A., Todd, Stephen J.
Primary Examiner(s)
Gortayo, Dangelino

Application Number

US12/826,534
Time in Patent Office

2,275 Days
Field of Search

707/781, 707/705, 707/736, 707/755, 707/756, 707/785, 707/795, 707/802, 707/100
US Class Current

1/1
CPC Class Codes

G06F 16/122   using management policies b...

G06F 16/125   characterised by the use of...

G06F 16/16   File or folder operations, ...

G06F 16/164   File meta data generation

G06F 21/6227   where protection concerns t...

Controlling access to XAM metadata

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

43 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Controlling access to XAM metadata

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

43 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links