| Line: 1 to 1 | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
| Changed: | ||||||||
| < < | Tahoe-LAFS is described as "the first decentralized storage system with provider-independent security". Its name indicates that it's a "file system" but it works differently than traditional file systems in ways that are important to understand before you start using it. This doc will try to explain at a high level, in plain English, how Tahoe-LAFS works and provide links that will allow you to learn about it in detail. | |||||||
| > > | Tahoe-LAFS is described as "the first decentralized storage system with provider-independent security". Its name indicates that it's a "file system" but it's different than traditional file systems in ways that are important to understand before you start using it. This page will try to explain at a high level, in plain English, how Tahoe-LAFS works and provide links that will allow you to learn about it in detail. | |||||||
| Changed: | ||||||||
| < < | Before we go any further, please read the one-page summary, then come back here. That page indicated that Tahoe-LAFS provides a guarantee that you can store your data on servers that you don't trust, and the administrators of those servers won't be able to read your data. That's a very cool feature! | |||||||
| > > | Before we go any further, please read the one-page summary, then come back here. As you saw on that page, Tahoe-LAFS provides a guarantee that you can store your data on servers that you don't trust, and the administrators of those servers won't be able to read your data. It does this by encrypting the data before it stores it on those servers, so that all they see is random-looking bits and they can't recover the actual content of your files. Tahoe-LAFS also guards against the failure of the storage servers by storing the same data on more than one of them. Of course, this will use more disk storage than simply storing the file once, but you can decide how you'd like to trade off extra storage for fault-tolerance.
Capabilities
How can Tahoe-LAFS guarantee that you can see your data but other people can't? To read a file you need to know how to find the encrypted bits (the "storage index"), and how to decrypt them (the "encryption key"). It's a yes/no proposition: it doesn't matter who you are, or what group you're in, or if you're a "superuser" or not; if you know these things then you'll be able to read the file, if you don't know them then you won't be able to.
Tahoe-LAFS combines the location and the decryption key into a single string called a "capability" which looks something like URI:CHK:riplmjitnwh25ur3jomzyxrww4:et4gkxykswl7lstw5q4g5suf6y2xyyphvid5nn2r3ktvhytbs5da:3:10:3472. A file can have different capabilities, for example, to read the file or to read and write the file.
It's important to understand that a capability points to a file, but it's not a traditional file system "path". Traditional filesystems start at a
well-known "root" and allow users to explore the contents of the filesystem from there. Because the root is well-known, you can go to it and list the files in it. You can also go "up" from any directory to its parent. Because users can explore file systems in this way, each user would be able to do anything they wanted unless there were some sort of inline permission check, so these filesystems implement "Access Control List" (ACL) permission checks to prevent users from doing things they can figure out how to do, but are not permitted to do. In other words, I can discover a directory's existence, but I might not be allowed to read from it.
Tahoe-LAFS, on the other hand, has no well-known "root" - each directory tree is identified by a capability. Each directory capability acts like the traditional file system "root" in that users can browse down from it to see files in the tree below it, but they can't browse "up" to see other trees within the same Tahoe-LAFS file system. Because users cannot discover things that they're not permitted to, the in-line ACL checks implemented by traditional file systems are unnecessary.
Sharing
Revoking
http://en.wikipedia.org/wiki/Capability-based_securityhttp://en.wikipedia.org/wiki/Access_control_list | |||||||
| Line: 1 to 1 | ||||||||
|---|---|---|---|---|---|---|---|---|
| Added: | ||||||||
| > > |
| |||||||