← Back to team overview

openstack team mailing list archive

Re: [Swift] S3 like ACL for Swift

 

On Jun 20, 2012, at 11:02 AM, Victor Rodionov wrote:
> 
> Also, I want ask do you think it's good idea to store object ACL in object metadata?


I'd suggest looking at container-level ACLs rather than object-level. But either way, the data does need to be stored in the metadata in swift itself. Storing the ACL information for tens of millions of containers or a hundred billion objects can't really be done well in the auth system. This is why the information needs to be stored in swift itself. The auth middleware then queries the auth system with the auth token and URL and gets back the allowed groups. The middleware then compares the groups returned from the auth system to the groups stored in the metadata. This is essentially the design of ACLs in tempauth and swauth.

--John


Attachment: smime.p7s
Description: S/MIME cryptographic signature


References