DFS is our proposal for a data storage substrate. In our design, we clearly separate File and Storage resources. The storage management is provided by the Virtual Block Store (VBS), which is an independent layer, but one that uses the generic interfaces and protocols of the DFS.
DFS Principles
The DFS Architecture is based on the following principles:
- Each DFS User is identified by a cryptographic certificate. DFS Users are uniquely identified by their cryptographic certificate. With this certificate, they can be named, authenticated, authorized, accounted, attributed an action, associated with an entity or with each other. User throughout this text means DFS User.
- Any resource is identified by an authority DFS User. Any resource and policy concerning resources is identified by and submitted to the unconditional authority of a unique DFS User.
- Any action upon a resource has an agent DFS User. The agent of any action concerning resources is ultimately attributed to a single DFS User. This facilitates the accountability of users for their actions and simplifies resource access control.
- Any action upon a resource is a transaction between an agent user and an authority user. Any resource manipulating action is equivalent to a transaction between the agent of the action and the authority of the resource. The agent must acquire the permission of the authority in order to successfully perform the action.