On Jun 20, 2012, at 11:02 AM, Victor Rodionov wrote: > > Also, I want ask do you think it's good idea to store object ACL in object > metadata?
I'd suggest looking at container-level ACLs rather than object-level. But either way, the data does need to be stored in the metadata in swift itself. Storing the ACL information for tens of millions of containers or a hundred billion objects can't really be done well in the auth system. This is why the information needs to be stored in swift itself. The auth middleware then queries the auth system with the auth token and URL and gets back the allowed groups. The middleware then compares the groups returned from the auth system to the groups stored in the metadata. This is essentially the design of ACLs in tempauth and swauth. --John
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
