DISPERSED STORAGE NETWORK WITH ACCESS CONTROL AND METHODS FOR USE THEREWITH

摘要

In a dispersed storage network where slices of secure user data are stored on geographically separated storage units (44), a managing unit (18) connected to the network (20) may seek to broadcast and update secure access control list information across the network (20). Upon a target device (e.g., devices 12, 14, 16, 18, or 44) receiving the broadcast, the target device creates and sends an access control list change notification message to all other system devices that should have received the same broadcast if the broadcast is a valid request to update access control list information. The target device waits for responses from the other system devices to validate that the broadcast has been properly sent to a threshold number of other system devices before taking action to operationally change local data in accordance with the broadcast.

主权项

1. A method for authenticating, through use of a dispersed storage unit, a user device request from a user device to access a dispersed storage network (DSN), the method comprising:
receiving, from a first proxy system element of the DSN, a first authentication request regarding executing a first portion of the user device request; verifying the first authentication request; when the first authentication request is validated, determining when a permissions list indicates that the user device has access permission corresponding to the user device request; sending, to the first proxy system element, a first favorable response such that the first proxy system element is allowed to execute the first portion of the user device request when the permissions list indicates that the user device has access permission corresponding to the user device request; receiving, from a second proxy system element, a second authentication request regarding executing a second portion of the user device request; verifying the second authentication request; when the second authentication request is validated, determining when the permissions list indicates that the user device has access permission corresponding to the user device request; sending, to the second proxy system element, a second favorable response such that the second proxy system element is allowed to execute the second portion of the user device request when the permissions list indicates that the user device has access permission corresponding to the user device request.