公开(公告)号：US20160352744A1

公开(公告)日：2016-12-01

申请号：US14824727

申请日：2015-08-12

Applicant: Google Inc.

Inventor： Michael Burrows ,  Martin Abadi ,  Himabindu Pucha ,  Adam Sadovsky ,  Asim Shankar ,  Ankur Taly

IPC: H04L29/06

CPC classification number: H04L63/101 ,  G06F21/604 ,  G06F21/6218 ,  G06F2221/2141 ,  H04L63/102

Abstract: In a method of controlling sharing of an object between entities in a distributed system, a processor will identify an object and generate an access control list (ACL) for the object so that the ACL includes a list of clauses. Each clause will include a blessing pattern that will match one or more blessings, and at least one of the clauses also may include a reference to one or more groups. Each group represents a set of strings that represent blessing patterns or fragments of blessing patterns. The processor may generate each clause of the ACL as either a permit clause or a deny clause to indicate whether an entity or entities that have a blessing matched by the blessing pattern are permitted to access the object. The processor will save the ACL to a data store for use in responding to a request to access the object.

Abstract translation: 在控制分布式系统中的实体之间的对象共享的方法中，处理器将识别对象并生成对象的访问控制列表（ACL），使得ACL包括子句列表。 每个条款都将包含一个与一个或多个祝福相匹配的祝福模式，至少有一个条款也可能包括对一个或多个组的引用。 每个组代表一组表示祝福模式或祝福模式片段的字符串。 处理器可以将ACL的每个子句生成为permit子句或deny子句，以指示具有与祝福模式匹配的祝福的实体是允许访问该对象。 处理器将将ACL保存到数据存储，以用于响应访问对象的请求。

公开(公告)号：US20170099347A1

公开(公告)日：2017-04-06

申请号：US15284078

申请日：2016-10-03

Applicant: Google Inc.

Inventor： Himabindu Pucha ,  Raja Daoud ,  Michael Burrows

IPC: H04L29/08 ,  H04L29/06 ,  H04L29/12 ,  H04W4/00

CPC classification number: H04L67/1044 ,  G06F16/178 ,  H04L61/2069 ,  H04L63/101 ,  H04L67/1095 ,  H04L67/1097 ,  H04L67/40 ,  H04W4/80

Abstract: A system for creating a sync group in a distributed system may include an offline electronic device having a short range communication transmitter and a storage service, and a computer-readable storage medium comprising one or more programming instructions. The system may receive a request from an application to create a sync group, and verify that the application has read access to the storage service. In response to verifying that the application has read access to the storage service, the system may create the sync group by receiving an indication of one or more objects stored in the storage service that are to be shared, identifying one or more members of the sync group, and assigning one or more permissions to the one or more members that are identified. The system may synchronize access to the objects among the electronic device and one or more member electronic devices.

公开(公告)号：US20170099150A1

公开(公告)日：2017-04-06

申请号：US15284116

申请日：2016-10-03

Applicant: Google Inc.

Inventor： Michael Burrows ,  Himabindu Pucha ,  Raja Daoud ,  Jatin Lodhia ,  Ankur Taly

IPC: H04L9/32 ,  H04L29/06

CPC classification number: H04L9/3247 ,  G06F21/64 ,  G06F2221/0711 ,  G06F2221/2141 ,  H04L63/0442

Abstract: In a distributed system, data is shared between three or more electronic devices. The first device generates and signs an object that includes the data. A second device receives the signed object and determines whether the signed object is valid. If valid, the second device will generate a validated signed object and send it to a third device. The third device will validate the object by determining whether the object includes valid signatures of both the first and second devices.