公开(公告)号：US20160352744A1

公开(公告)日：2016-12-01

申请号：US14824727

申请日：2015-08-12

Applicant: Google Inc.

Inventor： Michael Burrows ,  Martin Abadi ,  Himabindu Pucha ,  Adam Sadovsky ,  Asim Shankar ,  Ankur Taly

IPC: H04L29/06

CPC classification number: H04L63/101 ,  G06F21/604 ,  G06F21/6218 ,  G06F2221/2141 ,  H04L63/102

Abstract: In a method of controlling sharing of an object between entities in a distributed system, a processor will identify an object and generate an access control list (ACL) for the object so that the ACL includes a list of clauses. Each clause will include a blessing pattern that will match one or more blessings, and at least one of the clauses also may include a reference to one or more groups. Each group represents a set of strings that represent blessing patterns or fragments of blessing patterns. The processor may generate each clause of the ACL as either a permit clause or a deny clause to indicate whether an entity or entities that have a blessing matched by the blessing pattern are permitted to access the object. The processor will save the ACL to a data store for use in responding to a request to access the object.

Abstract translation: 在控制分布式系统中的实体之间的对象共享的方法中，处理器将识别对象并生成对象的访问控制列表（ACL），使得ACL包括子句列表。 每个条款都将包含一个与一个或多个祝福相匹配的祝福模式，至少有一个条款也可能包括对一个或多个组的引用。 每个组代表一组表示祝福模式或祝福模式片段的字符串。 处理器可以将ACL的每个子句生成为permit子句或deny子句，以指示具有与祝福模式匹配的祝福的实体是允许访问该对象。 处理器将将ACL保存到数据存储，以用于响应访问对象的请求。