News Column

Researchers Submit Patent Application, "Flexible Permission Management Framework for Cloud Attached File Systems", for Approval

June 17, 2014



By a News Reporter-Staff News Editor at Information Technology Newsweekly -- From Washington, D.C., VerticalNews journalists report that a patent application by the inventors Wijayaratne, Ravi (San Jose, CA); White, Ray (San Jose, CA); Marathe, Manish (San Jose, CA); Aahz, (San Carlos, CA); Ram, Rajesh (Union City, CA); Jassal, Amrit (Morgan Hill, CA), filed on November 29, 2012, was made available online on June 5, 2014.

No assignee for this patent application has been made.

News editors obtained the following quote from the background information supplied by the inventors: "This invention relates generally to cloud computing systems, and more particularly to cloud file storage systems. Even more particularly, this invention relates to the management of file permissions for cloud attached file systems.

"Cloud computing systems are known. In cloud computing systems, computing and storage services are provided to remote clients over a wide area network such as the Internet.

"If the remote clients are using a file system that is different from that of the cloud storage server, then problems can occur in the handling of the permissions for the stored files. The problems are compounded when several different networked file system clients are accessing the local file system and the cloud collaboratively.

"What is needed, therefore, is a unified permission framework associated with the cloud and the local fileserver."

As a supplement to the background information on this patent application, VerticalNews correspondents also obtained the inventors' summary information for this patent application: "The present invention overcomes the problems associated with the prior art by providing a virtual file system with an associated permission framework. The invention facilitates overriding the original file system permissions (e.g., of a local file storage system) to superimpose a cloud based permission scheme. The permission scheme overlay is done in such a way as to minimize its impact on the file system operations.

"An embodiment of the invention is based on a novel permission data structure that uses access control lists ('ACLs'). The example data structure enables efficiently storing a variable-size access control list data structure in contiguous memory, facilitating storing and retrieving the permission rules without any additional processing.

"Another advantage is that repeated enforcement processing is prevented by the permission enforcement framework caching enforcement decisions on a TLB.

"Yet another advantage is that methods of the invention can be extended to superimpose any cloud permission framework on a fileserver file system.

"An example remote file storage system (e.g., a cloud file server) includes memory for storing file objects received from a client, a client interface, a permissions file generator, and a permissions enforcer. The client interface is operative to receive the file objects from a client, to provide the file objects to the client, to receive data indicative of permissions associated with the file objects, and to provide a permissions file to the client. The permissions file generator is operative to generate a permissions file based on the data indicative of the permissions associated with the file objects, and the permissions enforcer is operative to control access to the file objects according to the permissions file. A virtual file system module is operative to define a virtual file system structure for the file objects, and the permissions file generator is operative to generate the permissions file based at least in part on the virtual file system structure. As shown by way of example, the permissions file associates access control lists (ACLs) with the file objects. In a disclosed embodiment, the remote file server includes a processing unit, and the permissions file generator and the permissions enforcer are code modules executed by the processing unit.

"Synchronization is maintained between the permission files on the local and remote file storage systems. In an example embodiment, the client interface is also operative to receive additional data indicative of permissions associated with the file objects (e.g., changes, new files, etc.). Then, the permissions file generator is operative to generate an updated permissions file based at least in part on the additional data indicative of permissions associated with the file objects. The client interface then provides the updated permissions file to the client (e.g., to the local file storage system of the client). In a particular embodiment, a synchronizer is operative to synchronize the file objects stored on the remote file storage system with file objects stored on a file storage system of the client, and also to synchronize the permissions file with a permissions file on the file storage system of the client.

"A local file storage system (e.g., office local cloud) for use with a remote file storage system (e.g., a cloud file server) is also disclosed. The local file storage system includes memory for storing file objects from local clients, a client interface, a remote file server interface, and a permissions enforcer. The client interface is operative to receive the file objects from local clients and to provide the file objects to the clients. The remote file server interface is operative to receive a permissions file indicative of permissions associated with the file objects from a remote file server. The permissions enforcer is operative to control access to the file objects by the local clients according to the permissions file.

"In a particular embodiment, the local file storage system additionally includes a virtual file system module operative to present a virtual file system structure associated with the file objects to the local clients. The permissions file is based at least in part on the virtual file system structure. For example, the permissions file associates access control lists with elements of the virtual file structure.

"An example hybrid file storage system (e.g., local file storage system in combination with a remote file storage system) is also disclosed. The example hybrid file storage system includes a local file storage system for storing and providing file objects to local clients and a remote file storage system for storing and providing copies of the file objects. A permissions file generator on at least one of the local file storage system and the remote file storage system is operative to generate a permissions file and to provide the permissions file to the local file storage system and the remote file storage system. A first permissions enforcer on the local file storage system is operative to control access to the file objects on the local file storage system according to the permissions file, and a second permissions enforcer on the remote file storage system is operative to control access to the file objects on the remote file storage system according to the permissions file. In the example embodiment, a file object synchronizer is operative to synchronize the file objects stored on the remote server and the file objects stored on the local server. In addition, a permissions file synchronizer is operative to synchronize the permissions file on the remote server and the permissions file on the local server.

"A method of managing file permissions in a remote file storage system is also disclosed. An example method includes defining permissions for the remote file storage system and controlling access to objects on the remote file storage system according to the permissions of the remote file storage system. The method also includes transferring the permissions to a client file storage system remote from the remote file storage system and controlling access to objects on the client file storage system according to the permissions of the remote file storage system. A virtual file system structure for the objects on the remote file storage system is defined, and the permissions framework is defined based at least in part on the virtual file system structure. Controlling access to objects on the client file storage system according to the permissions of the remote file storage system includes overriding permissions of the client file storage system.

"The example method additionally includes altering the permissions of the remote file storage system at the remote file storage system and controlling access to objects on the remote file storage system according to the altered permissions of the remote file storage system. The altered permissions are transferred to the client file storage system, and access to objects on the client file storage system is controlled according to the altered permissions of the remote file storage system. Optionally, the step of transferring the altered permissions to the client file storage system occurs in conjunction with a data synchronization process between the remote file storage system and the client file storage system. As another option, the step of transferring the altered permissions to the client file storage system can occur in response to an explicit command from a user. As yet another option, the step of transferring the altered permissions to the client file storage system can occur in response to the step of altering the permissions.

"Alternatively, the example method additionally includes altering the permissions of the remote file storage system at the client file storage system and controlling access to objects on the client file storage system according to the altered permissions of the remote file storage system. The altered permissions are transferred to the remote file storage system; and access to objects on the remote file storage system is then controlled according to the altered permissions of the remote file storage system. Optionally, the step of transferring the altered permissions to the remote file storage system occurs in conjunction with a data synchronization process between the remote file storage system and the client file storage system. As another option, the step of transferring the altered permissions to the remote file storage system can occur in response to an explicit command from a user. As yet another option, the step of transferring the altered permissions to the remote file storage system can occur in response to the step of altering the permissions.

"In an example method, the step of defining permissions for the remote file storage system includes associating access control lists with the objects on the remote file storage system.

"A remote file storage system can define permissions for a plurality of different clients using the remote file storage system. An example method to do so additionally includes defining a plurality of permissions sets for the remote file storage system and associating each of the permissions sets with a respective one of a plurality of clients. The method additionally includes controlling access to objects on the remote file storage system by the clients according to the permissions sets of the remote file storage system. Each of the permissions sets is transferred to a respective one of a plurality of client file storage systems. Each client file storage system is associated with one of the plurality of clients and is located remotely with respect to the remote file storage system. Access to objects on each client file storage systems is controlled according to the permission set of the remote file storage system associated with the respective client.

BRIEF DESCRIPTION OF THE DRAWINGS

"The present invention is described with reference to the following drawings, wherein like reference numbers denote substantially similar elements:

"FIG. 1 is a diagram of a cloud computing system;

"FIG. 2 is a block diagram of a remote cloud file storage server;

"FIG. 3 is a relational diagram of the functional aspects of a virtual file system (VFS) permission framework implemented within the cloud computing system of FIG. 1;

"FIG. 4 is a block diagram of a local cloud file storage server;

"FIG. 5 is a relational diagram of the functional aspects of the local cloud services of the local cloud enhanced NAS device of FIG. 4;

"FIG. 6 is an example data structure for in-memory permissions;

"FIG. 7 is an example data structure for the header field of the data structure of FIG. 4;

"FIG. 8 is a diagram illustrating the relationships between file system elements of the virtual file system permissions framework;

"FIG. 9 is a directory structure corresponding to the relational diagram of FIG. 6; and

"FIG. 10 is a flow chart summarizing one example method of implementing a permissions framework of the present invention."

For additional information on this patent application, see: Wijayaratne, Ravi; White, Ray; Marathe, Manish; Aahz,; Ram, Rajesh; Jassal, Amrit. Flexible Permission Management Framework for Cloud Attached File Systems. Filed November 29, 2012 and posted June 5, 2014. Patent URL: http://appft.uspto.gov/netacgi/nph-Parser?Sect1=PTO2&Sect2=HITOFF&u=%2Fnetahtml%2FPTO%2Fsearch-adv.html&r=693&p=14&f=G&l=50&d=PG01&S1=20140529.PD.&OS=PD/20140529&RS=PD/20140529

Keywords for this news article include: Patents, Information Technology, Information and Data Architecture, Information and Data Synchronization.

Our reports deliver fact-based news of research and discoveries from around the world. Copyright 2014, NewsRx LLC


For more stories covering the world of technology, please see HispanicBusiness' Tech Channel



Source: Information Technology Newsweekly


Story Tools






HispanicBusiness.com Facebook Linkedin Twitter RSS Feed Email Alerts & Newsletters