Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
56 lines (44 sloc) 3.14 KB

AMO Storage Service Requirements

Any AMO storage service must meet the following requirements in order to participate in AMO environment as a AMO-compatible storage service.

Storage Service Identification

A storage service must be registered as AMO-compatible storage service. Upon registration a storage service shall receives a unique identifier. AMO-compatible clients will use this identifier to locate the storage service and figure out how to connect and interact with the service nodes.

Data Identification

A storage service must provide a form of an object storage service. Every data item in the storage must be able to be identified by a unique identifier. An typical example is Amazon S3 service. In AMO environment, all data items are identified, uploaded, and retrieved by the unit of parcel. A data parcel does not have any special internal structure. It is just a unit of addressing and merchandizing. Its content may be a single byte or a bulk of data with the size of several terabytes.

Access Control

A service must implement a access control mechanism to meet the minimum data protection requirement. A public key signature scheme is used for user authentication, and AMO blockchain query is used for permission check.

Overall flow

  1. AMO client → storage node
    1. An AMO client or AMO-compatible client sends a request to retrieve a data parcel.
    2. Storage node verifies the signature of the request††.
    3. Storage node records a user address from the client request.
  2. storage node ⇆ AMO blockchain node
    1. Storage node sends a query to an AMO blockchain node via AMO client RPC††† to check if the user has a granted usage to the target data parcel.
    2. AMO blockchain node replies to the RPC query.
  3. AMO client ← storage node
    1. Storage node checks the permission
    2. Storage node either transfer the data parcel or reject the request.

† See Data format.
†† See User authentication.
††† See Usage query.

User authentication

AMO client must sends a signed request along with a public key and a time-stamp to a storage node. The storage node must verify the signature before any action. AMO storage node shall derive the user account address from the public key. See AMO Blockchain Protocol Specification for the address derivation method.

Permission check

See Usage query for how to query via RPC channel.
See AMO Blockchain Protocol Specification for how to interpret RPC response.

Data format

AMO client → storage node
{
    "address" : "_user_account_address_",
    "data_parcel": "_data_parcel_id_",
    "timestamp": "_time_of_the_request_",
    "signature": {
        "pubkey": "_hex_encoded_public_key_",
        "sig_bytes": "_hex_encoded_signature_"
    }
}
storage node ⇆ AMO blockchain node

See Usage query.

storage node → AMO client

specific to each storage service type.

You can’t perform that action at this time.