1. Field of the Invention
This invention relates to a method and apparatus for controlling access to data objects and, more particularly, to a method and apparatus for allowing a server to dynamically manage access control for a distributed file system.
2. Description of the Related Art
Client/server systems, in which client processes issue requests to server processes (usually on separate machines) to perform specified services for the client processes are well known in the art. File servers, which manage files accessed by remote clients, form an important class of servers; distributed file systems are made up of one or more of such file servers that appear to a client as a single entity. For large objects such as multimedia, a distributed file system requires fewer resources and provides faster startup times than the traditional server model in which the entire object is shipped to the client, who places the object into a local cache.
Often in client/server systems there are ancillary servers as well that assist clients in accessing files. Such ancillary servers include security servers such as the ticket-granting server in the Kerberos security system. Another example of an ancillary server of this type is the object server used in the IBM Digital Library in conjunction with the distributed file system that manages the digital objects being accessed.
It is highly desirable that servers such as the ancillary servers described above be able to dynamically control who has access to information stored in a file system. Thus, servers that support products such as the IBM Digital Library or FlowMark.RTM. are process sensitive or have a customer charging mechanism as part of the application. Such servers should to be able to dynamically determine which user can access which object.
In addition, a client should be able to access both protected objects and unprotected objects without having to care whether or not the information is protected. That is, the client should be able to use the same access methods for either case.