Scope

YADE should support file transfer operations with Azure Blob Storage.
Technically speaking Azure file transfer operations make use of the HTTPS protocol and a number of query parameters and headers. The implementation therefore is fairly straightforward.
The sticking point is about what authentication methods should be supported.
- If blob containers are made publicly available and require no authentication then the YADE supports this out-of-the-box.
- If Azure authentication methods are applied then different implementations are to be considered:
  - Azure supports a range of authentication methods - we picked two of them for this proposal:
    - Use of Shared Key authentication, see Authorize with Shared Key
    - Use of Shared Access Signature authentication (SAS), see Create an Account SAS

Authentication Methods

Find a preliminary comparison of authentication methods:

Capability	Shared Key	Shared Access Signature
Scope	uses a single Shared Key for access at container level or at blob level	allows a single SAS token to be used for access to any blobs in a container allows individual SAS tokens to be used per blob and per file transfer operation
Access Duration	enables unlimited access	makes use of expiration dates
Permissions	enables full access at container level or at blob level for any file transfer operations	offers permissions (read, write, delete, list) per resource type (container, object) and service (blob, queue, table, file) allows a single SAS token to be used that includes any permissions and file transfer operations (get, put, list) allows individual SAS tokens to be used specifying permissions per blob and per file transfer operation

From the above comparison Shared Access Signatures are superior concerning more fine-grained access to resources.

x

YADE-561 - Getting issue details... STATUS

Pages

Navigation