We enumerated the naming and sharing qualities that relate to the goal of spanning administrative boundaries. We evaluate our architecture and existing architectures with respect to these qualities, and discovered that our approach trades off performance and user cost of storage management to enable names with high mnemonic and semantic value that users can easily share.
We contributed a naming mechanism based on user-relative paths that reflects user-to-user relationships. To ensure that all applications exhibit the benefits of user-specific naming, we structured the system so that naming is a separate, user-controlled layer between applications and other system services.
We contributed an authorization mechanism that enables users to uniformly specify their sharing requirements with other users, regardless of whether their colleagues are in the same administrative domain. Hence sharing reflects user-to-user relationships, not administrative hierarchy. Our sharing model was founded on a formal logic and semantics, so its meaning is unambiguous and implementations can be verified against a clear standard.
We established that our sharing model enables an end-to-end approach to authorization that has benefits even within administrative domains. It enabled us to build gateways that span network scales, levels of abstraction, and protocols while maintaining the flow of authorization information from the client to the ultimate resource server.
Our prototype system and applications demonstrated the naming and sharing mechanisms at work. We compared them to conventionally-organized systems and applications, and evaluated their characteristics qualitatively and quantitatively. The system exhibited the qualities we desire, and its performance roughly tracked that of conventional hop-by-hop authorization protocols with similar implementations.
The user-centered philosophy of system organization was the organizing element behind our work. We concluded that the philosophy is compatible with the usual goals of system design, and in fact simplifies the organization of systems by reducing many administrative tasks to special applications of user tools.
These results contributed to the scientific community interested in distributed systems, operating systems, and computer security. We hope that system architects will consider adopting our philosophy when they develop future designs.