PDF GB/T 31916.2-2015 English
Search result: GB/T 31916.2-2015
| Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Name of Chinese Standard | Status |
| GB/T 31916.2-2015 | English | 230 |
Add to Cart
|
0-9 seconds. Auto-delivery.
|
Information Technology - Cloud Data Storage and Management - Part 2: Object-based Cloud Storage Application Interface
| Valid |
PDF Preview: GB/T 31916.2-2015
GB/T 31916.2-2015: PDF in English (GBT 31916.2-2015) GB/T 31916.2-2015
NATIONAL STANDARD OF THE
PEOPLE’S REPUBLIC OF CHINA
ICS 35.100.05
L 79
Information Technology - Cloud Data Storage and
Management - Part 2: Object-based Cloud Storage
Application Interface
ISSUED ON: SEPTEMBER 11, 2015
IMPLEMENTED ON: MAY 1, 2016
Issued by: General Administration of Quality Supervision, Inspection and
Quarantine.
Standardization Administration of the People’s Republic of
China.
Table of Contents
Foreword ... 3
1 Scope ... 4
2 Normative References ... 4
3 Terms, Definitions and Abbreviations ... 4
3.1 Terms and Definitions ... 4
3.2 Abbreviations ... 5
4 Object-based Cloud Storage Architecture ... 5
5 General Requirements of Object-based Cloud Storage Application Interface
... 7
5.1 Overview ... 7
5.2 Access Control ... 7
5.3 Supplementary Error Message ... 7
5.4 Public Request Header ... 7
5.5 Public Response Header ... 8
6 Definition of Object-based Cloud Storage Application Interface... 9
6.1 Overview ... 9
6.2 Related Functions of Container ... 9
6.3 Related Functions of Object ... 23
Appendix A (Normative) ACL-based Access Control ... 36
Appendix B (Normative) Supplementary Error Message ... 38
Information Technology - Cloud Data Storage and
Management - Part 2: Object-based Cloud Storage
Application Interface
1 Scope
This Part of GB/T 31916 provides an architecture of object-based cloud data storage
(hereinafter referred to as cloud storage); stipulates general requirements of object-
based cloud storage application interface and the definition of application interface.
This Part is applicable to the design, development and application of object-based
cloud storage.
2 Normative References
The following documents are indispensable to the application of this document. In
terms of references with a specified date, only versions with a specified date are
applicable to this document. In terms of references without a specified date, the latest
version (including all the modifications) is applicable to this document.
GB/T 7408-2005 Data Elements and Interchange Formats - Information Interchange -
Representation of Dates and Times;
GB/T 26231-2010 Information Technology - Open Systems Interconnection - National
Numbering System and Registration Procedures for Object Identifier (OID);
GB/T 31916.1-2015 Information Technology - Cloud Data Storage and Management -
Part 1: General;
RFC 822 ARPA Standard for the Format of ARPA Internet Text Messages;
RFC 2616 Hypertext Transfer Protocol HTTP/1.1
3 Terms, Definitions and Abbreviations
3.1 Terms and Definitions
What is defined in GB/T 31916.1-2015, and the following terms and definitions are
applicable to this document.
3.1.1 Container
status, quota and operation authorization can be implemented.
Storage layer provides fundamental storage space to service layer. Storage layer shall
adopt extensible storage architecture. The specific storage technology shall be
transparent towards external application.
5 General Requirements of Object-based Cloud
Storage Application Interface
5.1 Overview
General requirements of object-based cloud storage application interface include 8
items of requirements, namely, interface protocol, identity authentication management,
access control, status code information description, supplementary error message,
public request header, public response header and error message description.
Specifically speaking, 4 items of requirements (interface protocol, identity
authentication management, status code information description and error message
description) shall comply with the stipulations of Chapter 5 in GB/T 31916.1-2015.
5.2 Access Control
Object-based cloud storage shall provide access control mechanism. The
management of access control may be implemented through modes like ACL.
Please refer to Appendix A for ACL-based access control.
5.3 Supplementary Error Message
Error response triggered in object-based cloud storage is relatively complicated. Error
message description needs to be supplemented to HTTP status code. The format of
the supplementary error message shall comply with the requirements in 5.4 in GB/T
31916.1-2015.
Please refer to Appendix B for supplementary error message description.
5.4 Public Request Header
The time format of object-based cloud storage application interface shall comply with
the format stipulated in GB/T 7408-2005.
Please refer to Table 1 for a description of HTTP request header format (see RFC
2616).
6 Definition of Object-based Cloud Storage Application
Interface
6.1 Overview
Object-based cloud storage application interface includes related functions of
container and related functions of object.
Related functions of container shall include:
a) Create container;
b) Delete container;
c) Acquire user’s all containers;
d) Acquire the list of objects in the container.
When ACL mode is adopted for user’s access control, related functions of container
shall also include:
e) Acquire container’s authorization;
f) Set up container’s authorization.
Related functions of object shall include:
a) Create object;
b) Delete object;
c) Acquire object;
d) Acquire object attribute;
e) Set up object attribute.
When ACL mode is adopted for user’s access control, related functions of object shall
also include:
f) Acquire object’s authorization;
g) Set up object’s authorization.
6.2 Related Functions of Container
6.2.1 Create container
error message.
6.2.4.7 Response parameter
Null.
6.2.4.8 Response message body parameters
Please refer to Table 7 for information that response message body parameters shall
include.
Table 7 -- Information of Response Message Body Parameters
Name Type Description Selection Status
Label Acquired a list of objects in container; Parent tag: null Required
Character String
Container URI;
Parent tag:
Optional
Character String
Object URI prefix;
Parent tag:
Optional
Character String
The upper limit of object number in the result set;
Parent tag:
Optional
Character
String
Initial value of object URI;
Parent tag:
Optional
Character String
Whether the returned result is all the result;
Parent tag:
Optional
Label
A list of objects in the result set;
Parent tag:
Required
Label
Objects in the result set;
Parent tag: Required
Character String
Object name;
Parent tag:
Required
Label
System attribute of objects in the result set;
Parent tag:
Required
Character
String
Object creation time;
Parent tag: Required
6.2.5.1 Functional description
When ACL mode (see Appendix A) is adopted for access control, user utilizes the
current interface to acquire container’s ACL. User shall have access
permission to container, otherwise, it is impossible to acquire the result. The target of
operation shall be expressed in URI, which is constituted of ,
in which, “ContainerName” is the name of container; “acl” indicates that the target of
this operation is the access control list.
6.2.5.2 Request message header
6.2.5.3 Request parameter
Null.
6.2.5.4 Additional domain of message header
Null.
6.2.5.5 Request body parameter
Null.
6.2.5.6 Response message code
Status code shall be returned in accordance with definition. If it is successful, return
200. If it fails, in accordance with the cause, set up status code and supplementary
error message.
6.2.5.7 Response parameter
Null.
6.2.5.8 Response message body parameters
Please refer to Table 8 for information that response message body parameters shall
include.
Table 8 -- Information of Response Message Body Parameters
Name Type Description Selection Status
Label
Include container’s access authorization information
and container owner’s information;
Parent tag: null
Required
Label Include container’s access authorization information; Required
6.3.2.2 Request message header
6.3.2.3 Request parameter
Null.
6.3.2.4 Additional domain of message header
Null.
6.3.2.5 Request body parameter
Null.
6.3.2.6 Response message code
Status code shall be returned in accordance with definition. If it is successful, return
204. If it fails, in accordance with the cause, set up status code and supplementary
error message.
6.3.2.7 Response parameter
Null.
6.3.2.8 Response message body parameter
Null.
6.3.2.9 Examples of message
Please refer to Example 1 for request message.
Example 1:
Please refer to Example 2 for response message.
Example 2:
6.3.3.8 Response message body parameter
Null.
6.3.3.9 Examples of message
Please refer to Example 1 for request message.
Example 1:
Please refer to Example 2 for response message.
Example 2:
6.3.4 Acquire object attribute
6.3.4.1 Functional description
In accordance with appointed URI, read the attribute value of a certain object. User
shall pass legitimate identity authentication; user shall have READ permission to the
object.
6.3.4.2 Request message header
Method 1: use GET method; response message returns result through message body.
Method 2: use HEAD method; response message returns result through message
header.
6.3.4.3 Request parameter
Example 1:
Please refer to Example 2 for response message.
Example 2:
6.3.6 Acquire object permission
6.3.6.1 Functional description
When ACL mode (see Appendix A) is adopted for access control, user utilizes the
current interface to acquire object’s ACL; the return message shall include permission
control list of the appointed object. User shall have permission to the
appointed object.
6.3.6.2 Request message header
6.3.6.3 Request parameter
Null.
6.3.6.4 Additional domain of message header
Null.
6.3.6.5 Request body parameter
Null.
Appendix A
(Normative)
ACL-based Access Control
Object-based cloud storage may implement access control through ACL. Specifically
speaking, the definition of ACL is shown in Table A.1.
Table A.1 -- Definition of ACL
ACL Value Container-level Access Control Function Object-level Access Control Function
It is allowed to execute the operation of
listed objects to the container.
It is allowed to read object
data and metadata, excluding
object’s access control
permission.
It is allowed to create, cover and delete
objects and object metadata in the
container.
Do not support.
It is allowed to read the access control permission of the container and
objects. This permission is merely restricted to the owner of the container
and objects. By default, this permission shall be implied.
It is allowed to set up the access control permission of the container and
objects. This permission is merely restricted to the owner of the container
and objects. By default, this permission shall be implied.
Non-owner user is allowed to have READ and WRITE permission.
Owner has full control to the permission.
When the system is executing PUT operation to objects or container, through the
application of extension header “x-OBS-acl”, synchronously set up objects or
container’s access control list. Please refer to Table A.2 for the macro-definition of
commonly seen ACL.
Table A.2 -- Macro-definition of Commonly Seen ACL
Access Control Mode Macro Description
Owner has FULL_CONTROL permission. In the creation of
container or objects, default permission: default.
Owner has FULL_CONTROL permission. Anonymous user
has READ permission.
Owner has FULL_CONTROL permission. Anonymous user
has READ | WRITE permission.
Owner has FULL_CONTROL permission. Any registered user
has READ permission.
Owner has FULL_CONTROL permission. Any registered user
......
Source: Above contents are excerpted from the PDF -- translated/reviewed by: www.chinesestandard.net / Wayne Zheng et al.
|