Pure Storage, Inc.
Dispersed credentials

Abstract:

A method includes receiving, at a distributed storage (DS) unit, an access request from a requesting device. The access request includes a username and a user certificate, and the user certificate includes a user certificate signature. The user certificate is authenticated, and a domain name of a certificate authority (CA) associated with the user certificate is determined from information included in the access request. A CA certificate is obtained using the domain name of the CA, and the signature on the user certificate is validated using the CA certificate. The access request is approved in response to both 1) authenticating the user certificate, and 2) validating the user certificate signature using the CA certificate.