In computing,Self-certifying File System (SFS) is a global and decentralized,distributed file system forUnix-like operating systems, while also providing transparentencryption of communications as well asauthentication. It aims to be the universal distributed file system by providing uniform access to any available server, however, the usefulness of SFS is limited by the low deployment of SFS clients. It was developed in the June 2000 doctoral thesis ofDavid Mazières.
The SFSclientdaemon implements the Sun'sNetwork File System (NFS) protocol for communicating with theoperating system, and thus can work on any operating system that supports NFS, includingWindows.[1] The client manages connections to remote file systems as necessary, acting as a kind of protocol translation layer. The SFS server works similarly to other distributed file system servers, by exposing an existingdisk file system over the network, over the specific SFS protocol. OnUnix-like systems, SFS file systems can usually be found at/sfs/hostname:hostID. When an SFS file system is first accessed through this path, a connection to the server is made and the directory is created ("automounted").
The primary motivation behind the file system is to address the shortcomings ofhardwired, administratively configured distributed file systems in larger organizations, and various remote file transfer protocols. It is designed to operate securely between separateadministrative realms. For example, with SFS, one could store all their files on a single remote server, and access the same files securely and transparently from any location as if they were stored locally, without any special privileges or administrative cooperation (other than running the SFS client daemon). Available file systems will be found at the same path regardless of physical location, and are implicitly authenticated by their path names — as they include thepublic-key fingerprint of the server (hence why it is called "self-certifying").[2]
In addition to the new perspective, SFS also addresses some commonly raised limitations of other distributed file systems. For example, NFS andSMB clients have to rely on the server for file system security policies, and NFS servers have to rely on the client computer for authentication. This often complicates security, as one compromised computer could breach the security of the entire organization. The NFS and SMB protocols also do not by themselves provideconfidentiality (encryption) ortamper resistance from other computers on the network, without encapsulation layers such asIPsec.
UnlikeCoda andAFS, SFS does not provide localcaching of remote files and thus is more dependent on network reliability,latency andbandwidth.