Abstract: A method of upgrading software components within a dispersed data storage network is disclosed. A list of identifiers corresponding to devices within the dispersed data storage network is assembled. Each member of the list is assigned to an upgrade set based on the devices that are reachable by the vaults associated with the device.

Abstract: A method begins by a processing module receiving a certificate chain and determining whether at least one of one or more signed certificates of the chain has a valid signature. When the at least one of the one or more signed certificates has a valid signature, the method continues with the processing module identifying one or more certificate authorities (CA) to produce identified CAs, accessing registry information that includes one or more realm identifiers (IDs) and a plurality of trusted CA IDs, determining whether one or more of the identified CAs is a trusted CA, and when the one or more of the identified CAs is a trusted CA, indicating that the certificate chain is valid, identifying a realm ID based on a trusted CA ID, and generating certificate chain validation information to include the realm ID, trusted CAs, and the indication of the validity of the certificate chain.

Abstract: A method begins with a processing module selecting one of a plurality of dispersed storage (DS) processing modules for facilitating access to a dispersed storage network (DSN) memory. The method continues with the processing module sending a DSN memory access request to the one of the plurality of DS processing modules. The method continues with the processing module selecting another one of the plurality of DS processing modules when no response is received within a given time frame or when the response to the access request does not include an access indication. The method continues with the processing module sending the DSN memory access request to the another one of the plurality of DS processing modules.

Abstract: A method for execution by one or more processing modules of a dispersed storage network (DSN) includes receiving a data access request for at least one data segment stored in the DSN. A vault associated with data access request is identified along with one of a plurality of sub-vaults associated with the vault. Access information corresponding to the one of the plurality of sub-vaults is retrieved to determine whether the access request is allowed. When the access request is allowed, a sub-vault directory associated with the one of the plurality of sub-vaults is retrieved to identify a DSN address corresponding to the data access request, and fulfilling the data access request based on the DSN address.

Abstract: A method begins by independently executing a first write transaction in a dispersed storage network (DSN) to a particular write verification step of a multiple step write process, wherein the first write transaction has a first transaction identifier. The method continues by independently executing a second write transaction in the DSN to the particular write verification step, wherein the second write transaction has a second transaction identifier, and wherein subject matter of the first write transaction is related to subject matter of the second write transaction. The method continues by dependently finalizing the multiple step write process for each of the first and second write transactions utilizing the first and second transaction identifiers when each of the first and second write transactions have reached the particular write verification step.

Abstract: A distributed storage network generates a plurality of data segments from a data object and stores each of the plurality of data segments as a plurality of encoded data slices generated from an error encoding dispersal function. When the distributed storage network receives a modification request for the data object, it determines a size of the plurality of data segments of the data object from a segment size field and identifies one of the plurality of data segments requiring modification. The identified data segment is reconstructed from the plurality of encoded data slices and modified in accordance with the modification request.

Abstract: A method of managing devices in a dispersed data storage network is disclosed. A device list is maintained including entries for every device in the dispersed data storage network. Each entry lists a public key, a network address, and hardware identifier for the corresponding device. On startup each device sends a request to join the network. The request includes the device's public key, network address, and hardware identifier. The request is compared with the device list, and, based on the comparison, and, in some cases, administrator action, the request is granted or denied.

Abstract: A computer a network interface and a central processing unit. The network interface communicates with a network. The central processing unit (CPU) is operable to receive a networked file system access request packet and to identify a root directory based on the networked file system access request packet. The CPU then identifies a file directory based on the root directory and the networked file system access request packet. The CPU then identifies file object metadata based on the file directory and identifies a set of slice servers based on the file object metadata and the networked file system access request packet. The CPU then issues, via the network interface, a set of commands to a set of slice servers regarding the networked file system access request packet.

Abstract: A method begins by a processing module of a computing device receiving a most current revision value for a data element, where a revision value for the data element is generated based on a current time of a storing device. The method continues with the processing module generating a new revision value for a currently revised version of the data element based on a current time of the computing device and comparing the current time of the new revision value with the current time of the most current revision value. When the current time of the new revision value precedes the current time of the most current revision value, the method continues with the processing module adjusting the new revision value to produce an adjusted revision value and facilitating storage of the currently revised version of the data element having the adjusted revision value.

Abstract: A method begins by a processing module of a dispersed storage network (DSN) obtaining utilization information regarding a plurality of storage units of the DSN, where first and second sets of storage units support a first logical storage vault. The method continues with the processing module detecting a utilization imbalance between a first storage unit of the first set of storage units and a second storage unit of the second set of storage units based on the utilization information, where the first and second storage units are not a common storage unit. The method continues with the processing module executing a data storage function regarding the first logical storage vault based on the utilization imbalance.

Abstract: A method begins by a processing module dispersed storage error encoding data to produce a set of encoded data slices and generating a transaction identifier regarding storage of the set of encoded data slices. The method continues with the processing module outputting a plurality of write request messages to a plurality of dispersed storage (DS) units, wherein each of the plurality of write request messages includes the transaction identifier and a corresponding one of the set of encoded data slices. The method continues with the processing module receiving write response messages from at least some of the DS units, wherein each of the write response messages includes a reference to the transaction identifier. The method continues with the processing module updating directory information regarding storage of the data to produce updated directory information when at least a write threshold number of the write response messages have been received.

Abstract: A method of managing devices in a dispersed data storage network is disclosed. A device list is maintained including entries for every device in the dispersed data storage network. Each entry lists a public key, a network address, and hardware identifier for the corresponding device. On startup each device sends a request to join the network. The request includes the device's public key, network address, and hardware identifier. The request is compared with the device list, and, based on the comparison, and, in some cases, administrator action, the request is granted or denied.

Abstract: A method begins by a processing module receiving a dispersed storage network (DSN) access request that includes a requester identifier (ID), wherein the requester ID is associated with a certificate chain. When the certificate chain is valid, the method continues with the processing module accessing registry information for the DSN. The method continues with the processing module identifying one of a plurality of access control lists based on at least one of information associated with the requester ID and information associated with the certificate chain, identifying one or more entries of the one of the plurality of access control lists based on the information associated with the certificate chain to produce one or more identified entries, and generating, for the DSN access request, permissions from one or more sets of permissions associated with the one or more identified entries.

Abstract: A method begins with a processing module determining that storage of data requires updating, wherein the data is stored as a plurality of sets of encoded data slices in DSN memory. For a first type of updating, the processing module increases the total number while maintaining the decode threshold number. The processing module then, for each set of encoded data slices, creates another encoded data slice in accordance with the dispersed storage error encoding function and the increased total number and sends the new encoded data slices to the DSN memory. For a second type of updating, the processing module increases the total number and the decode threshold number. The processing module then recovers the data and encodes it in accordance with the dispersed storage error encoding function using the increased total number and the increased decode threshold number to produce an updated plurality of sets of encoded data slices.

Abstract: A distributed storage network generates a plurality of data segments from a data object and stores each of the plurality of data segments as a plurality of encoded data slices generated from an error encoding dispersal function. When the distributed storage network receives a modification request for the data object, it determines a size of the plurality of data segments of the data object from a segment size field and identifies one of the plurality of data segments requiring modification. The identified data segment is reconstructed from the plurality of encoded data slices and modified in accordance with the modification request.

Abstract: A computer a network interface and a central processing unit. The network interface communicates with a network. The central processing unit (CPU) is operable to receive a networked file system access request packet and to identify a root directory based on the networked file system access request packet. The CPU then identifies a file directory based on the root directory and the networked file system access request packet. The CPU then identifies file object metadata based on the file directory and identifies a set of slice servers based on the file object metadata and the networked file system access request packet. The CPU then issues, via the network interface, a set of commands to a set of slice servers regarding the networked file system access request packet.

Abstract: A method begins by a processing module receiving a certificate chain and determining whether at least one of one or more signed certificates of the chain has a valid signature. When the at least one of the one or more signed certificates has a valid signature, the method continues with the processing module identifying one or more certificate authorities (CA) to produce identified CAs, accessing registry information that includes one or more realm identifiers (IDs) and a plurality of trusted CA IDs, determining whether one or more of the identified CAs is a trusted CA, and when the one or more of the identified CAs is a trusted CA, indicating that the certificate chain is valid, identifying a realm ID based on a trusted CA ID, and generating certificate chain validation information to include the realm ID, trusted CAs, and the indication of the validity of the certificate chain.

Abstract: A distributed storage network generates a plurality of data segments from a data object and stores each of the plurality of data segments as a plurality of encoded data slices generated from an error encoding dispersal function. When the distributed storage network receives a modification request for the data object, it determines a size of the plurality of data segments of the data object from a segment size field and identifies one of the plurality of data segments requiring modification. The identified data segment is reconstructed from the plurality of encoded data slices and modified in accordance with the modification request.

Abstract: A method begins by a processing module receiving a certificate chain and determining whether at least one of one or more signed certificates of the chain has a valid signature. When the at least one of the one or more signed certificates has a valid signature, the method continues with the processing module identifying one or more certificate authorities (CA) to produce identified CAs, accessing registry information that includes one or more realm identifiers (IDs) and a plurality of trusted CA IDs, determining whether one or more of the identified CAs is a trusted CA, and when the one or more of the identified CAs is a trusted CA, indicating that the certificate chain is valid, identifying a realm ID based on a trusted CA ID, and generating certificate chain validation information to include the realm ID, trusted CAs, and the indication of the validity of the certificate chain.

Abstract: A method begins by a processing module receiving a dispersed storage network (DSN) access request that includes a requester identifier (ID), wherein the requester ID is associated with a certificate chain. When the certificate chain is valid, the method continues with the processing module accessing registry information for the DSN. The method continues with the processing module identifying one of a plurality of access control lists based on at least one of information associated with the requester ID and information associated with the certificate chain, identifying one or more entries of the one of the plurality of access control lists based on the information associated with the certificate chain to produce one or more identified entries, and generating, for the DSN access request, permissions from one or more sets of permissions associated with the one or more identified entries.