Abstract: Aspects of the subject matter described herein relate to updating and validating documents secured cryptographically. In aspects, documents are encrypted to protect them from unauthorized access. An entity having write access to a document may create a new version of the document and sign the new version with a private key. Other entities may validate that the new version of the document was created by an authorized entity by using a public key available in security data associated with the version. The entities that are authorized to create a new version may change which security principals are allowed to create subsequent versions.

Abstract: Aspects of the subject matter described herein relate to creating and validating cryptographically secured documents. In aspects, documents are encrypted to protect them from unauthorized access. An entity having namespace ownership rights may create a document in an authorized namespace and sign the document with a private key. Other entities may validate that the document was created by an authorized namespace owner by using a public key available in security data associated with a parent document of the document. For a root document, the public key may be available from a directory service. A namespace owner may change the namespace owner(s) that are allowed to create children of a document.

Abstract: Computers are provided with a totally ordered, durable shared log. Shared storage is used and can be directly accessed by the computers over a network. Append-log operations are made atomic in the face of failures by committing provisional append ordering information onto a log. The log may comprise multiple flash packages or non-volatile memory devices, referred to as segments, although any shared storage device(s) may be used. Each log record is a multi-page stripe, where each page of a stripe is written to a different segment. Fault-tolerant protocol variants append stripes to the log, such that stripes are totally ordered in the log and each stripe is written atomically.

Abstract: Aspects of the subject matter described herein relate to cryptographically controlling access to documents. In aspects, documents are encrypted to protect them from unauthorized access. A security principal seeking to access a document first obtains the document. The document includes an identifier that identifies security data associated with the document. The security data includes an encrypted portion that includes authorizations for security principals that have access to the document. A security principal having the appropriate key can decrypt its authorization in the security data to obtain one or more other keys that may be used to access the document. These other keys correspond to access rights that the security principal has with respect to the document.

Abstract: Transactional record management methods and systems enabling multiple independent servers (such as database servers) using shared storage to initiate transactions in parallel without inter server communication and without locking the records used by the transaction. The in-flight transactions can be included in a shared transaction log without a final determination of whether the transaction committed. The log updates can be broadcast to each of the servers, which each parse the log, using the same rules of analysis, and therefore each compute server can independently and asynchronously come to the same conclusion as to which transactions aborted and which transactions committed.

Abstract: Computers are provided with a totally ordered, durable shared log. Shared storage is used and can be directly accessed by the computers over a network. Append-log operations are made atomic in the face of failures by committing provisional append ordering information onto a log. The log may comprise multiple flash packages or non-volatile memory devices, referred to as segments, although any shared storage device(s) may be used. Each log record is a multi-page stripe, where each page of a stripe is written to a different segment. Fault-tolerant protocol variants append stripes to the log, such that stripes are totally ordered in the log and each stripe is written atomically.

Abstract: Transactional record management methods and systems enabling multiple independent servers (such as database servers) using shared storage to initiate transactions in parallel without inter server communication and without locking the records used by the transaction. The in-flight transactions can be included in a shared transaction log without a final determination of whether the transaction committed. The log updates can be broadcast to each of the servers, which each parse the log, using the same rules of analysis, and therefore each compute server can independently and asynchronously come to the same conclusion as to which transactions aborted and which transactions committed.

Abstract: Aspects of the subject matter described herein relate to updating and validating documents secured cryptographically. In aspects, documents are encrypted to protect them from unauthorized access. An entity having write access to a document may create a new version of the document and sign the new version with a private key. Other entities may validate that the new version of the document was created by an authorized entity by using a public key available in security data associated with the version. The entities that are authorized to create a new version may change which security principals are allowed to create subsequent versions.

Abstract: Aspects of the subject matter described herein relate to creating and validating cryptographically secured documents. In aspects, documents are encrypted to protect them from unauthorized access. An entity having namespace ownership rights may create a document in an authorized namespace and sign the document with a private key. Other entities may validate that the document was created by an authorized namespace owner by using a public key available in security data associated with a parent document of the document. For a root document, the public key may be available from a directory service. A namespace owner may change the namespace owner(s) that are allowed to create children of a document.

Abstract: Aspects of the subject matter described herein relate to cryptographically controlling access to documents. In aspects, documents are encrypted to protect them from unauthorized access. A security principal seeking to access a document first obtains the document. The document includes an identifier that identifies security data associated with the document. The security data includes an encrypted portion that includes authorizations for security principals that have access to the document. A security principal having the appropriate key can decrypt its authorization in the security data to obtain one or more other keys that may be used to access the document. These other keys correspond to access rights that the security principal has with respect to the document.