NASD Key Hierarchy

1. Master key : The master key is equivalent to the ownership of the NASD drive. Using the master key, all the lower level keys can be reset. However, the master key can be kept offline because it is used infrequently (used at initialization and for disaster recovery).

2. Drive key : The drive key is held by the administrator of the drive (e.g. partition adminstrator or backup manager). The drive key is kept online and used to for infrequent operations such as manipulating partition attributes including the partition keys.

3. Partition key: The partition key is held by the file server personality that controls the data for the specified partition. This key is kept online but it used infrequently to manipulate the red/black keys. Since the red/black keys are used regularly, the partition key is neccessary so the file server can adjust the lifetime of the red/black keys without requiring the involvement of the drive administrator.

4. Red/Black keys : The red/black keys are a pair of onlinekeys which are frequently used to construct capabilities. While both can be used, one will be the active key which a file manager uses to issue new capabilities while allowing all the capabilities issued against the inactive key to gracefully expire. When the capabilities issued against the inactive key have all expired, it is safe for the file manager to change the inactive key and make it active without invalidating any outstanding capabilities. These keys may also be used to directly perform object operations.

5. Capability key: Each capability contains a capability key. The capability keys are held online by clients and used frequently with each NASD request.