S3 Storage — Object Storage

SDL runs and internally manages an S3-compatible object storage cluster for blob storage.

It uses a Security Token Service (STS) for user JWT token authentication. This enables the object storage layer to identify the user by their principal ID in the identity provider (instead of a separate access key and secret key), which is needed to authorize the user for access to specific objects.

For authorization decisions, the object storage layer defers to the policy engine on a per-object basis. This is where security policies are applied, such as classification access controls.

See Clients for getting connected.