We are one of the Openstack cloud user and use Swift to store lots of files in cloud. And our users (the end-users) will access these files. If the files are public, then the end-users can directly visit the object URL in web or mobile applications. However, some of files are private. Each end-user can only access his own private files.
The end-user may have two methods to access his private files:
A. The end-user always sends requests to our server. And our server will get the files from Swift, and then send them to the user. In this method, Our server can be regarded as a file proxy. We have the authentication of Openstack, and the user has the authentication of our server. We should maintain our own user system.
One problem of this method is the scalability. Because each request will be sent to our server, then the server will be the bottleneck if many files are uploading or downloading at the same time. The high scalability feature of Swift can't be used if we don't have enough servers. Actually we really don't need lots of servers except file transferring.
B. The end-user directly sends requests to Swift. It may solve the huge file bandwidth problem. But he must have the authentication method of Openstack. So we need thousands of Openstack accounts for our users while we are only one of the user of Openstack! It seems strange and is not feasible.
Are there any other methods to meet the requirement?
You could use your server to get the files (scenario A), but put that server "in the cloud". Then as access needs to scale up, you spin up additional servers under a load balancer. You, therefore, are distributing the load horizontally as needed.
An idea.
(Disclaimer: I am a Rackspace employee)