P2p storage systems like PAST or CFS form a single overlay network that includes all participants. Replicas of stored objects are placed at random nodes with adjacent nodeIds throughout this overlay. This approach leads to good load balancing and failure independence, since the set of replica nodes for an object is widely distributed and thus unlikely to suffer correlated failures.
On the other hand, network locality can be poor because all objects are replicated at global scope, even when an object is only of local interest and a more local distribution (e.g., within a large organization) may yield adequate failure independence. The lack of centralized node administration makes it difficult to assess individual nodes' failure probabilities, and thus determine the appropriate degree of replication. And, the fact that any node can insert objects anywhere in the system invites denial-of-service attacks aimed at exhausting the storage space of certain nodes, or the entire system. Lastly, it is difficult to let nodes behind a firewall participate in the storage overlay.
POST overcomes these problems using a two-level store consisting of organizational overlays and a global overlay. The two-level store allows POST to scope the insertion of documents into the store, such that documents inserted by members of an organization are replicated among the organization's nodes. This is achieved without sacrificing load balancing, failure independence, or the ability to look up a stored message anywhere in the global overlay; we omit the details due to lack of space.