NeoFS is very carefully designed to offer the power of a filesytem with all the expected capabilities, on top of a decentralised network.
This means that files/folders etc can have permissions to who can read/write to them who can delete etc etc.
As NeoFS is built on top of the Neo blockchain, these permissions are based on wallet addresses of users.
Objects represent all files/data that is stored on NeoFS. Objects are accessed via SessionTokens or Bearer Tokens
A container controls the basic permissions that are applied to all content within it. Think of a container like a drive on a computer or network (and not a folder per se).
All objects must live within a container, their permissions will default to the permissions of the container
OwnerID is derived from the public or private key of a wallet and is unique to that wallet.
Container policies define the way objects will be placed among storage nodes. That is, you as the container owner can decide what type of node should store a file for you.
Containers and sessions/bearer tokens can have differeing permissions. By default permissions will be the same as the container's however if permissions are attached as a table to the container, or a bearer token is sent as part of a request, then they can override the permissions of the container
Read more about ACL here
Access is made using session tokens (derived from the private key), or bearer tokens, which are distributed by the container owner to others they want to be able to offer restricted capabilities (and time limits) to other users
A wallet is specifically an item that takes the NEP-6 format and contains any number of accounts. Accounts contain a public address, a private key and other information (read more here)
Wallets contain accounts. The first account in a wallet is the default and its wallet Address is the default address