Re: Hyperledger Fabric Vs Composer ACLs


Kimheng SOK
 

Dear Brett Logan,

Thank for your answer, related to fine-grained access control by adding attributes to identity of the user
I found that:
1. It might leak sensitive information of the user inside the certificate
2. It is hard to handle the provenance of the attributes, as administrator could add any attributes as he want to an identity
3. Each time Updating the attributes need to update the Certificate too, so there might be many versions of certificate if we manage to keep it as archive
What do you think?

Bests,

On Mon, Nov 18, 2019 at 4:53 PM Brett T Logan <Brett.T.Logan@...> wrote:
There is a finite set of resources you can place an ACL on using the following documentation:
 
 
To create more fine-grained control you can do Attribute-based Access Control by specify attributes in the x590 identity which can then be used in chaincode to determine if a user should have access to a specific operation at invocation. You can find that doc here:
 
 
Brett Logan
Software Engineer, IBM Blockchain
Phone: 1-984-242-6890
 
 
 
----- Original message -----
From: "Kimheng SOK" <sok.kimheng@...>
Sent by: fabric@...
To: fabric@...
Cc:
Subject: [EXTERNAL] [Hyperledger Fabric] Hyperledger Fabric Vs Composer ACLs
Date: Mon, Nov 18, 2019 3:48 AM
 
Dear all,
 
In Hyperledger Composer Access Control List is define in a file.acl,
Where is the equivalent access control list in Hyperledger Fabric to the one in Composer?
 
Bests,
 

Join fabric@lists.hyperledger.org to automatically receive all group messages.