回复: [Hyperledger Fabric] Hyperledger Fabric Vs Composer ACLs
|
david liu <david-khala@...>
1. It might leak sensitive information of the user inside the certificate
For concern of sensitive information in certificate, you could consider use idemix as a ZKP
2. It is hard to handle the provenance of the attributes, as administrator could add any attributes as he want to an identity
That is why he is admin of his organization.
3. Each time Updating the attributes need to update the Certificate too, so there might be many versions of certificate if we manage to keep it as archive
Instead of rotate the certificate, you could consider upgrade the chaincode who identifies certificate and behaves.
发件人: fabric@... <fabric@...> 代表 Kimheng SOK <sok.kimheng@...>
发送时间: 2019年11月18日 18:13 收件人: Brett T Logan <Brett.T.Logan@...> 抄送: fabric@... <fabric@...> 主题: Re: [Hyperledger Fabric] Hyperledger Fabric Vs Composer ACLs Dear Brett Logan,
Thank for your answer, related to fine-grained access control by adding attributes to identity of the user
I found that:
1. It might leak sensitive information of the user inside the certificate
2. It is hard to handle the provenance of the attributes, as administrator could add any attributes as he want to an identity
3. Each time Updating the attributes need to update the Certificate too, so there might be many versions of certificate if we manage to keep it as archive
What do you think?
Bests,
On Mon, Nov 18, 2019 at 4:53 PM Brett T Logan <Brett.T.Logan@...> wrote:
|
|
|
