回复: [Hyperledger Fabric] Hyperledger Fabric Vs Composer ACLs


david liu <david-khala@...>
 

1. It might leak sensitive information of the user inside the certificate
For concern of sensitive information in certificate, you could consider use idemix as a ZKP
2. It is hard to handle the provenance of the attributes, as administrator could add any attributes as he want to an identity
That is why he is admin of his organization. 
3. Each time Updating the attributes need to update the Certificate too, so there might be many versions of certificate if we manage to keep it as archive
Instead of rotate the certificate, you could consider upgrade the chaincode who identifies certificate and behaves. 


发件人: fabric@... <fabric@...> 代表 Kimheng SOK <sok.kimheng@...>
发送时间: 2019年11月18日 18:13
收件人: Brett T Logan <Brett.T.Logan@...>
抄送: fabric@... <fabric@...>
主题: Re: [Hyperledger Fabric] Hyperledger Fabric Vs Composer ACLs
 
Dear Brett Logan,

Thank for your answer, related to fine-grained access control by adding attributes to identity of the user
I found that:
1. It might leak sensitive information of the user inside the certificate
2. It is hard to handle the provenance of the attributes, as administrator could add any attributes as he want to an identity
3. Each time Updating the attributes need to update the Certificate too, so there might be many versions of certificate if we manage to keep it as archive
What do you think?

Bests,

On Mon, Nov 18, 2019 at 4:53 PM Brett T Logan <Brett.T.Logan@...> wrote:

There is a finite set of resources you can place an ACL on using the following documentation:
 
 
To create more fine-grained control you can do Attribute-based Access Control by specify attributes in the x590 identity which can then be used in chaincode to determine if a user should have access to a specific operation at invocation. You can find that doc here:
 
 
Brett Logan
Software Engineer, IBM Blockchain
Phone: 1-984-242-6890
 
 
 
----- Original message -----
From: "Kimheng SOK" <sok.kimheng@...>
Sent by: fabric@...
To: fabric@...
Cc:
Subject: [EXTERNAL] [Hyperledger Fabric] Hyperledger Fabric Vs Composer ACLs
Date: Mon, Nov 18, 2019 3:48 AM
 
Dear all,
 
In Hyperledger Composer Access Control List is define in a file.acl,
Where is the equivalent access control list in Hyperledger Fabric to the one in Composer?
 
Bests,
 

Join fabric@lists.hyperledger.org to automatically receive all group messages.