Re: identity authentication
toggle quoted message Show quoted text
I had a similar situation earlier this year.
The Fabric SDKs contain support for maintaining a credential wallet that holds end user's HLF credentials.
If you have an architecture similar to:
Mobile App-> REST API->HLF Peer
Then, the REST API layer can be used to translate from a security token embedded in API requests to credentials that the blockchain network will understand (ie, PKI an X509 private public key pairs).
See  for an example.
Our requirements eventually shifted to an "application" id being recorded in the blockchain. So, we just issued a "system identity" that the REST API layer's SDK used for all peer interaction. So, that ended up being much simpler.
I honestly don't like the solution where the server-side app has to maintain a credential wallet that contains all registered users HLF credentials, but that does seem cleaner than having every mobile app instance issued a set of HLF credentials and directly communicating with the blockchain network. Note, I haven't seen anyone or anything pitching that architecture, but it would probably be the only alternative.
For authentication of end users on the mobile, app I'd recommend using OpenId Connect's Authorization Code Grant with a Public Client. Use one of the numerous IdaaS (Identity as a Service) Providers available today. If OIDC is used in this manner, you also get an OAuth2 access token that can be cached in the mobile app (and refreshed as needed) and included with API calls (authorization header) to the REST API layer. An API Gateway can be used to handle authentication, authorization, request validation, and other typical concerns of API Security. All the major cloud hosting platforms offer an API Gateway solution that would do this out-of-the-box, the previous poster mentioned Kong, Apigee is another. There are a bunch of others.
On Tue, Dec 3, 2019 at 6:24 PM qs meng <qsmeng@...> wrote:
Robert C. Broeckelmann Jr | Managing Director | IyaSec
m: +1 314-494-3398 (SMS or WhatsApp) | fax: +1 (866) 484-1634
email: robert@... | site: iyasec.io
mail: 19215 SE 34th St Ste 106-407 Camas WA 98607-8830