Fabric-Ca User Revoke

Nicholas Leonardi

Hey guys,

I've been working on a user revoke script but have come across some points after some research and testing.
Here's a scenario that makes it very troublesome from the process that I understood.

There are two organizations, Org1 as the main organization with permissions to submit 
channel configurations with a root CA. 

There's Org2 that uses an Intermediate CA to issue users and manage their own "staff" and
who may access the network to transact with the chaincodes. 

However, Org2 does not have permission to submit channel configuration updates so when
it is needed to revoke Org2 users certificates, it would need to request Org1 to do so through 
a channel update and add it to a revocation list. 

Is there a policy that would allow Org2 to submit channel updates that only affects it's own
json configuration "channel.Org2MSP..." section of the config json but restrict it from changing any
other channel configurations?

I must be missing something with ACL's because this would be very impractical if there are a bunch
of organizations in a network with only one org managing channel updates.

Thanks in advance,

Join fabric@lists.hyperledger.org to automatically receive all group messages.