Is it possible to define access control to an asset within an organization at the fabric level using user identities?
The one solution I can think of is maintaining permission to the asset within CouchDB or a database (say permissions database). Here we can couple the asset with the x509 certificate of the user. Thus, whenever the user tries to access an asset, his identity is first checked against the permissions database.
However, is there a way where we do not need to explicitly maintain ACLs and based on X509 the access to the assets is maintained "within an organization".