李无知

吾生也有涯,而知也无涯

fabric:ABAC

Attribute based access control

是一种权限控制方式。基本思路是在ca证书中添加一些属性字段(attribute),

const secret = await ca.register({ affiliation: 'org1.department1', enrollmentID: 'user1', role: 'client' }, adminIdentity);

然后在编写chaincode的时候,可以读取这些字段,根据相应信息进行权限控制。

func set(stub shim.ChaincodeStubInterface, args []string) (string, error) {
 
 // only user with org1.department1 affiliation can set the value
 department1err := cid.AssertAttributeValue(stub, "hf.Affiliation", "org1.department1")
 if department1err != nil {
  return "", fmt.Errorf("Only Department 1 can set value.")
 }
 ...
 original code
 ...
}

可见ABAC是需要CA和chaincode一起配合的,和Policy不同。Policy是配置Channel的权限,而ABAC是chaincode内部逻辑的权限控制。

其他权限控制方式

fabric的权限控制方式分为两种粒度:

  • Channel层级的权限,控制本channel上所有chaincode的权限,是通过Policy
  • Chaincode层级的权限,即通过上面的ABAC和Private Data实现

Ref

,
,

Posted by:

李无知

《 “fabric:ABAC” 》 有 4 条评论

  1. provera clomid success 的头像
    provera clomid success

    can i buy clomid otc Tetracyclines are commonly prescribed

    回复
  2. buying cheap cytotec without insurance 的头像
    buying cheap cytotec without insurance

    Increased free water intake in the presence of kidney disease causes hypervolemic hyponatremia 10 how to get cheap cytotec without a prescription

    回复
  3. agodelo 的头像
    agodelo

    buy priligy on the internet without a prescription 9 zero perfusion to 47

    回复
  4. agodelo 的头像
    agodelo

    Shane Millions of people insist that because their new statin drug i buy priligy

    回复

回复 agodelo 取消回复

您的邮箱地址不会被公开。 必填项已用 * 标注

About Me

一位程序员,会弹吉他,喜欢读诗。
有一颗感恩的心,一位美丽的妻子,两个可爱的女儿
mail: geraldlee0825@gmail.com
github: https://github.com/lisuxiaoqi
medium: https://medium.com/@geraldlee0825

Recent Posts