fabric:ABAC

Attribute based access control

是一种权限控制方式。基本思路是在ca证书中添加一些属性字段(attribute),

const secret = await ca.register({ affiliation: 'org1.department1', enrollmentID: 'user1', role: 'client' }, adminIdentity);

然后在编写chaincode的时候,可以读取这些字段,根据相应信息进行权限控制。

func set(stub shim.ChaincodeStubInterface, args []string) (string, error) {
 
 // only user with org1.department1 affiliation can set the value
 department1err := cid.AssertAttributeValue(stub, "hf.Affiliation", "org1.department1")
 if department1err != nil {
  return "", fmt.Errorf("Only Department 1 can set value.")
 }
 ...
 original code
 ...
}

可见ABAC是需要CA和chaincode一起配合的,和Policy不同。Policy是配置Channel的权限,而ABAC是chaincode内部逻辑的权限控制。

其他权限控制方式

fabric的权限控制方式分为两种粒度:

  • Channel层级的权限,控制本channel上所有chaincode的权限,是通过Policy
  • Chaincode层级的权限,即通过上面的ABAC和Private Data实现

Ref



《 “fabric:ABAC” 》 有 5 条评论

  1. I’m genuinely impressed by how you managed to make this subject so digestible and friendly. Often, this kind of information can feel like a puzzle, but you laid everything out in a way that was effortless to follow. More than that, your tone was comforting and positive. It’s like you knew exactly what readers needed to hear to feel at ease. Really impressive!

  2. Increased free water intake in the presence of kidney disease causes hypervolemic hyponatremia 10 how to get cheap cytotec without a prescription

  3. Shane Millions of people insist that because their new statin drug i buy priligy

回复 agodelo 取消回复

您的邮箱地址不会被公开。 必填项已用 * 标注

About Me

一位程序员,会弹吉他,喜欢读诗。
有一颗感恩的心,一位美丽的妻子,两个可爱的女儿
mail: geraldlee0825@gmail.com
github: https://github.com/lisuxiaoqi
medium: https://medium.com/@geraldlee0825