Skip to content

Commit

Permalink
FAB-1008: Chaincode library IF for invocation AC
Browse files Browse the repository at this point in the history 
This is work in progress on chaincode library interface
facilitating authentication of a client w.r.t. a list of
attributes the client claims to be in possession of.

Change-Id: I02dee9289175c94e951b7a15482485931821110b
Signed-off-by: Elli Androulaki <lli@zurich.ibm.com>
  • Loading branch information
@elli-androulaki
elli-androulaki committed Jan 18, 2017
1 parent 01de0e4 commit df6c5c7
Showing 1 changed file with 48 additions and 0 deletions.
48 changes: 48 additions & 0 deletions accesscontrol/api/authshim.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
package authshim

import "github.com/hyperledger/fabric/msp"

/*
Copyright IBM Corp. 2017 All Rights Reserved.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

// AttributeAuthShim is an interface based on top of the chaincode shim
// to offer invocation access control based on identity attributes
// TODO: Add NewAuthShimByTransientDataKey function
// TODO: Make it later generic enough by providing as input the MSP identity
type AttributeAuthShim interface {

// ReadAttributeValue would return the value of an attribute
ReadAttributeValue(attName string) ([]byte, error)

// Verify a proof of ownership of attribute atts using invocation
// data as the message to prove possession of attributes on
VerifyAttribute(atts []msp.Attribute)
}

// IdentityAuthShim is an interface based on top of the chaincode shim
// to offer invocation access control based on identities
// TODO: Add NewAuthShimByTransientDataKey
// TODO: Add as setup parameter also ApplicationMSP
type IdentityAuthShim interface {

// Verify a proof of ownership of an identity using the input
// message to prove possession of identity ownership on
VerifyIdentityOnMessage(identity msp.Identity, message string)

// Verify a proof of ownership of an identity using invocation
// data as the message to prove possession of attributes on
VerifyIdentity(identity msp.Identity)
}

0 comments on commit df6c5c7

Please sign in to comment.