-
Notifications
You must be signed in to change notification settings - Fork 8.8k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
FAB-1008: Chaincode library IF for invocation AC
This is work in progress on chaincode library interface facilitating authentication of a client w.r.t. a list of attributes the client claims to be in possession of. Change-Id: I02dee9289175c94e951b7a15482485931821110b Signed-off-by: Elli Androulaki <lli@zurich.ibm.com>
- Loading branch information
1 parent
01de0e4
commit df6c5c7
Showing
1 changed file
with
48 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
package authshim | ||
|
||
import "github.com/hyperledger/fabric/msp" | ||
|
||
/* | ||
Copyright IBM Corp. 2017 All Rights Reserved. | ||
Licensed under the Apache License, Version 2.0 (the "License"); | ||
you may not use this file except in compliance with the License. | ||
You may obtain a copy of the License at | ||
http://www.apache.org/licenses/LICENSE-2.0 | ||
Unless required by applicable law or agreed to in writing, software | ||
distributed under the License is distributed on an "AS IS" BASIS, | ||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
See the License for the specific language governing permissions and | ||
limitations under the License. | ||
*/ | ||
|
||
// AttributeAuthShim is an interface based on top of the chaincode shim | ||
// to offer invocation access control based on identity attributes | ||
// TODO: Add NewAuthShimByTransientDataKey function | ||
// TODO: Make it later generic enough by providing as input the MSP identity | ||
type AttributeAuthShim interface { | ||
|
||
// ReadAttributeValue would return the value of an attribute | ||
ReadAttributeValue(attName string) ([]byte, error) | ||
|
||
// Verify a proof of ownership of attribute atts using invocation | ||
// data as the message to prove possession of attributes on | ||
VerifyAttribute(atts []msp.Attribute) | ||
} | ||
|
||
// IdentityAuthShim is an interface based on top of the chaincode shim | ||
// to offer invocation access control based on identities | ||
// TODO: Add NewAuthShimByTransientDataKey | ||
// TODO: Add as setup parameter also ApplicationMSP | ||
type IdentityAuthShim interface { | ||
|
||
// Verify a proof of ownership of an identity using the input | ||
// message to prove possession of identity ownership on | ||
VerifyIdentityOnMessage(identity msp.Identity, message string) | ||
|
||
// Verify a proof of ownership of an identity using invocation | ||
// data as the message to prove possession of attributes on | ||
VerifyIdentity(identity msp.Identity) | ||
} |