New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

transaction family namespace permission checked by the validator #1117

Merged
merged 1 commit into from Nov 21, 2017

Conversation

Projects
None yet
5 participants
@benoitrazet
Contributor

benoitrazet commented Nov 15, 2017

We propose to modify the validator to enforce namespace permission declared on-chain. The change has its own test added to the run_tests script.

Signed-off-by: Benoit Razet benoit.razet@pokitdok.com

@benoitrazet benoitrazet changed the title from namespace permission checked by the validator based on on-chain transa… to namespace permission checked by the validator based on on-chain transaction family settings Nov 15, 2017

@benoitrazet benoitrazet changed the title from namespace permission checked by the validator based on on-chain transaction family settings to transaction family namespace permission checked by the validator Nov 15, 2017

@jsmitchell jsmitchell self-assigned this Nov 16, 2017

@peterschwarz

This comment has been minimized.

Contributor

peterschwarz commented Nov 16, 2017

This looks pretty good. My only comment would be to improve the commit message to have some more detail about the change, and to follow the message format that is referenced in the contribution guide in the sawtooth docs

Onchain namespace permission checked by validator
The goal is to provide a mechanism to indicate to the
blockchain/network the namespaces transaction families are allowed to
write to and enforce it. This provides a way to implement a namespace
permissioning mechanism. This is essential to allocate certain
namespace to certain transaction families and prevent transactions to
write to addresses they are not allowed to.

For every transaction processed by the validator, it verifies that the
outputs of the transaction are prefixed with one of the namespace
listed by the transaction family it belongs to. The namespaces are
indicated onchain with the settings transaction family. If no
namespaces field is indicated in the onchain settings then it
artificially declare an empty prefix namespace such that any output
listed is valid. Therefore the change proposed is backward compatible.

The new feature is tested by injecting block_info, running some intkey
transactions and declaring valid namespace for block_info and
*invalid* namespaces for intkey such that when blocks are validated it
only includes block_info transactions.

Signed-off-by: Benoit Razet <benoit.razet@pokitdok.com>
@benoitrazet

This comment has been minimized.

Contributor

benoitrazet commented Nov 16, 2017

Thanks. I improved the commit message by adding some description of the change proposed. Let me know if anything needs more clarifications.

@jsmitchell jsmitchell merged commit aef3650 into hyperledger:master Nov 21, 2017

2 checks passed

DCO All commits have a DCO sign-off from the author
continuous-integration/jenkins/pr-head This commit looks good
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment