Skip to content

Commit df6c5c7

Browse files
elli-androulakielli-androulaki
committed
FAB-1008: Chaincode library IF for invocation AC
This is work in progress on chaincode library interface facilitating authentication of a client w.r.t. a list of attributes the client claims to be in possession of. Change-Id: I02dee9289175c94e951b7a15482485931821110b Signed-off-by: Elli Androulaki <[email protected]>
1 parent 01de0e4 commit df6c5c7

File tree

1 file changed

+48
-0
lines changed

1 file changed

+48
-0
lines changed

accesscontrol/api/authshim.go

+48
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,48 @@
1+
package authshim
2+
3+
import "github.com/hyperledger/fabric/msp"
4+
5+
/*
6+
Copyright IBM Corp. 2017 All Rights Reserved.
7+
8+
Licensed under the Apache License, Version 2.0 (the "License");
9+
you may not use this file except in compliance with the License.
10+
You may obtain a copy of the License at
11+
12+
http://www.apache.org/licenses/LICENSE-2.0
13+
14+
Unless required by applicable law or agreed to in writing, software
15+
distributed under the License is distributed on an "AS IS" BASIS,
16+
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17+
See the License for the specific language governing permissions and
18+
limitations under the License.
19+
*/
20+
21+
// AttributeAuthShim is an interface based on top of the chaincode shim
22+
// to offer invocation access control based on identity attributes
23+
// TODO: Add NewAuthShimByTransientDataKey function
24+
// TODO: Make it later generic enough by providing as input the MSP identity
25+
type AttributeAuthShim interface {
26+
27+
// ReadAttributeValue would return the value of an attribute
28+
ReadAttributeValue(attName string) ([]byte, error)
29+
30+
// Verify a proof of ownership of attribute atts using invocation
31+
// data as the message to prove possession of attributes on
32+
VerifyAttribute(atts []msp.Attribute)
33+
}
34+
35+
// IdentityAuthShim is an interface based on top of the chaincode shim
36+
// to offer invocation access control based on identities
37+
// TODO: Add NewAuthShimByTransientDataKey
38+
// TODO: Add as setup parameter also ApplicationMSP
39+
type IdentityAuthShim interface {
40+
41+
// Verify a proof of ownership of an identity using the input
42+
// message to prove possession of identity ownership on
43+
VerifyIdentityOnMessage(identity msp.Identity, message string)
44+
45+
// Verify a proof of ownership of an identity using invocation
46+
// data as the message to prove possession of attributes on
47+
VerifyIdentity(identity msp.Identity)
48+
}

0 commit comments

Comments
 (0)