Select Git revision
streamchain
-
-
- Open in your IDE
- Download source code
Alessandro Sorniotti
authored
This change set introduces a more flexible way of describing the identity
associated to a policy. So far we had support for serializing the
certificate associated to the identity. We introduce a new structure that
supports that and 3 other ways of listing identities: i) the admin of an
MSP, ii) the CA of an MSP and iii) a valid certificate for an MSP.
Furthermore, policy evaluation is now performed using the MSP infrastructure:
cauthdsl receives a policy principal and an Identity instance and then it can
use the interfaces offered by the MSP to check whether the identity satisfies
the principal and whether the signature verifies. The semantics of policy
verification has somewhat changed: an identity (and its signature) can be used
to satisfy only a single principal. This has the benefit of better dealing
with the policy "two signatures from org0", but it has the downside that a
single identity can no longer be used to satisfy two principals (e.g. if
we need signatures from an identity with attribute A and one with attribute
B, a single signature from an identity with both attributes would not be
sufficient).
Change-Id: Id18a5933e341781334080965b5d04dc07d4f1b99
Signed-off-by:
Alessandro Sorniotti <ale.linux@sopit.net>
Name | Last commit | Last update |
---|