Does the ACL feature in HF 1.4 support custom signature policy with a custom OUs

Question

Does the ACL feature support custom signature policy with a custom OUs like:

MyPolicy:
Type: Signature
Rule: "OR('Org1MSP.SALES')"

score 0 · Answer 1 · answered Apr 29 '19 at 09:49

0

I think that the policy parser doesn't support it, but it is possible to encode a policy in a raw manner.

answered Apr 29 '19 at 09:49

yacovm

Thanks @yacovm, Could you please elaborate more? – FundooCoder Apr 30 '19 at 12:07
yeah... when you do a config update, you encode a policy. the policy you encode is a signature policy, but it is encoded as a protobuf message. But I think you can just send a config update with a custom protobuf message of a signature policy that uses OUs – yacovm Apr 30 '19 at 14:05
I don't think you can actually do this. Looking through the code, OUs are only currently "processed" when creating MSP principals and the only way they can be used is to separate orgs which have the same CA using OUs or to define the PEER and/or CLIENT roles. So if you wanted to do this, you'd actually need to define separate MSPs which leverage the OUIdentifier capability and then reference those in your policies. – Gari Singh May 03 '19 at 10:00
hmmm but can't you create a principal with OrganizationUnit with a certain OrganizationalUnitIdentifier ? – yacovm May 03 '19 at 10:12

1 Answers1