2

By default someone can read the state data using REST API. Is there a way to add read permissions on specific addresses and change them while the network is up.

Adamos2468
  • 151
  • 1
  • 9

1 Answers1

1

The short answer to your question is by using a proxy server, the documentation you're referring to in the question mentions it here https://sawtooth.hyperledger.org/docs/core/releases/1.1/sysadmin_guide/rest_auth_proxy.html#using-a-proxy-server-to-authorize-the-rest-api

There may not be an out of the box component that does what you're asking. There's definitely possibility of doing what you're asking for. You can add the logic filtering based on the read address in the proxy server.

More explanation:

  1. If you're considering one Validator instance per organization. Organization participates in a blockchain application use case then all the participants in the network can see the data you store in the state store. It's the responsibility of the participating organizations to restrict the access to their data. Using the proxy server is one such means.

  2. If you're considering adding multiple use cases per organization, participating in different network altogether then it is advisable to have a different Validator instance per those use cases that require isolation. Again, it's the responsibility of each organization to protect the data stored in the network they're participating in.

For the point 2, the Hyperledger Sawtooth 2.0 proposed solution allows you to run multiple instances of the Validator as a service in a single process. That means you can have one physical node (also process) participating in multiple circuits providing isolation.

Before I end the answer for the benefit of others searching for an answer: Blockchain is not just a distributed storage but also a decentralized network. There are number of design patterns that allows us to keep the critical data outside the blockchain network and use the functionalities of the blockchain network (achieving consensus, smart contract verification to be specific) for what it is expected to do.

Arun
  • 592
  • 3
  • 13