产品设计、需求分析、roadmap等材料
bestchains / product-design Goto Github PK
View Code? Open in Web Editor NEW产品设计、需求分析、roadmap等材料
License: Apache License 2.0
产品设计、需求分析、roadmap等材料
License: Apache License 2.0
FYI
目前提供了两个形式,让平台用户接入到区块链。
该做法是对IAM服务定义的用户CRD的spec部分做扩展
type UserSpec struct {
ExternalConf ExternalConf `json:"externalConf,omitempty"`
}
type ExternalConf struct {
Type string
Conf map[string]interface{}
}
这样能够做到支持用户加入到多个组织,在不组织可以有不同的身份。
但是,用户有enroll,revoke动作,这个动作在不使用额外的controller,就需要iam的user controller增加逻辑去完成相关动作,或者就是让对接者在实现一个服务A,用来做revoke和enroll的动作,那这就需要服务A与 iam 的user controller 之间定义通信协议。
完成以上两种动作执行,都需要一定程度对iam进行改造。有一定的侵入性。
这种方案就是,区块链这边自定义一个Identity与iam的User映射。
在用户开通区块链服务,或者加入到某个组织的时候,区块链这边创建Identify,如果已经存在则对某些属性进行更新。
需要实现一个controller,观察identify的变动,另一方面,就是实现区块链所需要的各种动作。
那其实,fabric-ca与iam的对接就变成了fabric-ca能够支持查询,操作集群里的用户信息,
考虑到最小侵入性,目前不改动IAM的用户定义,以及其controller。而是直接定义Identity CRD。
具体fabric-ca对接用户部分,以及区块链identify controller的实现,后面会更新相关文档,目前需要知道的改动点
目的:实现IAM与CA用户体系的统一
Annotations
apiVersion: v1
kind: User
metadata:
name: org0admin
namespace: org0
annotations:
- "fabric": "xxx" # Base64 encoded json
fabric
内容:
{
"hf.EnrollmentID": "user1",
"hf.Type": "admin",
"hf.Affiliation": "",
"hf.Registrar.Roles": "*",
"hf.Registrar.DelegateRoles": "*",
"hf.Revoker": "true",
"hf.IntermediateCA": "ture",
"hf.GenCRL": "true",
"hf.Registrar.Attributes": "*"
}
1) CA用户管理(IAM)
2) CA证书颁发
enroll
能力第一步: 通过IAM账户的Token,向IAM认证查询用户信息。返回:
{
"name": "org0admin", // 用户名
"annotations":{
"fabric": "xxx"
}
}
第二步: 将annotation转化为CA可识别的属性
第三步: CA颁发证书
用户申请IAM账号
用户开通BAAS服务
annotations
,配置为hf.Type: admin
IAM
组件用户B开通IAM账号
为用户更新annotations
,配置为hf.Type: client
用户登录平台,获得IAM Token
用户获取CA信息
用户通过IAM Token向CA发起enroll
请求
测试IAM账户新建,并更新annotations
测试IAM账户登录,获得Token
测试IAM账户登录,通过Token
查询用户个人信息(包含annotations
)
CA集成IAMAuth
,通过token
查询用户信息
CA研发IAM Converter
,支持annotatins
到ca attributes
的转化
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.