堆栈内存溢出
  简体   繁体   English

如何在超级边缘结构中实现Fabric-CA或第三方CA.

[英]How to implement Fabric-CA or third party CA in hyperledger fabric

 原文  2017-10-04 05:57:20       hyperledger-fabric

问题描述

I went through documentation on fabric-ca http://hyperledger-fabric-ca.readthedocs.io/en/latest/users-guide.html 我浏览了关于fabric-ca http://hyperledger-fabric-ca.readthedocs.io/en/latest/users-guide.html的文档。

I have below questions 我有以下问题

1.When will be fabric-ca come into picture in hyperperledger for user authentication or in msp certs generation or in both 1.什么时候fabric-ca会出现在用于用户身份验证或msp证书生成或两者中的超高分辨率中

  1. Can we use some other third party CA in place of fabric-ca 我们可以使用其他第三方CA代替fabric-ca

  2. What should be the things to be kept in mind if we use some third party CA. 如果我们使用某些第三方CA,应该记住什么。

  3. Is there any sample to understand it more(already went through balance-transfer) 是否有任何样品可以更好地理解它(已经通过平衡转移)

1 个解决方案

解决方案1
 3  2017-10-17 01:30:44

  1. fabric-ca comes into the picture for both authentication and MSP certs generation. fabric-ca用于身份验证和MSP证书生成。 The /enroll API requires basic authentication, and assuming success, will issue an enrollment certificate and populate the appropriate MSP directories. / enroll API需要基本身份验证,并且假设成功,将发出注册证书并填充相应的MSP目录。

  2. You have the following choices when it comes to using a CA with fabric: a) Use fabric CA to function as a root CA and/or intermediate CA. 在将CA与结构一起使用时,您有以下选择:a)使用结构CA作为根CA和/或中间CA。 b) Start fabric CA with an intermediate signing certificate which you get from an external CA. b)使用从外部CA获得的中间签名证书启动结构CA. c) Don't use fabric CA at all and use an external CA completely. c)根本不要使用结构CA并完全使用外部CA. With a & b, the fabric CA server can function as its own user registry, or it can talk to an LDAP server as the user registry. 使用&b,结构CA服务器可以充当其自己的用户注册表,或者它可以作为用户注册表与LDAP服务器通信。

3) When using a 3rd party CA (#c above), you will need to think about how you want to do access control in chaincode. 3)当使用第三方CA(上面的#c)时,您需要考虑如何在链代码中进行访问控制。 One option is based on the OU (Organizational Units) that a user's certificate has, which means the 3rd party CA will need to be able to restrict which OU values are issued to which users. 一个选项基于用户证书具有的OU(组织单位),这意味着第三方CA需要能够限制向哪些用户发布哪些OU值。 When using the fabric CA server to issue certificates, you can use Attribute-Based Access Control (ABAC) to perform access control for chaincode. 使用结构CA服务器颁发证书时,可以使用基于属性的访问控制(ABAC)对链代码执行访问控制。

4) There is a sample which is not merged yet at https://gerrit.hyperledger.org/r/#/c/13213/ . 4)在https://gerrit.hyperledger.org/r/#/c/13213/上有一个尚未合并的样本。 See the README.md for a description of how to run the sample and an overview of how it works. 有关如何运行示例的说明以及其工作原理的概述,请参阅README.md。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用 openldap 配置 hyperledger fabric-ca 服务器 - hyperledger fabric-ca server configure with openldap 如何访问默认的hyperledger fabric-ca数据库 - How to access default hyperledger fabric-ca database 如何在 hyperledger fabric-ca 中添加 Mysql 作为数据库? - How to add Mysql as a db in hyperledger fabric-ca? 使用 Fabric-CA -server 的 Hyperledger Fabric 私钥 - Hyperledger fabric Private key using Fabric-CA -server Hyperledger Fabric-ca连接到LDAP:管理员不存在 - Hyperledger Fabric-ca connect to LDAP : admin does not exist Docker-Hyperledger / fabric-ca中的GO_TAGS是什么? - What is GO_TAGS in Docker - Hyperledger/fabric-ca? 错误:未找到hyperledger / fabric-ca:的清单 - ERROR: manifest for hyperledger/fabric-ca:latest not found Hyperledger Fabric - CA的工作原理 - Hyperledger Fabric - How CA works 如何在 Hyperledger Fabric 测试网络中配置 3rd Party CA? - How to configure 3rd Party CA in Hyperledger Fabric Test Network? 超账结构CA和Softhsm - hyperledger fabric CA and Softhsm
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM