| Status | IN PROGRESS |
|---|---|
| Stakeholders | |
| Outcome | |
| Due date | |
| Owner |
Background
...
Iroha Special Instructions processing requires to have a permissions based security model.
Whitepaper and Iroha v1 documentation were researched. The proposal is to use already existing Iroha Special Instructions + Assets mechanisms for Permissions implementation.
Introduction
Problem
The White Paper requires https://github.com/hyperledger/iroha/blob/iroha2-dev/iroha_2_whitepaper.md#211-data-permissions require protection of data from unauthorized read and write cases.access.
Iroha 1 documentationhttps://iroha.readthedocs.io/en/master/concepts_architecture/glossary.html#permission gives a Permission's definition:
A named rule that gives the privilege to perform a command. Permission cannot be granted to an account directly, instead, account has roles, which are collections of permissions. Although, there is an exception, see Grantable Permission.
...
As you can see permissions were a first-level entities in Iroha v1 1 while they can be easily implemented by Iroha Special Instructions + Assets.
Solution
| No Format |
|---|
pub mod isi {
...
enum Instruction {
Add(...),
Register(...),
...
Check(permissions::isi::CheckInstruction),
}
}
pub mod permissions::isi {
pub struct CheckInstruction<C, O> {
condition: C,
object: O,
}
} |
...
The same can be done with custom permissions, storing them in assets components of the account.
...