Attribute-Based Access Control (ABAC) in Hyperledger fabric

In Hyperledger Fabric, ABAC is used for restricting access to the specific user having the necessary attributes in their certificate.

1. First, let's talk about certification creation with attributes.

Generally, the processes of creating a certificate are
1) Enrollment
2) Register

Enrollment is the process by which a user requests and obtains a digital certificate from a given CA. Registration is usually done by a Registrar, telling a CA to issue the digital certificate.

• An admin (registrar) is enrolled in the CA. Then the admin receives the signing key and certificate for this admin.
• The admin then registers user1 into the CA with proper information. The CA returns with a secret.
• This secret is then used to enroll user1 to the CA. The result is the signing key and certificate for user1.

I have uploaded a detailed video on youtube to implement Attribute-based access control.

Discover and review best Blockchain softwares

In our case, I presume that admin is already registered and we are going to register USER1 with attributes.

fabric_ca_client.register({ enrollmentID: username, affiliation: ‘org1.department1’, role: ‘client’, attrs: [{ name: ‘role’, value: ‘approver’, ecert: true }] }, admin_user);

While registering users using fabric-ca-client, we need to provide attributes, the array of key-value pair objects. In the above snippet, we have provided the attribute { name: ‘role’, value: ‘approver’, ecert: true }. For user1 we adding role as the approver. Once the user register successfully, we need to enroll as well.

fabric_ca_client.enroll({ enrollmentID: username, enrollmentSecret: secret, attr_reqs: [{ name: “role”, optional: false }]});

While enrolling please make sure that optional should be false. Once the certificate gets generated, we can see attributes in the certificate as below.

At the bottom of the certificate, we can see attributes given while registering
“role”:” approver”.

2. Now let's jump into chain code first in go and later on the node.

1. Go Smart Contract

All code samples below assume two things:

• The type of stub variable is ChaincodeStubInterface as passed to your chaincode.
• You have added the following import statement to your chaincode.

import "github.com/hyperledger/fabric/core/chaincode/lib/cid"

There are multiple functions available in client identity (cid) package

In this article, we are talking about getting attributes.

In the above snippet, once we get value, implement your business logic in restricted smart contract function.

2. Node Smart contract

first import fabric-shim package at the top of the function.

Just like the same mentioned in go smart contract, add below snippet as per your business logic implementation in the smart contract.

That’s it, you have successfully implemented attribute-based access control in Hyperledegr Fabric. You can choose any language for writing smart contracts, I have covered here in go and node language, it would be the same for all languages.

I hope this article helps you. In case if you are facing any issue, please let me know, I would love to help you. You can get in touch with me on linked in or Instagram.
https://www.instagram.com/pavanadhavofficial/
https://www.linkedin.com/in/pavan-adhav/

Thank you.

References

• https://github.com/hyperledger/blockchain-explorer
• https://hyperledger-fabric.readthedocs.io
• https://github.com/hyperledger/fabric-samples

Get Best Software Deals Directly In Your Inbox