Combining ID's, Attributes, and Policies in Hyperledger Fabric

TL;DR

This paper enhances Hyperledger Fabric's access control by integrating multiple IDs, attributes, and policies, simplifying management, and demonstrating negligible performance impact for real-world applications.

Contribution

It introduces a new implementation that combines multiple IDs, attributes, and policies in Hyperledger Fabric, improving security and ease of access control decision-making.

Findings

Successful integration of multiple IDs, attributes, and policies.

Simplified process for registering and enrolling users.

Negligible performance impact in real-world scenarios.

Abstract

This work aims to provide a more secure access control in Hyperledger Fabric blockchain by combining multiple ID's, attributes, and policies with the components that regulate access control. The access control system currently used by Hyperledger Fabric is first completely analyzed. Next, a new implementation is proposed that builds upon the existing solution but provides users and developers with easier ways to make access control decisions based on combinations of multiple ID's, attributes, and policies. Our proposed implementation encapsulates the Fabric CA client to facilitate attribute addition and simplify the process of registering and enrolling a newly created certificate (corresponding to a new user). This research, concludes that it is possible to combine multiple ID's, attributes, and policies with the help of Hyperledger Fabric's smart contract technology. Furthermore, it could be seen that the performance impact for real-world applications is negligible compared to the insecure case of always providing access to a resource without performing access control.