fabric configuration config contains nested ConfigGroup and an element called sequence. sequence element must increment every time a committed change happens to the configuration. The root ConfigGroup is named channel_group as shown in the picture.
The channel_group element likes any other ConfigGroup always contain 5 elements, these 5 elements are groups, mod_policy, policies, values and version.
The groups element regardless where it is, is a map of ConfigGroups, or you can think the groups element as a list of ConfigGroup with names. For example, the top level groups which belongs to channel_group basically contains 3 ConfigGroup, their names are Application, Consortiums and Orderer. Each of these 3 things is a ConfigGroup.
The mod_policy is used to govern the required signatures to modify that element. For groups, modification is adding or removing elements (or changing the
mod_policy
). For values and policies, modification is
changing the value and policy fields respectively (or changing the
mod_policy
). Each element’s mod_policy
is evaluated in the
context of the current level of the configThe policies element is a map of ConfigPolicy which contains mod_policy, policy and version
The values element is a map of ConfigValue, which is basically a key name value pair and is specific to each element.
The version element tracks number of the changes to the config group.
The official fabric doc on the topic can be found here
I feel that policies really just defines group of people, only when policies are combined with ACL, then things started become a bit clearer. Traditional application ACL only requires one actor to act on resources, but blockchain normally would require a group of actors (thus the policies) to act on, so the policy has to define who and how many, that will be the differences comparing to traditional ACL.
No comments:
Post a Comment