Fabric 1.4中的背书策略

背书策略指定

在Peer节点实例化(instantiate)链码指定,这个策略可以指定不同组织的节点背书
例:
peer chaincode instantiate -C -n mycc -P “AND(‘Org1.member’, ‘Org2.member’)”

背书策略表达式

faric1.4中,角色有member，admin，client和peer四种,支持AND,OR,OutOf三种表达式
例:
AND(‘Org1.member’, ‘Org2.member’, ‘Org3.member’)表示需要来自三个组织的成员的背书
OutOf(2, ‘Org1.member’, ‘Org2.member’)相当AND(‘Org1.member’,‘Org2.member’)
OutOf(2, ‘Org1.member’, ‘Org2.member’, ‘Org3.member’)相当于OR(AND(‘Org1.member’, ‘Org2.member’), AND(‘Org1.member’, ‘Org3.member’), AND(‘Org2.member’, ‘Org3.member’))

基于键去设置背书策略

在Fabric1.3版本中，对背书策略进行优化。允许针对key进行设置背书策略。以下对应链码API封装的两个接口。

SetStateValidationParameter(key string, ep []byte) error
GetStateValidationParameter(key string) ([]byte, error)

SDK中指定

以Fabric Java SDK为例,在SDK实例化链码时,可以通过yaml的方式设置背书策略

identities:  # list roles to be used in the policy
    user1: {"role": {"name": "member", "mspId": "Org1MSP"}} # role member in org with mspid Org1MSP
    user2: {"role": {"name": "member", "mspId": "Org2MSP"}}
    admin1: {"role": {"name": "admin", "mspId": "Org1MSP"}} # admin role.
    admin2: {"role": {"name": "admin", "mspId": "Org2MSP"}}

policy: # the policy  .. could have been flat but show grouping.
    1-of: # signed by one of these groups  can be -of  where  is any digit 2-of, 3-of etc..
      - 1-of:
        - signed-by: "user1" # a reference to one of the identities defined above.
        - signed-by: "admin1"
      - 1-of:
        - signed-by: "user2"
        - signed-by: "admin2"

channel对象会选择之前add进去的全部peer来进行背书,因此背书策略要求的节点的集合应是加入的peer list的子集,否则背书策略不满足.