Does Corda node support the concept of an organization and users in the organization? The ORG user must have visibility to transactions of the node. And is it possible to add users within this Organization who can be part of selected transactions?
Yes, you can do it with Corda. I see two ways:
Use the Account library. Accounts are "logical" entities, i.e. subset of the node's vault. An ORG can be the Corda node and the users can be accounts owned by the node, which has complete visibility of the transactions. You can add as many accounts as you want. Note that an account only has public keys, the private keys are owned by the Corda node owner of the accounts. The flows are effectively ran by the Corda node, not by the Account themselves who are just effectively states that only have a name and a set of public keys (but not a X.509 identity, so they are not registered to the network. Only the Corda node is). A typical use case of this is a Group Company X (i.e the Corda node) who owns some Subsidiary Companies (its accounts). More info: https://training.corda.net/libraries/accounts-lib/ and https://github.com/corda/accounts/blob/master/docs.md
Use the Business Network Membership: https://docs.corda.net/docs/corda-os/4.8/business-network-membership.html. In this case you have different Corda nodes connected to the same network, and a subset of these node share a "logical" network, which is made at application level in which you can set the roles and memberships. In pratice, this is a cordapp shared between them where there are states that identify an organization and its rules.
These two above are ways to effectively create "organizations". In Corda then you also have the Observer parties, who are parties that just want to be notified of some transactions without effectively be part of them.
Related
How the uniqueness of a corda accounts is maintained across the network. As far as I know a corda account has the following features
* name (Unique inside the Node)
* UUID (Unique across the network)
* Host (which hosts the account)
So from above 3 how will a Node ensures that there is no accounts with same UUID in a network? or how a Node generates a UUID when a new request to create an account comes? is there a place in network map to hold the account info?
You can safely assume that the account uuid will be unique across the network as uuid's provide 128 bits of entropy, and because of this its highly unlikely that someone else will have the same uuid within the network.
A new account can be created using inbuilt CreateAccount flow. The node generates and assigns a uuid to this account using UUID.randomUUID().
Account discovery is different than node discovery which uses a network map. Once the account is created it is expected by the node either to share this account info with the counterparty using inbuilt flow ShareAccountInfo or alternatively the counterparty can request account info using inbuilt flow RequestAccountInfoFlow.
Hope that helps.
Do you have to be a known party on the network to make a transaction?
Can an anonymous user off the network interact with the blockchain?
When joining the network, a node needs to obtain a network certificate provided by the network's doorman. This certificate ties the node to a specific real-world identity. When messaging other nodes, a node must use this certificate to allow the receiving nodes to verify who they are transacting with.
However, suppose a node is working with other nodes to build a transaction. Although the node must reveal its identity to the other nodes they are building the transaction with, it can choose to identify itself in the transaction being built using an anonymous one-time public key, rather than a real-world identity.
This means that the node's identity is not stored on the ledger for all to see, and is only known to the nodes with whom the transaction was originally built.
You can also imagine scenarios where even though the node's identity is well-known, the identity of the actual user is not. For example, a node representing an auction house may place a bid on the behalf of an anonymous user.
If a group of companies want to create a loyalty token scheme via a Corda network, how do they enable customers to be able to receive or spend loyalty tokens via any of the participating company channels?
For example, Alice earns 100 tokens from Company X's shopping app for being a loyal customer. The record of Alice's balance is captured on the Corda ledger via Company X's Corda node. Alice then wants to spend these tokens on Company Y's shopping app.
How is Alice identified on the Corda network?
How can this be achieved so that only Alice has the power to spend her tokens (i.e. the participating companies cannot edit her balance without her consent.)?
I'm thinking this could be achieved if customers had their own key pair and needed their private key to transact. Is this currently possible on Corda or is it on the roadmap?
Hi this is now possible with accounts-sdk released with Corda 4.3.
So you could now have multiple companies host their customers on their nodes as accounts and have loyalty tokens issued to them. So accounts feature can be integrated with tokens feature.
To your question regarding, How can this be achieved so that only Alice has the power to spend her tokens, tokens sdk makes sure that only the current holder/owner of the token has the right to spend the tokens.
Your last question
I'm thinking this could be achieved if customers had their own key pair and needed their private key to transact. Is this currently possible on Corda or is it on the roadmap?
As I mentioned above that the companies can have their customers represented as accounts on their nodes. But please note that as of now, accounts are not true identities, i.e. they do not have any certificate issued by the doorman. They use anonymous identities to transact with each other. But yes, there is a plan where accounts will be able to move these key pairs outside of the node and effectively own their own private keys.
I have written a CorDapp where I want to treat counterparty nodes differently based on their "role".
For example, I may want to check that a counterparty node has the "cash issuer" role before requesting cash issuance from them.
What's the best way to define public node roles in this way?
As of Corda 3, there isn't built-in support for this feature. Support is expected to be added in a future release.
In the meantime, there are several workarounds:
Using an oracle, as Kid101 mentions above. The oracle would store role information that could be queried by nodes
The roles could be retrieved via a HTTP call within the flow - see the Flow HTTP sample
The roles could be stored in the node's database and retrieved within the flow - see the Flow DB sample
Each node could have a flow pair that returns the node's role
The roles could be hardcoded in a configuration file installed on each node - see How to provide a CorDapp with custom config in Corda?
The roles could be hardcoded in the CorDapp's flows
Hi is Corda a recommended platform for Digital Identity? For a use-case of Account based-Certification. (i.e. i as a user store my certificates/Identity on the ledger and access it via a password/key where i would go through a node, at the same time to allow a specified certificate only to be seen by a specified party. Where the control is on the user/account level and not a node level. Which means i could specify which certificate/identities i would want to allow another organisation to access)
for blockchain technologies I understand that the data is duplicated across all nodes as long as the user have the key the user can access his own data even if the node is a newly joined node to the network.
As i understand also Corda doesn't support multiple identities on a single node as it is node basis. What will be the approach for this case using Corda platform?
first of all - Corda is not like Ethereum, Fabric and any other blockchain where all nodes store same common state. In Corda network nodes store only transactions and states they were participating in or observing. So its more peer-to-peer rather than broadcast.
Check here for more details:
https://docs.corda.net/key-concepts-ledger.html
From this perspective Corda is probably not the best candidate for public Identity network.
For solution about self-sovereign identity management I would recommend to have a look at something like Sovrin(Indy). You can use it to build app on top of the platform. Or just learn their design ;)
Corda may have sense in Identity context if there are different organisations and they exchange its members identity info for some reason. Then node will be Identity Manager and store info about people who gave it its credentials of any kind. So Identity will be mere state here, I think. Corda itself will play transport and storage role. Not a blockchain-style decentralized way at all but may be useful in some cases.