Hi is Corda a recommended platform for Digital Identity? For a use-case of Account based-Certification. (i.e. i as a user store my certificates/Identity on the ledger and access it via a password/key where i would go through a node, at the same time to allow a specified certificate only to be seen by a specified party. Where the control is on the user/account level and not a node level. Which means i could specify which certificate/identities i would want to allow another organisation to access)
for blockchain technologies I understand that the data is duplicated across all nodes as long as the user have the key the user can access his own data even if the node is a newly joined node to the network.
As i understand also Corda doesn't support multiple identities on a single node as it is node basis. What will be the approach for this case using Corda platform?
first of all - Corda is not like Ethereum, Fabric and any other blockchain where all nodes store same common state. In Corda network nodes store only transactions and states they were participating in or observing. So its more peer-to-peer rather than broadcast.
Check here for more details:
https://docs.corda.net/key-concepts-ledger.html
From this perspective Corda is probably not the best candidate for public Identity network.
For solution about self-sovereign identity management I would recommend to have a look at something like Sovrin(Indy). You can use it to build app on top of the platform. Or just learn their design ;)
Corda may have sense in Identity context if there are different organisations and they exchange its members identity info for some reason. Then node will be Identity Manager and store info about people who gave it its credentials of any kind. So Identity will be mere state here, I think. Corda itself will play transport and storage role. Not a blockchain-style decentralized way at all but may be useful in some cases.
Related
Does Corda node support the concept of an organization and users in the organization? The ORG user must have visibility to transactions of the node. And is it possible to add users within this Organization who can be part of selected transactions?
Yes, you can do it with Corda. I see two ways:
Use the Account library. Accounts are "logical" entities, i.e. subset of the node's vault. An ORG can be the Corda node and the users can be accounts owned by the node, which has complete visibility of the transactions. You can add as many accounts as you want. Note that an account only has public keys, the private keys are owned by the Corda node owner of the accounts. The flows are effectively ran by the Corda node, not by the Account themselves who are just effectively states that only have a name and a set of public keys (but not a X.509 identity, so they are not registered to the network. Only the Corda node is). A typical use case of this is a Group Company X (i.e the Corda node) who owns some Subsidiary Companies (its accounts). More info: https://training.corda.net/libraries/accounts-lib/ and https://github.com/corda/accounts/blob/master/docs.md
Use the Business Network Membership: https://docs.corda.net/docs/corda-os/4.8/business-network-membership.html. In this case you have different Corda nodes connected to the same network, and a subset of these node share a "logical" network, which is made at application level in which you can set the roles and memberships. In pratice, this is a cordapp shared between them where there are states that identify an organization and its rules.
These two above are ways to effectively create "organizations". In Corda then you also have the Observer parties, who are parties that just want to be notified of some transactions without effectively be part of them.
I am trying to integrate Accounts Functionality in my CordApp, and was going through the supply chain demo https://github.com/corda/accounts-demo-supplychain
Here is a list of my queries:
What is the purpose of the Account Broadcast flow?, not mentioned in the readme file https://github.com/corda/accounts-demo-supplychain/blob/master/workflows/src/main/kotlin/com/accounts_SupplyChain/flows/AccountBroadcast.kt
Is the purpose of Share Account Flow, only that the counter party node's know's the account identity, what if I don't want to use it?
Since account is a sub-vault of the node's vault, that data is visible to that node right?
To share account infos with other nodes on in the zone. You need to do this so that they know which node and account belongs to.
Same as above. You don't have to use it.
Yes.
Do you have to be a known party on the network to make a transaction?
Can an anonymous user off the network interact with the blockchain?
When joining the network, a node needs to obtain a network certificate provided by the network's doorman. This certificate ties the node to a specific real-world identity. When messaging other nodes, a node must use this certificate to allow the receiving nodes to verify who they are transacting with.
However, suppose a node is working with other nodes to build a transaction. Although the node must reveal its identity to the other nodes they are building the transaction with, it can choose to identify itself in the transaction being built using an anonymous one-time public key, rather than a real-world identity.
This means that the node's identity is not stored on the ledger for all to see, and is only known to the nodes with whom the transaction was originally built.
You can also imagine scenarios where even though the node's identity is well-known, the identity of the actual user is not. For example, a node representing an auction house may place a bid on the behalf of an anonymous user.
Just wonder if a single Corda node can support multiple accounts like Bitcoin does.
A related open question I found on discourse https://discourse.corda.net/t/can-you-have-a-corda-identity-adress-without-running-a-node/1298
From Peter FroystadFroystadP6d
Does Corda support multiple people having accounts/addresses on the network without running a Corda node?
Similar to how Bitcoin allow people to own coins with a private key, but not running a full node?
In the financial world, this would correspond to people having an account in the bank, and they would share facts on a 1-1 basis with their bank regarding their dealings. These customers wouldn't run a peer node however. But they would want a service similar to a Bitcoin wallet that would allow them to access their dealings with the bank
Corda is designed for varied institutions which are not all banks, so it doesn't have a direct concept of "account" like Bitcoin does. If you want to implement customer accounts on top of Corda you need to track the balances yourself and use Corda for inter-institutional transfers. Corda's ability to easily integrate with SQL databases and MQ makes that kind of integration quite easy though.
If you're asking about multiple identities on a single node, so one machine can do both legal entity A and B at once, the answer is: we're working on it.
It is now possible with Corda 4.3 and the new Accounts SDK
https://github.com/corda/accounts
However, it is not a simple drop in replacement for Party and requires changes to an existing cordapp and implementing several parts of the business logic of what you might consider an "account" or "wallet".
According to the blog post by Mike Hearn: https://discourse.corda.net/t/mobile-consumer-payment-experiences-with-corda-on-ledger-cash/966
Note that your balance in this scheme is simply your bank balance. There are no separate wallets.
It looks to me running multiple accounts/parties on a single node is not supported in the moment. Yet, we may expect the support realized in Phase 2 Bitcoin SPV wallet mode.
In phase two this is extended to support a model more like Bitcoin SPV, whereby the sending device manages its own private keys and transaction data. It thus becomes a true wallet app.
I am trying to build an open-source decentralized social network, created and supported by the community (Facebook like).
Using Datastax Enterprise/Cassandra it is possible to setup a working DHT (Distributed hash table) to store the large amount of data within a cluster owned by a single 'business' or 'company'.
This way all the data (like: users/profile data, posts, like, etc.) are stored under control of this company within their own cluster, so that the data are more or less "safe".
However in my case, other people (from the community) should be able to set-up their own node within the cluster to support the cluster and load balancing. This could be anyone (good or evil)...
Meaning that the data between the nodes should not only be encrypted (via SSL/TLS), but also the data ITSELF what is stored on the nodes, should be encrypted as well!
So, my question before continuing using the Datastax software is:
Is it possible to store all the data encrypted somehow on every
node, so that the cluster can be run by a given individual/random person?
Thank you!
Kind regards,
Melroy van den Berg
I think it's safe to say that current database technology is based on the concept of controlled access to database servers themselves and that "random persons" (or computer programs!) can only access the database remotely by a well-controlled API.
That said, you could always create your own application layer which mediates between said random users and DSE itself, providing limited administrative access to DSE based on use cases programmed into the application layer itself.
DSE does support transparent data encryption (TDE), but once again that is oriented towards very controlled access to the database servers. You could use it, but the suggested application layer may obviate the need for encryption on the database server(s).