Just wanted to confirm my understanding on the User Verifiers in Kaa.
The primary purpose of user verifier is to enable Kaa eventing and interaction between endpoints. Is there any other application of a user verifier ?
The main purpose of the user verifiers in Kaa is to attach an endpoint to a particular Kaa user. That implies not only endpoint-to-endpoint communication within the scope of the same user, but also a number of other bindings and relations between features and data in Kaa.
Related
Does Corda support user credentials for Accounts / Party? Here there is a common username, password for the node access through RPC. Is there a way to validate the user (Node user / Account) in Corda as well?
Application user (Node user / Account) <----> Application <----> RPC Client <----> Cordapp (Node)
the only way to connect an external client to a node is using the Corda RPC Client
the configuration of the user that can connect to the RPC Client (i.e. username, password, permissions) is in the node.conf (explained here)
you can create multiple users in the node.conf. Up to you to assign these users to a node administrator, or to external users, depending on your security policies. You can set different permissions for each of them, and also set which CorDapp flows they can access to.
If your CorDapp does use Accounts (i.e the account library), and you want them to "run flows" (though, consider that accounts in Corda do not run flows, but it's always the node that run flows on their behalf) from an external client (e.g. a Web app), you have the possibility to:
create a RPC user in the node.conf for each account
create only one user for the RPC client and manage the authentication and authorization of the external users at application level, not Corda level (e.g. JWT, external database, AWS Cognito, etc..). Once authorized, the user can access the RPC client from the Web app and
a mix of the 1. and 2.
I would not recommend to delegate the authentication and authorization of external users only at Corda level. I would keep the concept of "accounts" in Corda and "external users" separated.
I was wondering, what's your opinion about using indy for enterprise blockchain. Where the members of the system are different applications, which are onboarded on the platform by a master application. These applications are then given a role of trust anchors, they can then issue credentials to their users. The users can then use the credentials to when they want to use the the rest apis exposed by these applications. Effectively removing the need for the user to login, they sort of just send the zkp in the header.
Is anybody working on a project like this? does an agent like this exist which enables an application ( Basically a webserver with certain routes to be onboarded ?
You seem to be wanting to use Indy as an authentication service for the users of the application. This is a common use case of Indy, but there are simpler approaches than the formulation you describe.
The most common approach is for an organization to run an issuing service anchored to the Sovrin Network. This service issues a credential to users for each application to which they should have access. Each application would implement credential verification. The first time a user tries to use a system, they will establish a peer connection with that system and present their credential over that connection. From that point on, they are immediately authorized by refreshing that peer connection.
This approach saves the organization maintaining their own internal Indy blockchain.
Other approaches include DID Auth, and integration with OpenID Connect.
My program is a TCP socket server, which should be managed over a network by a command-answer system. Command(request)-answer system is not a problem: a client send a packet, a server receive it and generates a response. Packets are just a sequences of bytes.
The issue is that I have to create a simple account system. My server should store and manage two account types: "administrator" and "simple user". Therefore I should have the things: a registration, authentication and a password storage systems. How this can be simply done on Qt5? For example, I simply can send user names and passwords (or password hashes) over a network, but how an administrator account can be initially created on the server in a normal way? I don't have strict security requirements, but I want to create a normal system that would make sense.
Simpliest way: administrator credentials should be predefined via some config file on server side. As additional protection you may force user to change password on first log in. Another way: a lot of CMS provides a full access + installation steps to first loggined user.
Use QSslSocket to get a secured communication layer (http://doc.qt.io/qt-5/qsslsocket.html), since you will exchange passwords on top of this administration link.
There is an example here of the client part of the code, with Qt5: http://doc.qt.io/qt-5/qtnetwork-securesocketclient-example.html
On the server side, accept the socket on a predefined unused port, dedicated to your service.
Now, you can simply decide of a login with a random secret password, that will correspond to the administrator account, and create a program to send this password on top of a secured channel based on QSslSocket. You server has to check the password before accepting remote management.
So, as you can see, the administrator must be created prior to using the service. You can use a private mail exchange, based on some cryptographic means (OpenPGP, S/MIME, etc.), to supply the administrator with its password.
I am developing a system like Online Exchange(olx). This system require a verification from the user that the number entered by the user in ad is correct or not. for that purpose I want my system to send a message to the number given by the user with a verification code.
How can I implement this system in asp.net?
You can't send an SMS on your own.
Rather, find a service provider in your country and contact them. Providers offer paid services that are usually exposed as web services.
Technically, your application calls a provider service over http[s] and you pass a phone number and the message body. There are usually multiple payment methods, for example you can pay for a message pack or your clients can pay on their own by first sending their message to a fixed number.
I'm designing a web-based app that will have its own authorization system (via Codeigniter-based Ion Auth) and will also be logging into a service in the background via API calls (Adobe Connect webinar services). When the user creates their account on the base system, it will simultaneously create an account on the Adobe Connect system, using the user name and password they enter. Easy enough to do.
The problem comes when making API calls to their account. During initial sign-up, the Ion Auth code translates the user's password into a salted hash value but this won't work for the API calls, which require their in-the-clear password for authorization. It wouldn't be an issue except that the user will also need to log into the Adobe Connect system directly for some functions.
My first thought is to create a field in the user's profile that stores their password in encrypted form, then decrypt it before passing to Adobe Connect. Does anyone have a better method to suggest?
Thanks in advance,
Mark