@@ -12,32 +12,40 @@ to read the entire thing in one sitting if you like; it's pretty enlightening!
1212Anchor Peer
1313-----------
1414
15- Anchor peers are used to bootstrap gossip communication between peers from
16- different organizations. Cross-organization gossip is scoped to channels. In
17- order for cross-org gossip to work, peers from one org need to know at
18- least the address of a peer from another organization in the channel.
19- Each organization added to a channel should identify at least one of its
20- peers as an anchor peer. The anchor peer address is stored in the
21- configuration block of the channel. Each organization that has a peer
22- should have at least one (there can be more than one) of its peers
23- defined as an anchor peer. Thus, the anchor peer is used as the entry point
24- from another organization's peer on the same channel to get the message
25- delivered to each of the peers in the anchor peer's org.
15+ Used to initiate gossip communication between peers from different
16+ organizations. The anchor peer serves as the entry point for another
17+ organization's peer on the same channel to communicate with each of the peers
18+ in the anchor peer's organization. Cross-organization gossip is scoped to
19+ channels. In order for cross-org gossip to work, peers from one organization
20+ need to know the address of at least one peer from another organization in the
21+ channel. Each organization added to a channel should identify at least one of
22+ its peers as an anchor peer (there can be more than one). The anchor peer
23+ address is stored in the configuration block of the channel.
2624
2725.. _glossary_ACL :
2826
2927ACL
3028---
3129
32- Access Control List. Used to associate policies with specific resources.
33- Access control lists are defined in the ``configtx.yaml `` file, used by
34- configtxgen to build channel configurations. An ACL is formatted as a key-value
35- pair consisting of a resource function name followed by the name of the group
36- with access to the resource. A set of default ACLs are provided in the
37- ``configtx.yaml `` file and can be overridden by editing the configtx.yaml
38- for the orderer system channel (new channels copy the configuration of the
39- orderer system channel by default) or the ``configtx.yaml `` for a specific
40- channel.
30+ An ACL, or Access Control List, associates access to specific peer
31+ resources (such as system chaincode APIs or event services) to a Policy _
32+ (which specifies how many and what types of organizations or roles are
33+ required). The ACL is part of a channel's configuration. It is therefore
34+ persisted in the channel's configuration blocks, and can be updated using the
35+ standard configuration update mechanism.
36+
37+ An ACL is formatted as a list of key-value pairs, where the key identifies
38+ the resource whose access we wish to control, and the value identifies the
39+ channel policy (group) that is allowed to access it. For example
40+ ``lscc/GetDeploymentSpec: /Channel/Application/Readers ``
41+ defines that the access to the life cycle chaincode ``GetDeploymentSpec `` API
42+ (the resource) is accessible by identities which satisfy the
43+ ``/Channel/Application/Readers `` policy.
44+
45+ A set of default ACLs is provided in the ``configtx.yaml `` file which is
46+ used by configtxgen to build channel configurations. The defaults can be set
47+ in the top level "Application" section of ``configtx.yaml `` or overridden
48+ on a per profile basis in the "Profiles" section.
4149
4250.. _Block :
4351
@@ -245,10 +253,11 @@ Leading Peer
245253------------
246254
247255Each Organization _ can own multiple peers on each channel that
248- it subscribes to. One of these peers serves as the leading peer for the channel,
249- in order to communicate with the network ordering service on behalf of the
250- organization. The ordering service "delivers" blocks to the leading peer(s) on a
251- channel, who then distribute them to other peers within the same org cluster.
256+ they subscribe to. One or more of these peers should serve as the leading peer
257+ for the channel, in order to communicate with the network ordering service on
258+ behalf of the organization. The ordering service delivers blocks to the
259+ leading peer(s) on a channel, who then distribute them to other peers within
260+ the same organization.
252261
253262.. _Ledger :
254263
@@ -344,24 +353,14 @@ read/write operations to the ledger. Peers are owned and maintained by members.
344353Policy
345354------
346355
347- How members come to agreement on accepting or rejecting changes to the network
348- or a channel. Policies include criteria for adding or removing members or peers
349- from the network. They also include the requirements needed to update a channel
350- or endorsements required to instantiate chaincode and have a transaction
351- validated by a channel.
352-
353- Policies are fundamental to the way Fabric works because they allow the identity
354- associated with a request to be checked against the policy associated with the
355- resource (such as a chaincode API) needed to fulfill the request. There are two
356- types of policies -- ``Signature `` and ``ImplicitMeta ``. ``Signature `` policies
357- define specific users who must sign in order for a policy to be satisfied such
358- as ``Org1.Peer OR Org2.Peer ``. ``ImplicitMeta `` policies are only valid in the
359- context of configuration and aggregate the result of policies deeper in the
360- configuration hierarchy which are ultimately defined by Signature policies.
361- They use a different syntax, for example ``"MAJORITY Admins ``. Policies can be
362- defined globally for the entire network in the ``configtx.yaml `` file under
363- ``Application: Policies ``, but channel specific policies may also be defined in
364- the channel profile section as well.
356+ Policies are expressions composed of properties of digital identities, for
357+ example: ``Org1.Peer OR Org2.Peer ``. They are used to restrict access to
358+ resources on a blockchain network. For instance, they dictate who can read from
359+ or write to a channel, or who can use a specific chaincode API via an ACL _.
360+ Policies may be defined in ``configtx.yaml `` prior to bootstrapping an ordering
361+ service or creating a channel, or they can be specified when instantiating
362+ chaincode on a channel. A default set of policies ship in the sample
363+ ``configtx.yaml `` which will be appropriate for most networks.
365364
366365.. _Proposal :
367366
@@ -468,4 +467,4 @@ the ledger world state for each valid transaction included in a processed block.
468467
469468
470469.. Licensed under Creative Commons Attribution 4.0 International License
471- https://creativecommons.org/licenses/by/4.0/
470+ https://creativecommons.org/licenses/by/4.0/
0 commit comments