Updated on February 24, 2021
- Supply the
--multitenancycommand line flag
- Configure the JSON RPC Security plugin
- Use Tessera version
A network can consist of multi-tenant nodes and single-tenant nodes. One or more independent authorization servers can be used to protect multi-tenant nodes, however one multi-tenant node can only be protected by one authorization server.
Sample Network Setup
This section outlines an example of how multi-tenancy can be set up. A network operator must configure scope values for each user in an authorization server, for each tenant. This example network contains 4 nodes, 2 of which are multi-tenant nodes. The multi-tenant nodes are
A node consists of GoQuorum client and Tessera Private Transaction Manager.
We name Privacy Manager key pairs for easy referencing, for example:
G_K1. In reality, their values are the pubic keys used in
Privacy Manager key pairs are allocated as follows:
Tenants are assigned to multi-tenant nodes as follows:
J_K2, and it’s tenancy is on
G_K3, and its tenancy is on
D_K1, and its tenancy is on
G Organization and
D Organization may decide to allocate keys to their departments, therefore the security model could be as below:
J Audithaving READ access to contracts in which
G Audithaving READ access to contracts in which
Each authorization server has its own configuration steps and client onboarding process. A network operator’s responsibility is to implement the above security model in the authorization server by defining custom scopes and granting them to target clients.
A custom scope representing
J Investment owning
Custom scopes representing
J Audit having READ access to contracts in which
J_K2 are participants,
Clients must also be granted scopes which specify access to the JSON RPC APIs.
Refer to the JSON RPC Security plugin for more information.
In summary, to reflect the above security model, typical scopes being granted to
J Investment would be the following:
Supported JSON RPC APIs
privateFrom field is mandatory when multi-tenancy is enabled
APIs that are used to access states are required to be protected. Those are:
It’s important for the network operator to configure the authorization server to ensure the authorization model is reflected accurately.
GraphQL APIs and other APIs will be supported in the future.
Multi-tenancy introduces new improvements to how GoQuorum stores data so it can be used to protect tenant states. This requires re-syncing a node to be multi-tenant.
Tenants own one or more Privacy Manager key pairs. Public keys are used to address private transactions. Please refer to Tessera keys configuration documentation for more information about how Tessera manages multiple key pairs.