BloSS@M September 2022 Infra & Chaincode Outline

# BloSS@M September 2022 Infra & Chaincode Outline - BloSS@M Infrastructure: One whole, differientated parts (A.J. Stein) - Consortium, not hierarchy - One blockahin network, many members - Implementation: - Overview - Hub: Amazon Managed Blockchain network instance - Spokes: each agency has their own AWS account, VPC(s), and infrastructure - Member nodes in their infra - App instances (dashboard) in their infra - Peer relationships based on consortium decision - Note: [diagram](https://docs.aws.amazon.com/managed-blockchain/latest/hyperledger-fabric-dev/images/blockchain-architecture.png) from [the AWS Managed Blockchain overview page](https://docs.aws.amazon.com/managed-blockchain/latest/hyperledger-fabric-dev/network-components.html) - Network - Not accessible on routable public internet - VPC Endpoints; configuration for mutual agreement (ISA) - Member network can only access interact w/ their nodes via API - L7 and "L8" (chain code) media of communication, network attacks much less useful - Certificate authority - In-blockchain authentication principal is X.509 - Consistent, well-known certificate-based AuthN - Flexible and adaptable to integrate with app layer AuthN and store certificates for different infra needs (short-lived; long-lived; HSM-generated, et cetera) - All networked API calls use mutual TLS with member nodes - Trusted root CA from managed service - Each member has its own intermediate CA - Can provision new user identities in member infra - Can revoke certs and disable member users - Blockchain Infrastructure Layer - Each member has their own peer nodes and ledger (DB copy, tampering difficult) - Each member communicates and validates with ordering service - Blockchain Code (Chaincode) Layer - Cite Josh talking next - Authenticated member users push to copy of their ledger - Business logic changes must be coordinated with the group - Business Application Layer - IdP for the custom authentication following OIDC - Different members (agencies): standards-based AuthN, allow each to choose their own - Hand-off to Josh - Chaincode Discussion (Josh Roberts)