Hyperledger FireFly provides a pluggable infrastructure for authenticating API requests.
Each namespace can be configured with a different authentication plugin, such that different teams can have different access to resources on the same FireFly server.
A reference plugin implementation is provided for HTTP Basic Auth, combined with a
verification of passwords with a
See this config section for details, and the reference implementation in Github
Pre-packaged vendor extensions to Hyperledger FireFly are known to be available, addressing more comprehensive role-based access control (RBAC) and JWT/OAuth based security models.
Data Partitioning and Tenancy
Namespaces also provide a data isolation system for different applications / teams / tenants sharing a Hyperledger FireFly node.
Data is partitioned within the FireFly database by namespace. It is also possible to increase the separation between namespaces, by using separate database configurations. For example to different databases or table spaces within a single database server, or even to different database servers.
Private Data Exchange
FireFly has a pluggable implementation of a private data transfer bus. This transport supports both structured data (conforming to agreed data formats), and large unstructured data & documents.
A reference microservice implementation is provided for HTTPS point-to-point connectivity with mutual TLS encryption.
See the reference implementation in Github
Pre-packaged vendor extensions to Hyperledger FireFly are known to be available, addressing message queue based reliable delivery of messages, hub-and-spoke connectivity models, chunking of very large file payloads, and end-to-end encryption.
Learn more about these private data flows in Multiparty Process Flows.