Roles assignement in Hyperledger Indy

Question

How are the roles assigned to the nodes in hyperledger indy , is it configured through a file or by some other proceedure ? And are the roles assigned to nodes or agents ?

I read the documentation of the hyperleder indy but didn't find anything related to this

Answer 1

1. In Hyperledger Indy roles are assigned to agents rather than nodes. Agents however are implemented in hard coding (Python, Go, JS) which interact with the ledger.

   • As an example in application built on top of Indy there could be defined following roles: Steward, Trustee, or Endorser and assign permissions to each role.

   • Following example is the small part from one of my projects, where AnchorHandle class serves as a wrapper for interacting with ledger using Indy SDK, and there I used INDY_ROLE_TYPES to map specific role ID to role names in Indy environment:

     INDY_ROLE_TYPES = {
             "0": "TRUSTEE",
             "2": "STEWARD",
             "100": "TGB",
             "101": "TRUST_ANCHOR",
           }
     

   • And in the following example which is the part of web server to interact with Indy ledger role information is retrieved from a transaction data and converts the role ID into role name:

     role = data.get('role')
     if role != None:
     role_name = INDY_ROLE_TYPES.get(role, role)
     text.append("ROLE: " + role_name)
     

2. And to learn how the Indy environment works and how to assign roles you can follow these:

   • In the following link - you will find Default AUTH_MAP Rules where you can check description for each of them.
   • Sovrin Glossary - which helps to understand the meaning of the terms
   • Indy official documentation - you have to read and analyze each part for better understanding and interacting with Indy SDK
   • Regional-Communities - lastly, here you can find regional communities, where you can also get experienced level help.

Answer 2

Indy is a permissioned network, therefore each node is identified by a bls key. To add a node to a network then an agent needs to send a transaction(includes the public key and node ip) to add that node to the existing network. That transaction needs to be signed usually by an agent that controls a did key(ed25519) who has the role of trustee, steward (it depends actually on the auth map rules) on the network.