Granting ledger access securely

Customer question: Are there solutions in daml addressing a person’s (eg a shareholder’s) access? In many DLT solutions, people use wallets based on PKI infrastructure, allowing owners to sign (their own) transactions.

On the other hand, from a private network’s perspective, is it correct that access is enabled for a person by the network participants? That would mean an additional trust layer is needed to provide private keys for shareholders. However, it’s best to keep private keys secret, so they shouldn’t be exposed to anyone, even a network participant. Is there a solution for that in daml or something like a best practice pattern to grant a person access?

1 Like

I posted (what I think) is a similar question here:

@Luciano yes that helps, thanks. So basically it comes down to trusting the participants who will validate the parties.

I also found this article which is also helpful.

So if I understand it correctly, a public facing web site with a Daml ledger backend could implement an authentication mechanism using individually held private keys (ie client certificates), with the access token provider using the client presented certificate to generate a ledger token?

Also can I check that the authentication principles set out in the above linked article wouldn’t be impacted by Canton?

I’m not very familiar with Canton myself so can’t speak to the latter question, but for the former, yes, you could imagine your token provider to authenticate based on certificates rather than OAuth or passwords. The Daml system only looks at the token you are presenting and checks that it has been signed by the expected private key; it doesn’t need to know anything about authentication (how you proved to the token provider that you are the person the token claims), just what the token allows you to do.

Your token provider and its authentication method can be as complex as you want.