Mapping ledger commands to user sessions that submitted them

One of the challenge we have is that parties can be shared in multiple ledger API user session. How to find out a command is executed under which ledger API user’s session? The ledger has cryptographic evidence for the parties involved but I don’t think ledger API user information is presented to the ledger. When a user login into ledger API, can ledger API records and associates all the command ID submitted under that user session?

1 Like

When you say “user session”, I assume you mean a different authentication token.One mechanism through which you can distinguish those is using the applicationId field of the access token. That field is intended to differentiate between different components of a larger client application:

Uniquely identifies the application (or its part) that issued the command. This is used in tracing across different components and to let applications subscribe to their own submissions only. Must be a valid LedgerString (as described in value.proto ). Required

But there is no reason to also use it to distinguish users. From the Ledger APIs perspective users and client applications are the same thing: agents that read and write to the API. So if you wanted users Alice and Bob to both be able to act as party frankie, but wanted to be able to distinguish which of Alice and Bob actually submitted a given command, you can issue tokens with application_ids user_Alice and user_Bob or similar.

Note that application_id is not part of the shared ledger state, it’s only local information on the participant to allow for segregation of different applications or parts of applications. If you want Alice and Bob to have different identities on the ledger, you need to give them different parties.

Note that we are currently thinking about a feature to allow participant node operators to map commands to users or other agents in a less hacky way. Such a feature will probably make it onto our roadmap in the foreseeable future, but it’s too early to give any indications on timeline.

2 Likes

Another issue with the application id is that it’s only exposed in the completion service, not in the transaction service.

1 Like

Thanks @bernhard. Looking forward to hearing more on this topic. Mapping command to ledger user/token will be a great feature to have.