One of the challenge we have is that parties can be shared in multiple ledger API user session. How to find out a command is executed under which ledger API user’s session? The ledger has cryptographic evidence for the parties involved but I don’t think ledger API user information is presented to the ledger. When a user login into ledger API, can ledger API records and associates all the command ID submitted under that user session?
When you say “user session”, I assume you mean a different authentication token.One mechanism through which you can distinguish those is using the
applicationId field of the access token. That field is intended to differentiate between different components of a larger client application:
Uniquely identifies the application (or its part) that issued the command. This is used in tracing across different components and to let applications subscribe to their own submissions only. Must be a valid LedgerString (as described in
But there is no reason to also use it to distinguish users. From the Ledger APIs perspective users and client applications are the same thing: agents that read and write to the API. So if you wanted users Alice and Bob to both be able to act as party
frankie, but wanted to be able to distinguish which of Alice and Bob actually submitted a given command, you can issue tokens with application_ids
user_Bob or similar.
application_id is not part of the shared ledger state, it’s only local information on the participant to allow for segregation of different applications or parts of applications. If you want Alice and Bob to have different identities on the ledger, you need to give them different parties.
Note that we are currently thinking about a feature to allow participant node operators to map commands to users or other agents in a less hacky way. Such a feature will probably make it onto our roadmap in the foreseeable future, but it’s too early to give any indications on timeline.
Another issue with the application id is that it’s only exposed in the completion service, not in the transaction service.
Thanks @bernhard. Looking forward to hearing more on this topic. Mapping command to ledger user/token will be a great feature to have.