Access managing

The Waves Enterprise platform implements the closed model of blockchain where the new participants adding is under control of an individual user with the authority. This model of blockchain is also supports the restriction for the data access for all participants. The advantage of this model is its increased security compared to open blockchains, as well as the ability to flexibly configure access levels and distribution of rights.

Only a user with the “Connection Manager” role can add new participants to the Waves Enterprise blockchain. The 111 RegisterNode transaction is used to connect a new node to the network. This transaction contains the credentials of the connected node. As a result of all such transactions each node is creating and updating the table which includes all approved network participants.

Each attempt of the participant connection is accompanied by handshake-message, which in addition to service information specifies the data area with proof of belonging to the connected network - in a simplified way it is a set of public key with the electronic signature of the participant. Since the public key of the connected participant is already stored in the storage of other peers, the participant who received the handshake request verifies the signature and the public key provided earlier in the blockchain. If the check is successful, the participant generates a response handshake request, the success of which establishes a connection between the parties. After successful connection participants perform the network synchronization as well as synchronization of the table of corresponding of blockchain and network addresses of nodes, which is necessary in the future in the process of sending private data.

../_images/handshake.png

The process of disconnecting a participant from the network is similar to the process of connection, except that the “Connection Manager” user sends the 111 RegisterNode transaction with the "opType": "remove" parameter. Since the handshake request is executed at a frequency of 1 time every 30 seconds, the next request after the participant is removed from the network will be denied, due to the lack of credentials of the connected participant in the blockchain node table.