I am using fabric cid for chaincode ABAC. It works fine; however once after updating the identity attribute (through node sdk) the ABAC did not work as intended.
My Workflow:
1.Register and enroll identity through node SDK.
Ex value,
attrs: [ {"name": "role", "value": "client", "ecert": true} ]
2.Chaincode invoke. ABAC works as intended.
identity, err := cid.New(stub)
err = identity.AssertAttributeValue("role", "client")
Ex value,
attrs: [ {"name": "role", "value": "user", "ecert": true} ]
When I logged the attribute, i found that the identity still carries the old role (client) instead of updated value (user); however the fabric-ca-server.db users table has the latest attribute value (user). little confused here!!
Am I missing any steps? Could anyone help me to find out the exact cause for this?
Edit:
Fabric v1.4
My example workflow below used the fabric-ca-client binary CLI - not client code. But I did use the cid object in my chaincode/smart contract.
When you Register an ID an entry is created in the CA database.
When you Enroll an ID the certificate and key are downloaded - if you include the ecert flag then the attribute is included in the certificate.
If you modify an ID the entry in the CA database. (But the certificate still has the old value)
When you reenroll the ID the certificate is replaced and the new certificate contains the new modified attribute value. When you use connect to the chaincode with the new certificate the cid object will show the new value.