You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The Azure Confidential Ledger, a REST API service, allows users to interact with the ledger through administrative and functional API calls. When data is recorded to the ledger, it is sent to the permissioned blockchain nodes that are secure enclaved backed replicas. The replicas follow a consensus concept. A user can also retrieve receipts for the data that has been committed to the ledger.
14
+
The Azure confidential ledger, a REST API service, allows users to interact with the ledger through administrative and functional API calls. When data is recorded to the ledger, it is sent to the permissioned blockchain nodes that are secure enclaved backed replicas. The replicas follow a consensus concept. A user can also retrieve receipts for the data that has been committed to the ledger.
15
15
16
16
There is also an optional consortium notion that will support multi-party collaboration in the future.
17
17
18
18
## Architecture diagram
19
19
20
-
This image provides an architectural overview of Azure Confidential Ledger, and shows Azure Confidential Ledger Users interacting with the Cloud APIs for a created ledger.
20
+
This image provides an architectural overview of Azure confidential ledger, and shows Azure confidential ledger Users interacting with the Cloud APIs for a created ledger.
Azure Confidential Ledger nodes can be authenticated by code samples and by users.
14
+
Azure confidential ledger nodes can be authenticated by code samples and by users.
15
15
16
16
## Code samples
17
17
18
18
When initializing, code samples get the node certificate by querying Identity Service. After retrieving the node certificate, a code sample will query the Ledger network to get a quote, which is then validated using the Host Verify binaries. If the verification succeeds, the code sample proceeds to Ledger operations.
19
19
20
20
## Users
21
21
22
-
Users can validate the authenticity of Confidential Ledger nodes to confirm they are indeed interfacing with their Ledger’s enclave. You can build trust in Confidential Ledger nodes in a few ways, which can be stacked on one another to increase the overall level of confidence. As such, Steps 1-2 help build confidence in that Confidential Ledger enclave as part of the initial TLS handshake and authentication within functional workflows. Beyond that, a persistent client connection is maintained between the user’s client and the Confidential Ledger.
22
+
Users can validate the authenticity of Azure confidential ledger nodes to confirm they are indeed interfacing with their Ledger’s enclave. You can build trust in Azure confidential ledger nodes in a few ways, which can be stacked on one another to increase the overall level of confidence. As such, Steps 1-2 help build confidence in that Azure confidential ledger enclave as part of the initial TLS handshake and authentication within functional workflows. Beyond that, a persistent client connection is maintained between the user's client and the confidential ledger.
23
23
24
-
-**Validating the Confidential Ledger node**: This is accomplished by querying the identity service hosted by Microsoft, which provides a network cert and thus helps verify that the Ledger node is presenting a cert endorsed/signed by the network cert for that specific instance. Similar to PKI-based HTTPS, a server’s cert is signed by a well-known Certificate Authority (CA) or intermediate CA. In the case of Confidential Ledger, the CA cert is returned by an Identity service in the form of a network cert. This is an important confidence building measure for users of Confidential Ledger. If this node cert isn’t signed by the returned network cert, the client connection should fail (as implemented in the sample code).
25
-
-**Validate the Confidential Ledger enclave**: The Confidential Ledger runs in an Intel® SGX enclave that’s represented by a Quote, a data blob generated inside that enclave. It can be used by any other entity to verify that the quote has been produced from an application running with Intel® SGX protections. The quote is structured in a way that enables easy verification. It contains claims that help identify various properties of the enclave and the application that it’s running. This is an important confidence building mechanism for users of the Confidential Ledger. This can be accomplished by calling a functional workflow API to get an enclave quote. The client connection should fail if the quote is invalid. The retrieved quote can then be validated with the open_enclaves Host_Verify tool. More details about this can be found here.
24
+
-**Validating a confidential ledger node**: This is accomplished by querying the identity service hosted by Microsoft, which provides a network cert and thus helps verify that the Ledger node is presenting a cert endorsed/signed by the network cert for that specific instance. Similar to PKI-based HTTPS, a server’s cert is signed by a well-known Certificate Authority (CA) or intermediate CA. In the case of Azure confidential ledger, the CA cert is returned by an Identity service in the form of a network cert. This is an important confidence building measure for users of confidential ledger. If this node cert isn’t signed by the returned network cert, the client connection should fail (as implemented in the sample code).
25
+
-**Validating a confidential ledger enclave**: A confidential ledger runs in an Intel® SGX enclave that’s represented by a Quote, a data blob generated inside that enclave. It can be used by any other entity to verify that the quote has been produced from an application running with Intel® SGX protections. The quote is structured in a way that enables easy verification. It contains claims that help identify various properties of the enclave and the application that it’s running. This is an important confidence building mechanism for users of the confidential ledger. This can be accomplished by calling a functional workflow API to get an enclave quote. The client connection should fail if the quote is invalid. The retrieved quote can then be validated with the open_enclaves Host_Verify tool. More details about this can be found here.
26
26
27
27
## Next steps
28
28
29
-
-[Overview of Microsoft Azure Confidential Ledger](overview.md)
Copy file name to clipboardExpand all lines: articles/confidential-ledger/create-client-certificate.md
+4-4Lines changed: 4 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,6 +1,6 @@
1
1
---
2
-
title: Creating a Client Certificate with Microsoft Azure Confidential Ledger
3
-
description: Creating a Client Certificate with Microsoft Azure Confidential Ledger
2
+
title: Creating a Client Certificate with Microsoft Azure confidential ledger
3
+
description: Creating a Client Certificate with Microsoft Azure confidential ledger
4
4
services: confidential-ledger
5
5
author: msmbaldwin
6
6
ms.service: confidential-ledger
@@ -11,7 +11,7 @@ ms.author: mbaldwin
11
11
---
12
12
# Creating a Client Certificate
13
13
14
-
The Confidential Ledger APIs require client certificate-based authentication. Only those certificates added to an allowlist during Ledger Creation or Ledger Update can be used to call the Confidential Ledger Functional APIs.
14
+
The Azure confidential ledger APIs require client certificate-based authentication. Only those certificates added to an allowlist during Ledger Creation or Ledger Update can be used to call the confidential ledger Functional APIs.
15
15
16
16
You will need a certificate in PEM format. You can create more than one certificate and add or delete them using Ledger Update API.
Copy file name to clipboardExpand all lines: articles/confidential-ledger/faq.md
+6-6Lines changed: 6 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,6 +1,6 @@
1
1
---
2
-
title: Frequently asked questions for Azure Confidential Ledger
3
-
description: Frequently asked questions for Azure Confidential Ledger
2
+
title: Frequently asked questions for Azure confidential ledger
3
+
description: Frequently asked questions for Azure confidential ledger
4
4
services: confidential-ledger
5
5
author: msmbaldwin
6
6
ms.service: confidential-ledger
@@ -11,11 +11,11 @@ ms.author: mbaldwin
11
11
12
12
---
13
13
14
-
# Frequently asked questions for Azure Confidential Ledger
14
+
# Frequently asked questions for Azure confidential ledger
15
15
16
16
## How can I tell if the ACC Ledger service would be useful to my organization?
17
17
18
-
Confidential Ledger is ideal for organizations with records valuable enough for a motivated attacker to try to compromise the underlying logging/storage system, including "insider" scenarios where a rogue employee might attempt to forge, modify, or remove previous records.
18
+
Azure confidential ledger is ideal for organizations with records valuable enough for a motivated attacker to try to compromise the underlying logging/storage system, including "insider" scenarios where a rogue employee might attempt to forge, modify, or remove previous records.
19
19
20
20
## What makes ACC Ledger much more secure?
21
21
@@ -27,10 +27,10 @@ Not necessarily. Some solutions today require users to maintain write receipts f
27
27
28
28
## How do I verify Ledger's authenticity?
29
29
30
-
You can verify that the Ledger server nodes that your client is communicating with are authentic. For details, see [Authenticating Confidential Ledger Nodes](authenticate-ledger-nodes.md).
30
+
You can verify that the Ledger server nodes that your client is communicating with are authentic. For details, see [Authenticating confidential ledger Nodes](authenticate-ledger-nodes.md).
31
31
32
32
33
33
34
34
## Next steps
35
35
36
-
-[Overview of Microsoft Azure Confidential Ledger](overview.md)
36
+
-[Overview of Microsoft Azure confidential ledger](overview.md)
0 commit comments