A “consortium” is a business network comprised of a group of organizations and/or multiple members who have a shared business goal. A centralized consortia is owned and governed by a single entity, whereas a decentralized consortia has shared ownership across a group of stakeholders. All operations at this tier are off-chain and include cloud + region whitelisting, membership creation, certificate management, smart contract management, onboarding with optional RBAC governance, and network auditing.
Configuring your Consortium
A consortia can be built across a single cloud provider, across multiple regions within a single cloud provider, or multiple cloud providers and a selection of underlying regions. When creating a consortia, you are tasked with supplying the following pieces of configuration:
- Name – Identity of the consortia
- Mission – Optional prose or legalese describing business purpose, bylaws, objectives, etc.…
- Home Region – Cloud provider and underlying region where consortia metadata (e.g., memberships) is stored. The available cloud providers are AWS and Microsoft Azure.
Clouds & Regions
A consortia can be configured to whitelist one or more regions across the two available cloud providers – AWS and Azure. Resources (nodes and services) can be created and deployed on any of the consortia’s whitelisted cloud regions and easily integrated with existing cloud suites and application stacks.
A core tenet of blockchain is the independent ownership of network resources and shared participation in the configured consensus algorithm. However, when operating within the scope of a consortia, there needs to be additional enforceable permissions beyond the ability to stand up resources. Business networks are diverse, and it’s atypical for every stakeholder to exist on equal footing. As such, governance schemes and access control become critical features when on-boarding external organizations to a consortia.
Modeling/Simulating a Business Network
When you first start using the Kaleido platform, and during PoC phases, you can model many participants in your consortium under a single administration/security domain.
Each has a unique identity and application security credentials to access cloud resources. However, they are managed under the same Kaleido Organization and operated by the same organizational admin(s).
- Navigate to your consortia's governance page and select "Add Membership".
- Enter the participant's name (e.g.
Bank ABC) and click "Add".
On-boarding an External Organization
Decentralize ownership of your consortia by onboarding an external organization. The founder of the consortia can accomplish this by issuing an invitation with embedded access control permissions. Any on-boarded organization will be in sole control of their resources, services, and security credentials and will possess any ascribed permissions. To onboard an external org follow these instructions:
NOTE: Only organizations on the Business or Enterprise subscription tier can extend/participate in a decentralized consortium. Only organizations on the Enterprise subscription tier can issue network permissions.
- Navigate to your consortia's governance page and select "Invite Organization".
- A panel will appear describing the architectural transition of your consortia from centralized to decentralized. Click "Next".
Enter the Member Name of the external org and supply an admin email address.
Select or rescind permissions and choose "Send Invitation".