corda/docs/source/key-concepts-ecosystem.rst

The network
===========

.. topic:: Summary

   * *A Corda network is made up of nodes running Corda and CorDapps*
   * *Communication between nodes is point-to-point, instead of relying on global broadcasts*
   * *Each node has a certificate mapping their network identity to a real-world legal identity*
   * *The network is permissioned, with access requiring a certificate from the network operator*

Network structure
-----------------
A Corda network is a peer-to-peer network of **nodes**. Each node runs the Corda software as well as Corda applications
known as **CorDapps**.

.. image:: resources/network.png
   :scale: 25%
   :align: center

All communication between nodes is point-to-point and encrypted using transport-layer security. This means that data is
shared only on a need-to-know basis. There are **no global broadcasts**.

Identity
--------
Each node has a single well-known identity. The node's identity is used to represent the node in transactions, such as
when purchasing an asset.

.. note:: These identities are distinct from the RPC user logins that are able to connect to the node via RPC.

Each network has a **network map service** that maps each well-known node identity to an IP address. These IP
addresses are used for messaging between nodes.

Nodes can also generate confidential identities for individual transactions. The certificate chain linking a
confidential identity to a well-known node identity or real-world legal identity is only distributed on a need-to-know
basis. This ensures that even if an attacker gets access to an unencrypted transaction, they cannot identify the
transaction's participants without additional information if confidential identities are being used.

Admission to the network
------------------------
Corda networks are semi-private. To join a network, a node must obtain a certificate from the network operator. This
certificate maps a well-known node identity to:

* A real-world legal identity
* A public key

The network operator enforces rules regarding the information that nodes must provide and the know-your-customer
processes they must undergo before being granted this certificate.
Docsite reorg ahead of beta launch. 2017-06-05 12:37:23 +00:00			`The network`
			`===========`
Key Concepts rewrite for open source day (#7) First draft Re-structured Key Concepts; added plenty of diagrams; additional content. Added references to other security docs. Re-structured Key Concepts; added plenty of diagrams; additional content. Added references to other security docs. Updated information, indexes and images. Incorporated feedback from PR review comments (RGB, RW) Reformatted diagrams and incorporated feedback from PR reviewers. Addressed formatting problems. Updated Flow Framework diagram Added colour coding to Flow Framework diagram to aid readibility. Small clarification to vault unconsumed state usage. Added tutorial reference as suggested by RGB Updated TOC tree. Updates following PR review comment from Roger First pass updates following PR review comments from MH. Further updates following PR review (including 2 edited diagrams) Diagram changes and minor text edits following review with MGB Remove unused diagrams. Fixed spurious indentation errors. Changes following review and feedback from JD. Added clauses and merkle-trees back into TOC. Added small sub-section on transaction representation in Data Model. Added future work as note in Vault. Minor updates to diagrams following MH review. Updated Corda Ecosystem diagram. Minor changes to Core & Financial docs following PR review by MH. Updated following review by MBG. 2017-01-26 15:46:40 +00:00
Docsite reorg ahead of beta launch. 2017-06-05 12:37:23 +00:00			`.. topic:: Summary`
Key Concepts rewrite for open source day (#7) First draft Re-structured Key Concepts; added plenty of diagrams; additional content. Added references to other security docs. Re-structured Key Concepts; added plenty of diagrams; additional content. Added references to other security docs. Updated information, indexes and images. Incorporated feedback from PR review comments (RGB, RW) Reformatted diagrams and incorporated feedback from PR reviewers. Addressed formatting problems. Updated Flow Framework diagram Added colour coding to Flow Framework diagram to aid readibility. Small clarification to vault unconsumed state usage. Added tutorial reference as suggested by RGB Updated TOC tree. Updates following PR review comment from Roger First pass updates following PR review comments from MH. Further updates following PR review (including 2 edited diagrams) Diagram changes and minor text edits following review with MGB Remove unused diagrams. Fixed spurious indentation errors. Changes following review and feedback from JD. Added clauses and merkle-trees back into TOC. Added small sub-section on transaction representation in Data Model. Added future work as note in Vault. Minor updates to diagrams following MH review. Updated Corda Ecosystem diagram. Minor changes to Core & Financial docs following PR review by MH. Updated following review by MBG. 2017-01-26 15:46:40 +00:00
Docsite reorg ahead of beta launch. 2017-06-05 12:37:23 +00:00			`* A Corda network is made up of nodes running Corda and CorDapps`
			`* Communication between nodes is point-to-point, instead of relying on global broadcasts`
Removes Identity page. Reworks it into the Network page. (#3687) * Removes Identity page. Reworks it into the Network page. * Removes stray doorman reference. * Addresses review feedback. 2018-07-25 12:13:10 +00:00			`* Each node has a certificate mapping their network identity to a real-world legal identity`
			`* The network is permissioned, with access requiring a certificate from the network operator`
Docsite reorg ahead of beta launch. 2017-06-05 12:37:23 +00:00
			`Network structure`
			`-----------------`
Removes Identity page. Reworks it into the Network page. (#3687) * Removes Identity page. Reworks it into the Network page. * Removes stray doorman reference. * Addresses review feedback. 2018-07-25 12:13:10 +00:00			`A Corda network is a peer-to-peer network of nodes. Each node runs the Corda software as well as Corda applications`
			`known as CorDapps.`
Docsite reorg ahead of beta launch. 2017-06-05 12:37:23 +00:00
Removes Identity page. Reworks it into the Network page. (#3687) * Removes Identity page. Reworks it into the Network page. * Removes stray doorman reference. * Addresses review feedback. 2018-07-25 12:13:10 +00:00			`.. image:: resources/network.png`
			`:scale: 25%`
			`:align: center`
Docsite reorg ahead of beta launch. 2017-06-05 12:37:23 +00:00
Removes Identity page. Reworks it into the Network page. (#3687) * Removes Identity page. Reworks it into the Network page. * Removes stray doorman reference. * Addresses review feedback. 2018-07-25 12:13:10 +00:00			`All communication between nodes is point-to-point and encrypted using transport-layer security. This means that data is`
			`shared only on a need-to-know basis. There are no global broadcasts.`
Docsite reorg ahead of beta launch. 2017-06-05 12:37:23 +00:00
Removes Identity page. Reworks it into the Network page. (#3687) * Removes Identity page. Reworks it into the Network page. * Removes stray doorman reference. * Addresses review feedback. 2018-07-25 12:13:10 +00:00			`Identity`
			`--------`
			`Each node has a single well-known identity. The node's identity is used to represent the node in transactions, such as`
			`when purchasing an asset.`
Docsite reorg ahead of beta launch. 2017-06-05 12:37:23 +00:00
Removes Identity page. Reworks it into the Network page. (#3687) * Removes Identity page. Reworks it into the Network page. * Removes stray doorman reference. * Addresses review feedback. 2018-07-25 12:13:10 +00:00			`.. note:: These identities are distinct from the RPC user logins that are able to connect to the node via RPC.`
Docsite reorg ahead of beta launch. 2017-06-05 12:37:23 +00:00
Removes Identity page. Reworks it into the Network page. (#3687) * Removes Identity page. Reworks it into the Network page. * Removes stray doorman reference. * Addresses review feedback. 2018-07-25 12:13:10 +00:00			`Each network has a network map service that maps each well-known node identity to an IP address. These IP`
			`addresses are used for messaging between nodes.`
Docsite reorg ahead of beta launch. 2017-06-05 12:37:23 +00:00
Removes Identity page. Reworks it into the Network page. (#3687) * Removes Identity page. Reworks it into the Network page. * Removes stray doorman reference. * Addresses review feedback. 2018-07-25 12:13:10 +00:00			`Nodes can also generate confidential identities for individual transactions. The certificate chain linking a`
			`confidential identity to a well-known node identity or real-world legal identity is only distributed on a need-to-know`
			`basis. This ensures that even if an attacker gets access to an unencrypted transaction, they cannot identify the`
			`transaction's participants without additional information if confidential identities are being used.`

			`Admission to the network`
			`------------------------`
			`Corda networks are semi-private. To join a network, a node must obtain a certificate from the network operator. This`
			`certificate maps a well-known node identity to:`
Docsite reorg ahead of beta launch. 2017-06-05 12:37:23 +00:00
Removes Identity page. Reworks it into the Network page. (#3687) * Removes Identity page. Reworks it into the Network page. * Removes stray doorman reference. * Addresses review feedback. 2018-07-25 12:13:10 +00:00			`* A real-world legal identity`
			`* A public key`
Docsite reorg ahead of beta launch. 2017-06-05 12:37:23 +00:00
Removes Identity page. Reworks it into the Network page. (#3687) * Removes Identity page. Reworks it into the Network page. * Removes stray doorman reference. * Addresses review feedback. 2018-07-25 12:13:10 +00:00			`The network operator enforces rules regarding the information that nodes must provide and the know-your-customer`
			`processes they must undergo before being granted this certificate.`