Authenticated web GUI interacting with blockchain

Question

Say I would like to implement an application used by several institutions which each have several associates. The associates would need the ability to interact with the application (but aren't necessarily nodes (?)). Thus I would like to build a web interface, providing a way to easily interact with the blockchain. Each institution would like a different interface, conforming to their house style. Also, an associate has to be authenticated to the web interface to be able to use its functionality.

As I understand, each institution would run several nodes. Each node is able to provide a REST API to interact with the blockchain. Each institution would then run their own web service with their own interface interacting with the REST API (ran by one of their nodes)? and thus the blockchain. Then the web service would also have its own (institute-centralized and institute-specific) database which contains associate login details, providing a way to first authenticate the associate before having access to the actual functionality.

Is my way of thinking about this wrong? Also, the REST API would still be directly accessable without authentication. Is there a solution for this?

Thank you for any help or direction.

Answer 1

You don't specifically say if you are looking at Hyperledger Composer - but assuming you are, then having a REST server and a differently styled Web app for the separate institutions is good. Perhaps the Web Apps would function slightly differently for the different institutions too - integrating with different legacy systems for example.

With regard to the authentication, there is authentication built into the Composer Rest server with Multi User mode. The example and the tutorial in the documentation use Guthub and Google as authentication mechanisms, but there are options to use Ldap, AD or other strategies.

Multi User Mode for the Composer Rest server is described here.