securefederatedai
multiple collaborators per certificate
This PR adds the possibility of having multiple collaborator nodes use the same certificate for communication with the aggregator. The goal is to separate the dataset "identity" from its owner identity. We can think of "collaborator name" now as a "dataset name/ID".
cols.yaml's collaborators key is now expected to have one of the following two structures:
- A dictionary representing a mapping between an authorized collaborator name and the corresponding certified common name. Multiple collaborator names can have the same certified common name.
- list of strings: as before. In this case, each string will be interpreted as both the collaborator name and its certified common name. (for backward compatibility)
In the code, the Plan object will now have both the authorized_cols property and a new property cn_mapping. I kept the authoized_cols property to minimize changes to the codebase since it is used in many places as a list of strings.
possible TODOs:
- unit tests
- Update
fx collaborator certifyandgenerate-cert-requestto accept multiple cols per cert. - Director-based flow: I haven't tested this yet. It looks like the list of collaborators is received via a request. Should we add a new optional request param for associated expected CNs?
- Experimental code is not updated
- documentation
Hi @hasan7n,
Great work on enabling multiple collaborators to use a shared certificate. To ensure everything works as expected, could you add unit tests for both the new dictionary mapping in cols.yaml and the backward-compatible list format?
Additionally, could you outline how we might manually test this feature to verify its functionality?
Thanks for your efforts!
Best, Manuel Santana
