Verification of node compliance
This subsection describes the process of automatic verification of nodes with a specific compliance.
In order to operate a safe environment at all times it is important that the nodes meet certain requirements. Since a manual process of verification would be too time-consuming, the automated compliance verification of nodes is very important. For this automated process, rules and levels of compliance should be defined.
To enable automated node complience verification, the following points should be defined:
- Compliance guidelines
- Verification routines
- Time interval of the repetition
A drawback would be: If security gaps could be exploited, automation would of course also be very dangerous.
Unresolved question: It is not clear, if there is a way for a permissionless public blockchain to adjust the compliance during operation without changing the code.
References to best practices, examples
Hyperledger Fabric  represents a compliance-friendly blockchain architecture.
Policies are one of the things that make Hyperledger Fabric different from other blockchains like Ethereum or Bitcoin. In those systems, transactions can be generated and validated by any node in the network. The policies that govern the network are fixed at any point in time and can only be changed using the same process that governs the code. Because Fabric is a permissioned blockchain whose users are recognized by the underlying infrastructure, those users have the ability to decide on the governance of the network before it is launched, and change the governance of a running network.
Sovrin uses a Python script  to perform the verification of nodes. This contains the following validation criteria:
- MUST run a server operating system that receives timely patches from its vendor or community.
- Run on a mainstream hypervisor
- Machine is dedicated to the validator, no other services
- Have 8 or more cores
- Have at least 32GB of RAM and 1-2+TB of reliable disk space
- Must be running NTP and maintain a system clock that is demonstrably in sync within two seconds.
- Run a firewall that disallows public ingress except on ports used by the validator node software or remote administration tools.
Bibliography of selected references
Authors: David Maas, Mirko Mollik, Kevin Wittek
Status: work in progress
Last modified: 2020-09-09