Let's say I manage a Hyperledger Fabric Network and I have control on the orderer peers of the orderer organization. Is it possible for me to submit data to a PDC of another org, using an orderer peer to do it?
Do the policies of the PDC allow that?
Thanks.
I haven't tried. I'm just curious about that possibility.
TL;DR: No, the orderer nodes cannot insert information into private data collections.
Data to be added to private collections is stored by peers in a transient data store during endorsement. A signed transaction proposal containing the private data is sent by the client to the endorsing peers with no involvement from the orderer.
The endorsed transaction is then sent to the orderer to be committed in a block, but that does not contain the private data. The block containing the transaction is distributed (by the orderer) to peers, which then validate the transaction (including checking it has sufficient peer endorsements) and, if they have access to the private data collection it updates, apply the data from their transient store to the private data collection.
The orderer never sees the private data and cannot insert information into private data collections.
This documentation page provides more detailed information:
https://hyperledger-fabric.readthedocs.io/en/latest/private-data/private-data.html
Related
I am using Hyperledger Fabric 2.3. I have added 50+ Orgs in a channel. An Org1 wants to choose Org(i) dynamically to perform a transaction, but transaction details should be visible to only Org1 and Org(i) only.
What are the possible ways to achieve it?
The solution to this kind of scenario is already available in fabric. You can use Private Data Collection(PDC) to keep the transaction data private between the two or more Orgs.
When you have PDC in place the data is shared only among the required Orgs and other Orgs that are not part of that transaction will just hold the transaction hash.
you can refer to this for more details on PDC's
I have isolated two organizations into two different channels. Organizations one and two are part of channel1, and organizations three and four are part of channel two. I would like to ask if it is possible that one peer on channel2 access queries the ledger of channel1 and vice-versa. If it is possible how can I do it?
I very much appreciate your help.
It is not possible in your current setup because the peers who have joined the channel can only access that channel. Peers that are not part of the channel can not access the ledger data.
What you can do is, bring the peers on the common channel and can use PDC (Private Data Collection) to make the transaction private to the organization/Organizations.
Hyperledger Fabric is a private and permissioned blockchain.
A channel is a private blockchain overlay which allows for data isolation and confidentiality. A channel-specific ledger is shared across the peers in the channel, and transacting parties must be authenticated to a channel in order to interact with it. Channels are defined by a Configuration-Block.
At channel creation time, all organizations added to the channel must be part of a consortium. However, an organization that is not defined in a consortium may be added to an existing channel like by adding an new organization into that channel with fulfilling endorsement policy.
So to be a part of a channel, your organizational peer must need access according to the consortium. A peer can be a part of multiple channel and the ledger/database of every peer within a channel is identical/same, to invoke/query the ledger we need smart contact which is also identical among every peer of that channel. So if my peer server is a part of two channel, I need two ledgers/databases. To access the data of a ledger for invoke/query, you need corresponding smart contract.
According to your current setup, it's not possible and this is the nature of private-permissioned blockchain and to make it possible, you have to change the consortium with appropriate endorcement.
Only way to make peer on channel2 to access ledger of channel1 is to join the peer into channel1. Otherwise it is not possible to access the data.
In Hyperledger Fabric, does service discovery support finding query peers for private data collection (PDC).
In a channel consisting of 2 orgs (org1 and org2), if I create a PDC for org1 only, only the peers in org1 hold the private data. If in PDC collection profile I specify memberReadOnly=false, it allows org2 users to query org1 peer to read the private data.
But this requires the support of service discovery in peers and Fabric Java SDK.
The objective we'd like to accomplish is in client side as org2 user, via Java SDK, when calling chaincode to read the private data, the SDK will automatically connect to org1 peer.
Is this currently supported.
Yeah, discovery supports private data.
If you take a look at the discovery CLI which implements the client side API (apart from SDKs) you will see that the endorsement query has a --collection flag.
For example the following flags --chaincode=cc1 --chaincode=cc2 --collection=cc2:col1 to the discover endorsers command mean you want to ask about a transaction which writes to chaincodes cc1 and cc2 and also while invoking cc2 you are writing/reading to/from collection col.
In Fabric 2.1 we added another flag --noPrivateReads which hints discovery that you only want to write to the collection but not read from it.
I did not find a good tutorial or article answering this question so far, maybe you can help. What I want to do is the following:
Peer A in Org 1 calls chaincode, this chaincode has access to data only available in Org 2 and Peer A never gets access to the full information.
I know that Hyperledger Fabric supports private channels and private data, is it possible to achieve this requirement? If yes can you point me in the right direction to do this?
Yes, it is possible. below are the steps to accomplish.
By using private data, you can accomplish your requirements, but little work needed. you an also follow the fabric documentation, i have provided the links here.
The client application submits a proposal request to invoke a chaincode function (reading or writing private data) to endorsing peers which are part of authorized organizations of the collection. The private data, or data used to generate private data in chaincode, is sent in a transient field of the proposal.
The endorsing peers simulate the transaction and store the private data in a transient data store (a temporary storage local to the peer). They distribute the private data, based on the collection policy, to authorized peers via gossip.
The endorsing peer sends the proposal response back to the client with public data, including a hash of the private data key and value. No private data is sent back to the client.
Check this for endorsement: https://hyperledger-fabric.readthedocs.io/en/release-1.4/private-data-arch.html#endorsement
The client application submits the transaction to the ordering service (with hashes of the private data) which gets distributed into blocks as normal. The block with the hashed values is distributed to all the peers. In this way, all peers on the channel can validate transactions with the hashes of the private data in a consistent way, without knowing the actual private data(This is what you need to accomplish).
At block-committal time, authorized peers use the collection policy to determine if they are authorized to have access to the private data(For reading the block data). If they do, they will first check their local transient data store to determine if they have already received the private data at chaincode endorsement time. If not, they will attempt to pull the private data from another peer. Then they will validate the private data against the hashes in the public block and commit the transaction and the block. Upon validation/commit, the private data is moved to their copy of the private state database and private writeset storage. The private data is then deleted from the transient data store.
Resources: https://hyperledger-fabric.readthedocs.io/en/release-1.4/private-data/private-data.html
In Fabric network,
there can be more than one channels. Who maintains the ledger in the private channel?
What is the link between records in the private channel and the public enteries? Is it the unique ID of the record?
You can have more than one channels in the fabric network. A channel can be joined by multiple organizations and it provides a way for private communication among them (for example, these organizations would like to transact with each others and keep the data private to the network). When you create a channel, you implicitly create a ledger that is scoped to that channel only. This ledger will then record all the transactions in this channel. Every peer within the organization in a channel maintains a copy of the ledger. Whenever there is a transaction, this will be recorded to the ledger of EACH of the peer in that channel.
Not sure what do you mean by public entries but that basically how it works. Hope it helps!
You can refer to the following links for more information.
https://hyperledger-fabric.readthedocs.io/en/release-1.2/ledger/ledger.html
https://hyperledger-fabric.readthedocs.io/en/release-1.2/glossary.html#channel