I want to use implicit private data collection for a private transaction between 2 Organizations.
From the "asset transfer" fabric sample, I understand an Organization can write into the implicit data collection of another Organization.
Can an Organization read the implicit PDC of another Organization in some way?
A user from OrganizationA can in theory read an OrganizationB PDC when calling chaincode on OrganizationB peer. It is the responsibility of OrganizationB to have access control logic in the chaincode running on their peer to indicate which users may read their private data.
In the secured agreement sample, you can see access control that checks that user org matches peer org in the getClientImplicitCollectionName() utility function that is called in most chaincode functions. This ensures that only users from the peer's org can access the peer's private data.
Related
Is it possible to have application level data privacy in Hyperlegder Fabric v2.2
We have the first network (as referenced in the fabric-samples) in place (Org1 and Org2 with peer0 and peer1 each). I am aware that data privacy can be ensured between 2 organizations using Private Data Collections. Looking at the case where peers in the network can run multiple user applications, consider that, there is app1 and app2 connected to the network via peer0 belonging to Org1. The cause for concern is that despite using private data collections, app1 could access the private data logged by app2 in Org1 private data collection. Is there a way in hyperledger fabric to ensure privacy between apps connected to the network via the same peer.
No, there is not.
You can develop your own authorization routines at smart contract level so that read related operations only return data to authorized users. This way you prevent other clients from accessing data through read operations, but the data is not protected from the peers themselves.
You can also encrypt your data in your client before sending it in a transaction. You can use your own Fabric certificate to encrypt data via ECIES or ECDH encryption schemas (or use any other encryption schema you want). But this way the contract is not going to be able to interpret your data. It will be only able to store it and return it...
In other cases, you may be interested in storing your data in your own private storage system outside Fabric and save only a hash of the data in the channel state as a proof that can be used later if necessary for whatever it is intended to.
These are things you can do to preserve privacy at user level. You can think of other solutions. But Fabric does not provide specific ways to do it. From a blockchain point of view, it is difficult to preserve data privacy at user-level while peers try to reach consensus over that data.
I am using Hyperledger Fabric 2.3. I have added 50+ Orgs in a channel. An Org1 wants to choose Org(i) dynamically to perform a transaction, but transaction details should be visible to only Org1 and Org(i) only.
What are the possible ways to achieve it?
The solution to this kind of scenario is already available in fabric. You can use Private Data Collection(PDC) to keep the transaction data private between the two or more Orgs.
When you have PDC in place the data is shared only among the required Orgs and other Orgs that are not part of that transaction will just hold the transaction hash.
you can refer to this for more details on PDC's
I am trying to implement my composer bna in go chaincode. I want private data feature in the chaincode.
BNA structure:
1 asset
3 participant (Manufacturer, Seller, Consumer)
2 transaction
I successfully created the go chaincode as per above requirement but now I want price information of asset to be private between Manufacturer and Seller.
The documentation states that link
starting in v1.2, Fabric offers the ability to create private data collections, which allow a defined subset of organizations on a channel the ability to endorse, commit, or query private data without having to create a separate channel.
It mentioned subset of organisations
Here I stuck as how to achieve this and what changes will be require in chaincode? What are the possible ways?
Thanks!
Manufacturer, Seller, Consumer should be 3 organization in your business network.
Private data collection distributes based on private data collection policy definition link. So the one who is allowed to persist the data is expressed using the Signature policy syntax. Four roles are supported: member, admin, client, and peer. link
So I think it means, you can create private data between member of 2 Orgs.
It mentioned subset of organisations
This means that private data collection could be created between for example subset (Org1, Org2) in a set of (Org1, Org2, Org3) on the same channel.
Correct me if I am wrong.
I am new to the area of DLTs or "blockchain" and I am trying to create an application on top of Hyperledger Fabric. Before I describe my use case, I need to mention that due to my use case's nature I need a private & permissioned "blockchain" which justifies the choice of Fabric (I am aware of other platforms e.g. Corda, private Ethereum, but Fabric seems to match my use case better).
Use Case
My use case consists of two different types of participants. A number of organizations (which upload and share information about individuals on the distributed ledger) and a client who can query information about an individual.
The client should not be able to see the transactions uploaded by the organizations and will not have write rights on the DL. He has read-only rights. Moreover, the organizations trust each other and there is also a level of trust between them and the client.
Design thoughts
Based on what I've read, I was thinking of creating a DL network that includes all of these parties and use channels which, based on the documentation, can be used to create a grouping among a number of participants (the organizations in my case) thus "hiding" the transactions from the parties which are not included in this group (the client in my case).
However, later I read about chaincode (a.k.a. smart contracts) which:
can be invoked by an application external to the blockchain when that
application needs to interact with the ledger
which confused me since if the "blockchain" can be queried from an external entity, that probably means that the client should not be included in the trusted network.
Am I headed in the wrong direction (design-wise)?
Based on your description, Hyperledger Fabric channels sound like a good solution. You should also familiarise yourself with private data collections, as this is another way of hiding some of the data from some peers. Which option is best for your scenario will depend on how your datasets are structured, and whether you also need to keep the data private from the orderer.
Clients are not part of the network. They query the blockchain by connecting to a peer and then requesting data from that peer. They can then only access the data visible to that peer (which is stored locally by that peer). So, it is not possible for a client to access more data than is available to the peer the client is connected to.
In your example, you would have a "client" organisation, with at least one peer. This peer would be part of the network, and your client application would then connect to it for access to data on the ledger (typically using the Hyperledger Fabric Node SDK).
There are two types of chaincode in Hyperledger Fabric.
User Chaincode (often just referred to as "chaincode") is used to update the ledger for a channel, and is only installed on those peers which require it (i.e. endorsing peers). Since your "client" peer would not be an endorsing peer, it would not have access to the user chaincode for the channel.
System Chaincode which all peers have access to, provides (among other things) an interface to allow queries to be run against the ledger.
in Fabric, can an asset created in a private data collection be transferred to another private data collection at a later point in time? How is confidentiality/privacy handled here?
Yes, an asset can be transferred from one private data collection to another private data collection. Assuming the chaincode logic retrieves the state of the asset before transferring it, the chaincode would have to be executed and endorsed on a peer that has access to the prior private data collection. The endorsing peer doesn't necessarily need access to the future private data collection (it is up to the chaincode logic to enforce this or not).
Let's say you have a private data collection per organization. Assume there is an asset in OrgA's private data collection. Chaincode can be written with access control logic such that only an OrgA client can transfer the OrgA asset to a private data collection of OrgB. The client would have to send the proposal to an OrgA peer to execute and endorse this transaction.
For more details, see the tutorial that demonstrates transferring private assets across collections.