Assume we have 100+ organizations in Hyperledger fabric network. One Org can choose another Org randomly and perform a transaction.
The transaction includes sensitive information that should be only accessible by the 2 Orgs involved in the transaction.
How can we achieve this functionality, hide the transaction details from other Orgs.
You need to use private data collection (PDC) for permitted orgs in transaction. In this case all other orgs will have the hash only.
Related
I am using Hyperledger Fabric 2.3. I have added 50+ Orgs in a channel. An Org1 wants to choose Org(i) dynamically to perform a transaction, but transaction details should be visible to only Org1 and Org(i) only.
What are the possible ways to achieve it?
The solution to this kind of scenario is already available in fabric. You can use Private Data Collection(PDC) to keep the transaction data private between the two or more Orgs.
When you have PDC in place the data is shared only among the required Orgs and other Orgs that are not part of that transaction will just hold the transaction hash.
you can refer to this for more details on PDC's
I have isolated two organizations into two different channels. Organizations one and two are part of channel1, and organizations three and four are part of channel two. I would like to ask if it is possible that one peer on channel2 access queries the ledger of channel1 and vice-versa. If it is possible how can I do it?
I very much appreciate your help.
It is not possible in your current setup because the peers who have joined the channel can only access that channel. Peers that are not part of the channel can not access the ledger data.
What you can do is, bring the peers on the common channel and can use PDC (Private Data Collection) to make the transaction private to the organization/Organizations.
Hyperledger Fabric is a private and permissioned blockchain.
A channel is a private blockchain overlay which allows for data isolation and confidentiality. A channel-specific ledger is shared across the peers in the channel, and transacting parties must be authenticated to a channel in order to interact with it. Channels are defined by a Configuration-Block.
At channel creation time, all organizations added to the channel must be part of a consortium. However, an organization that is not defined in a consortium may be added to an existing channel like by adding an new organization into that channel with fulfilling endorsement policy.
So to be a part of a channel, your organizational peer must need access according to the consortium. A peer can be a part of multiple channel and the ledger/database of every peer within a channel is identical/same, to invoke/query the ledger we need smart contact which is also identical among every peer of that channel. So if my peer server is a part of two channel, I need two ledgers/databases. To access the data of a ledger for invoke/query, you need corresponding smart contract.
According to your current setup, it's not possible and this is the nature of private-permissioned blockchain and to make it possible, you have to change the consortium with appropriate endorcement.
Only way to make peer on channel2 to access ledger of channel1 is to join the peer into channel1. Otherwise it is not possible to access the data.
I have a web app with multiple clients.
I want to record some data of client (employee education record) on blockchain.
Clients do not wish to share this data with any other entity or organisation. No data will be shared between clients themselves. The sole purpose to use blockchain is: to have a immutable copy of records.
I have two options:
Multiple Orgs Single Channel:
1 Org per client and 1 Org for my application.
All Orgs on single channel.
I write my business network in composer in such a way that 1 client cannot READ, WRITE, DELETE the data of other client. (via ACL definition).
So, although the ledger is same for all clients, there are rules defined to prevent invalid access.
Multiple Orgs Multiple Channel:
1 Org per client and 1 Org for my application.
Different channels for each client. (Client + My App Org join the channel).
This way ledger will be different for each client.
Con: I need to instantiate the same composer network(bna) on all channels (management task increases).
Which approach is good for my scenario?
If there is no common data between different clients/orgs, there is no point of having a shared channel between them. Taking care of permissions overs data will complicate your network setup. It would be better to abstract out that detail from network design.
You should have one org corresponding to each client. In each org there will be a single channel which all the peers in that org will use to communicate.
I think you could encrypt every client's data by passing the transient key to chaincode,and just manage the keys, this may be light weight and fesible for your scenery.
I am doing an electronic health record Hyperledger fabric network. Suppose my network has two hospitals and these hospitals need to share information like patient info etc with each other and register on the ledger. I have created three channel channel1 having peers of hospital1 and channel2 having peers of hospital2 and another channel that having peers of both organization. So that information like employees details etc won't be save on another organisations peers. Is my setup correct or do I need to make changes? and how can I share patient records to hospital2.
Under the technical aspect, you are right. Only the channel 3 will provide a common "data sharing".
Under the architecture aspect, what would be the purpose of the channels 1 and 2? The data will be written and read by only 1 organisation (1 hospital). So a more "classical" database would do the job.
If you want to share patient data between both hospitals, you will need to install a chaincode on all the peers of channel 3, then instantiate it. In this chaincode, you should have an invoke function, which put new patient key/value in the ledger.
From fabric First Network example , why set up organization? what is orga use for?
In Hyperledger Fabric, every participant (client, peer, orderer) belongs to some organization.
Organizations have certificate authorities that provide their members (clients, peers, orderers) enrollment certificates in order to authenticate one another, and other organizations.
It also provides an easy way to aggregate participants together in order to define access control rules that span multiple clients, peers and orderers without having to define for each participant separately