I am using Hyperledger Fabric 2.3. I have added 50+ Orgs in a channel. An Org1 wants to choose Org(i) dynamically to perform a transaction, but transaction details should be visible to only Org1 and Org(i) only.
What are the possible ways to achieve it?
The solution to this kind of scenario is already available in fabric. You can use Private Data Collection(PDC) to keep the transaction data private between the two or more Orgs.
When you have PDC in place the data is shared only among the required Orgs and other Orgs that are not part of that transaction will just hold the transaction hash.
you can refer to this for more details on PDC's
Related
Let's say I manage a Hyperledger Fabric Network and I have control on the orderer peers of the orderer organization. Is it possible for me to submit data to a PDC of another org, using an orderer peer to do it?
Do the policies of the PDC allow that?
Thanks.
I haven't tried. I'm just curious about that possibility.
TL;DR: No, the orderer nodes cannot insert information into private data collections.
Data to be added to private collections is stored by peers in a transient data store during endorsement. A signed transaction proposal containing the private data is sent by the client to the endorsing peers with no involvement from the orderer.
The endorsed transaction is then sent to the orderer to be committed in a block, but that does not contain the private data. The block containing the transaction is distributed (by the orderer) to peers, which then validate the transaction (including checking it has sufficient peer endorsements) and, if they have access to the private data collection it updates, apply the data from their transient store to the private data collection.
The orderer never sees the private data and cannot insert information into private data collections.
This documentation page provides more detailed information:
https://hyperledger-fabric.readthedocs.io/en/latest/private-data/private-data.html
Assume we have 100+ organizations in Hyperledger fabric network. One Org can choose another Org randomly and perform a transaction.
The transaction includes sensitive information that should be only accessible by the 2 Orgs involved in the transaction.
How can we achieve this functionality, hide the transaction details from other Orgs.
You need to use private data collection (PDC) for permitted orgs in transaction. In this case all other orgs will have the hash only.
I have isolated two organizations into two different channels. Organizations one and two are part of channel1, and organizations three and four are part of channel two. I would like to ask if it is possible that one peer on channel2 access queries the ledger of channel1 and vice-versa. If it is possible how can I do it?
I very much appreciate your help.
It is not possible in your current setup because the peers who have joined the channel can only access that channel. Peers that are not part of the channel can not access the ledger data.
What you can do is, bring the peers on the common channel and can use PDC (Private Data Collection) to make the transaction private to the organization/Organizations.
Hyperledger Fabric is a private and permissioned blockchain.
A channel is a private blockchain overlay which allows for data isolation and confidentiality. A channel-specific ledger is shared across the peers in the channel, and transacting parties must be authenticated to a channel in order to interact with it. Channels are defined by a Configuration-Block.
At channel creation time, all organizations added to the channel must be part of a consortium. However, an organization that is not defined in a consortium may be added to an existing channel like by adding an new organization into that channel with fulfilling endorsement policy.
So to be a part of a channel, your organizational peer must need access according to the consortium. A peer can be a part of multiple channel and the ledger/database of every peer within a channel is identical/same, to invoke/query the ledger we need smart contact which is also identical among every peer of that channel. So if my peer server is a part of two channel, I need two ledgers/databases. To access the data of a ledger for invoke/query, you need corresponding smart contract.
According to your current setup, it's not possible and this is the nature of private-permissioned blockchain and to make it possible, you have to change the consortium with appropriate endorcement.
Only way to make peer on channel2 to access ledger of channel1 is to join the peer into channel1. Otherwise it is not possible to access the data.
I am trying to implement my composer bna in go chaincode. I want private data feature in the chaincode.
BNA structure:
1 asset
3 participant (Manufacturer, Seller, Consumer)
2 transaction
I successfully created the go chaincode as per above requirement but now I want price information of asset to be private between Manufacturer and Seller.
The documentation states that link
starting in v1.2, Fabric offers the ability to create private data collections, which allow a defined subset of organizations on a channel the ability to endorse, commit, or query private data without having to create a separate channel.
It mentioned subset of organisations
Here I stuck as how to achieve this and what changes will be require in chaincode? What are the possible ways?
Thanks!
Manufacturer, Seller, Consumer should be 3 organization in your business network.
Private data collection distributes based on private data collection policy definition link. So the one who is allowed to persist the data is expressed using the Signature policy syntax. Four roles are supported: member, admin, client, and peer. link
So I think it means, you can create private data between member of 2 Orgs.
It mentioned subset of organisations
This means that private data collection could be created between for example subset (Org1, Org2) in a set of (Org1, Org2, Org3) on the same channel.
Correct me if I am wrong.
In Fabric network,
there can be more than one channels. Who maintains the ledger in the private channel?
What is the link between records in the private channel and the public enteries? Is it the unique ID of the record?
You can have more than one channels in the fabric network. A channel can be joined by multiple organizations and it provides a way for private communication among them (for example, these organizations would like to transact with each others and keep the data private to the network). When you create a channel, you implicitly create a ledger that is scoped to that channel only. This ledger will then record all the transactions in this channel. Every peer within the organization in a channel maintains a copy of the ledger. Whenever there is a transaction, this will be recorded to the ledger of EACH of the peer in that channel.
Not sure what do you mean by public entries but that basically how it works. Hope it helps!
You can refer to the following links for more information.
https://hyperledger-fabric.readthedocs.io/en/release-1.2/ledger/ledger.html
https://hyperledger-fabric.readthedocs.io/en/release-1.2/glossary.html#channel