Assesment of a production network in Hyperledger Fabric - hyperledger-fabric

I have some questions regarding the deployment of a HLF use case. Suppose we build a platform in which users sell items. The users and their items are stored on the ledger via chaincode. The purpose is to also enforce access control on the items via the chaincode, so that another user for example cannot see a specific item. Then the 2 options regarding the whole identity management are:
The users do not have certificates in Fabric, and all transactions made by the users are forwarded to a single registered Client who interacts with the chaincode. Therefore, the transaction context will always have this client's ID. So from my point of view the username should be always passed to each transaction and implement access control using this username, though a registered Client has full authority over their data.
Every user is registered and enrolled and have their own identity. Every user makes a transaction directly on the blockchain via the chaincode, and access control can be implemented easily by using the stub.ID() and other attributes. That would mean that >100k users would be registered on a CA or multiple CAs.
The questions are:
Is HLF intended and suitable for the 2nd option, or is it made solely for the purpose of interaction between clients of organizations?
Is there a best way to handle this matter?

A ledger stores facts about the history of transactions that led to the current state of an object. The history also stores the users responsible for the current state of the object. If the state of an object is being changed, the admin/authorized user of an organization must be able to see who performed that change.
In the first approach, if you want to see the details of the user doing the "transaction", you'll have to store it somewhere different from the blockchain. While that can be a use-case of your project, it defeats the purpose of storing all facts about the history of a transaction of an object as every time the same user would be doing the transaction.
The second approach fulfills all the motives of incorporating blockchain in a project. Sure, you'll have to register and enroll every user who's creating/modifying an asset but then Access Control Management can be done in a better way. Please read about ACL to know about the granular access you can achieve in Hyperledger Fabric.
Also, you can also encode some information about a user in its x509 certificate with ASN.1

Second option is more preferred and Hyperledger Fabric ca could handled number of user registrations. There is Attribute access control also available which you can use at chaincode level to control use access.
https://www.youtube.com/watch?v=CAXRMJ-quhg

Related

Maintaining application level data privacy

Is it possible to have application level data privacy in Hyperlegder Fabric v2.2
We have the first network (as referenced in the fabric-samples) in place (Org1 and Org2 with peer0 and peer1 each). I am aware that data privacy can be ensured between 2 organizations using Private Data Collections. Looking at the case where peers in the network can run multiple user applications, consider that, there is app1 and app2 connected to the network via peer0 belonging to Org1. The cause for concern is that despite using private data collections, app1 could access the private data logged by app2 in Org1 private data collection. Is there a way in hyperledger fabric to ensure privacy between apps connected to the network via the same peer.
No, there is not.
You can develop your own authorization routines at smart contract level so that read related operations only return data to authorized users. This way you prevent other clients from accessing data through read operations, but the data is not protected from the peers themselves.
You can also encrypt your data in your client before sending it in a transaction. You can use your own Fabric certificate to encrypt data via ECIES or ECDH encryption schemas (or use any other encryption schema you want). But this way the contract is not going to be able to interpret your data. It will be only able to store it and return it...
In other cases, you may be interested in storing your data in your own private storage system outside Fabric and save only a hash of the data in the channel state as a proof that can be used later if necessary for whatever it is intended to.
These are things you can do to preserve privacy at user level. You can think of other solutions. But Fabric does not provide specific ways to do it. From a blockchain point of view, it is difficult to preserve data privacy at user-level while peers try to reach consensus over that data.

hyperledger for uncentralized database

I am trying to implement a tamper proof uncentralized database of some records. these record are static and they cannot be transferred between participants, i.e, not like some currency or a stock. i just want them to be stored as they are. Identity is an important thing with my project. only certain people can add blocks to the chain, rest of them should be only there to verify the chain. Can i implement a blockchain for this usecase? if it is possible should i use an ethereum chain or hyperledger fabric?
According to your use case which is, certain people, add records and certain query records. A typical normal access control application and the database can solve your issue but,
If you deal with untrusted people and need complete transparency with identity-based access control and equal rights of all participants then hyperledger fabric is best.

Hyperledger Fabric: IoT use case

Use case: a smart home which gathers raw data from all the sensors within it, processes them and extracts high level information from them. The owner of the house might want to share these information with other people, such as doctors, family members, friends... So, I'm trying to figure out which would be the best way to handle the access permissions on these data. Right now all the information are carefully encrypted and stored in a database (untrusted) and only the people with the right keys can properly decrypt those data.
My idea: I want to use Hyperledger Fabric to store and manage the access permissions to these files and also to store the hash digest of the gathered information for immutability purposes. Once the smart home generates an high level information from the raw data, it stores it inside the database and then it issues a transaction to Hyperledger Fabric with the timestamp and the hash digest of the data.
The smart home owner can share these information with other people, issuing a transaction with the ID of this person and an identifier of the data he would have the access rights on.
So before accessing the information stored inside the encrypted database, the application would check if the requester has the valid permissions stored within the blockchain.
My doubts and questions: since I'm really new on this topic, even though I've read a lot about it, I don't know if this would be an improper use of the Hyperledger Fabric. All the use cases I read about it, store all the data with Hyperledger Fabric, without relying on an external cloud storage service.
Since all the transactions would be stored in the blockchain and the blockchain is maintained by all the peers inside the same channel (btw I would use just one channel to keep everything), they may be able to access to the Hyperledger Fabric database and extract information about the smart home. Am I wrong? If not, how can I solve this issue? I could use the identity mixer feature to "hide" the transaction issuer, but still the transaction would be visible to all of the peers who keep the blockchain available.
I understand your questions. We could not hide all information from Peers, but you can encrypt sensitive information and allow specific people to decrypt it as you mentioned. In addition, even you cannot prevent malicious access on time, but you can collect malicious access activities for auditing in the future. for example: using access control on each world state database of peers.

How would Hyperledger Composer work?

I am new to composer, and now practicing some of the tutorials and examples. But while doing this I can not understand some of the features, so here are the questions which I do not clearly understand:
Are queries restricted by .acl file (when, for example, we use them in rest server)?
Do the rules written in the .acl restrict some of the transactions which are allowed for certain participant to submit? (For example, for participantA it is not allowed to CREATE new participants, but what happens if participantA submits the transaction(which is allowed for him to submit)which creates another participant, will this transaction fail?
Could cards be created by rest api server?(I know that participants could be created using JS api, but is it possible to create and issue the identity for those participants through RestServerApi?)
What happens when PeerAdmin upgrade certain node to a new version? How do other nodes act in this case? Do they upgrade themself automaticly?(Also found that upgrade takes a lot of time(2-4 minutes) when deployed locally, whereas in browser for local connection it takes 3-4 seconds)
Does Hyperledger fabric allow some of the ledger data be stored in one private network, whereas other network connected to the private one would not store this part of ledger( or the data will be simply crypted)? The same question regarding the transactions: will the be executed on outer networks?
Yes Composer Queries (and therein, results) are subject to ACL restrictions or filters.
It will still fail due to ACL rule restriction. Once denied to create, always denied as that is the final operation (in this scenario). The actual transaction would fail.
Yes of course use POST /system/identities/issue REST endpoint (eg http://localhost:3001/api/system/identities/issue) - see an example here -> https://medium.com/#CazChurchUk/developing-multi-user-application-using-the-hyperledger-composer-rest-server-b3b88e857ccc
An administrator with PeerAdmin capability has responsibility to install new version on his peers (in his Org). The other Org peer Admins are responsible for theirs, that's how a blockchain consortium with different Orgs will work. They will agree the 'what' and when but will need to install the new version on own Org's peers, so the new version can be started on the same channel. Of course, there will be a difference between a Fabric infrastructure response time, and that of a web connection using local storage.
Channels in Fabric implement privacy. You can have one or more business networks on that channel (ledger), therefore transactions in that business network are private to that ledger. It is the client's responsibility to encrypt data or not. Hyperledger Composer can allow call one business network from another, on the same channel, or if permitted to do so, on different channels too - see https://hyperledger.github.io/composer/latest/tutorials/invoke-composer-network

Composer, Participants and User-Management

When triggering a transaction with the "composer-cli" one has to specify the "enrollId" and the "secret" to be able to send the request. So transaction is fired in the context of a given fabric-user.
I was asking myself if there is a way to map the identity of the fabric-user firing the transaction to a given "participant" from the Participant Registry (in the composer JS code, which implements business logic)?
Are these two layers of authentication completely separated? If yes, then how is one supposed to identify in the JS code that a given participant (in composer terminology) is firing the transaction? Thx.
Please refer to the docs here:
https://fabric-composer.github.io/managing/identity-issue.html
The issue identity / revoke identity CLI commands are used to map a Fabric user to a Composer participant.

Resources