In Hyperledger Fabric, does service discovery support finding query peers for private data collection (PDC).
In a channel consisting of 2 orgs (org1 and org2), if I create a PDC for org1 only, only the peers in org1 hold the private data. If in PDC collection profile I specify memberReadOnly=false, it allows org2 users to query org1 peer to read the private data.
But this requires the support of service discovery in peers and Fabric Java SDK.
The objective we'd like to accomplish is in client side as org2 user, via Java SDK, when calling chaincode to read the private data, the SDK will automatically connect to org1 peer.
Is this currently supported.
Yeah, discovery supports private data.
If you take a look at the discovery CLI which implements the client side API (apart from SDKs) you will see that the endorsement query has a --collection flag.
For example the following flags --chaincode=cc1 --chaincode=cc2 --collection=cc2:col1 to the discover endorsers command mean you want to ask about a transaction which writes to chaincodes cc1 and cc2 and also while invoking cc2 you are writing/reading to/from collection col.
In Fabric 2.1 we added another flag --noPrivateReads which hints discovery that you only want to write to the collection but not read from it.
Related
Let's say I manage a Hyperledger Fabric Network and I have control on the orderer peers of the orderer organization. Is it possible for me to submit data to a PDC of another org, using an orderer peer to do it?
Do the policies of the PDC allow that?
Thanks.
I haven't tried. I'm just curious about that possibility.
TL;DR: No, the orderer nodes cannot insert information into private data collections.
Data to be added to private collections is stored by peers in a transient data store during endorsement. A signed transaction proposal containing the private data is sent by the client to the endorsing peers with no involvement from the orderer.
The endorsed transaction is then sent to the orderer to be committed in a block, but that does not contain the private data. The block containing the transaction is distributed (by the orderer) to peers, which then validate the transaction (including checking it has sufficient peer endorsements) and, if they have access to the private data collection it updates, apply the data from their transient store to the private data collection.
The orderer never sees the private data and cannot insert information into private data collections.
This documentation page provides more detailed information:
https://hyperledger-fabric.readthedocs.io/en/latest/private-data/private-data.html
I am using Hyperledger Fabric 2.3. I have added 50+ Orgs in a channel. An Org1 wants to choose Org(i) dynamically to perform a transaction, but transaction details should be visible to only Org1 and Org(i) only.
What are the possible ways to achieve it?
The solution to this kind of scenario is already available in fabric. You can use Private Data Collection(PDC) to keep the transaction data private between the two or more Orgs.
When you have PDC in place the data is shared only among the required Orgs and other Orgs that are not part of that transaction will just hold the transaction hash.
you can refer to this for more details on PDC's
In Hyperledger ledger, how could I list endorsing peers of a specific chaincode?
I have a channel with 5 peers but I need that only three of them endorse a transaction while the other two need only to access to same ledger.
You can use the discovery service to get the endorsing peer. Here you can find some information:
https://hyperledger-fabric.readthedocs.io/en/latest/discovery-overview.html
Hyperledger fabric has a CLI tool to query the discovery service:
https://hyperledger-fabric.readthedocs.io/en/latest/discovery-cli.html
For node.js applications, you can follow the tutorial here:
https://hyperledger.github.io/fabric-sdk-node/release-1.4/tutorial-discovery.html
With the latest Fabric Client SDKs (personally using GO client), you don't need to deal with endorsement policies. Client SDK already does this dirty work for you. It extracts:
Which organizations' endorsements are required for this chaincode, key (key level endorsement policy can be defined as well), etc.
Which peers currently exist in the system and what are their MSPs (from discovery service).
According to these information, client SDK builds a set of necessary peers then sends your transaction request to all. It waits response from requested endorsers. Once it collects all responses, it sends to orderer and so on.
If you have a special case which you need to manually set endorsing peers of your choice (I had one use case about private collections so I had to use this approach) check out discovery service API of your client SDK.
In Fabric network,
there can be more than one channels. Who maintains the ledger in the private channel?
What is the link between records in the private channel and the public enteries? Is it the unique ID of the record?
You can have more than one channels in the fabric network. A channel can be joined by multiple organizations and it provides a way for private communication among them (for example, these organizations would like to transact with each others and keep the data private to the network). When you create a channel, you implicitly create a ledger that is scoped to that channel only. This ledger will then record all the transactions in this channel. Every peer within the organization in a channel maintains a copy of the ledger. Whenever there is a transaction, this will be recorded to the ledger of EACH of the peer in that channel.
Not sure what do you mean by public entries but that basically how it works. Hope it helps!
You can refer to the following links for more information.
https://hyperledger-fabric.readthedocs.io/en/release-1.2/ledger/ledger.html
https://hyperledger-fabric.readthedocs.io/en/release-1.2/glossary.html#channel
we have two organisation, org1 and org2
org2 will have a private channel with chaincode on it and private state
now we want users from org1 to execute chaincode on the private channel of org2, but they can't have access to the full state (so they cannot setup a peer that can join the private channel)
how should we do this? is this possible?
I'm not sure. But you can try to apply endorsement policy. I think.
It's impossible to execute chaincode on a channel one can not join. Therefore you would want to create a separate channel for org1 and org2, where org1 is the party which executes the chaincode there. If you need state information from org2, InvokeChainCode provides limited support for cross-channel communication.
You have to decide which information of the org2 would be accesible for the users from org1. Then, you should define a Smart Contract according to it. The org1 and org2 will be members of the channel.
org1 users can't have access to the full state (so they cannot setup a
peer that can join the private channel)
When you create a channel, you define which peers are going to be part of it. Then, the creator of the channel will control the acces to new members. So, if you create the channel, only you will be able to join new peers to the channel.
Side DB capability which is expected in Fabric 1.1 should provide the mechanism you're looking for - ability to store some of the channel data only on a specified subset of peers (e.g. just peers that belong to org2).
https://jira.hyperledger.org/browse/FAB-1151