I have use case where I have 2 organizations and they are sharing some data and some data is kept private. Now after couple of years, I have a requirement to share some more data or restrict some data from/to organization. Is it possible in Hyperledger Fabric? If yes please let me know how. I can see there is private data in Hyperledger fabric but the issue is that the data entered while org was not allowed to have that data will never be available for that same org after allowing that org.
If you have any idea please let me know.
Thanks
In Hyperledger Fabric v1.2 it is possible to update a private data collection configuration definition or add a new collection at chaincode upgrade time. The updated configuration applies from the time the upgrade transaction is committed onwards. Newly added organizations will receive private data for subsequent collection transactions.
In future versions of Hyperledger Fabric, there is intent to add an option that allows newly added organizations to pull (reconcile) prior private data for the collections that they are now entitled to.
Related
I have IBM blockchain infrastruture where I have all blockchain related data now I want to migrate whole data except user certs. to other hyperledger fabric infrastruture. so I want ledger and couchDB data with same transactionID and blocknumber. Is it possible to do it?
One way would be just to start a new Hyperledger Node/Network in another cloud, install chaincodes, add it to the desired channels and private data collections currently in IBM cloud. This way you'll get the full copy of your ledger and stateDB (CouchDB in your case).
I have a multi-org fabric network where all the orgs are on a single channel.
I understand that using the composer acl file we can hide data from the users based on their roles and other conditions.
However, the data will be visible when we get into the peer container of any org and issue a peer channel fetch.
So, my question is, is there a way to encrypt this ledger data when the orgs shares the same channel? Here, they mention about encrypting the data. Is there any example/reference that can get me started on that one?
Currently, I'm not planning to use different channels between different orgs.
Yes, there are few ways to protect the ledger data. Like your mentioned in your question, Hyperledger Fabric FAQ, official gives five different ways to help us to achieve security and access control.
In the newest version of Fabric, which is tagged v1.2.0, provided a new definition called private data. I prefer to use this method to build my access control in my apps.
Since I am using Fabric Node SDK to deploy and control the fabric network, and it provides a convenient way for me to embed it into the exists projects.
Using the configuration file to define who can persist data, how many peers the data is distributed to, how many peers are required to disseminate the private data, and how long the private data is persisted in the private database. All the upgrade that you need to do is adding some parameters when install and instantiate, modifying some function to invoke the private data, writing some codes to handle the configuration file and users control.
It gives some examples for us to use this new feature:
Chaincode example
SDK example
I’m interested into the development of Blockchain Apps using Fabric and Composer.
I’ve got just one question: while Ethereum is a public blockchain so you can deploy your Smart Contract on it and use them freely, can we do the same thing with Fabric? Let me explain: Ethereum has a running Blockchain on which we can work and access, but Fabric has not, right? Should I set up an entire new blockchain network before (setting up all the nodes, giving permissions etc.)?
Thank you
Hyperledger Fabric is different to the blockchain systems you mention in it is private and permissioned. Rather than an open permissionless system that allows unknown identities to participate in the network (requiring protocols like “proof of work” to validate transactions and secure the network), the members of a Hyperledger Fabric network enroll through a trusted Membership Service Provider (MSP). Member organisations would generally set up their own Fabric infrastructure, if they're participating in the blockchain network (context provided earlier). See more on FAQ here -> http://hyperledger-fabric.readthedocs.io/en/release-1.2/Fabric-FAQ.html and understand more on key Fabric Concepts here -> http://hyperledger-fabric.readthedocs.io/en/release-1.2/key_concepts.html . As for Hyperledger Composer, that is a development framework, with tools etc to accelerate development and abstract things to a business level (ie App development using structure/validated, model driven development as a given). See more here -> https://hyperledger.github.io/composer/latest/introduction/introduction (and also see the architectural and key concept links there).
So yes, you will have a running, private blockchain network (including all of the functionality discussed in the docs) with Hyperledger Fabric.
As in Ethereum we can able to create public blockchain and then the user can able to run smart contract on it, same thing we can do in Hyperledger fabric also.
Hyperledger Fabric has the same functionality as smart contracts called as “chaincode”.
A chaincode is a program that is written to read and update the ledger state. All the business logic handled by chaincode.
For example, if a transaction created then chaincode share and update the ledger throughout the network.
About a Fabric based running blockchain we can work on it and can access it but that's only possible when someone from existing network invites you.
It is quite difficult to say you should setup an entire new blockchain network until I know your use case. Based on your use case you can setup an entire new blockchain network using fabric which will be private.
I have started to learn Hyperledger Fabric and Composer. I am able to create a simple Business Network using Composer and deploy it on Fabric, but I have a question. Let's say I have 2 BNA (instantiated on single channel) files both having same namespace (org.example) and having same participant name as well, as Customer (identifier will be org.example.Customer). Is there any way that I can access the participants created by first Business Network App in another Business Network App? Logically what I can think of is since both have been instantiated in the same channel with different chaincode and same model file, data should be cross accessible. But it isn't.
Although chaincodes share the same ledger when installed on the same channel (and as business networks are just chaincodes this applies to them also). Fabric still partitions the data that a chaincode can read/write by it's chaincode id. So when you install 2 business networks onto the same channel they will have different chaincode id's and so their data is separately partitioned.
As mentioned in the other answer (although the link is not quite correct), what you can do is make use of a feature of composer to be able to invoke another business network on the same or even different channel from the executing business network.
As the 2 business networks are on the same channel you can not only read information but you are also able to invoke transactions that can change information. (You can only read information if the business networks are on different channels).
The correct link for the tutorial is here
https://hyperledger.github.io/composer/latest/tutorials/invoke-composer-network
Unfortunately this tutorial is rather basic and only offers a glimpse of how to interact with other business networks.
Is available a tutorial about how to interact from a bna to another one.
Here the link to the official Hyperledger Composer documentation.
https://hyperledger.github.io/composer/latest/tutorials/invoke-composer-network
I have been building an application in hyperledger composer.
All the tutorials I find related to hyperledger fabrics talks a lot about Orderers, Channels, Peers, Ledger etc. But none of the hyperledger composer tutorial relates the concepts of Asset, transaction or Participants to those.
For instance, hyperledger composer supports only a single channel, then how is the privacy of a transaction maintained there? Is it through the permission.acl file?
Also relating to the famous Vehicle lifecycle network.
Will each of those manufacturer be an organization(having several peers within it) in a blockchain network?
Do all the manufactures needs to host a peer(containing both the ledger and chaincode)?
Does the regulator body also need a peer?
Please help me understanding it clearly.
See here https://hyperledger.github.io/composer/latest/introduction/key-concepts for Concepts and here -> https://hyperledger.github.io/composer/latest/introduction/introduction for an Intro to Hyperledger Composer and a slidedeck on Composer concepts can be found here -> https://www.slideshare.net/MattLucas3/blockchain-composed-v207
Manufacturer will be a member organisation of the blockchain network
Its likely a Manufacturer will want to host it, or have it hosted as a major party. Its also possible that an organisation doesn't stand up any infrastructure and relies on a portal into the blockchain if it is agreed it should have an interest, by the consortium that stand up the blockchain network. Same applies for the Regulator in that respect.
Sadly, the concept of private channels is a feature of Hyperledger fabric and isn't available in the composer framework. But, to achieve the privacy of transaction that you are talking about you can use the ACL rules effectively. You can control who sees which transaction by defining rules in the acl file and applying them on the Historian record that contains all the transactions.
You must read about historian record (Will prove to be very useful while writing the acl for controlling transaction records): https://hyperledger.github.io/composer/unstable/reference/historian.html
Also, For data privatization in hyperledger composer there are certain practices and ways that will prove to be very useful. Go through this article: https://medium.com/coinmonks/implementing-data-privatization-within-hyperledger-composer-2bc99a11c344
Now, about the second part of your questions- Hyperledger composer doesn't involves all those endorsing peers, committing peers endorsing policy and such. In hyperledger composer when we create the rest server and the angular application and all the transactions are recorded from a single identity. For achieving a multi-user model for production using composer we can use the multi-user mode of the composer rest server and the authentication feature of the same. This helps in creating different identities/wallet for different users and then the transactions are recorded from those respective wallets.