If there one ledger per channel. does that mean all the peer nodes arose different organisation have to be one channel.
Suppose, A sells 10 chicken shawarma to B in 80$ and A sells 10 chicken shawarma to C in 90$ and A wants to hide price details.
How would admin party now if A total amount in sales if A maintaining a separate ledger for sales to different peers if they are on separate channel.
You define channels for the organizations which are interested to trade with each other. Each organization would have their own set of peers. Some would be endorser, committer or anchor peer. Each peer would have a copy of the ledger.
Now, you would be instantiating the chaincode to a particular endorser peer for a given organization. For an instance, suppose there are 4 organizations A,B,C and D. All these are connected with one specific channel(channel1) where everyone can see all the transaction details. Now, A and B do have a special requirement where they don't want to share their buying a specific product transaction details with other organizations.
Therefore, A and B would have a new channel(channel2) having an endorser peer(could be the same one which is there for channel1 having 2 chaincode installed) which would take care of their specific contract. The data will be replicated to all the peers of only A and B.
Since C and D isn't the part of this special channel, this specific transaction will not be logged on their peers. They can just see whatever is logged by channel 1.
How an admin would know about these? Well, a network admin would always knows this as he would be the one who is defining this network. He would be defining the channel and instanciating the chaincode over it. So, as per the design, an admin would always have an insight of who can see what and what data could be stored over different ledgers.
Hope this helps.
Related
I have a very case-specific query related to the implementation of private data collection and I am seeking recommendations/suggestions from the experts here. We have a product running on Hyperledger Fabric 2.3.3 and the platform can have any number of organizations. For instance, initially, there will be 4 organizations, next week 10 more organizations can join the network. The problem arises when these organizations start transactions with each other. These transactions can have a number of objects that need to be private between these organizations only.
For this, we can create private data collections with names:
collection_org1
collection_org2
collection_org3
collection_org1_org2
collection_org1_org3
collection_org1_org2_org3
collection_org2_org3
Assume if the network has 20 organizations as participants, how many private data collection combinations will be there.
This is because, at a given time, any organization can begin a transaction with another organization or a series of organizations in the network. The problem here is that we have to create a large number of private data collections using the pattern and maintain it.
Because of this problem, we removed this implementation and used the implicit private data collection for each organization. Now if there is an object that should be shared only with org1, org2 & org3, the object is pushed to collection_org1, collection_org2, collection_org3. We did this using setting memberOnlyRead: false and memberOnlyWrite: false and added the validations at the chaincode level.
This implementation solved the above problem but has created a new problem. Now, we wanted to implement key-level endorsement policy such that if org1 changes a private object that is shared among org2 & org3, the org1 has to obtain the endorsements from org2 & org3 peers. This means that the peers will read the object from their own private data collection resulting in a different read-set in endorsement proposal response which further leads to an error saying read/write sets do not match.
For example, org1 during the endorsement proposal will read object key: key1 from its own private data collection collection_org1. In a similar way, org2 will read the same key during endorsement from its own collection collection_org2, and likewise for org3. This leads to a different read-set in the endorsement proposal.
I am seeking suggestions to implement this whole functionality in a better way.
Please let me know your suggestions/recommendations.
GetPrivateDataHash() is your answer. You can use this function to verify that each of the endorsers have the same value, and ensure that your read sets are consistent.
See the secured transfer tutorial and sample for an example of using it for this purpose.
I have two chaincodes deployed in the same channel of 5 peers. The first chaincode is installed on 3 peers, the second one is installed on other 2 peers. The first chaincode inits the ledger with some data, while the second one should query the ledger to take one of the elements stored in the ledger during the initialization. It seems that the ledger associated to the second smart contract is empty. From theory, I know that there is one ledger associated with the channel, but here it seems one ledger associated with the chaincode. Where am I wrong?
Thank you in advance!
I figured out by studying the concept of namespaces and world states.
I have this scenario that a single node is part of different channels. In one channel there are only traders. In the other channel there are traders and regulator. Details of the trades should not be shared with the regulator. The only thing which is being shared is aggregated value at the end of the business day. By aggregated value, we mean how much of each asset is sold, not the detail of each trade. In other words there is confidential information between two parties that cannot be shared with regulator, and there is aggregated value that is not confidential and must be shared with the regulator.
Now I have an event when there is a nomination. By nomination I mean a trade made over some asset in the first channel, the one without regulator. Is it possible to handle this trading event in the other channel where the regulator is?
As I read through the documents, channels are isolated. But how isolated are they? Are they isolated in a way that events raised in one channel cannot be seen or handled in another channel? In that case, how do you suggest to implement this scenario? I mean do you suggest any specific architecture or tools enabling implementation of this scenario? Also do you think Hyperledger Fabric or Composer are suitable for these requirements?
I appreciate any help. Thank you.
So you have two channels, two separate ledgers and two separate business networks (as you've configured it).
Your 'nomination' is, in effect, a 'transaction' as described above. (events in Composer mean, business events that are usually subscribed to by a client application FYI).
In Hyperledger Composer, you can do 'cross-channel' or 'inter business network' queries. So can allow [only] the Regulator (from the 2nd channel) to query [only] those trade 'events' (ie transactions with the fields that contain the 'trade') or indeed assets (updated by the transaction), if need be - back in the '1st' channel (and access controls) in the 2nd channel can restrict the Regulator to do only that 'query' (if that's all he/she is supposed to have jurisdiction to do). Hope this helps.
See example
https://hyperledger.github.io/composer/latest/tutorials/invoke-composer-network
I'm working with the BYFN example using 3 organizations, 2 channels. One channel(c12) between Org1 and Org2, another channel (c23) between Org2 and Org3. The first chaincode is an example where I'm able to transfer value between "A" and "B". When I run the code over c12, I can see I'm able to transfer an amount from A to B. But when I query the same chaincode over c23, the initialization is kept. I understand why (different ledgers) and etc.
Now I would like to introduce the following requirement. I, as an organization, need to transfer this value only if I have the amount available.
The sequence would be:
1. I'm on org2, I have 100, and I wanna transfer 60 to org1. And everything works as expected.
2. I'm on org2, I have 40 and I'll try to transfer 50 to org3 (another ledger - channel). This should fail because I have only 40.
How can I achieve this?
Where will the "shared state" be stored? MSP?
The same approach would work for a complex asset?
Extra information:
- I already have read the documentation, about the assets, account model, the examples, but usually, they are focused only one channel only. Maybe I'm losing something.
- I'm not using hyperledger composer
In fabric you have a chaincode and a ledger different for each channel. so if you want to have the business logic descripted you need to use only one channel (with 3 orgs).
You can probably use private data to make the separation you are now doing with the two channels
I am wondering of how to maintain provenance in a network while using channels. In marbles example, lets say Regulator, Manufacturer, country dealer and retailers are transacting on a blockchain network.
Regulator,Manufacturer and dealer are transacting on Channel1 whereas dealer transact with retailer1 on Channel2 and with retailer2 on Channel3, just to keep privacy on selling price for different retailers. As marble1 was originated in Channel1 by the manufacturer , How do the same marble is available in Channel2 or Channel3 for transactions without duplicating the marble and keeping its provenance to Channel1.
I don't know how works the marbles example. However, I think that not all the participants could see all the information and provenance for a marble.
The dealer is in the three channels, so he would be duplicating the info in the three channels. The dealer would has an application that links all the info.
I believe that this issue is more related to the client application.
It is related to client code. A channel cannot send data to other channel due to privacy in fabric. One can implement state of transaction in application code. One way to achieve it through the application code could be to keep id of marble same in all channnels and then run GetHistoryForKey() method on different channel and then accumulate txns in one place in client app to arrive at a solution.