I have a question on participants in the composer. We have API to add participants to the network and I have seen in some samples we add those participants using the API using the connection profile of an Admin. When you are forming the network for real use case and especially in v1.0 and also I have seen in the HSBN service, you have to invite participants to the network and they can join and it automatically creates the peers for those participants. How do you map those participants to the participants in composer model. Are you still expected to create the participants in the ledger using the composer SDK. In v1.0 and even 0.6, when you add a participants, it provides an enrollment id. How do you map that with the participant information that you create in the ledger using the composer API to the enrolled participants in the ledger. Also when you add the participants in the ledger, is it really registering the participants ?
Composer participants are modeled entities in the business network, whereas Hyperledger Fabric members are really represented by ECerts (enrollment certificates) used to access the Fabric.
So, each Fabric member can access the Fabric using their own certificate. Composer allows you to map an ECert to a Composer participant using an encrypted attribute in the ECert. This allows Composer to know what participant is performing an action, and to apply appropriate access control.
You should use the Composer APIs to create a participant, and then issue an identity for that participant. The act of issuing an identity will create an ECert with the appropriate encrypted attribute to map the ECert to the participant id. If you want to break that link you can revoke the identity for the participant using Composer APIs.
Doc links:
https://fabric-composer.github.io/managing/participant-add.html
https://fabric-composer.github.io/managing/identity-issue.html
https://fabric-composer.github.io/managing/identity-revoke.html
Related
I'm developing a blockchain solution on Hyperledger Fabric. This solution should be used to provide the interactions bewtween manufacturers and suppliers. I supposed that in this case there should be a single blockchain ledger with information about manufactured goods. This ledger should be used both by manufacturers (to register new goods) and by suppliers (to update goods: for example, mark some item as delivered).
The Hyperledger Fabric official documentation (https://hyperledger-fabric.readthedocs.io/en/release-2.0/fabric_model.html#privacy) says that the ledger is strictly linked with a channel:
Blockquote
Hyperledger Fabric employs an immutable ledger on a per-channel basis, as well as chaincode that can manipulate and modify the current state of assets.
So I intended to create a single channel and install 2 different chaincodes on:
chaincode for manufacturers (to register manufactured goods)
chaincode for suppliers (to mark registered goods as delivered)
But when I prepared a demo application, I revealed, that the second chaincode cannot query the items created with the first one (i.e. each chaincode has an isolated ledger).
How can I deploy the ledger, which should be shared between organizations having various roles (access rights), if I don't want to force all of them (manufacturers and suppliers) to install the full chaincode (containing both 'register goods' and 'mark as delivered' operations) on their environment?
Thanks & Regards
Igor Egorov
I am building one POC using Hyperledger fabric,
Is it possible to send messages from one organization admin like money details to another organization admin and he sends the (agree/denied) message?
You can work with multi organization model. Install chaincode on two organization peers and instantiate the chaincode over channel. Post Instantiation of chaincode you can invoke some transactions which will be distributed the orderer to every peer that is joined in the channel.
In the below link you can expect a basic network for two organizations with two peers each.
I am new to the area of DLTs or "blockchain" and I am trying to create an application on top of Hyperledger Fabric. Before I describe my use case, I need to mention that due to my use case's nature I need a private & permissioned "blockchain" which justifies the choice of Fabric (I am aware of other platforms e.g. Corda, private Ethereum, but Fabric seems to match my use case better).
Use Case
My use case consists of two different types of participants. A number of organizations (which upload and share information about individuals on the distributed ledger) and a client who can query information about an individual.
The client should not be able to see the transactions uploaded by the organizations and will not have write rights on the DL. He has read-only rights. Moreover, the organizations trust each other and there is also a level of trust between them and the client.
Design thoughts
Based on what I've read, I was thinking of creating a DL network that includes all of these parties and use channels which, based on the documentation, can be used to create a grouping among a number of participants (the organizations in my case) thus "hiding" the transactions from the parties which are not included in this group (the client in my case).
However, later I read about chaincode (a.k.a. smart contracts) which:
can be invoked by an application external to the blockchain when that
application needs to interact with the ledger
which confused me since if the "blockchain" can be queried from an external entity, that probably means that the client should not be included in the trusted network.
Am I headed in the wrong direction (design-wise)?
Based on your description, Hyperledger Fabric channels sound like a good solution. You should also familiarise yourself with private data collections, as this is another way of hiding some of the data from some peers. Which option is best for your scenario will depend on how your datasets are structured, and whether you also need to keep the data private from the orderer.
Clients are not part of the network. They query the blockchain by connecting to a peer and then requesting data from that peer. They can then only access the data visible to that peer (which is stored locally by that peer). So, it is not possible for a client to access more data than is available to the peer the client is connected to.
In your example, you would have a "client" organisation, with at least one peer. This peer would be part of the network, and your client application would then connect to it for access to data on the ledger (typically using the Hyperledger Fabric Node SDK).
There are two types of chaincode in Hyperledger Fabric.
User Chaincode (often just referred to as "chaincode") is used to update the ledger for a channel, and is only installed on those peers which require it (i.e. endorsing peers). Since your "client" peer would not be an endorsing peer, it would not have access to the user chaincode for the channel.
System Chaincode which all peers have access to, provides (among other things) an interface to allow queries to be run against the ledger.
I am using "https://hyperledger.github.io/composer/tutorials/deploy-to-fabric-multi-org" for Deploying Hyperledger Composer blockchain business network to Hyperledger Fabric(mulriple organizations). In this tutorial why we are creating two connection profiles
The difference between two connection profiles shown in below image.
Why we should create two connection profiles for onenter image description heree organization, i.e 1. Org1 only and Org1 and Org2 ?
The need for the distinct Org1 and Org2 only cards is related to rights on the Fabric. The initial Runtime Install uses the distinct cards (and connection.json) and subsequent commands - Network Start and Commands from Alice and Bob use cards (and connection profiles) that access all peers regardless of organisation as they have rights to the Network.
For the tutorial (and the Dev Fabric) we have combined the Peer Install role and the Channel admin role into a single identity called PeerAdmin. Then you need an identity to handle the Fabric-ca server issuer role. You also need an identity bound to the initial business network participant. These roles have been combined into one for alice/bob.
From fabric First Network example , why set up organization? what is orga use for?
In Hyperledger Fabric, every participant (client, peer, orderer) belongs to some organization.
Organizations have certificate authorities that provide their members (clients, peers, orderers) enrollment certificates in order to authenticate one another, and other organizations.
It also provides an easy way to aggregate participants together in order to define access control rules that span multiple clients, peers and orderers without having to define for each participant separately