Hyperledger Fabric and Composer privacy support - the full scenario

Hi everyone and thanks in advance for your help, i'm trying to understand&nbsp;<strong>hyperledger fabric (and composer) privacy capabilities</strong>.

Hi everyone and thanks in advance for your help, i'm trying to understand hyperledger fabric (and composer) privacy capabilities.

The application scenario sees different sellers and deliverers in the same network (e.g. i brought a package from Amazon (placed an order), chosen to be delivered by the A courier that, for costs reason, decided to cooperate (sub-delegate) with the courier B for a single stop in the multi-stop delivery path planned for the package to arrive to the customer). For this order, I want Amazon, courier A and B to see delivery plans details, but i don't want other sellers or deliverers to see it.

Now, the above mentioned requirement may be enforced using Composer ACLs (or, similarly, writing a chaincode with the same constraints in Go in Fabric). The only issue is that other deliverer or seller peers would have full access to the world state and ledger history on the disk, so that they can circumvent ACL enforcement and access all the data related to other organizations' agreements.

ABAC (Attribute Based Access Control) enforcement, using enrolling certificate attributes to conditionally discriminate access and transaction execution in the chaincode, have the same limits: I think it may be useful mainly to assess different roles in an organization (e.g. an admin from a normal user).

Then we have the option to keep "private data" (prices, etc) out of the ledger, using a different system to store them out-of-band. This is ok, but other organizations will be able, if we don't use channels, to understand with whom we're doing business with and the approximate number of orders and deliveries. This private information can be even be inserted inside the blockchain network using, starting from Fabric 1.2, Private Data Collections (PDC), avoiding using a different external system, since we can just specify which data must be stored by which organization peers only. Anyway, PDC configuratin data are just shared JSON files, so every organization can understand with whom you're doing business with.

Finally, we have the Channels: we could instantiate a channel for the Amazon-Courier A - Courier B group, to be used for this order and orders in the future that have them as actors. This seems ok, since order data is now disseminated only between channel peers. Considering the administrative burden to configure and maintain a channel, a huge scenario like ours, in which we have thousand of sellers and couriers, may require potentially NxM2 channels, with N number of resellers and M the couriers, which seems not feasible.

Did I get it all right? there are other consideration to be made, in your opinion? Thank you

how tampering of data (already added block's data) in blockchain or worldstate is detected in blockchain and hyperledger fabric?

I have a couple of question regarding the tamper proof mechanism of the blockchain.

I have a couple of question regarding the tamper proof mechanism of the blockchain.

1) My understanding: I understood that hash of [ hash the previous block + content of current block ] will go as a hash to the next block. if we tamper content of a block the hash will change and the link to the next block will be broken.

My Question: If a suspect changed the content of a block long after the block got added, will the calculation of hash and placing the hash in the next block happens automatically ?. Suppose if some one has already illegally changed the content and the link is broken, is there an automatic mechanism to trigger the event that the link has been broken ?. At what time the tampered copy of blockchain will be identified and invalidated ?

2) My understanding: In Hyperledger fabric I uderstood that ledger = blockchain + worldstate. The world state is calculated based on the blockchain. The application will depend on worldstate values, the applications will not traverse through blockchain to find a value.

My questions are: i) how frequetly the worldstate is recalculated ?

ii) will a broken chain(in case of a tamper) is detected while re-calculating the worldstate

iii) what if a suspect tampers the worldstate on a peer. how this situation is set right ? will the tampering be detected during the consensus or any other acticity ?

I read and understood that the blockchain is tamper proof, but really want to understand which processes safe guard the BC ?

Blockchain (Hyperledger sawtooth) data management

When you think about designing a blockchain network using Hyperledger sawtooth, It’s important to consider how your data will grow and amplify as your business. Being familiar with on-chain and off-chain data there are certain questions that popped up in terms of data management.

When you think about designing a blockchain network using Hyperledger sawtooth, It’s important to consider how your data will grow and amplify as your business. Being familiar with on-chain and off-chain data there are certain questions that popped up in terms of data management.

  1. What if the validators run out of storage?
  2. What are the ways for scaling the validator who has to have a copy of all the transactions?
  3. How much data one transaction generates?
  4. What will be the suitable design If there is a possibility of getting a billion transactions over a period of time?
  5. If that generates considerable amount of data then what are the ways for cutting down the data which is not in use anymore?
  6. Can I perform CRUD operation in TSDB which sawtooth uses by default?
  7. If using an IOT devices with the project then it generates a huge amount of data. How to manage this data in a decentralised and distributed way?
  8. If using third party for data management then what are the efficient and cost effective methods with features like sharding, archiving, data consistency, etc..
  • Please clear my doubts and also correct me wherever I’m wrong with the above. Thank you.

Deploy and expose chaincode as REST api on amazon managed blockchain hyperledger fabric 1.2

I have configured amazon managed blockchain setup with Hyperledger 1.2. The network is prepared with a single member and a single peer node. Hyperledger Fabric Client setup is with Golang 1.10.3. I have installed, Instantiated, Queried and Invoked mycc chaincode example given in AWS tutorial

Which works perfectly. Complete exercise was done following this link.

I want to deploy and expose the chaincode as REST api. There is a sample project Amazon Managed Blockchain Workshop. They have used RESTful API, running as a Node.js Express application, using the Hyperledger Fabric Client SDK to query and invoke chaincode. I want to run non-profit chaincode example on Hyperledger Fabric Client prepared for AWS managed Blockchain Hyper Ledger 1.2

I have performed below steps:

Here are the steps how am I am running and testing the REST API.

cd ~/non-profit-blockchain/ngo-rest-api
nvm use lts/carbon
node app.js &

If I execute Register/enroll a user request

curl -s -X POST http://localhost:3000/users -H "content-type: application/x-www-form-urlencoded" -d 'username=john&orgName=Org1'

Instead of showing: response:

{"success":true,"secret":"","message":"michael enrolled Successfully"}

It shows below error message.

{"success":false,"message":"failed Error: Missing mspid parameter"}

I have also tried by adding mspid in the request but the error message is still same. What am I missing?

Here are contents of ngo-connection-profile.yaml

channels:
  mychannel:
    orderers:
      - orderer.com
    peers:
      peer1:
        endorsingPeer: true
        chaincodeQuery: true
        ledgerQuery: true
        eventSource: true
<pre><code>
organizations:
  Org1:
    mspid:
    peers:
      - peer1
    certificateAuthorities:
      - ca-org1
orderers:
  orderer.com:
    url: grpcs://orderer.n-XDXDXDXDXDSXDSXDXSDXSDXDSXDSXDS.managedblockchain.us-east-1.amazonaws.com:30001
    grpcOptions:
      ssl-target-name-override: orderer.n-XDXDXDXDXDSXDSXDXSDXSDXDSXDSXDS.managedblockchain.us-east-1.amazonaws.com
    tlsCACerts:
      path: /opt/home/managedblockchain-tls-chain.pem
</pre></code>
peers:
  peer1:
    url: grpcs://nd-NDNDNDNDNDNDNDNDNDNDND.m-AAAAAAAAAAAAAAAAAAAAAAAAA.n-XDXDXDXDXDSXDSXDXSDXSDXDSXDSXDS....
    eventUrl: grpcs://nd-NDNDNDNDNDNDNDNDNDNDND.m-AAAAAAAAAAAAAAAAAAAAAAAAA.n-XDXDXDXDXDSXDSXDXSDXSDXDSXDSXDS.....
    grpcOptions:
      ssl-target-name-override: nd-NDNDNDNDNDNDNDNDNDNDND.m-AAAAAAAAAAAAAAAAAAAAAAAAA.n-XDXDXDXDXDSXDSXDXSDXSDXDSXDSXDS.xxx
    tlsCACerts:
      path: /opt/home/managedblockchain-tls-chain.pem

certificateAuthorities:
ca-org1:
url: https://ca.m-AAAAAAAAAAAAAAAAAAAAAAAAA.n-XDXDXDXDXDSXDSXDXSDXSDXDSXDSXDS....
httpOptions:
verify: false
tlsCACerts:
path: /opt/home/managedblockchain-tls-chain.pem
registrar:
- enrollId: aaaaaaaa
enrollSecret: XXXXXXXXXXX
caName: m-AAAAAAAAAAAAAAAAAAAAAAAAA