Re: How to set regulator or auditor in private data collection


David Enyeart
 

In v2.0 we are promoting this pattern of org-specific collections, where the per organization collections implicitly exist so that you don't have to define them at all.
I agree with your thought - if every one of the implicit collections should have a regulator (or another party) as well, then it should be possible to specify this once, not per collection.

We have also considered implicit collections that could represent any combination of organizations, for example where the collection name would be a hash of the concatenated MSPIDs, and could be referenced without any upfront chaincode or channel configuration. As the number of combinations would still explode for large channels, it may still be necessary for organizations to indicate in peer config which of the implicit collections they are interested in participating in, but this would still be easier to manage than in chaincode or channel config.

Anyways, there's lots of things we *could* do in this space, but let's carefully consider what we *should* do. I'd encourage you to open a Jira and explain the use case more fully. Share the Jira number here and let's see if others expand on it with further requirements or opinions.


Thanks,

Dave Enyeart

"胡 银松" ---02/04/2020 01:51:43 AM--- Thank you for your explanation. I now understand it clearly. But this would cost huge efforts

From: "胡 银松" <huyinsong@...>
To: David Enyeart <enyeart@...>
Cc: "fabric@..." <fabric@...>
Date: 02/04/2020 01:51 AM
Subject: [EXTERNAL] Re: [Hyperledger Fabric] How to set regulator or auditor in private data collection
Sent by: fabric@...





Thank you for your explanation. I now understand it clearly.

But this would cost huge efforts to maintain private data collections in production environment if there are hundreds of private data collections.
How about pre-define a regulator or auditor, the private data collection will include this pre-defined regulator or auditor in the collection configuration period. So we don’t need to define every private data collection to include it. It will be automatically included in every private data collection. That would be more simple and useful for massive private data collection configuration in production environment.

      On Feb 4, 2020, at 1:54 PM, David Enyeart <enyeart@...> wrote:

      A regulator or auditor would be modeled as any other organization.

      Example: Channel includes four organizations: 'Org1', 'Org2', 'Org3', 'regulator'.

      Create Org1Collection that includes (Org1, regulator) in the private data distribution "policy" and "endorsementPolicy".
      Create Org2Collection that includes (Org2, regulator) in the private data distribution "policy" and "endorsementPolcy".
      Create Org3Collection that includes (Org3, regulator) in the private data distribution "policy" and "endorsementPolcy".

      Org1Collection would have properties as:

      "policy": "OR('Org1.peer', 'regulator.peer')"
      "endorsementPolicy": {
      "signaturePolicy": "AND('Org1.peer', 'regulator.peer')"
      },

      This implies that any private data written to Org1Collection requires endorsement from a 'Org1' peer AND a 'regulator' peer. And the private data will get distributed to any peer belonging to 'Org1' OR 'regulator'.

      See collection definition doc at https://hyperledger-fabric.readthedocs.io/en/release-2.0/private-data-arch.html#private-data-collection-definition.


      Dave Enyeart

      <graycol.gif>"胡 银松" ---02/03/2020 11:55:26 PM---Hi All, The fabric doc said: “Fabric v2.0 also enables new patterns for working with and sharing

      From:
      "胡 银松" <huyinsong@...>
      To:
      "fabric@..." <fabric@...>
      Date:
      02/03/2020 11:55 PM
      Subject:
      [EXTERNAL] [Hyperledger Fabric] How to set regulator or auditor in private data collection
      Sent by:
      fabric@...





      Hi All,
      The fabric doc said: “Fabric v2.0 also enables new patterns for working with and sharing private data, without the requirement of creating private data collections for all combinations of channel members that may want to transact. Specifically, instead of sharing private data within a collection of multiple members, you may want to share private data across collections, where each collection may include a single organization, or perhaps a single organization along with a regulator or auditor”.

      I wonder how to set regulator or auditor along with a single organization when using private data in Fabric 2.0?
      Is there any sample to tell how to do this?






Join fabric@lists.hyperledger.org to automatically receive all group messages.