Date   

Re: #fabric-questions #hyperledger-fabric #fabric-questions #hyperledger-fabric

Parthiban Selvaraj
 

Hi,

It can be done in many ways. A simple would be like this,

Create 2 functions in chaincode 
1st function will collect all bids from 4 orgs and then store the value along with hash ( can include the digital signature also for verification later). Create a custom endorsement policy like if org1 submits then endorsement policy would be get endorsement from ORG1.member only.(state based endorsement)

2nd function will submit bidding only if there is required no of bids are collected (4 in your case) and it checks the hash of bid value ( verify the signature also). For this you create endorsement policy of what you have mentioned (4 endorsements from 4 orgs)

Through this setup all 4 orgs can submit a bid with custom endorsement and bid processing happens only if all 4 orgs submitted their bids

Thanks and Regards
Parthiban Selvaraj

On Wed, 15 Jan, 2020, 4:40 PM , <yashukla47@...> wrote:

what will be the solution to this? is there an inbuilt logic for this kind of privacy?

Consider a bidding platform of 4 organizations where org1 publishes an item and org 2,3 and 4 bid for it(in dollars). 
and then there is a chaincode that checks the bids and compare them and declares the winner bidder (one with the highest bid) to make the platform decentralized we make all the three organizations as endorser peers so that each peer is able to see what others have bid.

the problem is that: in a particular scenario being an endorser peer org2 can see the bid of org3 and then increase it’s bid accordingly

what can I do to make the platform decentralized while avoiding this scenario and keeping the system realtime(<50ms)? something like: the organizations are only able to see each others bids only after the winner is 
declared


#fabric-questions #hyperledger-fabric #fabric-questions #hyperledger-fabric

yashukla47@...
 

what will be the solution to this? is there an inbuilt logic for this kind of privacy?

Consider a bidding platform of 4 organizations where org1 publishes an item and org 2,3 and 4 bid for it(in dollars). 
and then there is a chaincode that checks the bids and compare them and declares the winner bidder (one with the highest bid) to make the platform decentralized we make all the three organizations as endorser peers so that each peer is able to see what others have bid.

the problem is that: in a particular scenario being an endorser peer org2 can see the bid of org3 and then increase it’s bid accordingly

what can I do to make the platform decentralized while avoiding this scenario and keeping the system realtime(<50ms)? something like: the organizations are only able to see each others bids only after the winner is 
declared


Re: HLF Java SDK - Chaincode instantiation failure

Matthew White
 

Hello;
 
I run a very simple setup; VirtualBox on Windows 10, with Ubuntu (though trying Manjaro as well).   Docker does take a lot of memory so it was a good idea to check that. 
 
For scenarios such as this, I'd always suggest monitoring all the docker containers - specifically try and catch the docker container that is run to build the chaincode; this only has a short life - but often provides a useful clue as to problems.
 
I would recommend something like this  https://gist.github.com/mbwhite/a32abc57a0a45ecc466977ceef67df1f  (using Logspout).. Start monitoring as soon as Fabric has started and see what occurs.
 
Also, could you link to which specific tutorial you're using?  Thanks!
 
Regards, Matthew.
Matthew B White  IBM Blockchain Solutions Architect
 
Email me at WHITEMAT@...
Find me on StackOverflow, and generally at  calanais.me.uk
 
Note: restricted availability for meetings 14:30 to 17:00 UK Tuesday 
IBM United Kingdom Limited, Hursley Park, Winchester, Hampshire, SO21 2JN

"The wrong answers are the ones you go looking for when the right answers stare you in the face"
 
 
 
----- Original message -----
From: "Tomás Peixinho" <tom.peixinho@...>
Sent by: fabric@...
To: "hyperledger-fabric@..." <hyperledger-fabric@...>
Cc:
Subject: [EXTERNAL] [Hyperledger Fabric] HLF Java SDK - Chaincode instantiation failure
Date: Tue, Jan 14, 2020 9:43 PM
 
 
Good evening,
 
I'm using the java sdk to work with hyperledger fabric and I'm having some trouble. I'm trying to write my own application based on the "fabcar" example that is provided.
 
I'm running a virtual machine (VirtualBox, in case it matters) with a linux distribution, I follow all the steps from the tutorial on github, but when it gets to the point that needs to run DeployInstantiateChaincode.java (to deploy the chaincode on the peers and instantiate it on the channel, if I'm not mistaken), the "deployment" gives a SUCCESS message for each of the peers (peer 0 and 1 on org 1, and peer 0 and 1 on org 2, which is the default for the tutorial), however the "instantiation" always gives a FAILURE message. 
 
I tried it on Xubuntu, Lubuntu and Kali. Never works. I thought it could be a memory problem so I increased the ram, I tried increasing the timeouts on the config file, but still nothing works. A friend of mine tried to run it on his computer (the exact same code, the same structure, he even used the same .sh file that I wrote to run all the terminal commands) and it works sometimes (he's using Kali on VMWare, it's the only difference). Could it be a problem with my computer? Could it be that it is too slow to manage to instantiate the chaincode in time, before it gives the timeouts? Below are the lines that print on the terminal. Not very explanatory but it's what I get:
 
Jan 14, 2020 3:47:04 PM main.java.org.example.client.FabricClient deployChainCode
INFO: Deploying chaincode fabcar using Fabric client Org1MSP admin
Jan 14, 2020 3:47:04 PM main.java.org.example.network.DeployInstantiateChaincode main
INFO: fabcar- Chain code deployment SUCCESS
Jan 14, 2020 3:47:04 PM main.java.org.example.network.DeployInstantiateChaincode main
INFO: fabcar- Chain code deployment SUCCESS
Jan 14, 2020 3:47:04 PM main.java.org.example.client.FabricClient deployChainCode
INFO: Deploying chaincode fabcar using Fabric client Org2MSP admin
Jan 14, 2020 3:47:04 PM main.java.org.example.network.DeployInstantiateChaincode main
INFO: fabcar- Chain code deployment SUCCESS
Jan 14, 2020 3:47:04 PM main.java.org.example.network.DeployInstantiateChaincode main
INFO: fabcar- Chain code deployment SUCCESS
Jan 14, 2020 3:47:04 PM main.java.org.example.client.ChannelClient instantiateChainCode
INFO: Instantiate proposal request fabcar on channel mychannel with Fabric client Org2MSP admin
Jan 14, 2020 3:47:04 PM main.java.org.example.client.ChannelClient instantiateChainCode
INFO: Instantiating Chaincode ID fabcar on channel mychannel
Jan 14, 2020 3:48:13 PM main.java.org.example.client.ChannelClient instantiateChainCode
INFO: Chaincode fabcar on channel mychannel instantiation java.util.concurrent.CompletableFuture@55787112[Completed exceptionally: java.lang.IllegalArgumentException: The proposal responses have 0 inconsistent groups with 4 that are invalid. Expected all to be consistent and none to be invalid.]
Jan 14, 2020 3:48:13 PM main.java.org.example.network.DeployInstantiateChaincode main
INFO: fabcar- Chain code instantiation FAILURE
Jan 14, 2020 3:48:13 PM main.java.org.example.network.DeployInstantiateChaincode main
INFO: fabcar- Chain code instantiation FAILURE
Jan 14, 2020 3:48:13 PM main.java.org.example.network.DeployInstantiateChaincode main
INFO: fabcar- Chain code instantiation FAILURE
Jan 14, 2020 3:48:13 PM main.java.org.example.network.DeployInstantiateChaincode main
INFO: fabcar- Chain code instantiation FAILURE
 
I honestly don't understand what I'm doing wrong. I do everything on the tutorials. I think the first time I tried running it, it worked, but all the other consecutive runs didn't. I need to deploy and instantiate the chaincode in order to test my application. I don't know what else to do. I might format my computer and try again, not sure if it'll work or not... My pc is an Asus Intel Core I7, with 8GB of ram, in case it matters. Any help would be appreciated. This is my thesis project and I can't seem to finish it.
 
Thank you for any help that can be provided.
 
Best regards
 
Tomás
 
Unless stated otherwise above:
IBM United Kingdom Limited - Registered in England and Wales with number 741598.
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU


HLF Java SDK - Chaincode instantiation failure

Tomás Peixinho
 

Good evening,

I'm using the java sdk to work with hyperledger fabric and I'm having some trouble. I'm trying to write my own application based on the "fabcar" example that is provided.

I'm running a virtual machine (VirtualBox, in case it matters) with a linux distribution, I follow all the steps from the tutorial on github, but when it gets to the point that needs to run DeployInstantiateChaincode.java (to deploy the chaincode on the peers and instantiate it on the channel, if I'm not mistaken), the "deployment" gives a SUCCESS message for each of the peers (peer 0 and 1 on org 1, and peer 0 and 1 on org 2, which is the default for the tutorial), however the "instantiation" always gives a FAILURE message. 

I tried it on Xubuntu, Lubuntu and Kali. Never works. I thought it could be a memory problem so I increased the ram, I tried increasing the timeouts on the config file, but still nothing works. A friend of mine tried to run it on his computer (the exact same code, the same structure, he even used the same .sh file that I wrote to run all the terminal commands) and it works sometimes (he's using Kali on VMWare, it's the only difference). Could it be a problem with my computer? Could it be that it is too slow to manage to instantiate the chaincode in time, before it gives the timeouts? Below are the lines that print on the terminal. Not very explanatory but it's what I get:

Jan 14, 2020 3:47:04 PM main.java.org.example.client.FabricClient deployChainCode
INFO: Deploying chaincode fabcar using Fabric client Org1MSP admin
Jan 14, 2020 3:47:04 PM main.java.org.example.network.DeployInstantiateChaincode main
INFO: fabcar- Chain code deployment SUCCESS
Jan 14, 2020 3:47:04 PM main.java.org.example.network.DeployInstantiateChaincode main
INFO: fabcar- Chain code deployment SUCCESS
Jan 14, 2020 3:47:04 PM main.java.org.example.client.FabricClient deployChainCode
INFO: Deploying chaincode fabcar using Fabric client Org2MSP admin
Jan 14, 2020 3:47:04 PM main.java.org.example.network.DeployInstantiateChaincode main
INFO: fabcar- Chain code deployment SUCCESS
Jan 14, 2020 3:47:04 PM main.java.org.example.network.DeployInstantiateChaincode main
INFO: fabcar- Chain code deployment SUCCESS
Jan 14, 2020 3:47:04 PM main.java.org.example.client.ChannelClient instantiateChainCode
INFO: Instantiate proposal request fabcar on channel mychannel with Fabric client Org2MSP admin
Jan 14, 2020 3:47:04 PM main.java.org.example.client.ChannelClient instantiateChainCode
INFO: Instantiating Chaincode ID fabcar on channel mychannel
Jan 14, 2020 3:48:13 PM main.java.org.example.client.ChannelClient instantiateChainCode
INFO: Chaincode fabcar on channel mychannel instantiation java.util.concurrent.CompletableFuture@55787112[Completed exceptionally: java.lang.IllegalArgumentException: The proposal responses have 0 inconsistent groups with 4 that are invalid. Expected all to be consistent and none to be invalid.]
Jan 14, 2020 3:48:13 PM main.java.org.example.network.DeployInstantiateChaincode main
INFO: fabcar- Chain code instantiation FAILURE
Jan 14, 2020 3:48:13 PM main.java.org.example.network.DeployInstantiateChaincode main
INFO: fabcar- Chain code instantiation FAILURE
Jan 14, 2020 3:48:13 PM main.java.org.example.network.DeployInstantiateChaincode main
INFO: fabcar- Chain code instantiation FAILURE
Jan 14, 2020 3:48:13 PM main.java.org.example.network.DeployInstantiateChaincode main
INFO: fabcar- Chain code instantiation FAILURE


I honestly don't understand what I'm doing wrong. I do everything on the tutorials. I think the first time I tried running it, it worked, but all the other consecutive runs didn't. I need to deploy and instantiate the chaincode in order to test my application. I don't know what else to do. I might format my computer and try again, not sure if it'll work or not... My pc is an Asus Intel Core I7, with 8GB of ram, in case it matters. Any help would be appreciated. This is my thesis project and I can't seem to finish it.

Thank you for any help that can be provided.

Best regards

Tomás


New Fabric Documentation merge process proposal

Pam Andrejko
 

 
On one of the recent contributors calls there was a discussion about a the process for merging Fabric documentation content. As a result of that discussion, we would like to propose a new process for getting documentation content merged.
 
Note that although there has been discussion about moving to a new Fabric repo, for now we’d like to leave the documentation in the existing Fabric repo in order to maintain developer contribution and engagement and in order to keep the docs in sync with the Fabric releases and code. Of course, this does not preclude us from moving it to its own repo in the future if we decide there are additional benefits to be gained.
 
Why do we want to modify the process?
- Encourage more community contribution by including more contributors in the process.
- Simplify the process to merge trivial changes to the documentation.
- Facilitate inclusion of translated content in ReadTheDocs.
 
Proposal:
1. If a PR contains both documentation and code updates, use the existing Fabric code review and approval process.
2. If a PR contains content only under the /docs folder - then a default set of documentation reviewers are automatically notified by GitHub. To start, we propose the reviewer list include: Anthony, Joe, Nik, Pam, Chris Gabriel, Jim Mason, Lesley-Ann Jordan. Note that Fabric Maintainers will also still be notified.
3. A Documentation PR can be merged by a non-author Documentation Maintainer - whose merge capability is restricted to the /docs folder. We propose this list include:   Anthony O'Dowd, Joe Alewine, Nik Gupta, Pam Andrejko, Chris Gabriel, FUTURE: Rich Zhao (for translated content, once we have the process sorted out). 
 
We have reviewed this process with Brett Logan and he has figured out an automated way for this to work (thank you Brett):
  • Add a new maintainers team to the Fabric repository - `Documentation Maintainers` where membership to this group is managed by the Linux Foundation.
  • Configure a mergify bot such that after:
    1. The documentation PR is approved by a Documentation Maintainer using the normal "Review changes" pane,  and 
    2. The Documentation Maintainer adds the label `doc-approve` to a documentation PR.
  •  Then, the mergify bot runs and the content is merged. 
  • Because the traditional "Merge" button will be disabled for Documentation Maintainers, they have to add the `doc-approve` label to trigger the bot merge. 
  • Non-documentation Maintainers can still continue to the use the merge button to merge documentation PRs as per usual.
  • The bot is configured such that Documentation Maintainers are restricted to merging PRs under the /docs folder.
  • For adding or removing documentation maintainers, we can add a 'Documentation Maintainers' table to MAINTAINERS.md
  • Then, submit a PR against that table, collect the votes, and merge.
  • Someone from the Linux Foundation updates the team definition per the table.
 
Documentation Maintainers are allowed to propose new Documentation reviewers and new Documentation Maintainers.
 
Criteria to become a Documentation Maintainer:
 
A track record of sustained documentation leadership  in the form of GitHub reviews or contributions, or consistent documentation workgroup contributions, or translation contribution.
 
We welcome your feedback and comments.

Pam Andrejko

 
 


Motion for final comment period: Programming Model Updates for Go SDK

Heather Pollard <heatherp@...>
 

Hi everyone,

I am requesting that we enter the final comment period for the RFC for Go SDK new programming model and proposing that it is merged at the end of this period, in one week. The aim of this period is for any fabric maintainers to communicate any final comments or objections to the proposed RFC.

Applying the Programming Model to the Go SDK was discussed on a Fabric Contributors Meeting on the 11th December and the recording is available here.

Please reach out to Andrew Coleman (andrew_coleman@...) or me with any queries
 
Thanks,
Heather

Software Engineer, IBM Blockchain
Autism Ambassador
Unless stated otherwise above:
IBM United Kingdom Limited - Registered in England and Wales with number 741598.
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU


Motion for final comment period: Ledger-api RFC

Heather Pollard <heatherp@...>
 

Hi everyone,

I am requesting that we enter the final comment period for the Ledger-api RFC and proposing that it is merged at the end of this period, in one week. The aim of this period is for any fabric maintainers to communicate any final comments or objections to the proposed RFC.

The ledger-api was discussed on a Fabric Contributors Meeting on the 11th December and the recording is available here.

Please reach out to Matthew White (whitemat@...) or me with any queries
 
Thanks,
Heather

Software Engineer, IBM Blockchain
Autism Ambassador
Unless stated otherwise above:
IBM United Kingdom Limited - Registered in England and Wales with number 741598.
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU


Upcoming TSC update for Fabric

Ry Jones
 

In a little over a week, the Fabric project has the first update for 2020 due.

I will be setting up the automatic reminders, but I'm not there yet.
Ry

--
Ry Jones
Community Architect, Hyperledger


Re: Chaincode nodejs getStateByPartialCompositeKey

David Enyeart
 

Yes, see the getStateByPartialCompositeKey sample here:
https://github.com/hyperledger/fabric-samples/blob/release-1.4/chaincode/marbles02/node/marbles_chaincode.js#L243-L295


Dave Enyeart

"Kimheng SOK" ---01/13/2020 12:27:00 PM---Dear all, Is there any documentation example of how to use

From: "Kimheng SOK" <sok.kimheng@...>
To: hyperledger-fabric@...
Date: 01/13/2020 12:27 PM
Subject: [EXTERNAL] [Hyperledger Fabric] Chaincode nodejs getStateByPartialCompositeKey
Sent by: fabric@...





Dear all,

Is there any documentation example of how to use getStateByPartialCompositeKey in nodejs chaincode to query the data from the object list and iterate through it to view all the result. 

Thank for help.

Bests,




Chaincode nodejs getStateByPartialCompositeKey

Kimheng SOK
 

Dear all,

Is there any documentation example of how to use getStateByPartialCompositeKey in nodejs chaincode to query the data from the object list and iterate through it to view all the result. 

Thank for help.

Bests,


Re: JIRA Cleanup

Matthew Sykes
 

I have finished labeling JIRA items associated with the Fabric project. If you find an item with a `stale-item` label that you believe should not be closed out next week, please remove the label and add a comment indicating why it is still relevant.

Thanks.

On Thu, Jan 9, 2020 at 7:07 PM Matthew Sykes via Lists.Hyperledger.Org <matthew.sykes=gmail.com@...> wrote:
As part of our v2 shutdown (and my own new year resolution to be better about doing my chores), we'll be doing some work to close out old JIRA work items.

Over the next few days, open items that have not had a meaningful update in more than 9 months will be tagged with a 'stale-item' label. One week after that process has completed, any open items with that label will be closed out.

If a JIRA item you are interested in gets tagged and you want to stop it from being closed, please comment on the issue with information about why it is still relevant and remove the tag. This will indicate further discussion is warranted and we will defer closing the item pending that discussion.

Since the issues are simply being closed and not deleted, if something falls through the crack, we can always reopen as necessary.

Thanks.

--
Matthew Sykes



--
Matthew Sykes
matthew.sykes@...


Re: IMP: Failed to update batch size in fabric

Anoop Vijayan <anoop@...>
 

Hi,
Without looking into the logs (i.e. I am guessing here), I think you are trying to update BatchSize?
For that you need to be a OrdererMSP (endorsed by orderer)
——————— e.g. clip ———————
CORE_PEER_LOCALMSPID="OrdererMSP"

CORE_PEER_TLS_ROOTCERT_FILE=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem

CORE_PEER_MSPCONFIGPATH=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/users/Admin@example.com/msp

ORDERER_CA=/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/example.com/orderers/orderer.example.com/msp/tlscacerts/tlsca.example.com-cert.pem
——————— e.g. clip ———————

To know more, you should turn on DEBUG for orderer container and restart it.

Thanks,
 - Anoop

On 11 Jan 2020, at 21.49, Suhan Sumeet <suhan.premilu@...> wrote:

Hello Team,

I have an urgent requirement to fulfill and am trying to update the batch size for my network

Am following the tutorial to "Add org3 in to network" that lists out the steps to updated a channel configuration.
While running the final step to update 
" peer channel update -f batch_update_in_envelope.pb -c $CHANNEL_NAME -o orderer.example.com:7050 --tls --cafile $ORDERER_CA"

it fails with below error

2020-01-11 19:41:29.563 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized
Error: got unexpected status: BAD_REQUEST -- error applying config update to existing channel 'mychannel': error authorizing update: error validating DeltaSet: policy for [Value]  /Channel/Orderer/BatchSize not satisfied: implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Admins' sub-policies to be satisfied


Please help me out if possible urgently since I have to deliver this in another 10-12 hours.



[i18n] Status report on translation of Fabric docs

Yang Cheng
 

Dear Hyperledger community,

We are a small group of volunteers that have been translating Fabric docs to Chinese since 2018. We’d like to share our current status and rationale behinds some decisions for your reference.

Tool selection

We initially started off using github, since it’s familiar to most of developers, and other projects like k8s have been doing the same. The workflow roughly looks like this:

Admins:
1.create branches in `hyperledger-labs/fabric-docs-cn` following Fabric release tags, for example `1.4.2_zh-CN`
2.populated Github issues with untranslated docs
3.assign issues to translators upon request
4.review pull request
5.readthedocs is updated automatically upon successful merge
6.periodically pull in updates from Fabric docs in the form of new issues

Translators:
1.browse Github issues looking for unassigned issues
2.assign issue by commenting on it
3.translate and submit pull request

This workflow had served us well for a small group of contributors. Later on, translation tools, in particular Zanata and Transifex, were proposed by community members, and we decided to give them a try. However, several major drawbacks of Transifex were observed after months of trial:

1.slow access in this region, resulting in bad user experience
2.intermediate files (.po) loses annotations during conversion, resulting in bad formats
3.no commit sign-off when eventually pushed to github

Therefore, we went back to Github. However, this does not mean we rule out the option of using professional tool, which obviously has its own advantages. Our current focus is to get things done and keep handful of contributors happy. When the time comes that Github becomes bottleneck (either due to increase of volunteers, or number of languages being translated to), we are definitely open for reassessment of tooling.

Location of translated docs

It was proposed to separate docs from Fabric code repo, which can co-exist with translations, similar to k8s [1]. Although the proposal was turned down for solid reasons, and we are happily informed that readthedocs actually supports multiple Github repo setup [2]. This is so far the least invasive option to incorporate non-English docs into main site.

We do not think putting translated docs into Fabric core repo is a good idea, even with fine-grained maintainer-ship in place. The PR page would be overwhelmed by foreign characters and we are no longer able to track tasks with Github issues. Besides, it doesn’t really buy us anything beyond one less repo.

To avoid creating new repo for each language that people are interested in translation, we could also setup a repo `Fabric-i18n` containing them as separate directories, e.g. `zh`, `es`, `de`, etc.

This is how things get done today and we definitely welcome any suggestion and feedback. As the number of volunteers and languages grow, we believe a standardized process will emerge.

Thank you,
Cheng Yang

[2] here’s a demonstration website to show how to incorporate multiple github repo into one readthedocs site https://stone-fabric.readthedocs.io/zh/release-1.4_zh-cn/

--
程阳
Yang Cheng
great_cy_ang@...


[i18n][Help-wanted] Incorporate Fabric docs in zh-CN into ReadTheDocs

Yang Cheng
 

Dear Hyperledger Administrators,

As reported previously, a group of volunteers from Technical Working Group China have translated Fabric 1.4 docs into Chinese, and we would like some help to incorporate them into readthedocs. This could be done by creating a child project in readthedocs under Fabric, and point it to [1], where translated docs reside.

We've made a demo site to showcase final result at [2]. And we are happy to facilitate the process along the way.

I will send out a separate mail explaining our current process for translation, in case some of you are interested.

Cheers, 
Yang Cheng


--
程阳
Yang Cheng
great_cy_ang@...


Fw:Re:Re: re:[Hyperledger Fabric] identity authentication

qs meng <qsmeng@...>
 







-------- Forwarding messages --------
From: "meng" <qsmeng@...>
Date: 2020-01-13 11:08:34
To: "Nikhil E Gupta" <negupta@...>,robert@...,nlzanutim@...
Subject: Re:Re: re:[Hyperledger Fabric] identity authentication
Hi,
     Thank you all for your reply.
     About the CID, the certificate is initialized into an object and the information like id/mspID is obtained by CID function. The authenticity about the ID is not checked at all. CID think it is true because the endorsing peer has already checked.
    About SDK maintaining a credential wallet that holds end user's HLF credentials, I didnot find any material on it. I guess the DApp uses the credntials in the wallet to check the ID of endusers? Is the transaction proposal then signed  by the DApp and submitted to Fabric?  If so, we must trust the DApp. 
  About the restful API, an enduser must send a  proposal to a server, what is the server that handles the proposal and where the server is running? 
  Thank you.
   Best regards,
qsmeng





At 2019-12-06 00:19:27, "Nikhil E Gupta" <negupta@...> wrote:




-----fabric@... wrote: -----
To: Robert Broeckelmann <robert@...>
From: "qs meng"
Sent by: fabric@...
Date: 12/04/2019 09:21PM
Cc: Nicholas Zanutim <nlzanutim@...>, "fabric@..." <fabric@...>
Subject: [EXTERNAL] 回复:[Hyperledger Fabric] identity authentication

hello Robert,
more specificly,I want to authenticate requestor id in chaincode. this provide more freedom for enduser. 
thank you. 
regards. 
qsmeng




-------- 原始邮件 --------
发件人: Robert Broeckelmann <robert@...>
日期: 2019年12月4日周三 中午12:32
收件人: qs meng <qsmeng@...>
抄送: Nicholas Zanutim <nlzanutim@...>, fabric@...
主 题: Re: [Hyperledger Fabric] identity authentication
Hello. 

I had a similar situation earlier this year.

The Fabric SDKs contain support for maintaining a credential wallet that holds end user's HLF credentials.

If you have an architecture similar to:

Mobile App-> REST API->HLF Peer 

Then, the REST API layer can be used to translate from a security token embedded in API requests to credentials that the blockchain network will understand (ie, PKI an X509 private public key pairs).

See [1] for an example. 

Our requirements eventually shifted to an "application" id being recorded in the blockchain. So, we just issued a "system identity" that the REST API layer's SDK used for all peer interaction. So, that ended up being much simpler.

I honestly don't like the solution where the server-side app has to maintain a credential wallet that contains all registered users HLF credentials, but that does seem cleaner than having every mobile app instance issued a set of HLF credentials and directly communicating with the blockchain network. Note, I haven't seen anyone or anything pitching that architecture, but it would probably be the only alternative.

For authentication of end users on the mobile, app I'd recommend using OpenId Connect's Authorization Code Grant with a Public Client. Use one of the numerous IdaaS (Identity as a Service) Providers available today.  If OIDC is used in this manner, you also get an OAuth2 access token that can be cached in the mobile app (and refreshed as needed) and included with API calls (authorization header) to the REST API layer. An API Gateway can be used to handle authentication, authorization, request validation, and other typical concerns of API Security. All the major cloud hosting platforms offer an API Gateway solution that would do this out-of-the-box, the previous poster mentioned Kong, Apigee is another. There are a bunch of others. 


RCBJ

On Tue, Dec 3, 2019 at 6:24 PM qs meng <qsmeng@...> wrote:


hi Nicholas,
 the identity be authentocated by fabric. if the kong runs outside the fabric, its result of ID authenticate is not accepted by fabric.
  I want  to authenate the requestor in the fabric.
thank you.
best regards. 
qsmeng



-------- 原始邮件 --------
发件人: Nicholas Zanutim <nlzanutim@...>
日期: 2019年12月3日周二 晚上9:31
收件人: fabric@..., qs meng <qsmeng@...>
主 题: Re: [Hyperledger Fabric] identity authentication
You can use Kong Service manager with JWT or any other form of authentication to access the services that submit transactions to the Fabric network. In this case, the user certificate must be present with the services

Em terça-feira, 3 de dezembro de 2019 10:08:44 BRT, qs meng <qsmeng@...> escreveu:


Hi experts, 
      In the current fabric design, the client app is the use of Fabric. Running a client app is a heavy cost  for a mobilephone user. We design a payment system, where a user can sign a payment request with his/her private key, submit it to a client app and then to Fabric.  
A problem exists that how the identity of the user or requestor can be authenticated?  Can anyone give me some suggestions?
 Thank you.
 Best regards,
qsmeng


 



--
Robert C. Broeckelmann Jr | Managing Director |  IyaSec
m: +1 314-494-3398 (SMS or WhatsApp) | fax: +1 (866) 484-1634
email: robert@... | site: iyasec.io

mail: 19215 SE 34th St Ste 106-407 Camas WA 98607-8830





 



 


Fw: First Network on Windows

ontrares@...
 



----- Forwarded Message -----
From: Ont Rares <ontrares@...>
To: hyperledger-fabric@... <hyperledger-fabric@...>
Sent: Sunday, January 12, 2020, 05:40:45 PM GMT+2
Subject: First Network on Windows

      Hi, I encountered a problem on the samples repository.
  
      On the first-network project if I run ./byfn.sh -m generate, ./byfn.sh generate or ./byfn.sh up I always get:*

      Is there a way to just download these certificates or generate them in another way or bypass them? I must use the Windows system.


*
Generating certs and genesis block for channel 'mychannel' with CLI timeout of '10' seconds and CLI delay of '3' seconds
Continue? [Y/n] y
proceeding ...
/c/Users/bc/bin/cryptogen

##########################################################
##### Generate certificates using cryptogen tool #########
##########################################################
+ cryptogen generate --config=./crypto-config.yaml
org1.example.com
panic: runtime error: invalid memory address or nil pointer dereference
[signal 0xc0000005 code=0x0 addr=0x0 pc=0x7ee984]

goroutine 1 [running]:
github.com/hyperledger/fabric/common/tools/cryptogen/msp.GenerateVerifyingMSP(0xc00001a5c0, 0x34, 0x0, 0x0, 0xc00001ca01, 0x16, 0x0)
        /w/workspace/fabric-release-jobs-x86_64/gopath/src/github.com/hyperledger/fabric/common/tools/cryptogen/msp/generator.go:186 +0x2d4
main.generatePeerOrg(0x95319f, 0xd, 0xc00001e270, 0x4, 0xc00001e290, 0x10, 0x1, 0x0,
0x9501fd, 0x2, ...)
        /w/workspace/fabric-release-jobs-x86_64/gopath/src/github.com/hyperledger/fabric/common/tools/cryptogen/main.go:537 +0x762
main.generate()
        /w/workspace/fabric-release-jobs-x86_64/gopath/src/github.com/hyperledger/fabric/common/tools/cryptogen/main.go:395 +0x2a8
main.main()
        /w/workspace/fabric-release-jobs-x86_64/gopath/src/github.com/hyperledger/fabric/common/tools/cryptogen/main.go:223 +0x2af
+ res=2
+ set +x
Failed to generate certificates...





IMP: Failed to update batch size in fabric

Suhan Sumeet
 

Hello Team,

I have an urgent requirement to fulfill and am trying to update the batch size for my network

Am following the tutorial to "Add org3 in to network" that lists out the steps to updated a channel configuration.
While running the final step to update 
" peer channel update -f batch_update_in_envelope.pb -c $CHANNEL_NAME -o orderer.example.com:7050 --tls --cafile $ORDERER_CA"

it fails with below error

2020-01-11 19:41:29.563 UTC [channelCmd] InitCmdFactory -> INFO 001 Endorser and orderer connections initialized
Error: got unexpected status: BAD_REQUEST -- error applying config update to existing channel 'mychannel': error authorizing update: error validating DeltaSet: policy for [Value]  /Channel/Orderer/BatchSize not satisfied: implicit policy evaluation failed - 0 sub-policies were satisfied, but this policy requires 1 of the 'Admins' sub-policies to be satisfied


Please help me out if possible urgently since I have to deliver this in another 10-12 hours.


Re: How to achieve channels isolation on RAFT orderers?

Mr.Phuwanai Thummavet
 

The easiest way to do is to use two private data collection, first is A-B collection and second is B-C collection. This way, all the three orgs can join the same channel or different channels with the private collections without concerning about the orderer nodes at all.

With the private collection, each data collection will only be disseminated p2p to only authorized orgs and the private data will not be passed through any orderer node like the way the public data transactions are performed.

On Thu, 9 Jan 2020, 22:44 Aleksandr Kochetkov, <aleksandr.kochetkov@...> wrote:

3 parties, each have a peer and orderer:

peer.a, orderer.a, peer.b, orederer.b, peer.c, orderer.c

Orderers operating in Raft mode.

2 channels exists A-B, B-C.

Goal is to isolate data flow, so organization C don’t have any access to channel A-B, same for A and channel B-C.


Is it possible to configure orderers in such manner, that orderer.c will not receive and store blocks from channel A-B, and respectively orderer.a from B-C?

 


Re: How to achieve channels isolation on RAFT orderers?

naeemo
 

You may create 3 orderer orgs, ordererOrgA, ordererOrgB, ordererOrgC.
Each of them has one orderer. This way ordererOrgC's orderer doesn't
participate in the A-B channel at all.

I may be wrong, correct me if so.


Re: How to achieve channels isolation on RAFT orderers?

ravinayag .
 

where does Orderer b / org b sit ? Can it sit On multiple syschannels? 

Thanks


On Fri, 10 Jan 2020, 23:18 Yueming Xu, <yxucolo@...> wrote:
It appears that each orderer keeps blocks of each channel, would this mean that the orderer.c will see transactions on the A-B channel, and so will orderer.a see transactions on the B-C channel?  If it does, to prevent orderer.c from reading data on the A-B channel, each org would have to run multiple orderers, and so the A-B network will include only orderers of org-A and org-B.  Or you can put sensitive data in private collections that only org-A and org-B can read.

4001 - 4020 of 11518