How to achieve channels isolation on RAFT orderers?
|
3 parties, each have a peer and orderer: peer.a, orderer.a, peer.b, orederer.b, peer.c, orderer.c Orderers operating in Raft mode. 2 channels exists A-B, B-C. Goal is to isolate data flow, so organization C don’t have any access to channel A-B, same for A and channel B-C. Is it possible to configure orderers in such manner, that orderer.c will not receive and store blocks from channel A-B, and respectively orderer.a from B-C? |
|
|
|
Yacov
Just make a channel with only a single
organization, or alternatively - create a channel with all organizations
and then remove the organizations you don't want.
From: "Aleksandr Kochetkov" <aleksandr.kochetkov@...> To: fabric@... Date: 01/09/2020 05:47 PM Subject: [EXTERNAL] [Hyperledger Fabric] How to achieve channels isolation on RAFT orderers? Sent by: fabric@... 3 parties, each have a peer and orderer: peer.a, orderer.a, peer.b, orederer.b, peer.c, orderer.c Orderers operating in Raft mode. 2 channels exists A-B, B-C. Goal is to isolate data flow, so organization C don’t have any access to channel A-B, same for A and channel B-C.
|
|
|
|
Yueming Xu
It appears that each orderer keeps blocks of each channel, would this mean that the orderer.c will see transactions on the A-B channel, and so will orderer.a see transactions on the B-C channel? If it does, to prevent orderer.c from reading data on the A-B channel, each org would have to run multiple orderers, and so the A-B network will include only orderers of org-A and org-B. Or you can put sensitive data in private collections that only org-A and org-B can read.
|
|
|
|
ravinayag .
where does Orderer b / org b sit ? Can it sit On multiple syschannels? Thanks On Fri, 10 Jan 2020, 23:18 Yueming Xu, <yxucolo@...> wrote: It appears that each orderer keeps blocks of each channel, would this mean that the orderer.c will see transactions on the A-B channel, and so will orderer.a see transactions on the B-C channel? If it does, to prevent orderer.c from reading data on the A-B channel, each org would have to run multiple orderers, and so the A-B network will include only orderers of org-A and org-B. Or you can put sensitive data in private collections that only org-A and org-B can read. |
|
|
|
You may create 3 orderer orgs, ordererOrgA, ordererOrgB, ordererOrgC.
Each of them has one orderer. This way ordererOrgC's orderer doesn't participate in the A-B channel at all. I may be wrong, correct me if so. |
|
|
|
Mr.Phuwanai Thummavet
The easiest way to do is to use two private data collection, first is A-B collection and second is B-C collection. This way, all the three orgs can join the same channel or different channels with the private collections without concerning about the orderer nodes at all. With the private collection, each data collection will only be disseminated p2p to only authorized orgs and the private data will not be passed through any orderer node like the way the public data transactions are performed. On Thu, 9 Jan 2020, 22:44 Aleksandr Kochetkov, <aleksandr.kochetkov@...> wrote:
|
|
|