Running same application from multiple users


Nikos Karamolegkos
 

Hello, I have a question about client applications in the network. Let's base our talk to the fabcar example. As I understand I can have multiple clients running the same application. For example two users that run the fabcar application (from different host PC). Am I correct? The first question is how a define a second user? Also, I have seen that there is the Readers and Writers logic,  how should I change the test-network/configtx/configtx.yaml file to set that only the one of the two users have the ability to change the owner of a car and the other one user is just a reader?

Thank you,

--
Nikos Karamolegkos
R & D engineer at ICS-FORTH
Telecommunications and Networks Lab (TNL)


이종권
 

The first question is how a define a second user?
You can register another user to the CA and use that user for the second PC.

>
how should I change the test-network/configtx/configtx.yaml file to set that only the one of the two users have the ability to change the owner of a car and the other one user is just a reader?
You should change the source code of fabcar chaincode instead of changing the configtx file.
I recommend you to check out papercontract.js chaincode in the commercial-paper sample. It will be more practical to separate the organization of the two users if you want to give different access rights to the users.
papercontract.js uses ctx.clientIdentity.getMSPID() to check the msp id of the client user identity.


Nikos Karamolegkos
 

So the papercontract.js checks if the user (i.e Isabella) can invoke the transaction? How?


이종권
 

Suppose that your chaincode function only allows identities from ManagerOrg, then you will check if the getMSPID() equals "ManagerOrg".
You also could use ctx.clientIdentity.getID() if you want to control the access by ID, but it will be more tricky to handle.

This is the file I mentioned before.
https://github.com/hyperledger/fabric-samples/blob/main/commercial-paper/organization/magnetocorp/contract/lib/papercontract.js#L184


Nikos Karamolegkos
 

Thanks. So in case there is an smart city IoT based BC network with sensors measurements. If I would like to register a new user (inhabitant of the city) to just view the data (temperature in an area) I must enroll this user and then change the chaincode (and then install it again)? I believe that there is a more plug and play way without changing the chaincode and do all this procedure.


이종권
 

I would make two org for the BC network: CityOrg and CitizenOrg. And register one user for each Org. I would make two applications. One for city staff and one for inhabitants. Every inhabitant in the city will use the inhabitant-application which is a web application and members of the city staff will use the staff-application. If you want to give different user IDs to inhabitants, make a new account system in the inhabitant-application, not in the BC. The inhabitant-application will have only one fabric user in its wallet to access the BC network, while handling thousands of accounts for inhabitants.


Tsvetan Georgiev
 

You can have a Fabric user for each citizen with certificate issued by the CitizenOrg. Inside the certificate of each citizen you can add attributes. For example you can add a user ID, user account ID and anything else that may help you do application level access control inside the chaincode - i.e. user role... That way you will know exactly who triggers a transaction as you will have unique fabric user for each application user.
You can use any identity and access management system to manage your user registration, authentication etc. Internally you can have a fabric wallet for each of those users and use it to interact with the network.

Senofi

Tsvetan Georgiev
Director, Senofi Inc.

438-494-7854 | tsvetan@...

www.senofi.ca

www.consortia.io







---- On Tue, 13 Apr 2021 23:06:03 -0400 이종권 <jongkwon.lee@...> wrote ----

I would make two org for the BC network: CityOrg and CitizenOrg. And register one user for each Org. I would make two applications. One for city staff and one for inhabitants. Every inhabitant in the city will use the inhabitant-application which is a web application and members of the city staff will use the staff-application. If you want to give different user IDs to inhabitants, make a new account system in the inhabitant-application, not in the BC. The inhabitant-application will have only one fabric user in its wallet to access the BC network, while handling thousands of accounts for inhabitants.






Jayakar <Jayakar_J_Joseph@...>
 

Proposing the interested to join at a Collaborative partnership network to build a Global Digital Healthcare Infrastructure by Integrated Apps & Devices in Hyperledger framework to proceed with a ‘Global Digital Human Coronavirus Harmful Mutants & lineage Control (HCHMC) Program by WHO. They may deploy a local native hybrid cloud server of Digital Cluster Control (DCC) Node with a cluster of 3 to 10 Digitizable Healthcare centers (DH) of Hospitals, Nursing homes, Clinics and Primary Health centers at their preferred locations.  

For more details on this to enroll as a collaborative partner for this project, they may please contact, Department of Research for Health, World Health Organization to participate in this project for the revival of humanity from this pandemic crisis, sustainably. 

Subsequently these collaborative partners may discuss between them at Hyperledger groups and Meetups, to integrate their developments in this framework, by receiving technology resources from this Department, that shall be deployed in CI/CD strategy, governed by this Department.  



From: fabric@... <fabric@...> on behalf of Tsvetan Georgiev <tsvetan@...>
Sent: Wednesday, April 14, 2021 4:14 AM
To: "이종권" <jongkwon.lee@...>
Cc: fabric <fabric@...>
Subject: Re: [Hyperledger Fabric] Running same application from multiple users
 
You can have a Fabric user for each citizen with certificate issued by the CitizenOrg. Inside the certificate of each citizen you can add attributes. For example you can add a user ID, user account ID and anything else that may help you do application level access control inside the chaincode - i.e. user role... That way you will know exactly who triggers a transaction as you will have unique fabric user for each application user.
You can use any identity and access management system to manage your user registration, authentication etc. Internally you can have a fabric wallet for each of those users and use it to interact with the network.

Senofi

Tsvetan Georgiev
Director, Senofi Inc.

438-494-7854 | tsvetan@...

www.senofi.ca

www.consortia.io







---- On Tue, 13 Apr 2021 23:06:03 -0400 이종권 <jongkwon.lee@...> wrote ----

I would make two org for the BC network: CityOrg and CitizenOrg. And register one user for each Org. I would make two applications. One for city staff and one for inhabitants. Every inhabitant in the city will use the inhabitant-application which is a web application and members of the city staff will use the staff-application. If you want to give different user IDs to inhabitants, make a new account system in the inhabitant-application, not in the BC. The inhabitant-application will have only one fabric user in its wallet to access the BC network, while handling thousands of accounts for inhabitants.






이종권
 

Yes. You can have multiple fabric users in the CitizenOrg. But, it will bring no benefit because inhabitants will not update the ledger, while it will make the inhabitant-application more complicated.
We could consider the staff-application to have multiple fabric users in the CityOrg. It will enable us to track who updated the ledger and it will not make the staff-application complicated assuming that there will be only several users in the CityOrg.


Nikos Karamolegkos
 

Nice ideas both. So to be more specific, the CityOrg would have some raspberries as IoT gateways (network) which are receiving sensor measurements (like empty parking positions, temperature, etc) from the end devices. I am thinking of running a fabric application into raspberries (i.e the client application runs in raspberry) to use the smart contracts (chaincode) to write the measurements (or a hash for better memory utilization) to the ledger. I am thinking also running some GW raspberries as peers too (eg. 3-4 PI).  For the CitizenOrg/ValidatorOrg I am thinking to have two applications (running to PCs), one for the citizen to just read the data (I have to think which of your proposed two approaches to follow), and an other application which can change the data to the ledger (e.g set a parking position to unavailable for some reason). Also, the CitizenOrg/ValidatorOrg would have some peer (3 or 4) which will be part of the endorsing policy for writing data to ledger by CityOrg (to avoid the control of the ledger by a single org). I have to think how to deploy the orderers too.

In case an other city want to join the BC network will be a new org with characteristics similar to CityOrg.

Bases on your experience are these all steps a good approach? I am new to BC idea so any other ideas are welcome. We have already build an IoT network with raspberries for GWs (flow: sensor-> gateway->broker->database->ui) and we would like to make the BC part of it


Jayakar <Jayakar_J_Joseph@...>
 

Proposing the interested to join at a Collaborative partnership network to build a Global Digital Healthcare Infrastructure by Integrated Apps & Devices in Hyperledger framework to proceed with a ‘Global Digital Human Coronavirus Harmful Mutants & lineage Control (HCHMC) Program by WHO. They may deploy a local native hybrid cloud server of Digital Cluster Control (DCC) Node with a cluster of 3 to 10 Digitizable Healthcare centres (DH) of Hospitals, Nursing homes, Clinics and Primary Health centres at their preferred locations.  

For more details on this to enrol as a collaborative partner for this project, they may please contact, Department of Research for Health, World Health Organization to participate in this project for the revival of humanity from this pandemic crisis, sustainably. 

Subsequently these collaborative partners may discuss between them at Hyperledger groups and Meetups, to integrate their developments in this framework, by receiving technology resources from that Department while that shall be deployed in CI/CD strategy and on governance by that Department. 



From: fabric@... <fabric@...> on behalf of 이종권 <jongkwon.lee@...>
Sent: Wednesday, April 14, 2021 6:00 AM
To: fabric@... <fabric@...>
Subject: Re: [Hyperledger Fabric] Running same application from multiple users
 
Yes. You can have multiple fabric users in the CitizenOrg. But, it will bring no benefit because inhabitants will not update the ledger, while it will make the inhabitant-application more complicated.
We could consider the staff-application to have multiple fabric users in the CityOrg. It will enable us to track who updated the ledger and it will not make the staff-application complicated assuming that there will be only several users in the CityOrg.


Brian Behlendorf
 

Hi folks, no need to reply to Jayakar here about his repeated thread-hijacking, we'll handle off-list. Thanks.

Brian

On 4/14/21 7:08 AM, Jayakar wrote:

Proposing the interested to join at a Collaborative partnership network




-- 
Brian Behlendorf
General Manager for Blockchain, Healthcare and Identity
bbehlendorf@...
Twitter: @brianbehlendorf


David Enyeart
 

You should also take a look at attribute based access control in chaincode, to authorize users to chaincode actions based on issued role attributes.
See the sample and linked docs: https://github.com/hyperledger/fabric-samples/tree/main/asset-transfer-abac


"Nikos Karamolegkos" ---04/14/2021 04:03:26 AM---Nice ideas both. So to be more specific, the CityOrg would have some raspberries as IoT gateways (ne

From: "Nikos Karamolegkos" <nkaram@...>
To: fabric@...
Date: 04/14/2021 04:03 AM
Subject: [EXTERNAL] Re: [Hyperledger Fabric] Running same application from multiple users
Sent by: fabric@...





Nice ideas both. So to be more specific, the CityOrg would have some raspberries as IoT gateways (network) which are receiving sensor measurements (like empty parking positions, temperature, etc) from the end devices. I am thinking of running ZjQcmQRYFpfptBannerStart
This Message Is From an External Sender
This message came from outside your organization.
ZjQcmQRYFpfptBannerEnd
Nice ideas both. So to be more specific, the CityOrg would have some raspberries as IoT gateways (network) which are receiving sensor measurements (like empty parking positions, temperature, etc) from the end devices. I am thinking of running a fabric application into raspberries (i.e the client application runs in raspberry) to use the smart contracts (chaincode) to write the measurements (or a hash for better memory utilization) to the ledger. I am thinking also running some GW raspberries as peers too (eg. 3-4 PI). For the CitizenOrg/ValidatorOrg I am thinking to have two applications (running to PCs), one for the citizen to just read the data (I have to think which of your proposed two approaches to follow), and an other application which can change the data to the ledger (e.g set a parking position to unavailable for some reason). Also, the CitizenOrg/ValidatorOrg would have some peer (3 or 4) which will be part of the endorsing policy for writing data to ledger by CityOrg (to avoid the control of the ledger by a single org). I have to think how to deploy the orderers too.

In case an other city want to join the BC network will be a new org with characteristics similar to CityOrg.

Bases on your experience are these all steps a good approach? I am new to BC idea so any other ideas are welcome. We have already build an IoT network with raspberries for GWs (flow: sensor-> gateway->broker->database->ui) and we would like to make the BC part of it