In Hyperledger we have something called a network admin and this admin will have access to all the cards and assets on the blockchain (at least I have tried to deny the admin access to assets using the acl, but I couldn't deploy the change, it timed out Everytime). So, is it possible to isolate admin from our business network? Or all the blockchains like ethereum too have the network admin?
Is Hyperledger a truly secure blockchain like ethereum?
Asked Answered
I believe you are referring in your question to Hyperledger Composer rather than Hyperledger Fabric or any part of the Hyperledger Foundation components, so I think it important that a distinction is made here. You also don't specify the version of Hyperledger Composer you tried to use so I the answer here is specific to Composer 0.19.x which is the current release at time of writing.
Hyperledger composer is a framework that makes use of the DLT capabilities of hyperledger fabric. As such any business network is managed and controlled via the mechanisms of hyperledger fabric. So to install/start/upgrade a business network requires the appropriate Hyperledger Fabric permissions to perform chaincode install/instantiate/upgrade. In order to interact with a business network you need an identity that is authorised by hyperledger fabric to do so.
In Composer there is no such thing as a network administrator (ie a single participant or set of participants that have overall authority). All access for ANY participant is controlled by the acl definitions that a defined by the business network. The ability to change the business network (and thus the acls) are controlled by the identity who is allowed to perform a hyperledger fabric chaincode upgrade (or start if doing first deployment).
Composer provides a very simple hyperledger fabric setup for development purposes only as well as a sample ACL that grants a predefined participant type of NetworkAdmin (perhaps this built in default name is confusing as it isn't anything special) allowing it full access to everything. Also in all the tutorials everything is referred to admin and setup that way in order to provide an easy entry into developing business network applications and certainly isn't a guide or representation of how a production network should be set up.
In conclusion, hyperledger composer is bound by whatever capabilities hyperledger fabric has for access (and note that more capabilities to hyperledger fabric are being introduced such as zero knowledge proof). Composer then adds on to this it's own concept of access control governed by the ACL definition, using all of these capabilities you have complete control over what identities and participants can do and see within a hyperledger fabric ledger.
For now, I have tweaked the acl to keep the network admin from accessing the business namespace, but wouldn't it be possible for me to tweak it back and get access to the namespace and therein the participant cards? –
Pfennig
Hyperledger is a permissioned blockchain which has one or many owners and you must get admitted in order to participate (typically through the issuance of certificates by a trusted authority). The integrity of a permissioned ledger is checked by a limited consensus process which are composed of "trusted" actors.
Ethereum on the other hand is permissionless, public, and anyone may join the network. The consensus process is (currently) proof-of-work based and as an incentive to keep the network healthy must pay a fee in order to get your transaction processed which is used to prevent spam attacks, and the miners are also rewarded for their contribution in mining a block, unlike hyperledger where there is no native currency.
As long as you trust the parties involved in verifying the transactions within your hyperledger consortium then you may consider it secure but it's not truly trustless like Ethereum. Hyperledger is geared towards solving the needs of enterprises while Ethereum is a global general purpose blockchain.
So, there is no way to keep the network admin out of the business network deployed on Hyperledger blockchain? –
Pfennig
@MaheshHViraktamath i don't think you can keep the network admin out if the business network is on the same private network –
Cleancut
What are other options than deploying my application on the same private network? –
Pfennig
I believe you are referring in your question to Hyperledger Composer rather than Hyperledger Fabric or any part of the Hyperledger Foundation components, so I think it important that a distinction is made here. You also don't specify the version of Hyperledger Composer you tried to use so I the answer here is specific to Composer 0.19.x which is the current release at time of writing.
Hyperledger composer is a framework that makes use of the DLT capabilities of hyperledger fabric. As such any business network is managed and controlled via the mechanisms of hyperledger fabric. So to install/start/upgrade a business network requires the appropriate Hyperledger Fabric permissions to perform chaincode install/instantiate/upgrade. In order to interact with a business network you need an identity that is authorised by hyperledger fabric to do so.
In Composer there is no such thing as a network administrator (ie a single participant or set of participants that have overall authority). All access for ANY participant is controlled by the acl definitions that a defined by the business network. The ability to change the business network (and thus the acls) are controlled by the identity who is allowed to perform a hyperledger fabric chaincode upgrade (or start if doing first deployment).
Composer provides a very simple hyperledger fabric setup for development purposes only as well as a sample ACL that grants a predefined participant type of NetworkAdmin (perhaps this built in default name is confusing as it isn't anything special) allowing it full access to everything. Also in all the tutorials everything is referred to admin and setup that way in order to provide an easy entry into developing business network applications and certainly isn't a guide or representation of how a production network should be set up.
In conclusion, hyperledger composer is bound by whatever capabilities hyperledger fabric has for access (and note that more capabilities to hyperledger fabric are being introduced such as zero knowledge proof). Composer then adds on to this it's own concept of access control governed by the ACL definition, using all of these capabilities you have complete control over what identities and participants can do and see within a hyperledger fabric ledger.
For now, I have tweaked the acl to keep the network admin from accessing the business namespace, but wouldn't it be possible for me to tweak it back and get access to the namespace and therein the participant cards? –
Pfennig
To avoid confusion, Hyperledger is an umbrella organization under The Linux Foundation. It contains 5 separate blockchain technologies, all open source, all for enterprise usage:
- Hyperledger Fabric--explained above
- Hyperledger Sawtooth--explained below
- Hyperledger Indy (Identity Managment focus)
- Hyperledger Iroha (Mobile app focus)
- Hyperledger Burrow (Ethereum EVM implementation)
Hyperledger Sawtooth is a permissioned blockchain. Sawtooth nodes have a public/private keypair for communication with other nodes. All transactions are signed by the client submitting a transaction and the transactions are replicated in all nodes through an encrypted communication channel using ZMQ message queues.
I would evaluate each technology to see which one best fits your needs.
© 2022 - 2024 — McMap. All rights reserved.