The document discusses new features in Hyperledger Fabric versions 1.3 and 1.4, including:
- Identity Mixer for anonymous transactions and state-based endorsement in v1.3.
- Java chaincode support, operational metrics, health check endpoints, and dynamic log levels in v1.4.
- Private data reconciliation allows peers to retrieve private data they were entitled to but did not receive due to network failures.
2. Agenda
2
• Hyperledger Fabric v1.3 New Features
- Identity Mixer for anonymous transactions
- State-base endorsement
- Java chaincode support
• Hyperledger Fabric v1.4 New Features
- Operational metrics for Fabric components
- Health check endpoint
- Dynamic log levels
- Private data reconciliation
- Private data client access control
Ref. - https://hyperledger-
fabric.readthedocs.io/en/release-1.4
3. 3
• Hyperledger Fabric v1.3 New Features
- Identity Mixer for anonymous transactions
- State-base endorsement
- Java chaincode support
• Hyperledger Fabric v1.4 New Features
- Operational metrics for Fabric components
- Health check endpoint
- Dynamic log levels
- Private data reconciliation
- Private data client access control
4. Idemix(ref. IBM Identity Mixer)
4
• Idemix is a cryptographic protocol suite, which provides strong
authentication as well as privacy-preserving features such as
anonymity, the ability to transact without revealing the identity of the
transactor, and unlinkability, the ability of a single identity to send
multiple transactions without revealing that the transactions were
sent by the same identity.
• works in a similar way as client certificates in a classical public-key
infrastructure(PKI), but with two important differences
- Flexible public keys
- Flexible credentials
출처 - https://www.zurich.ibm.com/identity_mixer
8. Idemix(ref. IBM Identity Mixer)
8
• Java SDK를 사용한 Idemix Enrollment 생성 (Private Key, OU값 포함된 Cert)
CA
Peer
Endorser
① CA Info질의
② Nonce 값 질의
③ Idemix Credential 요청 하기
④ Idemix Enrollment 생성
⑤ Proposal 서명
⑥ 서명된 Proposal 전송
9. Idemix(ref. IBM Identity Mixer)
9
• Idemix Enrollment 생성
- Issuer PublicKey, Issuer Revocation PublicKey, MSP ID(for Idemix), User
Secret Key,
Credential, Credential Revocation Information(CRI), Organizational Unit(OU),
Role
• Transaction 요청 시 서명 방법
- X.509
By Private Key
- Idemix
By Secret Key, Pseudonym(Secret Key, Issuer Public Key), Issuer Public Key
10. Idemix(ref. IBM Identity Mixer)
10
• Transaction의 Creator 항목에 포함되는 내용
- X.509
MSP ID, Cert
- Idemix
(pseudonym은 public key로써 서명 검증에 사용됨.)
ou, role, nym_x, nym_y, proof
출처 - https://blockchain-fabric.blogspot.com/2017/04/hyperledger-fabric-v10-block-
structure.html
11. 11
• Hyperledger Fabric v1.3 New Features
- Identity Mixer for anonymous transactions
- State-base endorsement
- Java chaincode support
• Hyperledger Fabric v1.4 New Features
- Operational metrics for Fabric components
- Health check endpoint
- Dynamic log levels
- Private data reconciliation
- Private data client access control
12. State-based endorsement
12
• Endorsement policies are specified for a channel’s chaincode at instantiation or
upgrade time.
• However, there are cases where it may be necessary for a particular state (a
particular key-value pair, in other words) to have a different endorsement
policy. This state-based endorsement allows the default chaincode-level
endorsement policies to be overridden by a different policy for the specified
keys.
• If a key is modified and a key-level endorsement policy is present, the key-
level endorsement policy overrides the chaincode-level endorsement policy.
• If a key’s endorsement policy is removed (set to nil), the chaincode-level
endorsement policy becomes the default again.
13. State-based endorsement
13
• Shim API(Go)
- SetStateValidationParameter(key string, ep []byte) error
- GetStateValidationParameter(key string) ([]byte, error)
- SetPrivateDataValidationParameter(collection string, key string, ep []byte)
error
- GetPrivateDataValidationParameter(collection string, key string) ([]byte,
error)
• key는 먼저 Ledger에 저장 후 State-based endorsement를 적용
- putState(key, value) -> SetStateValidationParameter(key, ep)
• Endorsement Policy에 설정할 수 있는 Role은 member, peer만 가능.
예> Org1MSP.member, Org2MSP.peer
16. 16
• Hyperledger Fabric v1.3 New Features
- Identity Mixer for anonymous transactions
- State-base endorsement
- Java chaincode support
• Hyperledger Fabric v1.4 New Features
- Operational metrics for Fabric components
- Health check endpoint
- Dynamic log levels
- Private data reconciliation
- Private data client access control
17. Java chaincode support
17
• Prerequisites: Java 8, Gradle 4.4/Maven
• 샘플 체인코드 다운로드
$ git clone –b v1.4.0 https://github.com/hyperledger/fabric-chaincode-java
• 체인코드 개발 (with Eclipse)
1. Workspace내 특정 폴더로 샘플 소스 복사
$ cd fabric-chaincode-java/fabric-chaincode-example-maven/
$ cp –rf pom.xml src ${eclipse.workspace}/fabric-java-chaincode-basic
2. Eclipse: Import -> Existing Maven Projects
3. Eclipse: Run -> maven clean, Run -> maven install
4. Eclipse: 정상적으로 target(jar파일)이 생성된 경우 pom.xml, src 폴더를 체인코드 배포
디렉토리로 복사
19. 19
• Hyperledger Fabric v1.3 New Features
- Identity Mixer for anonymous transactions
- State-base endorsement
- Java chaincode support
• Hyperledger Fabric v1.4 New Features
- Operational metrics for Fabric components
- Health check endpoint
- Dynamic log levels
- Private data reconciliation
- Private data client access control
20. Operation Service
20
• The API exposes the following capabilities:
- Log level management(FAB-12265 – Dynamic log levels)
- Health checks(FAB-10851 Health check endpoint)
- Prometheus target for operational metrics (when configured)(FAB-3388 –
Operational metrics for Fabric components)
• Docker 환경 설정
- CORE_OPERATIONS_LISTENADDRESS=0.0.0.0:9443
- CORE_METRICS_PROVIDER=prometheus # prometheus(PULL), statd(Push)
21. Operation Service
• Prometheus
- 음악 유통 플랫폼 제공자인 SoundCloud사 를 중심으로 개발하는 시계열 데이터
베이스
• Grafana
- 다양한 데이터 소스에 직접 연결하여 실시간으로 시각화해 주는 오픈 소스 대시 보드
Prometheus Grafana
Peer
/metrics
/logspec
/healthz
출처 - http://www.opennaru.com/apm/open-source-monitoring-to
22. Operation Service – Log level management
22
• Path: /logspec
• 로그 레벨 질의
- 요청: GET /logspec
- 응답:
{
"spec": "info"
}
• 로그 레벨 변경
- 요청: PUT /logspec
{
"spec": "debug"
}
- 응답: 204 “No Content” 또는 400 “Bad Request”
23. Operation Service – Health Checks
23
• Path: /healthz
• 상태 질의
- 요청: GET /healthz
- 응답
정상: 200 OK
{"status": "OK", "time": "2019-01-21T17:00:22.459948538Z”}
오류: 503 “Service Unavailable”
{"status": "Service Unavailable", "time": "2009-11-10T23:00:00Z",
"failed_checks": [{
"component": "docker",
"reason": "failed to connect to Docker daemon: invalid endpoint"
}]}
24. Operation Service – Metrics (계속)
24
• Path: /metrics
• Metrics 질의
- 요청: GET /metrics
30. Operation Service – Metrics (계속)
30
• Grafana 구성
- http://x.x.x.x:3000
- Dashboard 생성
Block Height
# of Tx
Blockstorage Commit Time
StateDB Commit Time
Block Processing Time
Chaincode Duration Time
31. 31
• Hyperledger Fabric v1.3 New Features
- Identity Mixer for anonymous transactions
- State-base endorsement
- Java chaincode support
• Hyperledger Fabric v1.4 New Features
- Operational metrics for Fabric components
- Health check endpoint
- Dynamic log levels
- Private data reconciliation
- Private data client access control
32. Private data reconciliation
32
• Starting in v1.4, a background process allows peers who are part of a
collection to receive data they were entitled to receive but did not yet receive
— because of a network failure, for example — by keeping track of private
data that was “missing” at the time of block commit. The peer will periodically
attempt to fetch the private data from other collection member peers that are
expected to have it.
• This “reconciliation” also applies to peers of new organizations that are added
to an existing collection. The same background process described above will
also attempt to fetch private data that was committed before they joined the
collection.
• Note that this private data reconciliation feature only works on peers running
v1.4 or later of Fabric.
33. 33
• Hyperledger Fabric v1.3 New Features
- Identity Mixer for anonymous transactions
- State-base endorsement
- Java chaincode support
• Hyperledger Fabric v1.4 New Features
- Operational metrics for Fabric components
- Health check endpoint
- Dynamic log levels
- Private data reconciliation
- Private data client access control
34. Private data client access control
34
• Until version 1.3, access control to private data based on collection
membership was enforced for peers only. Access control based on the
organization of the chaincode proposal submitter was required to be
encoded in chaincode logic.
[ Collection Definition ]
PeerClient
peer1.org1.hlkug
Org1MSP
peer1.org2.hlkug
Org2MSP
Invoke / Query??
OK
35. Private data client access control
35
• Starting in v1.4 a collection configuration option memberOnlyRead can
automatically enforce access control based on the organization of the
chaincode proposal submitter.
• a value of true indicates that peers automatically enforce that only clients
belonging to one of the collection member organizations are allowed read
access to private data.
• a value of false if you would like to encode more granular access control within
individual chaincode functions.
• ‘memberOnlyRead’ 설정에서 member의 의미는 Org에 포함된
member(peer,client,…)
36. Private data client access control
36
• if memberOnlyRead == false,
• if memberOnlyRead == true,
PeerClient
peer1.org1.hlkug
Org1MSP
peer1.org2.hlkug
Org2MSP
Invoke / Query??
OK
PeerClient
peer1.org1.hlkug
Org1MSP
peer1.org2.hlkug
Org2MSP
Invoke / Query??
Invoke OK
Query Fail
37. 37
v1.4 LTS (Jan
2019)
• Operational metrics
for Fabric
components
• Health check
endpoint
• Dynamic log levels
• Private data
reconciliation
• Private data client
access control