Blockchain Explored

A Technical Deep-Dive on Hyperledger Fabric V1

Angel Hernandez Bravo

IBM CTO Europe Office
angelhbravo@es.ibm.com

@angelhbravo
Blockchain education series

Explained Solutions Composed Architected Explored Next Steps

© 2017 IBM Corporation

1
Introducing Hyperledger

Global collaboration
Open source
Hosted by spanning finance,
collaborative effort to
The Linux Foundation, banking, IoT, supply
advance cross-industry
fastest-growing project in chains, healthcare,
blockchain
LF history manufacturing,
technologies
technology and more.

2
Together with the global technology community, The Linux Foundation® is solving the
world’s hardest problems through open source and creating the largest shared
technology investment in history.
With 16 years experience providing governance structure, IT infrastructure and
ecosystem development, The Linux Foundation is the umbrella organization for more than
60 open source projects accelerating open technology development and commercial
adoption.
Some of the game-changing initiatives hosted by The Linux Foundation include:

3
Shared Ledger Database
Blockchain allows multiple different parties to securely
interact with the same universal source of truth

Finance Healthcare Supply Chain

Streamlined settlement,
improved liquidity,
increased transparency
and new products/markets
Unite disparate processes,
increase data flow and
liquidity, reduce costs and
improve patient
experience and outcomes
Track parts and service
provenance, ensure
authenticity of goods,
block counterfeits, reduce
conflicts

4
Hyperledger Goals
Where open source teams build diverse approaches
for business blockchain technology systems

Create enterprise Provide neutral, Build technical Educate Promote our

grade, open source, open, & community- communities the public community of
distributed ledger driven infrastructures communities
to develop blockchain about the market
frameworks & supported by technical and shared ledger opportunity for taking a toolkit
code bases and business POCs, use cases, field blockchain technology approach with many
to support business governance trials and deployments platforms and
transactions frameworks

5
Hyperledger Modular Umbrella Approach
Infrastructure
Technical, Legal,
Marketing, Organizational
Ecosystems that accelerate Open Container
open development and Cloud Foundry Node.js Hyperledger
Initiative
commercial adoption

Frameworks
Meaningfully differentiated approaches Hyperledger Hyperledger Hyperledger Hyperledger Hyperledger
to business blockchain frameworks Indy Fabric Iroha Sawtooth Burrow
developed by a growing community of
communities
Tools
Typically built for one framework, and through Hyperledger Hyperledger Hyperledger Hyperledger
common license and community of communities Quilt Composer Explorer Cello
approach, ported to other frameworks

6
Hyperledger Business Blockchain Frameworks
● Hyperledger Fabric: Intended as a foundation for developing applications or solutions with a
modular architecture, Hyperledger Fabric allows components, such as consensus and membership
services, to be plug-and-play.
● Hyperledger Iroha: A business blockchain framework designed to be simple and easy to
incorporate into infrastructural projects requiring distributed ledger technology.
● Hyperledger Sawtooth: A modular platform for building, deploying, and running distributed ledgers.
Hyperledger Sawtooth includes a novel consensus algorithm, Proof of Elapsed Time (PoET), which
targets large distributed validator populations with minimal resource consumption.
● Hyperledger Burrow: A permissionable smart contract machine. The first of its kind when released
in December, 2014, Burrow provides a modular blockchain client with a permissioned smart contract
interpreter built in part to the specification of the Ethereum Virtual Machine (EVM).
● Hyperledger Indy: Tools, libraries, and reusable components for providing digital identities rooted
on blockchains or other distributed ledgers so that they are interoperable across administrative
domains, applications, and any other silo.
7
Hyperledger Technical Scope
Out of Scope Custom Applications App Layer

API libraries and GUIs

Specialized consensus algos
Membership policies Value Added Systems
Gateway
Operations dashboard
In Scope Core APIs Core APIs
Code execution environment
Ledger data structures
Modular consensus framework Shared Ledger
Modular identity services
Network peers

8
Leadership
“
2016 was full of growth for the organization and
community. Not only did we exceed 100 members,
Hyperledger met significant development
milestones across our several Umbrella projects,
thanks to the community’s hard work. As 2016 was
a year of exploration, R&D and prototyping, we’re
excited for 2017 to be the year we start to see
case studies of Hyperledger Business Blockchain
Technologies in production environments.”
Brian Behlendorf
Executive Director
Apache Web server – Primary developer
Apache Software Foundation – Founding member
Mozilla Foundation – BOD since 2003
Electronic Frontier Foundation – BOD since 2013
CollabNet – Founding CTO
World Economic Forum – CTO
Most recently, managing director at Mithril Capital
Management LLC, a global technology investment firm
9
Governing Board
Comprised of one voting representative from each
Premier Hyperledger member and attended by the
TSC and Marketing Committee Chairs, the
Governing Board’s responsibilities include:
• Approving a budget
• Electing a Chair to preside over Governing
Board meetings, authorize expenditures
approved by the budget and manage any day-
to-day operations
• Overseeing all Project business and marketing
matters
Blythe Masters
Governing Board Chair
Digital Asset – CEO
Digital Asset builds distributed, encrypted straight through
processing tools to improve efficiency, security,
compliance and settlement speed.
Blythe was previously a senior executive at J.P. Morgan,
which she left in 2014 after a career spanning 27 years,
following the successful sale of the bank’s physical
commodities business which she built.
Named J.P. Morgan's head of Global Commodities in
2007, Blythe was responsible for building an integrated
physical and financial commodity business, including
market-making, structuring, risk management, financing
and warehousing capabilities across the full spectrum of
commodity asset classes.
10
Technical Steering
Committee
The TSC is the technical governance heart and
soul of the project. As new code bases get
contributed to the project they get reviewed and
approved by this committee.
Committing members appoint and vote the TSC
Chair annually.
Meets weekly on Thursday, 10:00 AM to 11:30 AM ET
All are invited to attend these calls and encouraged to join the TSC
mailing list for more information:
https://lists.hyperledger.org/mailman/listinfo/hyperledger-tsc
Chris Ferris
TSC Chair
IBM Distinguished Engineer and CTO Open
Technology in the IBM Cloud organization
Involved in the architecture, design, & engineering of
distributed systems for most of his 36+ year career
Actively engaged in open standards and open source
development since 1999
Overall technical responsibility for all of IBM’s strategic
open technology initiatives, including OpenStack, Cloud
Foundry, Hyperledger Project, Open Container
Initiative, Cloud Native Computing Foundation,
Mesos, Node.js, Docker, and more
11
Marketing Committee
The Hyperledger Marketing Committee is open to
all Hyperledger members and is charged with
defining and executing the marketing and
outreach strategy.
To date, the Committee has established four
standing Working Groups – PR, Messaging,
Events and Healthcare – and is exploring
additional ones.
Dan O’Prey
Marketing Committee Chair
Digital Asset – CMO
Dan was the co-founder and CEO of Hyperledger, a San
Francisco-based technology firm that developed an
innovative distributed ledger to allow financial institutions
to clear and settle transactions in real-time.
Prior to Hyperledger, Dan lived in Beijing where he
founded and served as the CEO of MadeiraCloud
(VisualOps), a visual cloud management and automation
tool for Amazon Web Services.
12
Additional Community Working Groups
Working Groups are open to the public

Technical
Working Group, China Requirements Identity
Working Group Working Group
(TWG - China)

Architecture Whitepaper Healthcare

Working Group Working Group Working Group

13
Hyperledger Momentum

200+ 9 2 3.6M+ 77K+

Enrolled in 1st Edx
Members Hyperledger Production 1.0
Lines of Code course
(30+ in China) projects releases
(2k+ completed)

Hosted the most

popular webinar in
history of The
Linux Foundation
100+ 28K+ 35K+ 1.5K+
Meetups Meetup Avg. monthly press
on Hyperledger Twitter Followers
Worldwide Participants mentions in 2017
Fabric v1.0

14
Community and Ecosystem Engagement
Behlendorf is a regular keynoter and
Hyperledger exhibits at cross-industry events.
Hyperledger Member Summit and first annual
Hyperledger Global Forum.

Active engagement with technology and

finance journalists and analysts to continue
educating the market on Hyperledger.
hyperledger.org/news

Technical Steering Committee hosts regular

online and face-to-face hackathons. Join our
mailing lists to learn about these and other
technical activities. hyperledger.org/community

15
Hyperledger Global Meetups

Hyperledger Meetups

We are 25k+ members across 101 Meetups

16
Join Your Industry Peers
Hyperledger Premier Members Serving on the Governing Board.

17
 Join Your Industry Peers
General Members
Broadridge Financial Eli Lilly & Company Korea Security Depository Pravici Swisscom AG
1WorldBlockchain
Solutions Embleema Koscom PwC Tai Yi Yun
8base
BTS Energy Blockchain Labs KrypC Corp R3 Tencent Cloud
8Common
CA Technologies Ernst & Young LedgerDomain RadarWin Cyber Thales
ABN Amro
Calastone Factom Foundation Libra Technology Thomson Reuters
Aetna
Capgemini Filament Loyyal Corporation Red Hat TMX Group Limited (TSX)
Agavon
Centra Tech FORFIRM Lykke Revelry Labs TradeIX Limited
AlphaPoint
Chain Connected ForgeRock MadHive Robert Bosch Turkcell
Altoros Americas LLC
ChainNova FZG360 Network Co. Ltd Majid Al Futtaim Samsung SDS United Traders
Aktsiaselts Eurostep Digital
China Merchants Bank GameCredits Medicalchain Sberbank VitalHub Corp.
AMIHAN Global
China Minsheng Bank Gem MetaX ScanTrust SA VMware
ANNE
CITIC Gibraltar Stock Exchange MIRACL UK Limited Schroder Investment Wipro
ANZ
Clause, Inc (GSX) Monax Industries Limited Management Limited Xinguodu
ArcBlock
Cloudsoft Corporation Global Blockchain MonetaGo SecureKey Technologies Technology CO., LTD
B9lab
Ltd. Technologies Moscow Exchange ~sedna GmbH YDreams Global
BBVA
CLS Bank International Global Peersafe Murphy & McGonigle, Sempre IT Yuphant Blockchain
Beijing Botuzongheng
CME Group Technology Corp. P.C. Shanghai Ginkoo Zhejiang Shuqin
Science & Technology
Cognition Foundry GM Financial National Stock Exchange Financial Technology Technology
Co., Ltd.
Coinplug Guardtime of India Shanghai Onechain Beijing Smart Card
Beijing RZXT Technology
CollectorIQ Inc. GXChain New H3C Technologies Information Technology Research
Development
Cuscal Limited Hangzhou Fuzamei NEX Optimisation Technology Institute
Beijing Xiaomi Mobile
Data Deposit Box Technology Nexiot Shenzhen Forms Syntron Ziggurat Technology
Software
Dealer Market Exchange Hashed Health Norbloc Information Shenzhen
Belink Technologies
Deloitte Consulting LLP Huawei NTT Data Sinolending Ltd
Bitmark
Deutsche Börse Group Hyperchain Technologies Oracle Smart Block Laboratory
BitSE
DLT Labs Information Builders Orange Magic Cube Smartchains
Blockchain
Easy Visible Supply Chain Inspur Patientory Smart Link Lab
Blockchain Training Alliance
Management IntellectEU Paxos Soramitsu
BLOCKO Inc.
EBPI BV Kaiser Permanente PetroBloq State Street
Bloq
Elementrem Korea Exchange PDX Technologies SWIFT 18
BNP Paribas
Get Involved!
Ensure the strength and longevity of a core
technology to your business.

Publicly proclaim your leadership in the

blockchain space.

Work with other blockchain leaders to develop

and promote Hyperledger blockchain for business
technologies.

Visit hyperledger.org/about/join
or email info@hyperledger.org.
Contents

Project Status and

Roadmap

Technical Deep Dive

20
© 2017 IBM Corporation
What is Hyperledger Fabric

• Linux Foundation Hyperledger

– A collaborative effort created to advance cross-industry blockchain technologies for business

• Hyperledger Fabric
– An implementation of blockchain technology that is intended as a foundation for developing
blockchain applications
– Key technical features:
• A shared ledger and smart contracts implemented as “chaincode”
• Privacy and permissioning through membership services
• Modular architecture and flexible hosting options

• V1.0 released July 2017: contributions by 159 engineers from 27 organizations

– IBM is one of the contributors to Hyperledger Fabric

21
Hyperledger Composer/Fabric Business Application

https://hyperledger.github.io/composer
Hyperledger Composer
• A suite of high level application abstractions for business networks
• Emphasis on business-centric vocabulary for quick solution creation
• Reduce risk, and increase understanding and flexibility Blockchain
(Hyperledger Fabric)
• Features
– Model your business networks, test and expose via APIs
– Applications invoke transactions to interact with business network
– Integrate existing systems of record

• Fully open and part of Linux Foundation Hyperledger

• Try it in your web browser now:

http://composer-playground.mybluemix.net/ 22
22
Hyperledger Code Business Application

Hyperledger Composer
HTML5
Angular 2, Iocnic,
Yeoman
Blockchain
(Hyperledger Fabric)

Node.js

.go .java ChainCodes

(SmartContracts)

23
23
Hyperledger Fabric V1 Architecture

Membership
Services
Provider
Peer
Client SDK
Application (HFC) Endorser

Committer
O O Ledger
Chaincode
A
B

O O
Events !

Ordering Service

24
Overview of Hyperledger Fabric v1 – Design Goals

• Better reflect business processes by specifying who endorses transactions

• Support broader regulatory requirements for privacy and confidentiality
• Scale the number of participants and transaction throughput
• Eliminate non deterministic transactions
• Support rich data queries of the ledger
• Dynamically upgrade the network and chaincode
• Support for multiple credential and cryptographic services for identity
• Support for ”bring your own identity”

25
Contents

Project Status and

Roadmap

Technical Deep Dive

26
© 2017 IBM Corporation
Recall key blockchain concepts

D
Blockchain Smart
Application Ledger
Developer Contract
f(abc); …

Traditional
Traditional Systems
Processing
Data Sources Events Integration
Platforms
O !
Blockchain
Operator

Peers Consensus Security

27
Hyperledger Fabric V1 - Deep Dive Topics

• Network Consensus
• Channels and Ordering Service
• Network setup
• Endorsement Policies
• Permissioned ledger access
• Pluggable world-state

28
Network Consensus
Nodes and roles

Committing Peer: Maintains ledger and state. Commits transactions. May

hold smart contract (chaincode).

Endorsing Peer: Specialized committing peer that receives a transaction

proposal for endorsement, responds granting or denying endorsement.
Must hold smart contract

Ordering Nodes (service): Approves the inclusion of transaction blocks

into the ledger and communicates with committing and endorsing peer
nodes. Does not hold smart contract. Does not hold ledger.

30
 Sample transaction: Step 1/7 – Propose transaction

Application proposes transaction

E0 P3 P4 Endorsement policy:
A A • “E0, E1 and E2 must sign”
B D
• (P3, P4 are not part of the policy)

Client application submits a transaction

Client
Application
S
D E1 proposal for Smart Contract A. It must
K
A
B
O O target the required peers {E0, E1, E2}

O O
Key:
P
E2 Endorser Ledger
A
B
Ordering-Service Committing Peer Application

Hyperledger Fabric Ordering Node

Smart Contract Endorsement

(Chaincode) Policy

31
 Sample transaction: Step 2/7 – Execute proposal

Endorsers Execute Proposals

E0 P3 P4 E0, E1 & E2 will each execute the

A A proposed transaction. None of these
B D
executions will update the ledger

Each execution will capture the set of

Client
Application
S
D E1 Read and Written data, called RW sets,
K
A
B
O O which will now flow in the fabric.

Transactions can be signed & encrypted

O O
Key:
P
E2 Endorser Ledger
A
B
Ordering-Service Committing Peer Application

Hyperledger Fabric Ordering Node

Smart Contract Endorsement

(Chaincode) Policy

32
 Sample transaction: Step 3/7 – Proposal Response

Application receives responses

E0 P3 P4 RW sets are asynchronously returned to

A A application
B D

The RW sets are signed by each

endorser, and also includes each record
E1
S
Client
Application
D version number
K
A
B
O O
(This information will be checked much
later in the consensus process)

O O
Key:
P
E2 Endorser Ledger
A
B
Ordering-Service Committing Peer Application

Hyperledger Fabric Ordering Node

Smart Contract Endorsement

(Chaincode) Policy

33
 Sample transaction: Step 4/7 – Order Transaction

Application submits responses for ordering

E0 P3 P4 Application submits responses as a

A A transaction to be ordered.
B D

Ordering happens across the fabric in

parallel with transactions submitted by
E1
S
Client
Application
D other applications
K
A
B
O O

O O
Key:
P
E2 Endorser Ledger
A
B
Ordering-Service Committing Peer Application

Hyperledger Fabric Ordering Node

Smart Contract Endorsement

(Chaincode) Policy

(other applications) 34
 Sample transaction: Step 5/7 – Deliver Transaction

Orderer delivers to all committing peers

E0 P3 P4 Ordering service collects transactions

A A into proposed blocks for distribution to
B D
committing peers. Peers can deliver to
other peers in a hierarchy (not shown)
Client
Application
S
D
K
E1
A
B
* O O
Different ordering algorithms available:
• SOLO (Single node, development)
• Kafka (Crash fault tolerance)

O O
Key:
P
E2 Endorser Ledger
A
B
Ordering-Service Committing Peer Application

Hyperledger Fabric Ordering Node

Smart Contract Endorsement

(Chaincode) Policy

35
 Sample transaction: Step 6/7 – Validate Transaction

Committing peers validate transactions

E0 P3 P4 Every committing peer validates against

A A the endorsement policy. Also check RW
B D
* * * sets are still valid for current world
state

E1
S
Client
Application
D Validated transactions are applied to
K
A
B
O O the world state and retained on the
* ledger

Invalid transactions are also retained on

O O
Key:
P
E2 the ledger but do not update Ledger
Endorser
world
A state
B
* Ordering-Service Committing Peer Application

Hyperledger Fabric Ordering Node

Smart Contract Endorsement

(Chaincode) Policy

36
 Sample transaction: Step 7/7 – Notify Transaction

Committing peers notify applications

! E0 ! P3 ! P4 Applications can register to be notified

A A when transactions succeed or fail, and
B D
when blocks are added to the ledger

Applications will be notified by each

E1
S
Client
Application
D ! ! peer to which they are connected
K
A
B
O O

O O
Key:
P
! E2 Endorser Ledger
A
B
Ordering-Service Committing Peer Application

Hyperledger Fabric Ordering Node

Smart Contract Endorsement

(Chain code) Policy

37
Sample transaction: Summary

38
Channels and Ordering Service
Ordering Service

The ordering service packages transactions into blocks to be

delivered to peers. Communication with the service is via channels.

Different configuration options for the ordering service

include:

O O – SOLO
• Single node for development
– Kafka : Crash fault tolerant consensus
O O • 3 nodes minimum
Ordering-Service • Odd number of nodes recommended

40
Channels

Separate channels isolate transactions on different

ledgers
– Chaincode is installed on peers that need to access the
worldstate
E0 O O – Chaincode is instantiated on specific channels for
specific peers
– Ledgers exist in the scope of a channel
O O
E1 • Ledgers can be shared across an entire network of peers

Ordering-Service
• Ledgers can be included only on a specific set of participants
– Peers can participate in multiple channels
– Concurrent execution for performance and scalability

41
 Single Channel Network

• Similar to v0.6 PBFT model

• All peers connect to the same
system channel (blue).
Client
Application
S
D
K
E0 E2 • All peers have the same chaincode
and maintain the same ledger
O
A
O
A
B
B
• Endorsement by peers E0, E1, E2 and
E3
P

O O
E1 E3 Key:

Endorser Ledger
A Ordering-Service A
B B
Committing Peer Application

Hyperledger Fabric
Ordering Node

Smart Contract Endorsement

(Chaincode) Policy

42
 Multi Channel Network

• Peers E0 and E3 connect to the red

channel for chaincodes Y and Z
Client
Application
S
D
K
E0 E2 • Peers E1 and E2 connect to the blue
channel for chaincodes A and B
O
Z
O
A
B
Y

P P

O O
Client
Application
S
D
K
E1 E3 Key:

Endorser Ledger
A Ordering-Service Y
B Z
Committing Peer Application

Hyperledger Fabric
Ordering Node

Smart Contract Endorsement

(Chaincode) Policy

43
Network Setup
Bootstrapping the Network (1/6) – Configure & start
Ordering Service

O O

O O
Ordering-Service

Hyperledger Fabric

• An Ordering Service is configured and started for other network peers to use

49
Bootstrapping the Network (2/6) – Configure and Start
Peer Nodes

E0 E2
O O

O O
E1 Ordering-Service
P4

Hyperledger Fabric

• A peer is configured and started for each Endorser or Committer in the network

50
Bootstrapping the Network (3/6) – Install Chaincode

E0 E2
A
B O O A
B

O O
E1 Ordering-Service
P4
A
B

Hyperledger Fabric

• Chaincode is installed onto each Endorsing Peer that needs to execute it

51
Bootstrapping the Network (4/6) – Create Channels

E0 E2
A
B O O A
B

O O
E1 Ordering-Service
P4
A
B

Hyperledger Fabric

• Channels are created on the ordering service

52
Bootstrapping the Network (5/6) – Join Channels

E0 E2
A
B O O A
B

O O
E1 Ordering-Service
P4
A
B

Hyperledger Fabric

• Peers that are permissioned can then join the channels they want to transact on

53
Bootstrapping the Network (6/6) – Instantiate Chaincode

E0 E2
A
B O O A
B

O O
E1 Ordering-Service
P4
A
B

Hyperledger Fabric

• Peers finally instantiate the Chaincode on the channels they want to transact on

• Once instantiated a Chaincode is live and can process transaction requests

• Endorsement Policy is specified at instantiation time 54
Endorsement Policies
Endorsement Policies

An endorsement policy describes the conditions by which a transaction can

be endorsed. A transaction can only be considered valid if it has been
endorsed according to its policy.

– Each chaincode is associated with an Endorsement Policy

– Default implementation: Simple declarative language for the policy
– ESCC (Endorsement System ChainCode) signs the proposal response on the endorsing peer
– VSCC (Validation System ChainCode) validates the endorsements

Endorsment Peer Committing Peer

Chaincode ESCC VSCC Ledger

Sign Order - Deliver Policy

Propose - Execute - Respond Validate -

Commit
56
Endorsement Policy Syntax

$ peer chaincode instantiate

-C mychannel
-n mycc This command instantiates the chaincode
-v 1.0
-p chaincode_example02 mycc on channel mychannel with the policy
-c '{"Args":["init","a", "100", AND('Org1MSP.member')
"b","200"]}'
-P "AND('Org1MSP.member')“

Policy Syntax: EXPR(E[, E...])

Where EXPR is either AND or OR and E is either a principal or nested EXPR.

Principal Syntax: MSP.ROLE

Supported roles are: member and admin.

Where MSP is the MSP ID required, and ROLE is either “member” or “admin”.
57
Endorsement Policy Examples

Examples of policies:

• Request 1 signature from all three principals

– AND('Org1.member', 'Org2.member', 'Org3.member')

• Request 1 signature from either one of the two principals

– OR('Org1.member', 'Org2.member')

• Request either one signature from a member of the Org1 MSP or (1 signature
from a member of the Org2 MSP and 1 signature from a member of the Org3
MSP)

– OR('Org1.member', AND('Org2.member', 'Org3.member'))

58
Permissioned Ledger Access
 Membership Services Overview
Blockchain
Certificate User A
Blockchai
Authority n User B
✓ U
U
uses
- Enroll
Ecert
Membership - Request Ecert Client
uses
Enrollment certificate
Services Application
(Ecert) is the long term Provider API
SDK
identity of the participant on Client
the blockchain network Application
invokes SC txn
(signed with Ecert) SDK

invokes SC txn
(signed with Ecert)

Hyperledger Fabric
60
Transaction and Identity Privacy

• Enrollment Certificates, Ecerts

– Long term identity
– Can be obtained offline, bring-your-own-identity

• Permissioned Interactions
– Users sign with their Ecert

• Membership Services
– Abstract layer to credential providers

61
Membership Services Provider API

Membership Membership Services Provider API

Services
Peer / Provider API • Pluggable interface supporting a range of
Client / credential architectures

Fabric-CA

External
Orderer

CA API
• Default implementation calls Fabric-CA.

API
Implements

• Governs identity for Peers and Users.

• Provides:
• User authentication
• User credential validation
• Signature generation and verification
• Optional credential issuance

✓ ✓ • Additional offline enrollment options

possible (eg File System).
Fabric-CA External
Certificate Authority Certificate Authority
62
Membership Services Provider (MSP)

• An abstraction to represent a membership authority and its operations on issuing and

management of Hyperledger Fabric membership credentials in a modular & pluggable way
– Allows for the co-existence of a variety of credential management architectures
– Allows for easy organizational separation in credential management/administration operations
according to business rules at a technical level
– Potential to smoothly easily support different standards and membership implementations
– Easy and straight-forward interface that the core can understand

• Described by a generic interface to cover:

– User credential validation
– User (anonymous but traceable) authentication: signature generation and verification
– User attribute authentication: attribute ownership proof generation, and verification
– (optionally) User credential issue

64
Fabric-CA Details
Membership
Services
Fabric-CA
Provider API
Fabric-CA API • Default implementation of the
Membership Services Provider
Interface.
Ecert ✓
• Issues Ecerts (long-term identity

• Supports clustering for HA

characteristics
Fabric-CA
• Supports LDAP for user authentication

Root • Supports HSM

Certificate Authority
HSM

LDAP
cluster DB Authenticate
Enroll ID, secret 66
Fabric-CA

Certificate Authority
● Issues Ecerts and manages renewal and revocation
● Supports:
Clustering for HA characteristics
LDAP server for registration and enrollment
Hardware Security Modules

67
New User Registration and Enrollment
Operator
Client
Application
O
SDK Registration and Enrollment

1. Register(Enroll ID) • Admin registers new user with

Enroll ID
returns( secret)

Blockchain
• User enrolls and receives
User credentials
✓
3. Enroll(Enroll ID, secret) Client • Additional offline registration

SDK
returns Ecert
Application U and enrollment options available

wallet
Fabric-CA Ecert

68
 Application Level Encryption
Blockchain
User Data Encryption
Client SDK signs with Ecert
Application Handled in the application domain.
Encrypt tx input tx

SDK
Multiple options for encrypting:
wallet • Transaction Data
• Chaincode*
Chaincode • World-State data
Decrypt tx input
Encrypt world-state data Chaincode optionally deployed with
cryptographic material, or receive it
in the transaction from the client
application using the transient data
block field (not stored on the ledger).
World state tx
encrypted data encrypted …
*Encryption of application
Blockchain chaincode requires additional
Ledger
development of system chaincode.

Peer 69
Pluggable World State
WorldState Database

• Pluggable worldstate database

• Default embedded key/value implementation using LevelDB
– Support for keyed queries, but cannot query on value
• Support for Apache CouchDB
– Full query support on key and value (JSON documents)
– Meets a large range of chaincode, auditing, and reporting requirements
– Will support reporting and analytics via data replication to an analytics engine such as Spark (future)
– Id/document data model compatible with existing chaincode key/value programming model

Chaincode SHIM
CouchDB

LevelDB

71
Summary and Next Steps

• Apply shared ledgers and smart contracts to your Business Network

• Think about your participants, assets and business processes

• Spend time thinking about realistic business use cases

• Get some hands-on experience with the technology

• Start with a First Project

• IBM can help with your journey

72
Thank you

www.ibm.com/blockchain

developer.ibm.com/blockchain

www.hyperledger.org

© Copyright IBM Corporation 2017. All rights reserved. The information contained in these
materials is provided for informational purposes only, and is provided AS IS without
warranty of any kind, express or implied. Any statement of direction represents IBM's
current intent, is subject to change or withdrawal, and represents only goals and
objectives. IBM, the IBM logo, and other IBM products and services are trademarks of the
International Business Machines Corporation, in the United States, other countries or both.
Other company, product, or service names may be trademarks or service marks of others.
73
74