Privacy on Hyperledger Fabric v1.0 - hyperledger

Can you explain some mechanisms of privacy in Hyperledger Fabric v1.0 - those already implemented and those planned to be implemented in the future?
I understand channels are like seperate blockchains. I also went through the document on https://jira.hyperledger.org/browse/FAB-1151, where I have found two more mechanisms: one is private data, and other is encryption. Can you explain what would be the beast approach to use in the following scenario.
Each car needs car insurance. Let's say the owner of the car wants to change his insurance company. He signs the contract with new insurance company. Let's say there is also a regulator. The new insurance company informs the regulator about the new contract. The regulator then informs the old insurance company that the car is no longer insured there, but does not inform them about the name of the new insurance company. So we have assets that are shared in the network, but also some private data which only some participants can see. I am guessing this is one chain, so the use of multiple channels makes no sense here.
I do not completely grasp the concept of private data. Is that data supposed to be private only for one peer / company, or can it be shared between multiple companies, but not all of them? Is this the way to go in the scenario? What would be different reasons / use cases to use encryption vs. private data? What mechanism should be used in the described scenario?

First of all, these two concepts of encryption and private data are not mutual exclusive, the intent is to being able to use them both.
The concept behind having private data is to keep certain data keys out, to prevent them to being sent to the orderering service and to distribute them separately across the peers via gossip.
Now, the encryption needed to divide private data into portions which will be encrypted according to the visibility rules, e.g. to allow to read and see the relevant portions of the data to only involved parties.
With all that said, please note that FAB-1151 is still under development/design process and to be added post v1.0 of Hyperledger Fabrics.

Related

Is there any way to transfer ownership of a CloudKit shared record?

I've just spent hours evaluating CloudKit's sharing features for a potential multi-tenancy app and, while I think I know the answer, I felt I should ask the community.
The use case: an app that supports multiple companies, each with its own users that can access shared data (records) within that company only. Imagine Slack's separate workspaces: a user of Company A should be able to see all of Company A's data, and maybe eventually Company A hires a new employee (user), who also should see that same data. Company B has completely separate users/data and is never seen by anyone from Company A.
The question: from my understanding so far of CloudKit, records are associated to a user, not a company/team/group. If User A (of Company A) shares a record with User B, that's totally doable and User B will see everything (including child records). But now let's suppose User A leaves the company. How does another user then take ownership of those records so that User B can continue to access the company's data?
It almost seems like each company would need to have its own iCloud account to serve as a master "owner", which feels unprofessional or challenging for non-techies to understand (and thereafter complicated for sharing with future users).
Am I thinking about this wrong? Am I already barking up the wrong tree by considering CloudKit as the backend for this app?
I think the most suitable setup for what you've described is to use a Public database in a CloudKit container. A CKRecord can be shared and "owned" however you want. The record remains available to all who can access the database.
Sharing a CKRecord via the CKShare functionality is much more limited. When sharing that way, you are simply providing a shared view into someone's Private database. If that user vanishes, the shared record goes with them and the sharing stops. Only the Public database can preserve a record independent of user status.
One caveat is that a Public database has to be owned by a single Apple Developer account. You can't share ownership across companies at the business level. But for the purposes of your app, your dev account can own the database and you can share the data with as many tenants as you want.
Let me know if you have any follow-up questions.

White labelling Enterprise iOS application

I had developed 3 applications for my client. Now he wants to distribute it to other organizations (doing same business). Other firms will have minor data and image set changes, other functionalities are same. What is the best approach for distributing this 3 application with the other firms?
1) One solution I think is to upload this 3 application to each firms apple enterprise account.
Prons:
UI and functionality can be changed for each apps depends on business
changes.
Will have different server and APIs. So data security can be increased.
Cons:
Need to maintain different source codes.
As firms number increases applications also increases, which can be a form of spamming appStore
with similar applications.
2) Another solution is to upload this 3 application to one account and is distributed among other firms. Need to check any legal issue in doing this. By this server will maintain different database for different Companies and user registered with this company will link to the corresponding database. All other calculation and logic will be handled by the server. iOS application switches image set w.r.t company.
Can I do this by any other approach or which one is the best one. The main idea is to give a contract to another firm by creating a set of users having an extendable validity date and this is maintained by my client.
Thanks in advance and any thought on this is appreciable.
The best solution to this is Volume Purchase Program for Business
provided by Apple. It provides you with a functionality called Custom B2B apps for iOS. You can read the details in this document.

Best BAAS for sharing private database records between users?

In essence, I'm building a private journaling app for iOS using Swift that will have a social feature. When creating a new entry, the user can choose to share the entry with specified friends from a friends list. The friend will receive a notification of the new entry, and it will be added to their own journal. The friend can later choose to accept or deny addition of the entry from their personal journal after review. Users won't be able to see each other's journals, they will only be able to share(add) entries to their friend's journals.
While I'd prefer to use iCloud, CloudKit won't allow me to share the entry records between users if I store them in a private database, and the information will be too sensitive to plop into the public database. CKRecordZones would be helpful, but they are only available for organizing a private database, so they will do me no good with sharing entries.
Can the privatized entry sharing I want be accomplished through Parse or perhaps another service I'm unaware of? Or will I have to build a custom backend to accomplish this?
Any advice would be greatly appreciated!!!
I think below links can solve your problem:
iOS 8 data sharing between users
How to share Core Data between multiple users?
ios share data between users
Read all 3 questions and right answers of them.
CloudKit would be the easiest when you are ok with limiting it to Apple devices only. If you wan tot make a quick start with that, then try out EVCloudKitDao
Until now the logical choice for this kind of apps was Parse. It's easy to implement and has a lot of features.
Amazon just released a new AWS Mobile Hub that looks very promising. It integrates with all AWS services, is very powerful and now also easy to use.
You could also use Microsoft Azure Mobile Service. It looks like it has similar features as AWS.
Of course there are more less known environments that also might work in your case but I think it would be wiser to stay with one of the above 4 well known choices.
Which of these you should pick is more or less a personal choice. They can all do what you want. If it's the best use for you depends on your use case.

Core Data Sync With Multiple Users

I would like to sync a core data app with a user with a different iCloud ID and I am trying to figure out the most graceful way to do this. I do not want the data to sync with all users, but want to be able to sync among family members for instance. From the research I have done, I do not think I can do that using iCloud Core Data sync because it only syncs between devices with the same iCloud ID. I have looked at this stackoverflow answer and read a little bit about Ensembles, Parcelkit and TICoreDataSync, Parse etc., but it is not clear to me if any of those options will allow me to sync with multiple users. Does anyone have a good method for syncing a Core Data app with multiple users?
Ensembles and TiCoreDataSync might work. They can use Dropbox file syncing, so in principle they should work with Dropbox shared folders. I don't think these are the main intended uses, so I suggest contacting the developers and/or doing some good testing yourself before assuming this would actually work.
You'll need to think about the user experience, though. At a minimum, your users would both need Dropbox accounts and would have to set up a shared folder before beginning to sync data this way.
Parcelkit probably won't work. It uses Dropbox's data store API which, unlike other Dropbox services, doesn't appear to support shared data.
Services that do support this kind of sharing exist-- for example, Parse and Firebase-- but make sure to review their pricing carefully before using them. Also of course, there have been any number of projects that have their own custom server back end, but that obviously requires having someone on the team who can do that kind of work.
You need to think about other device types (Android at least) if you want your application to be reaching more users.
I'm doing the same now by the following way:
Setup an online database with proper web services (careful with implementation for security matters - DB should NEVER be exposed by anything other than the web services).
Create a Class for your communication with the server (using Class methods with security handling like authentication and authorisation).
Use the class in your app to communicate with the server (SQL operations are done on the server).
To integrate with CoreData you need to create the model in your app similar to the structure in the backend database. Then you need to create a similar class for the app that deals with only local CoreData.
A higher level class might be required if you want to make sure that operations done on both server and local data storage.
Besides, you have to implement a lot of conditions to make sure that data written in local ONLY after making sure that it is stored online (or create an engine for differed operations to run later).
Another Way if you are familiar with notifications:
Use structured notifications between devices for data operations in order to keep everything in sync with other users. The problem with this is the "Autonomy" of the operations. If two operations were done in approximately the same time, you have to find a way to make sure the order of the operations is done properly (maybe timestamp or something).
I'm looking into the same thing for my app and I 'think' you can do a fairly unsecured version of what you are after using using the public folder in cloud kit as mentioned in this question (no accepted answer at time of posting) : Private data sharing using CloudKit
You would need to find a way to differentiate between data that is truly public and those shared among the users you need and some level of authentication.
I'm going to try exporting a permission file with access permission in it to whomever I want to share with combined with a unique identifier located in that permission file.
Keep in mind, as mentioned in the comments of the linked answer, my implementation will be security by obscurity (thanks for that phrase) unless you find a way of adding proper validation to it but my data is relatively insensitive.
Hope this, or any ridicule in the comments, points you in the right direction : )

Simperium multiple users accessing data

In the Simperium documentation/help section there is the following text:
All the data that is created seems like it must be tied to a user - is
that correct? Is it possible to have data that isn't tied to a user -
say a database of locations or beers?
Yes, though this isn't very clear yet. You can create a public user
(i.e., a public namespace) with an access token you share with other
users of your app so anyone can read/write to that namespace.
It's possible to limit this to read-only access as well if you need to
authoritatively publish data from a backend service.
Is there an actual example with this?
The scenario I have is as follows
My app will have a calendar
The primary user can add and remove data from the calendar
They will want to invite other users to add and remove data, my thought is that they can give them a token, the user can use their email address and this token to sign in
Am I on the right track?
You're definitely on the right track, but a little too far ahead on that track. The scenario you described is a great fit for Simperium, but sharing and collaboration features aren't yet released.
The help text you quoted is for authoritatively pushing content, for example from a custom backend to all users of your app. An example of this would be a news stream that updates on all clients as new content is added.
This is quite different than sharing calendar data among a group of users who have different access permissions, which is actually a better use of Simperium's strengths. We have a solution for this that we've tested internally, but we're using what we've learned to build a better version of it that will be more scalable for production use.
There's no timeline for this yet, but you'll see it announced on your dashboard at simperium.com.

Resources