Ask you a question, use 1.4.4 docker locally deployed a fabric block chain network, a sort organization, organization, two peer node chain code is written in Java, application access using the fabric - SDK - Java, if chain code endorsement strategy for:

 
"AND (' Org1MSP. Member ', 'Org2MSP. Member)", 

At the time of invocation chain code to obtain the endorsement of the node endorsement two institutions success, was submitted to the orderer node sorting distribution, this is an example of a website, as follows:

 
Peer chaincode invoke -o orderer.inc.com: 27050 - the TLS true 
- cafile/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/ordererOrganizations/inc.com/orderers/orderer.inc.com/msp/tlscacerts/tlsca.inc.com-cert.pem 
- C mychannel -n mycc 
- peerAddresses peer0.org1.inc.com: 27051 
- tlsRootCertFiles/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org1.inc.com/peers/peer0.org1.inc.com/tls/ca.crt 
- peerAddresses peer0.org2.inc.com: 29051 
- tlsRootCertFiles/opt/gopath/src/github.com/hyperledger/fabric/peer/crypto/peerOrganizations/org2.inc.com/peers/peer0.org2.inc.com/tls/ca.crt 
- c '{" Args ": [" invoke", "a", "b", "10"]}' 

Launch trading client must have two institutions at the same time the endorsement of the node of the TLS transport ca certificate, can initiate transactions, get two organization endorsed the node's endorsement as a result,

In the actual business scenarios, such as, as a client Org1MSP, have Org2MSP TLS ca certificate if possible? Or Org1MSP client through Org2MSP Fabric - a CA certificate, the CA application for endorsement deal? I don't know if I understand there is a problem, such endorsement strategy mechanism always feel very strange, is to need multilateral institutions a deal together, now one of the institutions of the client can have multiple agencies at the same time the TLS - ca certificate can be completed, how to ensure that the system within the alliance buge (such as duplicate submissions), or malicious attacks? I hope Daniel for help to reassure, thanks,

PS: do you have any friends or WeChat group, can exchange opinions with you, thank you very much,

CodePudding user response:

Actual business scenarios can use geteway, only need one user, can not focus on the underlying logic calls to multiple nodes endorsed

CodePudding user response:

reference 1st floor _n_u_l_l response:

can be used in practical business scenario geteway, only need one user, multiple nodes can not focus on the underlying call endorsed the logic of

Well, I worry about is not the underlying node call handling process, but the transfer of the scenarios, need an endorsement of two groups of nodes endorsed, but this process only needs a user initiated, and the user only needs to have two groups of TLS ca certificate at the same time, meet the endorsement strategy of chain code, this process is always feel insecure,

CodePudding user response:

To ask if the client calls must be specified when all organizations peerAddresses? My side in the LAN environment more organizations need to specify only one of these, but under the machine must be specified in most organizations, ask this is why?