HFC and the permissioned blockchain (Hyperledger Fabric)

It’s been a few years since blockchain caught everybody’s attention. Lots of people are talking about the enhanced security, the trackability, exclusion of the middleman and the improved user privacy. But blockchain also had some weaknesses. Especially the open and public character which enabled anyone to register anonymously to the network was a big weakness for creating bussiness applications. It wasn’t possible to have a service that could keep track of everything that happened on the blockchain. Luckily, IBM came up with the hyperledger fabric network, which makes permissioned blockchains possible so you can decide which clients can be added to the network.

What is a permissioned blockchain?

A permissioned blockchain has all the features of the public blockchain (or as we call it now: permissionless blockchain). It provides anonimity, trackability, more security and requires no middleman. The advantage that it offers, contrary to the permissionless blockchain, is that the blockchain network is private. This means that a membership service is introduced. This will keep track of the users that are allowed onto the blockchain network. So just like any other network, you have to log on to the network (and/or register if needed) before you can acces it.

This memberservice is not the only new feature the fabric introduces. Another great feature is that users can be assigned roles. These roles serve as the permission a user has. For example, a role can be “TypeOfUser” with a value “doctor” or “patient”. These roles than determine what function the user can or can not execute. This is done by reading in the roles of a users, and checking if that role has permission to execute that specific function. The set-up for a permissioned blockchain is done via a membersrvc.yaml file, which specifies the peers, users etc.

How to use the permissioned blockchain?

So a permissioned blockchian differs from the permissionless blockchain in the registration or enrollment onto the blockchain network. Once enrolled you are able to deploy, invoke and/or query as much as you like! To make life easy, hyperledger provides to you the HFC (Hyperledger Fabric Client), which is based on NodeJS. This is a SDK which provides you with all the needed functions to enroll, registerAndEnroll and even invoke, query and deploy.

There isn’t an online library for this SDK, not for now anyway. But you can find within the hyperledger fabric project a file called hfc.ts which defines all the functionality you can use.

Exploring the HFC functionalities

For our thesis, we are developping a healthplatform called “healthChain”. For this we need two types of users called Doctors and Patients. These types can be easily extended in the future. Next to it another type admin exists. This type will be responsible for registering doctors onto the network. Patients can be added by their doctors or by the admin type. Patients are not allowed to add anyone to the network.

Enough explaining the bigger picture, lets do some coding. First thing we need to do, is enabling a admin user to log users onto the network. This is done by using the following function:

var chain = hfc.newChain(config.chainName);
chain.enroll(enrollName, enrollSecret, function(err,admin){
//catch the error
chain.setRegistrar(admin);
})

Notice that we first need to make a new chain. If a user account already exists, this function will log it in by taking the enrollName (= username) and enrollSecret (=password). The third parameter is a callback function, which will return an error on failure and the useraccount on success. As you can see, there is also a function chain.setRegistrar(). This function’s purpose is to set the logged in account as a registrar of the chain, which simply means that he can add users (if he has the right permission to do so). But we’ll go to detail on this later on.

The second functionality you need is adding the user to the network. The hfc function to do so, is the following:

var attribute = {name:”typeOfUser”,value:”patient”};
var registrationRequest = {
enrollmentID: enrollName,
affiliation: config.user.affiliation,
attributes: [attribute]
};
chain.registerAndEn-roll(registrationRequest, function (err, user) {});

The function registerAndEnroll takes in a registrationRequest which holds a enrollmentID (= unique username), the affiliation which it belongs to and some attributes which you can customize yourself. In our case the attribute will define the type of user that is added to the network (doctor or patient).

When registering a doctor, the parameter registrar is added. This parameter holds the roles or types of users, the doctor can register to the network. In our case the doctor will be able to add clients (patients) to the network, no peers.

var attribute = {name:”typeOfUser”,value:”doctor”};
var registrationRequest = {
enrollmentID: enrollName,
affiliation: config.user.affiliation,
attributes: [attribute],
registrar:{
roles:[“client”]
}
};

But how do we enable admin users to add doctors which on their turn can add patients to the network? The answer is the delegateRoles parameter. This parameter defines the possible values for the roles value in the registrar section for the added user. If the parameter is not set, for example, when adding a doctor, the user won’t be able to give new users the possibility to add new roles. When adding an admin account this value wil be set to clients.

var attribute = {name:”typeOfUser”,value:”admin”};
var registrationRequest = {
enrollmentID: enrollName,
affiliation: config.user.affiliation,
attributes: [attribute],
registrar:{
roles:[“client”]
}
delegateRoles:{[‘client’]}
};

We hope you guys enjoyed reading our blog. See you in the next one!

Senne Theunis and Viktor De Saeytyd are two master IT engineering students from KULeuven who are exploring the possibilities of (permissioned) blockchains to create a Health Platform for their master thesis at Craftworkz — Cronos Group.