All Posts By

Hyperledger

Lessons Learned from Hyperledger Fabric PoC Projects

By | Blog, Hyperledger Fabric

Guest post: Hanna Zubko, CEO IntellectEU Inc and Thomas Bohner, Product Manager IntellectEU NV

Recently, Hyperledger provided members the opportunity to speak with global analyst firm Gartner about experiences with Proofs of Concept (PoCs) and pilots using technologies from the greenhouse of Hyperledger projects. Given IntellectEU’s announcement today about the release of Catalyst, the first platform to integrate traditional infrastructures with multiple blockchain networks including networks built with Hyperledger Fabric, we decided to share the recent PoC using Hyperledger Fabric and Catalyst we discussed with Gartner.

Implementation of Blockchain technology allows not only to reduce costs and facilitate efficiencies within enterprise ecosystems but also create entirely new revenue streams. The PoC was for a car insurance company. The objective was to use Hyperledger Fabric and Catalyst to create a flexible pay per mile insurance product based on the actual car mileage and condition of the vehicle. Catalyst served as the hub for connecting the insurance database, the car dongle (IoT device), end-user mobile application and Hyperledger Fabric itself. Catalyst listened to the changes on all the data sources and based on the business rules, applied the corresponding logic. IntellectEU deployed two smart contracts on Hyperledger Fabric; one to calculate the premium based on the actual car mileage and a second to confirm the payment. Catalyst has an architecture that is open, modern, and flexible and will be able to add multiple new players to the ecosystem in the future.

As part of the interview, Gartner asked about our preferred methodology for architecting blockchain PoC projects. We broke it down to the following steps:

  1. Begin with a 2-day design thinking session, shaping and grooming the use case, and evaluating if blockchain technology brings significant added value to the use case.
  2. From those discussions, split up the business requirements into multiple use cases.
  3. Shape up the use cases to fit in the “fail fast” methodology.
  4. Create a solution roadmap.
  5. At this stage, select the initial use case to use as a base for the PoC.
  6. Create the Overall Design Document and the Functional Requirements Specification in cooperation with a customer.
  7. Develop the PoC using Agile approach. For more information, visit http://agilemanifesto.org.
  8. Deliver the solution to the customer
  9. Roll out the solution to multiple additional ecosystem participants

From this car insurance related PoC, there were two primary lessons learned that are worth sharing.

First, it is important to determine at the outset whether using distributed ledger technology would give any boost to the use case. We have found that walking customers through the following “Blockchain Decision Path” is very helpful.

Second, it was very important to have a specialist who understood General Data Protection Regulation (GDPR) requirements to ensure compliance. In brief, GDPR is a regulation that requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. It provides for a harmonization of the data protection regulations throughout the EU, thereby making it easier for non-European companies to comply with these regulations; however, this comes at the cost of a strict data protection compliance regime with severe penalties of up to 4% of worldwide turnover or €20 million, whichever is higher. GDPR will become enforceable from May 25th 2018. According to an Ovum report, two-thirds of businesses expect to have to change in their global business strategies to accommodate new data privacy regulations and more than half of businesses think they will be fined due to GDPR in Europe.

A valuable benefit of being a part of the Hyperledger community is the opportunity to hear from members about their experiences “in the field” using Hyperledger technologies for PoCs, pilots and production deployments. We believe sharing best practices with the community helps the collective efforts to increase widespread adoption of Hyperledger distributed ledger frameworks.

(4.18.18) ZDNet: Hyperledger bug bounty program goes public

By | News

The Hyperledger project has opened the doors of its bug bounty program to the public.

 

Hyperledger is an open-source project and hub for developers to work on blockchain technologies.

The Hyperledger infrastructure is being developed in order to support cross-industry uses of distributed ledger technologies, most commonly associated with the exchange of cryptocurrency.

More here.

(4.18.18) CoinDesk: Huawei Unveils Hyperledger-Powered Blockchain Service Platform

By | Hyperledger Fabric, News

Telecommunications and smartphone provider Huawei has become the latest tech giant in China to launch a blockchain-as-a-service (BaaS) platform.

Announced at Huawei’s analyst conference in Shenzhen on Tuesday, the company’s new platform, dubbed Blockchain Service, is said to enable companies to develop smart contracts on top of a distributed ledger network for several use-case scenarios.

More here.

Hyperledger Bug Bounty Program Now Open

By | Blog, Hyperledger Composer, Hyperledger Fabric, Hyperledger Iroha, Hyperledger Sawtooth

Dave Huseby, Hyperledger Security Maven

When I started as the Hyperledger Security Maven just over a year ago, I set out to make sure that Hyperledger’s community of contributors were doing everything possible to make good on the promise of better software and better security from the open source process. As of right now, we have in place a public bug tracker, continuous integration builds, core infrastructure initiative compliance, and a full responsible disclosure security bug policy and process. Today, I am happy to announce the next piece of our security process: the Hyperledger Bug Bounty.  

For the last six months we have been running a private bug bounty with HackerOne. Today we are opening up the Hyperledger Bug Bounty for public participation. Currently only Hyperledger Fabric is in the scope of the bounty program but we hope to add Hyperledger Sawtooth and other Hyperledger projects soon. HackerOne will continue to administer the bug bounty for us with close cooperation between their team and our community. We chose HackerOne because we think it is the best use of our resources and they share a similar commit to open source software as Hyperledger and The Linux Foundation.

At Hyperledger we have a broad base of committed developers and it is their professionalism that makes our security process solid and straightforward. When I first started, we already had in place our public bug tracking system and most teams had set up continuous integration build systems for monitoring build health. In the last year we formalized the process by which projects can move from development status to their first 1.0 release, including a number of security requirements.

The first security requirement is to meet the requirements of the Core Infrastructure Initiative (CII). The Core Infrastructure Initiative is a set of best practices for open source software security. Earning the CII badge requires open source projects to set up services and processes and key positions that all serve the goal of producing more secure and trustworthy software. At the time of this writing, Hyperledger Fabric, Sawtooth, Iroha, and Composer have all earned their CII badge.

The second security requirement is to nominate one to three members of a project’s community to participate on the Hyperledger security team. The Hyperledger security team manages and executes our policy of responsible disclosure of security bugs. Security bugs are confidentially reported to Hyperledger through security@hyperledger.org or by filing a security bug in our JIRA. It is the job of the volunteer security team to triage, respond to, fix, and disclose the security bugs that are reported. As of right now, the security team consists of 16 members from five of our project communities.

The third security requirement is for a project to undergo a security audit from an outside auditor to establish a baseline for the codebase. We hired the auditing firm Nettitude to do security audits of Hyperledger Fabric, Sawtooth, Iroha and Composer.  So far Hyperledger Fabric, Sawtooth and Iroha have been completed and are in various stages of resolution and publication. Currently only the Hyperledger Fabric security audit report has been fully resolved and published. The rest will be published soon.

Looking ahead into the future, I plan on getting more involved with the Software Package Data Exchange (SPDX) to see if we can use Hyperledger blockchain platforms to better track the provenance of open source software, including our own. I hope to one day use verifiable claims to automatically check for vulnerabilities in dependencies from our continuous integration build system. If open source software packages were to issue a verifiable claim stating that a specific version of their software has no known security vulnerabilities, then when one is reported, the claim can be revoked. The revocation of the claim could then function as an automatic signal to all users of that software that they need to update. Continuous integration systems could check the claims of all dependencies and stop the build if one or more are found to have vulnerabilities.  This represents the next generation of reproducible builds and would leverage blockchains for provenance tracking of software from construction all the way through deprecation.

Security is always an ongoing process of improvement. Thanks to the commitment and professionalism and general good cheer of the Hyperledger community, we have made great strides in the last year. Now with our public bug bounty, we hope to further make good on the open source promise and to deserve the trust our users have in us.

We encourage developers to join our efforts on the bug bounty program and also start contributing to Hyperledger projects. You can plug into the Hyperledger community at github, Rocket.Chat the wiki or our mailing list. You can also follow Hyperledger on Twitter or email us with any questions: info@hyperledger.org.

(4.17.18) Insurance Business: Marsh’s blockchain push gets major lift

By | Hyperledger Fabric, News

The first commercial blockchain solution for proof of insurance is seeing the light of day.

Brokerage giant Marsh has unveiled the big news – it is developing the commercial proof of insurance solution, but not without the help of friends. Collaborating with IBM, ACORD, and ISN, Marsh is positive this will open the door to creating a network of networks to provide verification on an even wider scale.

More here.

Developer Showcase Series: David Conroy, National Association of REALTORS

By | Blog, Hyperledger Composer, Hyperledger Fabric, Hyperledger Indy

We’re back to our Developer Showcase blog series, which serves to highlight the work and motivations of developers, users and researchers collaborating on Hyperledger’s incubated projects. Next up is David Conroy, an R&D Lab Engineer at the Center for REALTOR Technology, as part of the National Association of REALTORS. Let’s see what he has to say!

What advice would you offer other technologists or developers interested in getting started working on blockchain? 

Before getting started working in blockchain, I strongly recommend taking the time to learn the strengths and weaknesses of the many different types of blockchain technologies available today. A great way to accomplish this is to take a look at all of the fantastic open source tools out there that already exist for blockchain development. Understanding the basics prior to beginning the development process can be critical to the success of your future applications. My two favorite development tools currently are Hyperledger Composer (https://github.com/hyperledger/composer), and the Truffle Framework (http://truffleframework.com/). If you are looking for online resources for blockchain education, The Linux Foundation has released a self-paced primer on distributed ledgers that is incredibly thorough and also free of charge.

David Conroy, National Association of REALTORS


Give a bit of background on what you’re working on, and let us know what was it that made you want to get into blockchain?

I work for CRT Labs, a research group operated by the National Association of REALTORS®. Our lab focuses on emerging technologies that could potentially affect real estate. Personally, I have been interested in blockchain since I began learning and writing about Bitcoin in 2013. Since then as the technology has matured, it became increasingly apparent that my personal interests were quickly aligning with my professional ones. This is due to the massive implications that blockchain poses for the real estate industry.  In addition to payment and escrow, blockchains could potentially provide the mechanisms for establishing identity, enforcing of contracts, and improving the overall quality of property records.

What project in Hyperledger are you working on? Any new developments to share? Can you sum up your experience with Hyperledger?

At NAR, we are building a Hyperledger Fabric based system that will allow us to more effectively understand how our association interacts with its 1.3 million members. This project will allow us to tie together all of the various educational courses taken, committees served on, and events attended by our members despite the fact that this activity is occurring at over 1,400 local associations nationwide. Our legacy systems lack the functionality to provide a complete, accurate, and verifiable report that shows the complete picture of a members activity within our association. Now with the assistance of blockchain that granularity of reporting is something we are able to provide. This data can then be used to better provide services, aid in leadership development, and allow for increased recognition of our highly involved members. We took advantage of the Hyperledger Composer tool to define our business network and get our initial proof of concepts running quickly.

In addition to the work I’ve done at NAR, I have also entered into multiple blockchain-related programming competitions in my spare time to keep current on latest development trends. Most recently, I was a part of a team that took first place in IBM’s Blockchain and Artificial Intelligence Global Hackathon. Alongside the cash prize, the top finish came with a opportunity to present at IBM’s Think 2018 Conference. The submission was a Hyperledger-based, IBM Watson-powered parking reservation marketplace called The Spot Exchange.

In addition to the for-profit business models, I’ve also looked at Blockchain for social good. For the past few months, I have been working on a project that uses blockchain and artificial intelligence for social good. Specifically – providing identity, education, and family reunification services for Refugee Resettlement. For more information please visit ProjectSafeHarbor.com.

Locally, I serve as co-chair of the two Chicago-based blockchain meetups, Hyperledger Chicago & Chicago Blockchain in Real Estate.

What’s the one issue or problem you hope blockchain can solve?

One area where I believe blockchains have an enormous potential is improving the state of our current systems for establishing our digital identities. Consumers today are unrealistically expected to securely manage login information across hundreds of different websites. Unfortunately, this burden leads to poor password hygiene from many users, while slowly turning popular websites into an ever-growing target for hackers looking for large amounts of personal information. Two projects that I am following very closely that look to solve some of these issues in a decentralized and self-sovereign manner are Hyperledger Indy, and the Ethereum project uPort.