🔐 Asset Approval System

A multi-organization asset approval workflow built on Hyperledger Fabric

Overview • Versions • Getting Started

---

📋 Overview

A blockchain-based system demonstrating multi-party asset approval workflows with:

• Multi-Organization Governance - 3 orgs with distinct roles (Owner, Auditor, Regulator)
• State Machine Enforcement - Controlled asset lifecycle transitions
• Private Data Collections - Confidential information shared between specific orgs
• Immutable Audit Trail - Complete history of all asset changes
• Progressive Architecture - 3 versions showing evolution from POC to production

Detailed Documentation

---

🔄 Versions

Three implementations demonstrating progressive architectural maturity:

	📚 v0	🚀 v1	⚡ v2
Focus	Learning	Multi-Peer	True ABAC
Language	JavaScript	TypeScript	TypeScript
Access Control	OBAC	OBAC	ABAC ✨
Role Source	MSP ID	MSP ID	Certificate ✨
State Machine	3 states	6 states	6 states
Identity Mgmt	cryptogen	cryptogen	Fabric CA ✨
Add New Org	Code change	Code change	Config only ✨
Resubmission	❌	✅	✅
Peers per Org	1	3	1
Containers	12	24	12

Which Version Should I Use?

If you want to...	Use	README
Learn Fabric basics	v0	📚 v0 Getting Started
Understand multi-peer architecture	v1	🚀 v1 Getting Started
Implement production patterns	v2	⚡ v2 Getting Started

---

🚀 Getting Started

Each version has its own detailed Getting Started guide with step-by-step instructions for prerequisites installation, cloning, setup, and running.

Choose Your Version:

• v0 - Learning Guide - Simple setup for beginners
• v1 - Multi-Peer Guide - Production-like environment
• v2 - Production Guide - True ABAC with Fabric CA

Platform Requirement

⚠️ Requires Linux or WSL2 - Hyperledger Fabric cannot run on native Windows. Use Ubuntu 20.04+ or WSL2.

---

🏗️ Architecture

┌─────────────────────────────────────────────────────────────────────────┐
│                        ORDERING SERVICE (Raft)                          │
│  ┌─────────────────┐  ┌─────────────────┐  ┌─────────────────┐          │
│  │    orderer      │  │    orderer2     │  │    orderer3     │          │
│  │     :7050       │  │     :8050       │  │     :9050       │          │
│  └─────────────────┘  └─────────────────┘  └─────────────────┘          │
│                    Crash Fault Tolerant (1/3)                           │
├─────────────────────────────────────────────────────────────────────────┤
│                                                                         │
│   ┏━━━━━━━━━━━━━━━┓   ┏━━━━━━━━━━━━━━━┓   ┏━━━━━━━━━━━━━━━┓            │
│   ┃  ORG1 (Owner) ┃   ┃ ORG2 (Auditor)┃   ┃ORG3 (Regulator)┃           │
│   ┣━━━━━━━━━━━━━━━┫   ┣━━━━━━━━━━━━━━━┫   ┣━━━━━━━━━━━━━━━┫            │
│   ┃ Peer    :7051 ┃   ┃ Peer    :9051 ┃   ┃ Peer   :11051 ┃            │
│   ┃ CA      :7054 ┃   ┃ CA      :8054 ┃   ┃ CA      :9054 ┃            │
│   ┃ CouchDB :5984 ┃   ┃ CouchDB :7984 ┃   ┃ CouchDB :8984 ┃            │
│   ┗━━━━━━━━━━━━━━━┛   ┗━━━━━━━━━━━━━━━┛   ┗━━━━━━━━━━━━━━━┛            │
│                                                                         │
│   ┌─────────────────────────────────────────────────────────────────┐   │
│   │                    CHANNEL: asset-channel                        │   │
│   │  ┌──────────────────────┐   ┌──────────────────────────────┐    │   │
│   │  │     PUBLIC STATE     │   │    PRIVATE DATA COLLECTION   │    │   │
│   │  │  • assetID           │   │    (Org1 + Org2 only)        │    │   │
│   │  │  • status            │   │  • confidentialNotes         │    │   │
│   │  │  • approvals         │   │  • internalValue             │    │   │
│   │  │  • owner             │   │  • sensitiveTerms            │    │   │
│   │  │  • timestamps        │   │                              │    │   │
│   │  └──────────────────────┘   └──────────────────────────────┘    │   │
│   └─────────────────────────────────────────────────────────────────┘   │
└─────────────────────────────────────────────────────────────────────────┘

---

🔐 Access Control Models

OBAC (v0, v1) - Organization-Based

// Role derived from MSP ID
if (ctx.clientIdentity.getMSPID() === 'Org1MSP') {
    role = 'owner';
}

ABAC (v2) - Attribute-Based

// Role read from X.509 certificate attribute
const role = ctx.clientIdentity.getAttributeValue('role');
// Returns 'owner', 'auditor', or 'regulator'

---

📁 Project Structure

asset-approval-system/
│
├── v0/                          # 📚 Learning / POC
│   ├── chaincode/              # JavaScript chaincode
│   ├── client/                 # Node.js client
│   ├── network/                # Docker configs
│   └── scripts/                # Automation scripts
│
├── v1/                          # 🚀 Multi-Peer Architecture
│   ├── chaincode/              # TypeScript chaincode
│   ├── client/                 # Modern Fabric Gateway client
│   ├── network/                # 24-container setup
│   └── scripts/                # Deployment scripts
│
└── v2/                          # ⚡ True ABAC / Production
    ├── chaincode/              # TypeScript with ABAC
    ├── client/                 # Comprehensive tests
    ├── network/                # Fabric CA configs
    └── scripts/                # CA enrollment scripts

---

📄 License

This project is licensed under the Apache License 2.0 - see the LICENSE file for details.

---

Built with Hyperledger Fabric v2.5
_{Multi-Organization Governance • Private Data • Immutable Audit Trail}