45. Glossary

This glossary defines key terms and concepts used in wFabricSecurity and Hyperledger Fabric.

45.1. Fundamentals 

45.1.1. Zero Trust 

Definition: A security model that assumes no implicit trust and requires continuous verification of every request, regardless of its origin.

In wFabricSecurity: Every transaction must be cryptographically verified before processing, regardless of the participant’s network location.

45.1.2. Identity 

Definition: A unique representation of a participant (user, organization, or component) within the system.

In wFabricSecurity: Managed through X.509 certificates and MSP (Membership Service Provider) credentials.

45.1.3. MSP (Membership Service Provider)

Definition: A component that provides credentials to participants for authentication and authorization within a Fabric network.

See Also: wFabricSecurity.fabric_security.core.models.MSPConfig

45.2. Cryptography 

45.2.1. Hashing 

Definition: The process of converting input data into a fixed-size string of bytes using a mathematical algorithm.

Algorithm Used: SHA-256 (Secure Hash Algorithm 256-bit)

In wFabricSecurity: Used for code integrity verification and message integrity checks.

45.2.2. ECDSA (Elliptic Curve Digital Signature Algorithm)

Definition: A public-key cryptographic algorithm for digital signatures using elliptic curve mathematics.

Curve Used: secp256k1

In wFabricSecurity: Used for signing and verifying messages to ensure authenticity.

45.2.3. Digital Signature 

Definition: A mathematical scheme for verifying the authenticity and integrity of digital messages or documents.

Components:

Private key: Used to create the signature
Public key: Used to verify the signature
Hash: The digest of the message being signed

45.2.4. X.509 Certificate 

Definition: A digital document that binds a public key to an identity, issued by a trusted Certificate Authority (CA).

Format: DER or PEM encoding

45.3. Security 

45.3.1. Integrity 

Definition: The assurance that data has not been modified or tampered with during transmission or storage.

In wFabricSecurity: Verified using SHA-256 hash comparison against ledger-stored values.

45.3.2. Authenticity 

Definition: The guarantee that a message or transaction genuinely originated from the claimed sender.

In wFabricSecurity: Verified using ECDSA signature verification.

45.3.3. Availability 

Definition: The assurance that authorized users can access the system and its resources when needed.

In wFabricSecurity: Protected through rate limiting and retry logic.

45.3.4. Confidentiality 

Definition: The assurance that information is accessible only to authorized parties.

In wFabricSecurity: Implemented through TLS transport and access control permissions.

45.3.5. Non-Repudiation 

Definition: The guarantee that a sender cannot deny having sent a message.

In wFabricSecurity: Achieved through digital signatures that bind the sender’s identity to the message.

45.4. Hyperledger Fabric 

45.4.1. Channel 

Definition: A private subnet of communication between organizations within a Fabric network, used for private and confidential transactions.

45.4.2. Chaincode 

Definition: Smart contracts in Hyperledger Fabric that define the business logic and state transformations.

Also Known As: Smart Contract

45.4.3. Endorsement 

Definition: The process by which participating organizations validate and sign a transaction proposal before it’s committed to the ledger.

45.4.4. Ledger 

Definition: The immutable record of all transactions in a Fabric network, consisting of:

World State: Current state of all assets
Transaction Log: Complete history of transactions

45.4.5. Peer 

Definition: A node in a Fabric network that hosts a copy of the ledger and runs chaincode.

45.4.6. Orderer 

Definition: A node responsible for ordering transactions into blocks and distributing them to peers.

45.5. Messages 

45.5.1. SignedMessage 

Definition: A message that has been cryptographically signed using ECDSA.

Components:

@dataclass
class SignedMessage:
    payload: str          # Original message content
    sender: str           # Sender's identity (CN)
    recipient: str        # Recipient's identity (CN)
    signature: bytes      # ECDSA signature
    timestamp: datetime   # Creation timestamp

45.5.2. CommunicationDirection 

Definition: Enum defining the allowed direction of communication between participants.

Values:

Value	Description
`BIDIRECTIONAL`	Full bidirectional communication allowed
`OUTBOUND`	Only outgoing messages allowed
`INBOUND`	Only incoming messages allowed
`NONE`	No communication allowed

45.6. Storage 

45.6.1. LocalStorage 

Definition: File-based storage implementation using JSON serialization for local persistence.

45.6.2. FabricStorage 

Definition: Blockchain-based storage implementation that persists data through chaincode transactions.

45.7. Algorithms 

45.7.1. Token Bucket Algorithm 

Definition: An algorithm for rate limiting that allows burst traffic while maintaining a long-term average rate.

Parameters:

rate: Tokens added per second
capacity: Maximum tokens in the bucket
consume: Tokens required per request

Error Type	Description
CodeIntegrityError	Code hash mismatch detected - possible tampering
SignatureVerificationError	ECDSA signature verification failed
PermissionDeniedError	Communication not permitted between participants
RateLimitExceededError	Too many requests, rate limit exceeded
ConnectionError	Unable to connect to Fabric network
CertificateError	Certificate validation or parsing failed