How should I setup Channels and Orgs in Hyperledger Fabric?

Question

I have a web app with multiple clients. I want to record some data of client (employee education record) on blockchain. Clients do not wish to share this data with any other entity or organisation. No data will be shared between clients themselves. The sole purpose to use blockchain is: to have a immutable copy of records.

I have two options:

Multiple Orgs Single Channel:

1 Org per client and 1 Org for my application. All Orgs on single channel. I write my business network in composer in such a way that 1 client cannot READ, WRITE, DELETE the data of other client. (via ACL definition).

So, although the ledger is same for all clients, there are rules defined to prevent invalid access.

Multiple Orgs Multiple Channel:

1 Org per client and 1 Org for my application. Different channels for each client. (Client + My App Org join the channel). This way ledger will be different for each client.

Con: I need to instantiate the same composer network(bna) on all channels (management task increases).

Which approach is good for my scenario?

Answer 1

If there is no common data between different clients/orgs, there is no point of having a shared channel between them. Taking care of permissions overs data will complicate your network setup. It would be better to abstract out that detail from network design.

You should have one org corresponding to each client. In each org there will be a single channel which all the peers in that org will use to communicate.

Answer 2

I think you could encrypt every client's data by passing the transient key to chaincode,and just manage the keys, this may be light weight and fesible for your scenery.