Is Fabric CA an implementation of MSP? Is an MSP useless by itself?
What are the functions of the MSP and Fabric CA? And differences in those functions?
What is the difference between MSP and Fabric CA?
Asked Answered
MSP is a Membership Service Provider - pluggable interface to support variety of credentials architectures, basically offering abstraction layer for membership orchestration architecture. MSP abstraction provides:
- Concrete identity format
- User credential validation
- User credential revocation
- Signature generation and verification
While Fabric-CA used to generate certificates and keys to actually initialize MSP facilities. Fabric-CA is a default implementation of MSP interface to cover identity management.
Could you give me an example of some other credential architectures that we could use with Fabric? –
Denaturalize
An example reflecting the differences between the two will help people understand it better. Can a CA work independently of an MSP? –
Germanize
@KartikChauhan not sure what example would you expect to see. MSP is an interface, while Fabric-CA is a piece of software. –
Lightly
If anyone asks me this question, I don't know whether I'll be able to clearly explain the difference between the two. –
Germanize
This example with credit cards from the docs is pretty good. Maybe it shall be added to the Artem's answer. Quoting a part of the example: "the Certificate Authority is like a card provider — it dispenses many different types of verifiable identities. An MSP, on the other hand, determines which credit card providers are accepted at the store. In this way, the MSP turns an identity (the credit card) into a role (the ability to buy things at the store)." –
Rendarender
Fabric Ca is used to create identities but MSP, the abstract interface turns the identities into roles to adminstrate them in fabric network. –
Quincentenary
MSPs are in charged for members certificates and authentication. MSP is pluggable, so the default Fabric MSP implementation uses PKI methods and X.509 certificates. You can use commercial CAs or Fabric CA to generate the keys and certificates needed to configure an MSP.
For more information read the Fabric CA documentation and https://hyperledger-fabric.readthedocs.io/en/latest/msp.html
Fabric CA provides features such as: Registration of identities with roles like peer, user or application, or connects to an existing LDAP as the user registry to fetch identities of the mentioned roles.
MSP is a membership service provider defines which certificate authorities(CA's) is allowed to issue certificates.
Certificate Authority (CA) is like a card provider — it dispenses many different types of verifiable identities (visa, mastercard, Rupay).
An MSP, on the other hand, determines which credit card providers (visa, mastercard) are accepted at the store.
<-->
In this scenario, MSP only accepts Visa and Mastercard even though CA has produced Rupay alongside the accepted ones.
<-->
Connecting with Hyperledger fabric,
Certificate Authorities issue identities by generating a public and private key which forms a key-pair that can be used to prove identity. This identity needs a way to be recognized by the network, which is where the MSP comes in.
For example, a peer uses its private key to digitally sign, or endorse, a transaction. The MSP is used to check that the peer is allowed to endorse the transaction or if the peer belongs to the recognized organizations/members.
MSP is internal or close to the network setup whereas CA resides in a distance.
© 2022 - 2024 — McMap. All rights reserved.