24

Is Fabric CA an implementation of MSP? Is an MSP useless by itself?

What are the functions of the MSP and Fabric CA? And differences in those functions?

Jeff
  • 775
  • 1
  • 6
  • 15

3 Answers3

22

MSP is a Membership Service Provider - pluggable interface to support variety of credentials architectures, basically offering abstraction layer for membership orchestration architecture. MSP abstraction provides:

  1. Concrete identity format
  2. User credential validation
  3. User credential revocation
  4. Signature generation and verification

While Fabric-CA used to generate certificates and keys to actually initialize MSP facilities. Fabric-CA is a default implementation of MSP interface to cover identity management.

Artem Barger
  • 38,615
  • 9
  • 54
  • 80
  • 11
    Could you give me an example of some other credential architectures that we could use with Fabric? – Jeff Aug 16 '17 at 13:09
  • An example reflecting the differences between the two will help people understand it better. Can a CA work independently of an MSP? – Kartik Chauhan Jul 16 '19 at 20:18
  • @KartikChauhan not sure what example would you expect to see. MSP is an interface, while Fabric-CA is a piece of software. – Artem Barger Jul 17 '19 at 10:10
  • If anyone asks me this question, I don't know whether I'll be able to clearly explain the difference between the two. – Kartik Chauhan Jul 17 '19 at 10:24
  • 1
    [This example](https://hyperledger-fabric.readthedocs.io/en/latest/membership/membership.html#why-do-i-need-an-msp) with credit cards from the docs is pretty good. Maybe it shall be added to the Artem's answer. Quoting a part of the example: "the Certificate Authority is like a card provider — it dispenses many different types of verifiable identities. An MSP, on the other hand, determines which credit card providers are accepted at the store. In this way, the MSP turns an identity (the credit card) into a role (the ability to buy things at the store)." – Gr3at Feb 27 '21 at 07:59
1

MSPs are in charged for members certificates and authentication. MSP is pluggable, so the default Fabric MSP implementation uses PKI methods and X.509 certificates. You can use commercial CAs or Fabric CA to generate the keys and certificates needed to configure an MSP.

For more information read the Fabric CA documentation and https://hyperledger-fabric.readthedocs.io/en/latest/msp.html

Polem
  • 113
  • 7
0

Fabric CA provides features such as: Registration of identities with roles like peer, user or application, or connects to an existing LDAP as the user registry to fetch identities of the mentioned roles.

MSP is a membership service provider defines which certificate authorities(CA's) is allowed to issue certificates.

deepak tholia
  • 1
  • 2