12

While reading the documentation on Hyperledger Fabric I couldn't understand what MSP is. It is really unclear to me what an MSP exactly is and how it differs from CA?

What I understand is CA issue certificates and MSP says which of these are valid and belong to a certain organization. But, what exactly it is?

Is the MSP some kind of a server that has some kind of an interface, that other peers and orderers use, or is it a bunch of directories that contain configuration, or what exactly it is? How can I view it?

The documentation describes what its role is and how it fits into the blockchain network. But not what exactly what it is.

When I run a simple dev fabric network, decker contains a process for peer, orderer, and a CA. Where is the MSP?

I've checked these questions but none of them explains what MSP actually is.

Adelin
  • 15,139
  • 20
  • 96
  • 143

2 Answers2

14

OK, so I was able, hopefully, to answer my question. I will answer it in the form of points.

  • The name "MSP" is, in my opinion, a poorly chosen name. The word "service" implies having a working process/program/server in place, like Web Service, Rest Service etc. The word "Provider" also implies that it provides the membership service and finally I imagine that this is some kind of an OAuth or LDAP Server or something alike, it is not. It a bunch of directories with digital certificates. Probably a better name would be Members Certificates Directory (MCD) or Members Certificates Path (MCP).
  • After realizing that these are directories from the documentation

To set up a local MSP (for either a peer or an orderer), the administrator should create a folder (e.g. $MY_PATH/mspconfig) that contains six subfolders and a file

Also set up implies starting and configure a process/server or something alike.

  • So I entered the peer container of the Dev Servers created for Hyperledger Composer development and searched for a $FABRIC_CFG_PATH

enter image description here

  • the /msp DIRECTORY is the MSP directory and it contains directories explained in the docs And it is configured as required by the documents:

The path to the mspconfig folder is expected to be relative to FABRIC_CFG_PATH and is provided as the value of parameter mspConfigPath for the peer, and LocalMSPDir for the orderer

enter image description here

enter image description here

I hope this clears uncertainty for others as it did for me and the docs of fabric updated for more clarity.

Community
  • 1
  • 1
Adelin
  • 15,139
  • 20
  • 96
  • 143
  • 1
    I had exactly same question, and come to the same conclusion you mention. Msp is just a directory. – 久保圭司 Nov 07 '19 at 06:44
  • @engineerk A poorly chosen name results in scratching your head for hours to understand what it is. – Adelin Nov 07 '19 at 07:04
  • 1
    Don't confuse its function with its implementation. Yes, it is JUST a set of directories containing certs, but that is just an implementation detail. The implementation could be replaced as well as extended as basically the MSP only allows you to define who is an admin vs who is just a normally authenticated user. The value of the current implementation is that each participant is able to decide what they consider someone else, i.e., admin or user. Pretty coarse grained, but it works. – Toddinpal Jun 05 '20 at 19:53
  • It's not only a bunch of directories, it's consist of a suite of APIs and interface to deal with them. – malajisi Nov 24 '20 at 04:47
0

The confusion may come from the fact HLF is both defining the MSP as an abstraction layer and providing a simplistic implementation (using directories).

MSP documentation -link above- clearly states In the rest of this document we elaborate on the setup of the MSP **implementation** supported by Hyperledger Fabric

MonoThreaded
  • 9,824
  • 9
  • 63
  • 98