Reputation: 883
What is the difference between MSP and Fabric CA?
Is Fabric CA an implementation of MSP? Is an MSP useless by itself?
What are the functions of the MSP and Fabric CA? And differences in those functions?
Upvotes: 25
Views: 7607
Answers (4)
Reputation: 326
Certificate Authority (CA) is like a card provider — it dispenses many different types of verifiable identities (visa, mastercard, Rupay).
An MSP, on the other hand, determines which credit card providers (visa, mastercard) are accepted at the store.
<-->
In this scenario, MSP only accepts Visa and Mastercard even though CA has produced Rupay alongside the accepted ones.
<-->
Connecting with Hyperledger fabric,
Certificate Authorities issue identities by generating a public and private key which forms a key-pair that can be used to prove identity. This identity needs a way to be recognized by the network, which is where the MSP comes in.
For example, a peer uses its private key to digitally sign, or endorse, a transaction. The MSP is used to check that the peer is allowed to endorse the transaction or if the peer belongs to the recognized organizations/members.
MSP is internal or close to the network setup whereas CA resides in a distance.
Upvotes: 0
Reputation: 171
MSPs are in charged for members certificates and authentication. MSP is pluggable, so the default Fabric MSP implementation uses PKI methods and X.509 certificates. You can use commercial CAs or Fabric CA to generate the keys and certificates needed to configure an MSP.
For more information read the Fabric CA documentation and https://hyperledger-fabric.readthedocs.io/en/latest/msp.html
Upvotes: 1
Reputation: 11
Fabric CA provides features such as: Registration of identities with roles like peer, user or application, or connects to an existing LDAP as the user registry to fetch identities of the mentioned roles.
MSP is a membership service provider defines which certificate authorities(CA's) is allowed to issue certificates.
Upvotes: 0
Reputation: 41222
MSP is a Membership Service Provider - pluggable interface to support variety of credentials architectures, basically offering abstraction layer for membership orchestration architecture. MSP abstraction provides:
- Concrete identity format
- User credential validation
- User credential revocation
- Signature generation and verification
While Fabric-CA used to generate certificates and keys to actually initialize MSP facilities. Fabric-CA is a default implementation of MSP interface to cover identity management.
Upvotes: 25
Related Questions
- What exactly Membership Service Provider (MSP) is in Hyperledger Fabric?
- Difference between hyperledger composer and hyperledger fabric?
- Difference between fabric-tools and fabric-ca-tools images
- Understanding Various Certificates in Hyperledger fabric
- Difference between Fabric CA server and CA Client
- Difference between fabric-orderer/fabric-peer and fabric-ca-orderer/fabric-ca-peer images
- Hyperledger Fabric Ecert's term
- Difference between local MSP and Channel MSP?
- Hyperledger Fabric docs on Membership Service Provider - Questions
- Hyperledger Fabric: What's the relationship between MSP and Fabric CA