Can a Hyperledger Fabric identity be enrolled solely through the web?

Question

While it is possible to use Nodejs's fabric-ca-client to perform enrollment through a REST API, this requires communication with a third party service which could compromise security as the end user's secret must be shared.

Is there a way to interact with the fabric through the web directly, bypassing the need for a REST API to ensure security? Attempts at using browserify and webpack to bundle the fabric-ca-client module have been unsuccessful as the necessary modules cannot be found or are incompatible.

Is there something crucial that I am missing in this approach? Any recommendations for secure enrollment applications for the client in other languages or architectures, such as Android applications, would be greatly appreciated.

Thank you.

Answer 1

fabric-ca server is not mandatory for a fabric network. You can use alternative CA services to issue private keys and certificates so long as you create the appropriate MSP definition for your organisation which could be one option for you.

fabric-ca server already supports REST style requests, all fabric-ca-client node.js module does is wrap those calls into an easy to use interface for node.js applications. It should be possible to write a mobile phone application or web based application to interact with directly with a fabric-ca-server. It may be that is how the fabric operations console in hyperledger-labs actually does it as it doesn't bundle fabric-ca-client but can still interact with fabric-ca-servers.

You will probably have to inspect the fabric-ca-client code or fabric-operations-console code to work out how it does this as the fabric-ca documentation doesn't appear to describe the interfaces to do this.