Organisations
Organisations define boundaries within a Fabric Blockchain Network
Each organisation defines :
A network can include many organisations representing a consortiumOrganisations define boundaries within a Fabric Blockchain Network
Each organisation defines :
Each organisation has an ID
Consortium Network
An example consortium network of 3 organisations
- Orgs 1 and 3 run peers
- Org 2 provides the ordering service only
Membership Service Provider (MSP) - Overview
A MSP manages a set of identities within a distributed Fabric network
Provides identity for :
- Peers and Orderers
- Client Application
- Administrators
- Fabric-CA
- An external CA
Supports different crypto standards with a pluggable interface
A network can include multiple MSPs (typically 1 per org)
Includes TLS crypto material for encrypted communications
Transport Layer Security (TLS)
- Cryptographic protocols that provide communications security over a computer network
- Provides privacy and data integrity
- Symmetric cryptography is used to encrypt the data transmitted (privacy)
- Public-key cryptography is used to authenticate the identities of the communicating parties.
- Include message integrity check to prevent loss or alteration of the data
- All component communication in Fabric secured using TLS (client-peer, peer-peer, peer-orderer, orderer-orderer)
User Identities
Each client application has a local MSP to store user identities
Each local MSP includes :
- Keystore
- Public x. 509 certificate
Can be backed by a Hardware Security Module (HSM)
Admin Identities
Each Administrator has a local MSP to store their identity
Each local MSP includes :
- Keystore
- Signcert
- Public x. 509 certificate
May also include Transport Layer Security (TLS) credentials
Can be backed by a Hardware Security Module (HSM)
Peer and Orderer Identities
Each peer and orderer has a local MSP
Each local MSP includes :
- Keystore
- admincerts
Can be backed by a Hardware Security Module (HSM)
Peer and Orderer Identities
Each peer and orderer has a local MSP
Each local MSP includes :
- Keystore
- Private key for signing transactions
- Public x. 509 certificate
- admincerts
- List of administrator certificate
- The CA public cert for verification
- Crls
- List of revoked certificate
Peers and Orderers also receive channel MSP info
Can be backed by Hardware Security Module (HSM)
Channel MSP Information
Channels include additional organisational MSP information
- Determines which orderers or peers can join the channel
- Determines client applications read or write access to the channel
- Stored in configuration blocks in the ledger
- Each channel MSP includes
- admincerts
- Any public certificates for administrators
- cacerts
- The CA public certificate for this MSP
- Crls
- List of revoked certificate
New User Registration and Enrollment
Registration and Enrollment
- Admin registers new user with Enroll ID
- User enrolls and receives credentials
- Additional offline registration and enrollment options available
Transaction Signing
All transactions within a Hyperledger Fabric network are signed by permissioned actors, and those signatures are validated
Actors sign transactions with their enrolment private key
- Stored in their local MSP
Component validate transactions and certificates
- Root CA certificate and CRLs stored in local MSP
- Root CA certificate and CRLs stored in Org MSP in channel
No comments:
Post a Comment