While every entity on the network can have a digital certificate and a valid identity, they must have specific roles and permissions. Although one user has an identity on one network, that does not mean that they can communicate with users on another network. This characteristic of Hyperledger Fabric is possible due to the Membership Service Provider or MSP. At a very basic level, the MSP provides information, which is used for authenticating users in a particular network by mapping their identities to their roles in the network.
Every entity on the network has a specific role, such as peer, orderer, client, or admin. The MSP is responsible for defining that role.
What role does an organization play in an MSP?
An organization in an MSP is the collection of members grouped under the same identity. The MSP establishes the relationship between the member and the organization by linking the member's identity to the organization.
You can read more about the MSP in the official Hyperledger Fabric documentation here.
You have to go to the tab labeled "Your MSP" to create an MSP for your organization.
Under this tab, you will see an empty table with an “Add” button in the upper right-hand corner.
Upon clicking this button, a side window will appear, which asks for certain parameters to be provided in four steps.
Provide the MSP name and MSP ID.
Select a CA from the drop-down menu. Upon selecting the CA, two more fields appear under Step 2, where you can add all certificates (chain of trust) needed for identity validation if you are using an intermediate CA.
Set your MSPs admin identity. You can either select an existing identity or generate a new one by providing its name and password.
Create the TLS identity. The Platform needs this identity to function within the network under your MSP. You can either select an existing identity or create a new one. After clicking on “Next” in the fourth step, you can preview the details you have entered. If all details are correct, you can click on Submit, followed by a confirmation popup that your MSP has been created.
The MSP will now be visible under the “Your MSP” tab inside of a table. This table has three rows: Organization, MSP ID, and Actions.
Under actions, you can perform the following:
A certificate icon allows you to see the CA root certificate, TLS root certificate, and admin certificate.
Second is the export action that can be used to download the JSON file of the MSP. This JSON file is needed to add an organization to the other organizations’ partner list as described in this section.
Third is the ability to delete the MSP.
For the sake of example, if a second organization (Organization 2) wants to join your network or another organization's network and become a partner, the first thing it needs to do is create its MSP. The process of creating an MSP is explained in the previous section.
After creating the MSP, Organization 2 needs to export the JSON file of its MSP, which can be downloaded through the “Export” button available in the Actions column of the "Your MSPs" table.
They have to share this JSON file with the organization that is already a network member, for example, Organization 1.
Now, Organization 1 can add Organization 2 by clicking on the “Add partner” button under the “MSPs and Partners” tab and providing the JSON file of Organization 2’s MSP.