0

I am following one of the tutorials on how to set up a hello-world IBM Blockchain Cloud network from the web console ( https://developer.ibm.com/tutorials/quick-start-guide-for-ibm-blockchain-platform/ ). The first step is to create a CA and in here you have to provide a CA administrator enroll ID and password. OK, let's call this admin1. Then the immediate step is to Associate identity with this CA (let's call this admin2). Here it looks like you have to add the previous admin1 created before but it's not clear if this is the same user/identity/enrollID or it's a new one (you can't select admin1 from a drop-down list to clearly show that admin1 was created before and is now available). This admin2 is listed to have the type client, although you couldn't choose the type of identity when you created it. Then in the next step you have to Register user for the CA, and now you have to create a new admin3. For admin3 you can select the type from a drop-down list with entries for client, admin, peer, orderer. Here you have to select type admin, although for admin1 and admin2 the documentation also implies they are "admin"s.

They all are admins although clearly some are more admins than other ( admin farm ), e.g. client vs admin (and this hierarchy is actually in the spirit of hyperledger-fabric which is structured and permissioned <thank God, it's more environmentally friendly this way>, but here it's not clearly defined).

It doesn't help that when a password field is present it's also not clear if that is a new password to be created for a new user/enrollID/identity or it's for verifying an existing user/enrollID/identity (the easy fix is to use the same password everywhere :))).

There is also a big confusion between these three similar (?) concepts: user vs enrollID vs identity.

Up to now there is no clear question in my post so it's expected the stackoverflow admins will overflow and close this question as violating the stack of question polices.

To go more freudian than orwellian i guess the original guilt of the hyperledger-fabric developpers of violating the spirit of permissionless bitcoin blockchain surfaced to the frontend :)))

My question is can we expect this confusion to be simplified on a higher-level web-console frontend or is this more deep rooted in the hyperledger-fabric implementation ?

user2960174
  • 49
  • 6

2 Answers2

0

I think I get it now: admin1 and admin2 are the same and this is the admin of the OrgName CA; admin3 is actually the admin of OrgName (no trailing CA this time)! Aha! Oh dear!

user2960174
  • 49
  • 6
  • "Enroll ID" is such a tongue rolling fancy lick-bait; some-one is drooling over their posh terms just ready to be pasted in a powerpoint presentation, oh dear! – user2960174 Mar 16 '21 at 10:16
0

Here is the explanation:

As an entry point to your blockchain, you need to create an MSP organization (a formal definition of the peer’s organization).

To create MSP org, you need an org admin identity. The CA creates all of the identities and certificates that belong to your organization in addition to defining the organization.

Therefore,

  • create the CA as a first step
  • create org admin identity (which is also considered as an user so it is part of Register User)
  • create one or more users with peer identity
  • then create MSP

Hope it clarifies the concept as well as the step defined in the tutorial(https://developer.ibm.com/tutorials/quick-start-guide-for-ibm-blockchain-platform/).

The clarification among user - enroll ID - identity:

  • users are the ones who can access blockchain network
  • identity is like role given to that user and according to their role they can perform different operations in blockchain network
  • enroll ID is the display name of that user
Dharman
  • 30,962
  • 25
  • 85
  • 135
Shikha
  • 1
  • 1