原文:http://hyperledger-fabric.readthedocs.io/en/latest/identity/identity.html
什么是身份(Identity)?
What is an Identity?
一个区块链(blockchain)网络中,有不同的参与者(actors),包括同伴(peers),订货人( orderers),客户端(client apps),管理员( administrators)等。每个参与者都拥有一个身份,它以X.509的电子证书格式存储。这些身份(identity)决定了参与者(actors)在区块链中拥有的权限。Hyperledger Fabric通过身份(identity)中的某些属性判断参与者(actors)拥有哪些权限。这些属性被赋予了新的名字——准则“principal”。准则(principal)就像学号、身份证号一样,但是又比它们更加灵活,因为准则(principal)包括了大量参与者(actors)的属性。当我们谈到准则,我们通常指这个系统里的参与者(actors)——尤其指参与者(actor)的身份属性。这些属性代表了参与者(actor)的组织,组织性单元、角色,甚至代表了参与者独一无二的身份。
The different actors in a blockchain network include peers, orderers, client applications, administrators and more. Each of these actors has an identity that is encapsulated in an X.509 digital certificate. These identities really matter because they determine the exact permissions over resources that actors have in a blockchain network. Hyperledger Fabric uses certain properties in an actor’s identity to determine permissions, and it gives them a special name – aprincipal. Principals are just like userIDs or groupIDs, but a little more flexible because they can include a wide range of an actor’s identity properties. When we talk about principals, we’re thinking about the actors in the system – specifically the actor’s identity properties which determine their permissions. These properties are typically the actor’s organization, organizational unit, role or even the actor’s specific identity.
最重要的是,身份(identity)必须是可被证明的。也就是说,身份(identity)必须是真实的。因此,身份必须来自被这个系统信任的权威(authority)。在Hyperledger Fabric中,MSP(membership service provider 成员服务提供者)就是权威(authority)。一个MSP代表了一个组织的成员规则,定义、管理了这个组织有效身份。Fabric默认的MSP设施是“使用X.509证书作为身份(identity)的公钥基础(PKI)分级模式(hierarchical model)。”
Most importantly, an identity must be verifiable (a real identity, in other words), and for this reason it must come from an authority trusted by the system. A membership service provider(MSP) is the means to achieve this in Hyperledger Fabric. More specifically, an MSP is a component that represents the membership rules of an organization, and as such, it that defines the rules that govern a valid identity of a member of this organization. The default MSP implementation in Fabric uses X.509 certificates as identities, adopting a traditional Public Key Infrastructure (PKI) hierarchical model.