My internet connection says validating identity
If you try to pay with a different card — let’s call it an “Imagine Card” — it doesn’t matter whether the card is authentic and you have sufficient funds in your account. Having a valid credit card is not enough — it must also be accepted by the store!PKIs and MSPs work together in the same way — a PKI provides a list of identities, and an MSP says which of these are members of a given organization that participates in the network.As long as the CA keeps certain cryptographic information securely (meaning, its own private signing key), anyone reading the certificate can be sure that the information about Mary has not been tampered with — it will always have those particular attributes for Mary Morris.Think of Mary’s X.509 certificate as a digital identity card that is impossible to change.It’s PKI that puts the S in HTTPS — and if you’re reading this documentation on a web browser, you’re probably using a PKI to make sure it comes from a verified source. A PKI is comprised of Certificate Authorities who issue digital certificates to parties (e.g., users of a service, service provider), who then use them to authenticate themselves in the messages they exchange with their environment.A CA’s Certificate Revocation List (CRL) constitutes a reference for the certificates that are no longer valid.
For example, you might want to be sure you’re communicating with the real Mary Morris rather than an impersonator.For an identity to be verifiable, it must come from a trusted authority.A membership service provider (MSP) is how this is achieved in Fabric.There are many other attributes in an X.509 certificate, but let’s concentrate on just these for now. The certificate also holds many more pieces of information, as you can see.Most importantly, Mary’s public key is distributed within her certificate, whereas her private signing key is not.