Question

I read in the Hyperledger Fabric Documentation that there are two roles suppoerted currently in Endorsement Policy. Are these equal to peers? In Orgs, crypto-config folder there are Admin certs and User certs, are these the certificates that are used to Sign the Endorsement? And how does the admin signs that Endorsement Policy upon submitting a transaction?

Answer 1

The goal of endorsement policy to set the rules about the number of peers / orgs which must reach on an agreement on the execution of a chaincode, given a set of inputs. Signatures are used as a means to ensure that the response was not tampered with and used to identity which org/peer actually responded.

You will not have the case where a peer will not "sign" the endorsement response, unless you have a malicious peer where someone has actually written there own version of the peer code. Things which can occur are:

• peer not available

• peer produces a different result than other peers

• the actual chaincode logic results in a rejected proposal

If an organization has Admin Role in a channel, then while it signs the transaction received from the clients of that channel, it would use the Admin Certificate to sign the proposal.

As per my understanding, the Roles" Admin & Member" considered in the Endorsement policy are as the ones mentioned against the Organization section "Role.Admin" and "Role.Member" in the channel configuration. And not the roles of the individual users of the Organization.