============
Introduction
============

Hyperledger Fabric is a permissioned blockchain, thus, each network participant must have a digital identity (certificate) to convience other participants
that it has rights to perform actions in the network or even be part of the network and Fabric CA [1]_ is used to manage these identities.

Think of a border control. To cross the border, you need to provide your passport. Where do you get that from? Yes, from the government! In our case, the government is Fabric CA [1]_ and the passport is the certificate.

Fabric CA [1]_ offers functionalities like registering/renewing/deleting identities, issuing crypto materials for the registered identity, revoking identities, generating CRLs (Certificate Revocation List) [2]_ and more.

There are 3 types of identities, **peer**, **client**, **orderer** and **admin**. Each of these identities has its own role in the network. Let's go through them:

:Peer:
  A **peer** identity is used by peer nodes that form consensus in the network. Peers are also responsible for storing the blockchain history (ledger).

:Client:
  A **client** identity is used by external applications that are willing to be integrated to the network.

:Orderer:
  An **order** identity is used by **orderer** nodes that ensure transaction ordering and transaction broadcasting.

:Admin:
  An **admin** identity used by organization admins that perform administrative tasks in the network, such as adding peers/orderers to a channel, updating network configuration (configtx.yaml [3]_), managing chaincodes etc.

.. [1] CA stands for Certificate Authority.
.. [2] CRL is a registry that stores list of revoked certificates to prevent eliminated-identity interaction with the network.
.. [3] configtx.yaml is the configuratin file of the network. It describes all the participating peer and orderer organizations along with their rights in the network.