The design of any service-oriented application requires the determination of users who will be allowed to access the application and perform various actions. For a Hyperledger Fabric application, special consideration ought to be given to the differentiation between user classes. Every Fabric network has a set of privileged users (who we have been referring to as administrators of organizations) and ordinary members. This differentiation of roles must be reflected in the design of the user-facing application, too.

The application must have an authentication layer as well as a mechanism for session management, allowing an already-authenticated user to exercise the application, limited by their role. In our example application, we will use JSON Web Tokens (JWT) for this purpose.