Traction compatibility

[esune]

Review and assess Traction capabilities and what changes would be required by the issuer agency to use an externally-managed agent.

[esune]

After an initial review of the code, as well as reviewing the proof-of-concept changes in this PR (https://github.com/bcgov/aries-vcr-issuer-controller/pull/74) for the issuer-controller I think we should be able to re-use most of the code to target a Traction-managed tenant and facilitate registering an issuer with an Aries VCR instance, as well as potentially issuing credentials.

The Issuer Agency includes a lot of functionality that predates Traction and would still be useful for an independent deployment, so it makes sense to keep it rather than pruning all of the features.

The changes required to be compatible with traction are relatively simple:

• adding a new setting that identified AGENCY_MODE: "traction. This would disable (feature flag) most of the functionality dedicated to managing an agency and providing a "profile" to the issuer. The agency would be reduced to a controller that handles schema definition and proxies requests to the agent. DB support could be removed as well, making it stateless (the only benefit of the DB is storing a copy of the Aries VCR schema configuration).
• when in Traction mode, expect request to the API endpoints to contain wallet_id/wallet_key: they will be used to call the Traction endpoints responsible for fetching the authorization token to be used to authenticate with the tenant.
  • alternatively, the expectation could be that the token is obtained ahead of time.

A Traction tenant would be provisioned separately and be a pre-requisite to using the controller. A similar set of changes could/would be applied to https://github.com/bcgov/aries-vcr-issuer-controller to support independent issuer controllers.

Some extra tweaks might be discovered as changes are underway, but I do not expect the amount of work to be exceedingly high.

The agency controller will be used for defining schemas and submitting the issuer registration/update to OrgBook. Issuance can be completed both through the controller's APIs (which support batches of credentials) or by calling the tenant APIs directly.

Adapting the agency client UI to facilitate composing configuration files, if desired, would follow a similar pattern and would exchange the current api-key authentication mechanism with a wallet_id/wallet_key sign-in similar to what issuers would already be using in Traction.

[swcurran]

Very cool. This seems to align with the idea I had my head of “Traction Apps” that are themselves multi-tenant, that provide functionality for some purpose (like issueing to OrgBook) and that use Traction as the multi-tenant Aries provider.

[esune]

Logged #45 with more detailed action items, closing this issue.