SPIKE: Try cases through Traction with Endorsers that do not auto manage connections.

bcgov / traction

Traction is designed with an API-first architecture layered on top of Hyperledger Aries Cloud Agent Python (ACA-Py) and streamlines the process of sending and receiving digital credentials for governments and organizations.

https://digital.gov.bc.ca/digital-trust/tools/traction/

Apache License 2.0

51 stars 45 forks source link

SPIKE: Try cases through Traction with Endorsers that do not auto manage connections. #797

Closed loneil closed 10 months ago

loneil commented 10 months ago

Findings: https://hackmd.io/@PgFCkYXNR8KNp3kUV-xiPQ/rkvy2g602

From plan in https://github.com/bcgov/DITP/issues/31

Test out Traction Issuer functionality against one of the Endorsers in 419599-dev (Sovrin Dev likely, also has Candy dev). These do not auto accept connections, so see what management is like through Traction tenant using this case.

Make connection to Endorser from Traction as usual. See how TenantUI displays when it's not auto accept here.

Try doing connection acceptance and role setup through Endorser.

Reference script here https://github.com/bcgov/dts-endorser-service/blob/main/openshift/manage#L47C5-L47C20

Swagger for endorser service https://bcovrin-endorser-service-dev.apps.silver.devops.gov.bc.ca/endorser/docs#/

Swagger for admin API for endorser's agent https://aries-endorser-agent-admin-dev.apps.silver.devops.gov.bc.ca/api/doc

loneil commented 10 months ago

@esune I wrote up details and instructions on how to test out here (and additional findings) https://hackmd.io/@PgFCkYXNR8KNp3kUV-xiPQ/rkvy2g602

Short is

Can accept connection and refresh Profile page
Register DID will need splitting up as there is an endorsement step in there
After that done, can still just refresh Profile page to have Issuer status
Can then create schemas and offer and stuff all good from initial testing
UX from Multi-Ledger stuff will need changing, can't do things in 1 step.
I will do that in https://github.com/bcgov/traction/issues/757 but we'll need to discuss the needs of this more complex flow.

esune commented 10 months ago

Thanks @loneil, this looks promising. Other than tweaking the handling of the calls to register a public DID, are there any other calls we need to adjust (schema, creddef) or reloading after the endorser has approved the transaction is all we need?

An alternative, at least as a stop-gap to limit code changes if they become burdensome would be to use PUT /endorser/v1/connections/<connection_id>/configure in the endorser service API to set auto-endorse capability on the connection to the known tenant (manual approval is preferable for governance and compliance reasons).

loneil commented 10 months ago

@esune I've added the stuff about the Schema and Cred Def steps to the hackMD. Yes they need endorsement so Traction does not have the storage records for them (these are plugin driven) until endorsement, then they show up fine.

For the PUT /endorser/v1/connections/<connection_id>/configure that indeed short cuts everything after the connection accept async. Added notes on that as well. Could be a stop gap to save some Tenant UI work if we are allowed to use it. (until needed on a different use case of course)

esune commented 10 months ago

Research is complete and we have a plan moving forward, closing.