Hyperledger Aries Cloud Agent Python (ACA-Py) is a foundation for building decentralized identity applications and services running in non-mobile environments.
As noted by @PatStLouis in the [20240917]() ACA-Pug meeting, when the --seed option is used as a startup parameter, a key is created along with a did:sov DID that uses that key by ACA-Py. This issue is to discuss how to extend the startup parameter (and define an OpenAPI endpoint -- but without a seed) to create keys and bind them to DIDs. For example (and this is totally wrong -- just used as an example), extend --seed values to be "<seed>,<did method>,<did parameter>" -- e.g."123456,tdw,example.org"`. The intention of the issue is to cover:
What DID methods should we support immediately through this interface?
Which ones can be created with startup options (or should we drop that?) and which ones can only be created by an OpenAPI call because the key id (kid) must be returned.
What does it mean to have multiple keys with the same flag (e.g. "public")
For each DID method, what does ACA-Py do?
As @dbluhm has mentioned what are the "key purpose" flags that should be supported (initially -- with more added as appropriate) that tell ACA-Py, and the per DID Method code what to do when a new DID is to be created.
For the OpenAPI endpoint, for security reasons, we won't pass in the seed (assuming that ACA-Py generates a seed on the fly).
Editorial: I'm using this issue to generate discussion and probably have some fundamentals wrong in the issue. Feel free to edit this issue description to improve the quality of the resulting conversation.
As noted by @PatStLouis in the [20240917]() ACA-Pug meeting, when the
--seed
option is used as a startup parameter, a key is created along with adid:sov
DID that uses that key by ACA-Py. This issue is to discuss how to extend the startup parameter (and define an OpenAPI endpoint -- but without a seed) to create keys and bind them to DIDs. For example (and this is totally wrong -- just used as an example), extend--seed
values to be"<seed>,<did method>,<did parameter>" -- e.g.
"123456,tdw,example.org"`. The intention of the issue is to cover:For the OpenAPI endpoint, for security reasons, we won't pass in the seed (assuming that ACA-Py generates a seed on the fly).