2023-01-24 Aries Cloud Agent - Python Users Group Community Meeting

Zoom Link: https://zoom.us/j/99220079317?pwd=OHk0U05ITnBkSmZ0aXlIQzFDYWg3UT09

Call Time: 8:00 Pacific / 17:00 Central Europe

• Full Meeting:  

• Topics:

• @Stephen Curran (BC Gov/Cloud Compass Computing Inc.) <swcurran@cloudcompass.ca>,Announcements

• @Wade Barnes (BC Gov / Neoteric Technologies Inc.) <wade@neoterictech.ca>

• Update on BC Gov Code With Us – ACA-Py Indy-SDK to Askar conversion script - Indicio

  • Status: Refactor and review, and then on to testing - creating test cases. Wrap up next week.

  • Repo is: https://github.com/Indicio-tech/acapy-wallet-upgrade;  ACA-Py or external

  • Current branch: https://github.com/Indicio-tech/acapy-wallet-upgrade/tree/feature/psql-support

  • Question from @Kyle Robinson : How close is this conversion becoming like an export/import 

    • Response from @Daniel Bluhm : There's definitely some similarities to export/import with the key difference that we're not doing a full dump/export followed by a full import. The migration script performs updates more or less in place so we don't have to worry about the size of the database being operated on

  • From @Timo Glastra – AFJ issue: https://github.com/Indicio-tech/acapy-wallet-upgrade/tree/feature/psql-support

• Experiences with the use of Plugins in ACA-Py – the BC Gov Traction Team – @Jason Sherman 

  • Traction – enabling the use of multi-tenant ACA-Py for teams that want an agent within an organization

    • Ease of use in standing up a new interface

    • Simplifier API for issuers/verifiers 

  • List of existing plugins: https://hackmd.io/m2AZebwJRkm6sWgO64-5xQ
    
    

    • Action – add the Traction plugins to it

    • Action – add this as a document in the ACA-Py repo

  • https://github.com/bcgov/traction

  • https://github.com/bcgov/traction/tree/develop/plugins

    • Getting started – look at the basicmessage-storage plugin – store the basic message text

    • Need more docs on how to do it - basics plus best practices – see deployment comments below.

    • Use it for testing new capabilities before putting into core ACA-Py

    • Deployment – how do you get the plugin published, versioned and brought into images for deployment? No decisions yet?

      • Managing the command line parameters, and the use of yaml files for the plugins

    • Lots of logic is in ACA-Py's routes.py, which might need to be refactored – makes it harder.

    • Big win in keeping the maintenance down vs. external code. Much easier to manage.

• Ledger-Agnostic AnonCreds Interface is ACA-Py: progress

  • Status update

  • When should we replace indy-shared-rs with anoncreds-rs? Issue #2044

• Adding a Documentation site for ACA-Py - as nice as the AFJ one - https://aries.js.org/

  • PR: 2079

  • Features wanted:

    • a Version selector based on ACA-Py tags, so the entire site (navigation, search) is filtered to that version

      • Only for versions going forward – not for past versions.

    • multi-lingual support to allow for translations

  • Current PR will have the doc site within ACA-Py, but the need for multiple versions may cause us to use a separate repo for housing the generated documents.

• Question from @Pradeep Kumar Prakasam : About automated container scanning.

  • Hi. If there is time, I would like to know if Container vulnerability scanning is covered in the GitHub workflow. I can see SonarCloud Gate, but couldn't find any container scanning there. If anyone could give me more info where to look, it would be great, thanks.

    • Notably – would it be possible to add qualys or an equivalent for container scanning?

  • Wade Barnes created Issue #2087 for this, flagging @Ry Jones of Hyperledger to see what tools the Foundation has for this.

• Does anyone use/see a use case for Web Sockets and Return Route beyond ACA-Py as a mobile agent mediator?

• Issue 2029: Additional security controls for webhooks for multi-tenancy