AC

• The Tenant UI can import schemas from the plugin storage
• You can create a new schema through the Tenant UI
• If you are not an Issuer the functionality is disabled

Implement

• New UX design for the Tenant UI About page per Guru's mockups
• New config fields for Traction and Acapy
• Configuration so the "BC Gov" part is optional and can be set to other texts

To support work in tenant-ui, we want to quickly list all the cred defs our tenant has created:

1. cred defs they create
2. cred defs chemas are not stored locally, so all reads are from ledger - local cache will be preferable for speed.

Schema:

• list, read and remove
• cred defs added to storage via events, so existing api to post cred def to ledger will result in being added to storage.
• no sync operation as data on ledger does not provide the same level of detail that the create has (ex. whether it is revocable)

We need some traction architecture diagrams and supporting documentation.
There is nothing since we moved to plugins, the old one as a standalone API has been removed.

To support work in tenant-ui, we want to quickly list all the schemas our tenant cares about:

1. schemas they create
2. schemas they import/reference

Import/reference is not supported in Aca-Py API, so will need to add, also schemas are not stored locally, so all reads are from ledger - local cache will be preferable for speed.

Schema:

• schemas are added to storage via notification/events, so existing api to post schema to ledger will end up adding to storage.
• list, read, remove operations
• a sync operation that will check ledger for all known created and populate storage.

Stories/tasks around doing basic presentation request functionality in the Tenant UI.

Port over PUT /multitenancy/wallet/{wallet_id} api to /tenant.

Possible to enhance this, but probably best left to the tenant UI if we want separate the fields for easier management.

i.e. allow them to set the image URL and label in discrete UX functions.

probably shouldn't allow them to set wallet dispatch type?

  "image_url": "https://aries.ca/images/sample.png",
  "label": "Alice",
  "wallet_dispatch_type": "default",
  "wallet_webhook_urls": [
    "http://localhost:8022/webhooks"
  ]

Fourth and Final Status Indicator for the Reservation Workflow.

When the user requests access to Traction they have to enter personal information to receive a reservation. If they go back to check on the status of their application they have to enter an email and key. If there is no email found in the system we need to show the user that it was not found in the system. That way they can possibly correct spelling and check again.

"Machine Readable Governance"

As an ACA-Py Tenant Verifier, I want to use a machine-readable governance file to determine if the issuer is in the "trusted list" or not

AC:

• Verifier would use a URL to load/cache a list of DIDs of Trusted Issuers of a particular credential (likely pointing to a file in another GH repo)
• After receiving the presentation from the holder, check that the issuer of the presented information is in the list of DIDs

On latest the configuration options are not showing menu items when collapsed

When I create a cred an a schema it seems to get through to the new credential-storage.

But if that credential has "support_revocation": false then it seems to fail to end up in storage.

Right now the Check Reservation Status handles all errors the same, handle a 404 differently so that the user knows they've entered the wrong res ID.

There are two parts to this ticket.

1. The backend needs to respond with a "not found" code... which it currently does not.
2. The UI needs to harvest this code and present a "not found" html message. Currently all errors are communicated as Toast notification errors.

AC

1. When a 404 occurs, the error message in the red error toast says "Reservation not found" (or some other text if something else is better)

2. Other non-404 errors just continue to propagate their respective error message forward. If it's not a 404, we don't display "not found".

Videos of Traction (old version) have been removed.
Decide whether they need to be replaced and log more issues to have them created and posted (where?) if needed.

On BCovrin Test, a tenant requires an endorser before:

• creating a public DID
• creating schemas/cred defs and issuing credentials.

Switch the deployed instances of Traction to use the BC Gov hosted endorser service, rather than having a self-hosted one.

Currently, BC Gov has endorser services deployed for the Candy networks (dev/test/prod). New deployments targeting BCovrin (dev/test/prod) will be required before the switch, unless switching to Candy is an option that should be considered.

Presently a connection that results from a mutli-use invitation gets no alias. Discuss with Lucas or Sherman for direction on this ticket.

AC:

• There is a UX decision for how these connections
  -- Appear in the connections list
  -- Appear in connection dropdowns.

AC:

• Issuer is notified of credential proposal
• Issuer can view details of credential proposal
• Issuer can Accept/Decline proposal

See https://github.com/hyperledger/aries-rfcs/blob/main/features/0453-issue-credential-v2/credential-issuance.png

TL;DR 🏎️

Teams are encouraged to favour modern inclusive phrasing both in their communication as well as in any source checked into their repositories. You'll find a table at the end of this text with preferred phrasing to socialize with your team.

Words Matter

We're aligning our development community to favour inclusive phrasing for common technical expressions. There is a table below that outlines the phrases that are being retired along with the preferred alternatives.

During your team scrum, technical meetings, documentation, the code you write, etc. use the inclusive phrasing from the table below. That's it - it really is that easy.

For the curious mind, the Public Service Agency (PSA) has published a guide describing how Words Matter in our daily communication. Its an insightful read and a good reminder to be curious and open minded.

What about the master branch?

The word "master" is not inherently bad or non-inclusive. For example people get a masters degree; become a master of their craft; or master a skill. It's generally when the word "master" is used along side the word "slave" that it becomes non-inclusive.

Some teams choose to use the word main for the default branch of a repo as opposed to the more commonly used master branch. While it's not required or recommended, your team is empowered to do what works for them. If you do rename the master branch consider using main so that we have consistency among the repos within our organization.

Preferred Phrasing

Pro Tip 🤓

This list is not comprehensive. If you're aware of other outdated nomenclature please create an issue (PR preferred) with your suggestion.

MVP Issuer functionality in the Traction Tenant UI

Traction Issuer functionality

1. Create Schema API+UI
2. Create CRED DEF API
3. Create offer credentials

Innkeeper interface/role access/workflow for multitenant instance

Hey guys, would it be possible to remove or rewrite the following sentence in the main readme: "This project space will be a rewrite of the Business Partner Agent with multitenancy, cloud native architecture and Open APIs." The BPA reference causes a lot of confusion and people continuously ask me if the BPA is still being developed, or if it is now Traction, or if Traction is the multi tenancy portion of the BPA.

Overlay Capture Architecture functionality in Traction Tenant UI

Currently, we return the tenant gets their walet_key and uses that to prove who they are when they get a token. We are using managed wallets, but we should provide a separate key/password that can be used to fetch a token. Tenants (managed) do not need to know their wallet_key - this is stored (securely, encrypted) in the db and can be recovered by the admin.

Add new mechanisms to return an alternate key and use that for verification on token fetch/refresh.

A similar concept is in use for reservations...

AC

1. Use export function from ASKAR to extract the wallet
2. Build a UI to control the downloading of files

Nice to have- Figure out if export is easy , if not look for better options/solution

Check with Andrew Whitehead

Epic for implementing a unit testing framework

As an Aca-Py plugin, Traction should be able to run alongside other plugins (such as the issuer registration plugin for Aries VCR).

In order to assess next steps for standing-up an Aries VCR/OrgBook issuer agency (see this) we need to be reasonably sure other plugins will be able to work alongside Traction.

This relates to the possibility of selectively enable/disable the TenantUI controls to:

• connect to an endorser
• create a public DID

See what enhancements we need to add to Ace-Py API to support tenant-ui functionality.

Track work against this ticket.

Relates to #427

Update the Traction Tenant UI screens to display credentials held by the wallet/agent and display following the OCA spec, using the OCA bundle included with the credential.

On BCOVrin Test - you must have an endorser connection to create your Public DID

Acceptance Criteria:

• OIDC authentication for tenant requests can be enabled/disabled in the Traction deployment settings.
• When authentication is enabled, the user will be required to sign-in to be able to access the tenant request form.
  • The email and Full Name fields will be pre-populated with the information obtained by the Identity Provider, and locked from editing.

This pattern would be consistent with other BCGov self-provisioning services (e.g.: keycloak realm request).

Question: would the reservation check page need to be protected too, or is the reservation email and id good enough?

Relates to #420

The readme file and general documentation are out-of-date and require updating, with current instructions on how to stand-up the project and have it running locally in Docker.

Tenant UI for Holder functions

No Project Lifecycle Badge found in your readme!

Hello! I scanned your readme and could not find a project lifecycle badge. A project lifecycle badge will provide contributors to your project as well as other stakeholders (platform services, executive) insight into the lifecycle of your repository.

What is a Project Lifecycle Badge?

It is a simple image that neatly describes your project's stage in its lifecycle. More information can be found in the project lifecycle badges documentation.

What do I need to do?

I suggest you make a PR into your README.md and add a project lifecycle badge near the top where it is easy for your users to pick it up :). Once it is merged feel free to close this issue. I will not open up a new one :)

Seems to be a lot of issues with using the scripts to build and stand up locally when using V2.
Docker v1 and v2 operate very differently...
There are n2 ways to configure your docker (moreso docker compose) so pretty much impossible to have it work on all machines for everyone. At least get it working for our immediate team.

1. attempt to make the default commands operate the same in Docker v1 and v2
2. document alternative approaches if developers run into issues (ie more build commands, clean up...)

TL;DR

Topics greatly improve the discoverability of repos; please add the short code from the table below to the topics of your repo so that ministries can use GitHub's search to find out what repos belong to them and other visitors can find useful content (and reuse it!).

Why Topic

In short order we'll add our 800th repo. This large number clearly demonstrates the success of using GitHub and our Open Source initiative. This huge success means it's critical that we work to make our content as discoverable as possible. Through discoverability, we promote code reuse across a large decentralized organization like the Government of British Columbia as well as allow ministries to find the repos they own.

What to do

Below is a table of abbreviation a.k.a short codes for each ministry; they're the ones used in all @gov.bc.ca email addresses. Please add the short codes of the ministry or organization that "owns" this repo as a topic.

That's it, you're done!!!

How to use

Once topics are added, you can use them in GitHub's search. For example, enter something like org:bcgov topic:citz to find all the repos that belong to Citizens' Services. You can refine this search by adding key words specific to a subject you're interested in. To learn more about searching through repos check out GitHub's doc on searching.

Pro Tip 🤓

• If your org is not in the list below, or the table contains errors, please create an issue here.

• While you're doing this, add additional topics that would help someone searching for "something". These can be the language used javascript or R; something like opendata or data for data only repos; or any other key words that are useful.

• Add a meaningful description to your repo. This is hugely valuable to people looking through our repositories.

• If your application is live, add the production URL.

Ministry Short Codes

NOTE See an error or omission? Please create an issue here to get it remedied.

Needs further discussion on if this is "a thing" or not

Should there be a (optional) central key storage for recovery, or for accessing wallet functions through other authentication.

AC:

• On the Settings page you can set the (necessary at this point) values from https://traction-tenant-proxy-dev.apps.silver.devops.gov.bc.ca/api/doc#/traction-tenant/put_tenant_wallet

@amanji to bring it up in May 26 OCA meeting as discussion iem

• consider multiple credentials in presentation

• initial UX design is here: https://xd.adobe.com/view/045a1969-719a-4aa5-848f-637ef1b7051a-5109/screen/da6230a7-de4a-486a-9766-85797dd0af1a/

As a Traction Tenant Issuer, I want to include an OCA bundle when I issue a credential, so the holder receiving the credential can use the OCA bundle to display/view the contents correctly

• when Tenant defines a new cred def, they can "save" OCA JSON within their own data store (not written to ledger), so that when they offer a credential using the cred def, Traction will include the saved OCA bundle with the offer_credential payload

AC:

• There are defined types for all API requests and responses, regardless of if we use a generator to make them or not.
• Types/Interfaces are organized in a good-practice structure

I want to develop issuer functionality on a ledger without needing endorser

AC:

• can my development instance be configured to connect to a ledger without an endorser needed
• can Tenant UI issue a credential on a ledger without an endorser - would I get an error? How is error prevented/handled?