rjones (Fri, 06 Dec 2019 05:56:24 GMT):
swcurran

rjones (Fri, 06 Dec 2019 05:56:35 GMT):
Has left the channel.

swcurran (Mon, 09 Dec 2019 18:51:53 GMT):
User User_1 added by swcurran.

swcurran (Mon, 09 Dec 2019 18:52:45 GMT):
User User_2 added by swcurran.

swcurran (Mon, 09 Dec 2019 18:52:51 GMT):
User User_3 added by swcurran.

swcurran (Mon, 09 Dec 2019 18:53:49 GMT):
User User_4 added by swcurran.

swcurran (Mon, 09 Dec 2019 18:54:08 GMT):
User User_5 added by swcurran.

swcurran (Mon, 09 Dec 2019 18:55:31 GMT):
@all I've invited a number of people from Medici and the VON Team. Please use the `/invite` mechanism in this channel to invite others that I have missed. If you don't have permission to do that, let me know and I can invite them. Once you are in, please send a note so I know that you are in. Thanks!

andrew.whitehead (Mon, 09 Dec 2019 23:09:56 GMT):
User User_6 added by andrew.whitehead.

ianco (Mon, 09 Dec 2019 23:10:18 GMT):
I'm in!

andrew.whitehead (Sat, 14 Dec 2019 04:04:00 GMT):
There's a PR with the current progress on revocation support here, along with some comments on what work might remain: https://github.com/hyperledger/aries-cloudagent-python/pull/306

swcurran (Wed, 08 Jan 2020 16:08:16 GMT):
Discussion and information sharing about Aries Cloud Agent-Python (ACA-Py)

swcurran (Wed, 08 Jan 2020 16:08:16 GMT):
Room name changed to: aries-cloudagent-python by swcurran

swcurran (Wed, 08 Jan 2020 18:22:41 GMT):
User rjones added by swcurran.

rjones (Wed, 08 Jan 2020 18:23:20 GMT):
Channel

rjones (Wed, 08 Jan 2020 18:23:42 GMT):
:wave:

rjones (Wed, 08 Jan 2020 18:23:47 GMT):
Has left the channel.

pengyuc (Thu, 09 Jan 2020 05:41:27 GMT):
Hi, I am wondering if there is any effort (or if it even make sense) to make stateless agents that are decoupled from wallets so that we can have multiple agents servicing the same wallet (stored in database) when demend is high; or have few agents servicing multiple wallets when demend is low. From the configurations of the ACA-py, it looks like an agent is bound to a given wallet and we would have to start another agent to service a different wallet even if our storage is postgres?

andrew.whitehead (Thu, 09 Jan 2020 16:26:23 GMT):
@pengyuc It may be possible but it's not that easy to implement. At the moment we open the wallet once at startup and keep it open, as that operation is slow and doing it on every request would kill performance. You could (probably) implement a more flexible wallet provider that kept the wallet instance open while it was being actively used, but there's still the issue of unpacking received messages. The agent can only look in the current wallet to identify the sending verkeys and find private keys for unpacking the messages, so it would have to know in advance which agent is meant to be active

andrew.whitehead (Thu, 09 Jan 2020 16:27:52 GMT):
Moving to raw wallet keys instead of using the argon2 key derivation would improve the opening speed a lot but you'd have to index those keys somewhere else

swcurran (Thu, 09 Jan 2020 16:40:01 GMT):
That said, for the mobile agent mediator agency use case, I think we could separate out the database management (open/closing) and the per mediator agent key management service and storage. It might not be applicable in the general case, but for that limited case, it could be useful. @pengyuc - is that the use case you are talking about?

swcurran (Thu, 09 Jan 2020 16:40:01 GMT):
That said, for the "mobile agent mediator agency use case", I think we could separate out the database management (open/closing) and the per mediator agent key management service and storage. It might not be applicable in the general case, but for that limited case, it could be useful. @pengyuc - is that the use case you are talking about?

swcurran (Thu, 09 Jan 2020 17:19:14 GMT):
We'll be starting up an ACA-Py User Goup, and that is one specific use case we want to enable work to get started on.

victor.martinez (Thu, 09 Jan 2020 17:28:29 GMT):
Has joined the channel.

esune (Thu, 09 Jan 2020 17:32:19 GMT):
Has joined the channel.

pengyuc (Thu, 09 Jan 2020 17:45:21 GMT):
There are a few use cases that I plan to play with. 1. multiple cloud agents handling connections, issurances, verifications, etc for the same wallet in the cloud. The purpose is scaling, load balancing and high availability. 2. Managing multiple proxy agents so that the mobile agents does not need to be online all the time. I have not played with this yet but it sound more like what you just described about the agency mediator. #1 is my most interested usage now while eventually #2 will become important also.

HLFPOC (Thu, 09 Jan 2020 17:56:19 GMT):
Has joined the channel.

swcurran (Thu, 09 Jan 2020 18:01:58 GMT):
We are doing #1 with Kubernetes today. The ACA-Py instances are the same logical agent, and each runs independently talking to the same storage. #2 is the one that I think we need to focus some thought and development effort on - the same use case I mention above.

pengyuc (Thu, 09 Jan 2020 20:01:03 GMT):
awesome. thanks!

ankita.p (Fri, 10 Jan 2020 09:40:27 GMT):
Has joined the channel.

amarts (Mon, 13 Jan 2020 06:44:41 GMT):
Has joined the channel.

Alexi (Mon, 13 Jan 2020 20:45:49 GMT):
Has joined the channel.

george.aristy (Mon, 13 Jan 2020 22:52:04 GMT):
Has joined the channel.

sukalpomitra (Tue, 14 Jan 2020 02:45:57 GMT):
Has joined the channel.

ajayjadhav (Tue, 14 Jan 2020 05:17:44 GMT):
Has joined the channel.

knagware9 (Tue, 14 Jan 2020 06:38:46 GMT):
Has joined the channel.

domwoe (Tue, 14 Jan 2020 07:23:26 GMT):
Has joined the channel.

priyashankar (Tue, 14 Jan 2020 09:59:34 GMT):
Has joined the channel.

amanji (Tue, 14 Jan 2020 13:43:21 GMT):
Has joined the channel.

HLFPOC (Tue, 14 Jan 2020 17:37:24 GMT):
Hi Team, I am currently running ACA-py based agents and using Open API (swagger interface) to perform the transactions (without any controller). Here are the details about the scenario which I am performing and the issue I am facing: Started 3 agents:, Alice, Faber and Acme Connected Alice with Faber and Acme individually (success) Faber created schema and cred_def (success) Faber issued cred_1 to Alice (success) Acme sent proof request to Alice (success) Got invalid structure error when tried to call API(present-proof/{proof-exchange-id}/credentials) to get cred_id which will be used to present proof for the corresponding proof request. Any idea about this error? Structure of my proof request: `{ "connection_id": "value_of_connection_id", "proof_request": { "name": "Proof", "version": "1.0", "requested_attributes": { "0_name_uuid": { "name": "name", "restrictions": [ { "cred_def_id": "value_of_cred_def_id" } ] }, "0_date_uuid": { "name": "date", "restrictions": [ { "cred_def_id": "value_of_cred_def_id" } ] } } } } `

HLFPOC (Tue, 14 Jan 2020 17:37:24 GMT):
Hi Team, I am currently running ACA-py based agents and using Open API (swagger interface) to perform the transactions (without any controller). Here are the details about the scenario which I am performing and the issue I am facing: Started 3 agents:, Alice, Faber and Acme Connected Alice with Faber and Acme individually (success) Faber created schema and cred_def (success) Faber issued cred_1 to Alice (success) Acme sent proof request to Alice (success) Got invalid structure error when tried to call API(present-proof/{proof-exchange-id}/credentials) from Alice agent interface to get cred_id which will be used to present proof for the corresponding proof request. Any idea about this error? Structure of my proof request: `{ "connection_id": "value_of_connection_id", "proof_request": { "name": "Proof", "version": "1.0", "requested_attributes": { "0_name_uuid": { "name": "name", "restrictions": [ { "cred_def_id": "value_of_cred_def_id" } ] }, "0_date_uuid": { "name": "date", "restrictions": [ { "cred_def_id": "value_of_cred_def_id" } ] } } } } `

HLFPOC (Tue, 14 Jan 2020 17:37:24 GMT):
Hi Team, I am currently running ACA-py based agents and using Open API (swagger interface) to perform the transactions (without any controller). Here are the details about the scenario which I am performing and the issue I am facing: Started 3 agents:, Alice, Faber and Acme Connected Alice with Faber and Acme individually (success) Faber created schema and cred_def (success) Faber issued cred_1 to Alice (success) Acme sent proof request to Alice (success) Got invalid structure error when tried to call API(present-proof/{proof-exchange-id}/credentials) from Alice agent interface to get cred_id which will be used to present proof for the corresponding proof request. Any idea about this error? Structure of my proof request sent to Alice: `{ "connection_id": "value_of_connection_id", "proof_request": { "name": "Proof", "version": "1.0", "requested_attributes": { "0_name_uuid": { "name": "name", "restrictions": [ { "cred_def_id": "value_of_cred_def_id" } ] }, "0_date_uuid": { "name": "date", "restrictions": [ { "cred_def_id": "value_of_cred_def_id" } ] } } } } `

swcurran (Tue, 14 Jan 2020 19:21:38 GMT):
Just confirming - you replace the `value_of...` values with real values from your use case? E.g. proper IDs from other data structures?

swcurran (Tue, 14 Jan 2020 19:21:38 GMT):
Just confirming - you replaced the `value_of...` values with real values from your use case? E.g. proper IDs from other data structures?

swcurran (Tue, 14 Jan 2020 19:21:56 GMT):
Probably best to send exactly what you sent.

esune (Tue, 14 Jan 2020 19:28:57 GMT):
Also double checking: the last API call being made should be to `present-proof/records/{presentation-exchange-id}/credentials`. Not sure if you omitted `records` by mistake in your message.

troyronda (Tue, 14 Jan 2020 21:07:25 GMT):
Has joined the channel.

HLFPOC (Wed, 15 Jan 2020 05:47:25 GMT):
Here are the details of schema, cred def, credentials and proof requests created between Faber and Alice.

HLFPOC (Wed, 15 Jan 2020 05:47:25 GMT):
@esune @andrew.whitehead @swcurran Here are the details of schema, cred def, credentials and proof requests created between Faber and Alice.

HLFPOC (Wed, 15 Jan 2020 05:47:44 GMT):
Schema (Faber): { "schema_json": { "ver": "1.0", "id": "YS3UkPm7LsVqNgLVUAELAs:2:id schema:75.40.73", "name": "id schema", "version": "75.40.73", "attrNames": [ "email", "name" ], "seqNo": 15 } }

HLFPOC (Wed, 15 Jan 2020 05:47:44 GMT):
*Schema (Faber):* { "schema_json": { "ver": "1.0", "id": "YS3UkPm7LsVqNgLVUAELAs:2:id schema:75.40.73", "name": "id schema", "version": "75.40.73", "attrNames": [ "email", "name" ], "seqNo": 15 } }

HLFPOC (Wed, 15 Jan 2020 05:47:57 GMT):
Cred def (Faber) { "credential_definition": { "ver": "1.0", "id": "YS3UkPm7LsVqNgLVUAELAs:3:CL:15:default", "schemaId": "15", "type": "CL", "tag": "default", "value": { "primary": { "n": "88687800048966917948963356849072547058079375630746232778580943508185495241323688355849316870502793180219310638290313760215159384138419847059983621837615119645490263577447603919097195394722677098922731651103665783368520319183453062939231527128714033423357694424381334304958571565591347067042259760874000736171707716748079110359669274556278332145513034337202151578319365125379550886514748909816446073639143986930297572988849824522614556661348570332423037545691667762571398626753457500681929085852555642707838489976100885912464429101429333844498413938161313980499230241831957226571097105750399720110377279310388233512761", "s": "15434375148717823464871966217627064232690056087649957187239333388775058300630897160652022417962188759849283608473480442629099875951130544095248995346581885287833542143383393675151252071504497113089689110760675152695072307851941519449371411968542664291396457392056652913146304565172308787628089169403486318507806416351781519679937584984525382642996086551715639723673793491014042463992330601763507124697538951302355283064245749586280305045372031016620444256094101538736399316297803734341387036314427058714251306224263315041813479919217036032994753828184991216166372047361878121491397226819558808522205369209039526583314", "r": { "email": "69176357128140377154005070190900466057152740707707997623946442030395291158432204021784942498034261567411566268861179401505273534612193884734209261585397183794088322160795970717938074509875594396933304173153646018644111361110322397828751486880484723610295216336818537172803513735248978760223331014307372284426066978844494770061284170401368821006978924957724028961677612626716261375652886122616529701141438438075008936976884835849378930701704567144867786982001875998479209335882339601127429095397474885990390809231157844167841858068390032893905608669475849652630090684020945501908978384074215020949893060044723067029232", "master_secret": "20258116604434109699444050741916317110997832700871031076841825355978008204256953775597223567720987342243882206511826927165081793410795998511564959243706748229471551317235801797906366737411197125216531318383601609387129302839634775371781498935841659262099235346848273107160878739443887335303842062046109521653079884847424281933794213429372687380713360118145384024112186801644384150699939133731472189674558157322603044808107691592174160591142386794760644562155821024278017795450026396058231399240983139055924379403292870296919182618189606105809158929310672860678102090645090109762169942199120085011370989925927623379092", "name": "60668989189902141071729667801630753877150507189176792486785427853495701735102566858990861578601203269716516906311851075777916872838865528931091683287489973630944302223872948072164936637365623513761331297635212739511944395567844254679392992848098516875404506666822876970535724577987156522408541521461197769632885587689793907362011776823953607412890270392553459229306884203197316096931495023758873776238970281169935245506492569754709099901885064531139813831710311731777758900392680947722884871345045830285180866610422392506938464711069287594777882304239292518099790009549970793872625778212743362117118588522023219765197" }, "rctxt": "33112519800922279463739261373293574242513993517528230400861537327308733911588093820472363926341823360835865604086081414958382700278778989465343270262850366949871008910380814095845507346045284825393084458439918676956040222729222140544169201610274063665691509574404631302659635075560649247548548861881394369214953743669214208218712734516974312255969158910574960805678632288853266632295532559867358407768071690293325149229852836131342535194729559383991321232367726926381885972729422755273913550519986953549042002000142834776576673301287599948939058648449932267658810847403061182896283433556439704168722347687996851745532", "z": "41369344422689008613093145403905347944022462861050333852122416553250710414885078361231693931793667972330848889504417033068991970286179853069442845793824168276071567229588242673469257398337804091573842160217216603662126633401832996094956558739610406287278658707657448235561857004358122311992759623126080925754343457905312311535415337401811143856738373224528712781236678248403671373028471363717225348469011130321453783411290124660322561131306621819759341308601919050124964677163617966650856955739823469214801139467235349888995541679319250416120730001442011964879099438074914106772711980884169401914118400161332204846055" } } } }

HLFPOC (Wed, 15 Jan 2020 05:47:57 GMT):
*Cred def (Faber)* { "credential_definition": { "ver": "1.0", "id": "YS3UkPm7LsVqNgLVUAELAs:3:CL:15:default", "schemaId": "15", "type": "CL", "tag": "default", "value": { "primary": { "n": "88687800048966917948963356849072547058079375630746232778580943508185495241323688355849316870502793180219310638290313760215159384138419847059983621837615119645490263577447603919097195394722677098922731651103665783368520319183453062939231527128714033423357694424381334304958571565591347067042259760874000736171707716748079110359669274556278332145513034337202151578319365125379550886514748909816446073639143986930297572988849824522614556661348570332423037545691667762571398626753457500681929085852555642707838489976100885912464429101429333844498413938161313980499230241831957226571097105750399720110377279310388233512761", "s": "15434375148717823464871966217627064232690056087649957187239333388775058300630897160652022417962188759849283608473480442629099875951130544095248995346581885287833542143383393675151252071504497113089689110760675152695072307851941519449371411968542664291396457392056652913146304565172308787628089169403486318507806416351781519679937584984525382642996086551715639723673793491014042463992330601763507124697538951302355283064245749586280305045372031016620444256094101538736399316297803734341387036314427058714251306224263315041813479919217036032994753828184991216166372047361878121491397226819558808522205369209039526583314", "r": { "email": "69176357128140377154005070190900466057152740707707997623946442030395291158432204021784942498034261567411566268861179401505273534612193884734209261585397183794088322160795970717938074509875594396933304173153646018644111361110322397828751486880484723610295216336818537172803513735248978760223331014307372284426066978844494770061284170401368821006978924957724028961677612626716261375652886122616529701141438438075008936976884835849378930701704567144867786982001875998479209335882339601127429095397474885990390809231157844167841858068390032893905608669475849652630090684020945501908978384074215020949893060044723067029232", "master_secret": "20258116604434109699444050741916317110997832700871031076841825355978008204256953775597223567720987342243882206511826927165081793410795998511564959243706748229471551317235801797906366737411197125216531318383601609387129302839634775371781498935841659262099235346848273107160878739443887335303842062046109521653079884847424281933794213429372687380713360118145384024112186801644384150699939133731472189674558157322603044808107691592174160591142386794760644562155821024278017795450026396058231399240983139055924379403292870296919182618189606105809158929310672860678102090645090109762169942199120085011370989925927623379092", "name": "60668989189902141071729667801630753877150507189176792486785427853495701735102566858990861578601203269716516906311851075777916872838865528931091683287489973630944302223872948072164936637365623513761331297635212739511944395567844254679392992848098516875404506666822876970535724577987156522408541521461197769632885587689793907362011776823953607412890270392553459229306884203197316096931495023758873776238970281169935245506492569754709099901885064531139813831710311731777758900392680947722884871345045830285180866610422392506938464711069287594777882304239292518099790009549970793872625778212743362117118588522023219765197" }, "rctxt": "33112519800922279463739261373293574242513993517528230400861537327308733911588093820472363926341823360835865604086081414958382700278778989465343270262850366949871008910380814095845507346045284825393084458439918676956040222729222140544169201610274063665691509574404631302659635075560649247548548861881394369214953743669214208218712734516974312255969158910574960805678632288853266632295532559867358407768071690293325149229852836131342535194729559383991321232367726926381885972729422755273913550519986953549042002000142834776576673301287599948939058648449932267658810847403061182896283433556439704168722347687996851745532", "z": "41369344422689008613093145403905347944022462861050333852122416553250710414885078361231693931793667972330848889504417033068991970286179853069442845793824168276071567229588242673469257398337804091573842160217216603662126633401832996094956558739610406287278658707657448235561857004358122311992759623126080925754343457905312311535415337401811143856738373224528712781236678248403671373028471363717225348469011130321453783411290124660322561131306621819759341308601919050124964677163617966650856955739823469214801139467235349888995541679319250416120730001442011964879099438074914106772711980884169401914118400161332204846055" } } } }

HLFPOC (Wed, 15 Jan 2020 05:48:10 GMT):
Faber issued credentials to Alice: { "schema_version": "75.40.73", "cred_def_id": "YS3UkPm7LsVqNgLVUAELAs:3:CL:15:default", "schema_issuer_did": "YS3UkPm7LsVqNgLVUAELAs", "connection_id": "0443bd99-b89a-4691-8797-01481bc5970e", "comment": "ID credentials", "credential_proposal": { "@type": "did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/issue-credential/1.0/credential-preview", "attributes": [ { "name": "name", "value": "Alice Smith 2" }, { "name": "email", "value": "alice2@xyz.com" } ] }, "issuer_did": "YS3UkPm7LsVqNgLVUAELAs", "schema_name": "id schema", "schema_id": "YS3UkPm7LsVqNgLVUAELAs:2:id schema:75.40.73" }

HLFPOC (Wed, 15 Jan 2020 05:48:10 GMT):
*Faber issued credentials to Alice:* { "schema_version": "75.40.73", "cred_def_id": "YS3UkPm7LsVqNgLVUAELAs:3:CL:15:default", "schema_issuer_did": "YS3UkPm7LsVqNgLVUAELAs", "connection_id": "0443bd99-b89a-4691-8797-01481bc5970e", "comment": "ID credentials", "credential_proposal": { "@type": "did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/issue-credential/1.0/credential-preview", "attributes": [ { "name": "name", "value": "Alice Smith 2" }, { "name": "email", "value": "alice2@xyz.com" } ] }, "issuer_did": "YS3UkPm7LsVqNgLVUAELAs", "schema_name": "id schema", "schema_id": "YS3UkPm7LsVqNgLVUAELAs:2:id schema:75.40.73" }

HLFPOC (Wed, 15 Jan 2020 05:48:24 GMT):
Output on Alice's terminal (on controller) #15 After receiving credential offer, send credential request Alice | Credential: state = request_sent , credential_exchange_id = bba4329e-7f09-43f2-a0b4-65de3d318e0b Alice | Credential: state = credential_received , credential_exchange_id = bba4329e-7f09-43f2-a0b4-65de3d318e0b Alice | Credential: state = credential_acked , credential_exchange_id = bba4329e-7f09-43f2-a0b4-65de3d318e0b Alice | Stored credential {cred_id} in wallet #18.1 Stored credential 7a007d1f-7d9e-4430-b958-3d14e4ea6202 in wallet Credential details: { "referent": "7a007d1f-7d9e-4430-b958-3d14e4ea6202", "attrs": { "name": "Alice Smith 2", "email": "alice2@xyz.com" }, "schema_id": "YS3UkPm7LsVqNgLVUAELAs:2:id schema:75.40.73", "cred_def_id": "YS3UkPm7LsVqNgLVUAELAs:3:CL:15:default", "rev_reg_id": null, "cred_rev_id": null } Credential request metadata: { "master_secret_blinding_data": { "v_prime": "36488851823167018069386459439068036186120340603538597974922116344614792033939293930895544054611525517517620089410912338893720729301693110970129512366430954963543909073451046445768898018824759661117611216072832247259066517603991277380508602675159257416138910904960929822089402955020428530518399269969813489666842078979369427493005722737300117198230802435243966975323897605992410627414109071293893268415732956510854383423750998466218077801568015960703672284145168206648174740718308475579519050952155351075114617937196602924556899830753121023573653014790641577129105189571566123191374197118267618817782568008620992960174810656248988593572697039", "vr_prime": null }, "nonce": "291770281820374873155083", "master_secret_name": "aliceagent413647" } Alice | credential_id 7a007d1f-7d9e-4430-b958-3d14e4ea6202 Alice | credential_definition_id YS3UkPm7LsVqNgLVUAELAs:3:CL:15:default Alice | schema_id YS3UkPm7LsVqNgLVUAELAs:2:id schema:75.40.73

HLFPOC (Wed, 15 Jan 2020 05:48:24 GMT):
*Output on Alice's terminal (on controller)* #15 After receiving credential offer, send credential request Alice | Credential: state = request_sent , credential_exchange_id = bba4329e-7f09-43f2-a0b4-65de3d318e0b Alice | Credential: state = credential_received , credential_exchange_id = bba4329e-7f09-43f2-a0b4-65de3d318e0b Alice | Credential: state = credential_acked , credential_exchange_id = bba4329e-7f09-43f2-a0b4-65de3d318e0b Alice | Stored credential {cred_id} in wallet #18.1 Stored credential 7a007d1f-7d9e-4430-b958-3d14e4ea6202 in wallet Credential details: { "referent": "7a007d1f-7d9e-4430-b958-3d14e4ea6202", "attrs": { "name": "Alice Smith 2", "email": "alice2@xyz.com" }, "schema_id": "YS3UkPm7LsVqNgLVUAELAs:2:id schema:75.40.73", "cred_def_id": "YS3UkPm7LsVqNgLVUAELAs:3:CL:15:default", "rev_reg_id": null, "cred_rev_id": null } Credential request metadata: { "master_secret_blinding_data": { "v_prime": "36488851823167018069386459439068036186120340603538597974922116344614792033939293930895544054611525517517620089410912338893720729301693110970129512366430954963543909073451046445768898018824759661117611216072832247259066517603991277380508602675159257416138910904960929822089402955020428530518399269969813489666842078979369427493005722737300117198230802435243966975323897605992410627414109071293893268415732956510854383423750998466218077801568015960703672284145168206648174740718308475579519050952155351075114617937196602924556899830753121023573653014790641577129105189571566123191374197118267618817782568008620992960174810656248988593572697039", "vr_prime": null }, "nonce": "291770281820374873155083", "master_secret_name": "aliceagent413647" } Alice | credential_id 7a007d1f-7d9e-4430-b958-3d14e4ea6202 Alice | credential_definition_id YS3UkPm7LsVqNgLVUAELAs:3:CL:15:default Alice | schema_id YS3UkPm7LsVqNgLVUAELAs:2:id schema:75.40.73

HLFPOC (Wed, 15 Jan 2020 05:48:35 GMT):
Faber sent proof req to Alice: { "comment": "Send ID Proof", "proof_request": { "version": "1.1", "requested_attributes": { "0_name_uuid": { "restrictions": [ { "cred_def_id": "YS3UkPm7LsVqNgLVUAELAs:3:CL:15:default" } ], "name": "name" }, "0_email_uuid": { "restrictions": [ { "cred_def_id": "YS3UkPm7LsVqNgLVUAELAs:3:CL:15:default" } ], "name": "email" } }, "name": "ID Proof request 2" }, "connection_id": "0443bd99-b89a-4691-8797-01481bc5970e" }

HLFPOC (Wed, 15 Jan 2020 05:48:35 GMT):
*Faber sent proof req to Alice:* `{ "comment": "Send ID Proof", "proof_request": { "version": "1.1", "requested_attributes": { "0_name_uuid": { "restrictions": [ { "cred_def_id": "YS3UkPm7LsVqNgLVUAELAs:3:CL:15:default" } ], "name": "name" }, "0_email_uuid": { "restrictions": [ { "cred_def_id": "YS3UkPm7LsVqNgLVUAELAs:3:CL:15:default" } ], "name": "email" } }, "name": "ID Proof request 2" }, "connection_id": "0443bd99-b89a-4691-8797-01481bc5970e" }`

HLFPOC (Wed, 15 Jan 2020 05:48:43 GMT):
Output at Alice Controller: Presentation: state = request_received , presentation_exchange_id = 0d750b49-82cd-495f-91b8-2dd18dfded86 #24 Query for credentials in the wallet that satisfy the proof request Alice | Error during GET /present-proof/records/0d750b49-82cd-495f-91b8-2dd18dfded86/credentials: 500, message='Internal Server Error' Alice | 2020-01-15 05:39:25,474 aries_cloudagent.core.dispatcher ERROR Handler error: presentation_exchange_credentials_list Alice | Traceback (most recent call last): Alice | File "/home/indy/aries_cloudagent/protocols/present_proof/v1_0/routes.py", line 359, in presentation_exchange_credentials_list Alice | extra_query, Alice | File "/home/indy/aries_cloudagent/holder/indy.py", line 173, in get_credentials_for_presentation_request_by_referent Alice | json.dumps(extra_query), Alice | File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/indy/anoncreds.py", line 1325, in prover_search_credentials_for_proof_req Alice | prover_search_credentials_for_proof_req.cb) Alice | indy.error.CommonInvalidStructure Alice | 2020-01-15 05:39:25,475 aiohttp.server ERROR Error handling request Alice | Traceback (most recent call last): Alice | File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aiohttp/web_protocol.py", line 418, in start Alice | resp = await task Alice | File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aiohttp/web_app.py", line 458, in _handle Alice | resp = await handler(request) Alice | File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aiohttp/web_middlewares.py", line 119, in impl Alice | return await handler(request) Alice | File "/home/indy/aries_cloudagent/admin/server.py", line 187, in apply_limiter Alice | return await task Alice | File "/home/indy/aries_cloudagent/protocols/present_proof/v1_0/routes.py", line 359, in presentation_exchange_credentials_list Alice | extra_query, Alice | File "/home/indy/aries_cloudagent/holder/indy.py", line 173, in get_credentials_for_presentation_request_by_referent Alice | json.dumps(extra_query), Alice | File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/indy/anoncreds.py", line 1325, in prover_search_credentials_for_proof_req Alice | prover_search_credentials_for_proof_req.cb) Alice | indy.error.CommonInvalidStructure

HLFPOC (Wed, 15 Jan 2020 05:48:43 GMT):
*Output at Alice Controller:* Presentation: state = request_received , presentation_exchange_id = 0d750b49-82cd-495f-91b8-2dd18dfded86 #24 Query for credentials in the wallet that satisfy the proof request Alice | Error during GET /present-proof/records/0d750b49-82cd-495f-91b8-2dd18dfded86/credentials: 500, message='Internal Server Error' Alice | 2020-01-15 05:39:25,474 aries_cloudagent.core.dispatcher ERROR Handler error: presentation_exchange_credentials_list Alice | Traceback (most recent call last): Alice | File "/home/indy/aries_cloudagent/protocols/present_proof/v1_0/routes.py", line 359, in presentation_exchange_credentials_list Alice | extra_query, Alice | File "/home/indy/aries_cloudagent/holder/indy.py", line 173, in get_credentials_for_presentation_request_by_referent Alice | json.dumps(extra_query), Alice | File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/indy/anoncreds.py", line 1325, in prover_search_credentials_for_proof_req Alice | prover_search_credentials_for_proof_req.cb) Alice | indy.error.CommonInvalidStructure Alice | 2020-01-15 05:39:25,475 aiohttp.server ERROR Error handling request Alice | Traceback (most recent call last): Alice | File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aiohttp/web_protocol.py", line 418, in start Alice | resp = await task Alice | File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aiohttp/web_app.py", line 458, in _handle Alice | resp = await handler(request) Alice | File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aiohttp/web_middlewares.py", line 119, in impl Alice | return await handler(request) Alice | File "/home/indy/aries_cloudagent/admin/server.py", line 187, in apply_limiter Alice | return await task Alice | File "/home/indy/aries_cloudagent/protocols/present_proof/v1_0/routes.py", line 359, in presentation_exchange_credentials_list Alice | extra_query, Alice | File "/home/indy/aries_cloudagent/holder/indy.py", line 173, in get_credentials_for_presentation_request_by_referent Alice | json.dumps(extra_query), Alice | File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/indy/anoncreds.py", line 1325, in prover_search_credentials_for_proof_req Alice | prover_search_credentials_for_proof_req.cb) Alice | indy.error.CommonInvalidStructure

SigmaS 1 (Wed, 15 Jan 2020 07:53:40 GMT):
Has joined the channel.

swcurran (Wed, 15 Jan 2020 14:41:38 GMT):
@andrew.whitehead - can you please take a look at this?

dgunseli (Wed, 15 Jan 2020 14:42:19 GMT):
Has joined the channel.

andrew.whitehead (Wed, 15 Jan 2020 15:07:30 GMT):
@swcurran Might be related to dbluhm's PR?

swcurran (Wed, 15 Jan 2020 15:11:53 GMT):
That's what I'm wondering. We probably need to look at that ASAP. @HLFPOC the PRs are https://github.com/hyperledger/aries-cloudagent-python/pull/325 and https://github.com/hyperledger/aries-cloudagent-python/pull/326 in case you get to this before we get to it. We'll look at it this morning. @dgunseli

dbluhm (Wed, 15 Jan 2020 15:14:54 GMT):
Has joined the channel.

andrew.whitehead (Wed, 15 Jan 2020 15:18:00 GMT):
Seems like I can't update that branch to merge it, not sure why

dbluhm (Wed, 15 Jan 2020 15:20:24 GMT):
I pushed update so hopefully that will be mergable soon

dgunseli (Wed, 15 Jan 2020 15:20:54 GMT):
I've tried this fix with applying manually but It didn't solve my issue I guess it is not related with my proof presentation problem

dbluhm (Wed, 15 Jan 2020 15:21:29 GMT):
From a cursory glance through this last issue, though, I'm not certain it's the same issue. Mine had to do with the schema of requested predicates which @dgunseli does not appear to be using in his scenario

dgunseli (Wed, 15 Jan 2020 15:22:40 GMT):
In my scenario flow process till "indy_prover_create_proof" call and than I receive indy.error.CommonInvalidStructure error but it seems your problem occurs before this step @dbluhm

dgunseli (Wed, 15 Jan 2020 15:23:06 GMT):
sorry, I mean @HLFPOC

dbluhm (Wed, 15 Jan 2020 15:25:55 GMT):
You might try adding `--log-level debug` on ACA-Py for a little more detail on the error

dgunseli (Wed, 15 Jan 2020 15:26:50 GMT):
I've never used this option, I will try immediately

dgunseli (Wed, 15 Jan 2020 15:29:38 GMT):
{'backtrace': '', 'message': 'Error: Invalid structure\n Caused by: Invalid ProofRequest json has been passed\n Caused by: invalid type: string "18", expected i32\n'} Thanks @dbluhm

andrew.whitehead (Wed, 15 Jan 2020 15:29:39 GMT):
@dbluhm Your other PR could use an update as well :)

andrew.whitehead (Wed, 15 Jan 2020 15:29:39 GMT):
@dbluhm Your other PR could use an update as well :) I guess the checkbox to allow changes is off?

dgunseli (Wed, 15 Jan 2020 15:36:40 GMT):
Yes, solved the problem, The main problem was "version" field was missing, actually it seems like optional but doesn't working when not provided

swcurran (Wed, 15 Jan 2020 15:43:34 GMT):
Where did you get the info that it was optional? Can we clarify it somewhere?

HLFPOC (Wed, 15 Jan 2020 15:43:56 GMT):
I was able to resolve this issue after adding an empty object of `requested_predicates` in my proof request.

swcurran (Wed, 15 Jan 2020 15:44:19 GMT):
Ah...that's necessary.

swcurran (Wed, 15 Jan 2020 15:44:22 GMT):
Good stuff!

dgunseli (Wed, 15 Jan 2020 15:44:28 GMT):
https://github.com/hyperledger/indy-sdk/blob/5028ba1c2e1012d0d6900a02373900c1b27ac9fe/wrappers/python/indy/anoncreds.py#L1452

dgunseli (Wed, 15 Jan 2020 15:46:06 GMT):
But in comments in anoncreds.py (Line 1428) it is not said as optional, maybe I'm wrong

HLFPOC (Wed, 15 Jan 2020 16:02:19 GMT):
Can we use the same invitation object created by Agent multiple times ? For e.g. Faber created an invitation, Alice used the invitation object and got connected with Faber after calling receive invitation API. Can Bob also use the same invitation object and connect with Faber or Faber will need to create a separate invitation every time for accepting a new connection ?

dbluhm (Wed, 15 Jan 2020 16:05:54 GMT):
There is a "multi-use" invitation option that you can specify on invitation creation

dbluhm (Wed, 15 Jan 2020 16:06:22 GMT):
By default, the invitation is consumed when a connection is created

HLFPOC (Wed, 15 Jan 2020 16:16:29 GMT):
okay thanks, will check this option.

dbluhm (Wed, 15 Jan 2020 16:31:57 GMT):
I opened an issue posing a question around possibly generalizing the webhook mechanism and a little bit of detail on a use case this generalization would help. I'd love to hear others' input :slight_smile: https://github.com/hyperledger/aries-cloudagent-python/issues/327

amanji (Wed, 15 Jan 2020 17:20:58 GMT):
Is there a link to the WG meetings for this group?

amanji (Wed, 15 Jan 2020 17:22:07 GMT):
Oh I see it starts next week

swcurran (Wed, 15 Jan 2020 17:22:12 GMT):
Yes - User Group Page is here, and Meetings is a link on the page - https://wiki.hyperledger.org/pages/viewpage.action?pageId=24780322

amanji (Wed, 15 Jan 2020 17:22:26 GMT):
Thank you

dgunseli (Thu, 16 Jan 2020 07:48:31 GMT):
How we can join this group as a company

priyashankar (Thu, 16 Jan 2020 12:27:08 GMT):
Here's a link to a video demonstrating the ISSUER-HOLDER-VERIFIER Loop using the swagger interface when configuring aca-py agents. https://drive.google.com/file/d/1bNBMf_zUJFA7glO1pUwvdncXTZU6toMq/view?usp=sharing Let me know if I can help in any other way. Who do I talk to if I want to contribute?

priyashankar (Thu, 16 Jan 2020 12:28:36 GMT):
I shared a video demonstrating the ISSUER-HOLDER-VERIFIER Loop. Please have a look. https://drive.google.com/file/d/1bNBMf_zUJFA7glO1pUwvdncXTZU6toMq/view?usp=sharing

smohan (Thu, 16 Jan 2020 14:32:35 GMT):
Has joined the channel.

swcurran (Thu, 16 Jan 2020 16:55:35 GMT):
Cool - I'll check it out. Thanks! Contribution ideas welcome here, and we'll be having out first ACA-Pug meeting - user group - to discuss contributions people would like to see and contribute to.

TelegramSam (Thu, 16 Jan 2020 17:17:05 GMT):
Has joined the channel.

rileyphughes (Thu, 16 Jan 2020 22:22:22 GMT):
Has joined the channel.

AvikHazra-klizos (Fri, 17 Jan 2020 04:51:18 GMT):
Has joined the channel.

shenoy (Fri, 17 Jan 2020 05:37:48 GMT):
Has joined the channel.

dgunseli (Fri, 17 Jan 2020 06:09:39 GMT):
Is here anybody who is using mediator approach?

sheru (Mon, 20 Jan 2020 14:56:37 GMT):
Has joined the channel.

Dubh3124 (Mon, 20 Jan 2020 18:05:55 GMT):
Has joined the channel.

jljordan_bcgov (Mon, 20 Jan 2020 23:06:46 GMT):
Whomever from your company is welcome

kengeo (Tue, 21 Jan 2020 02:00:16 GMT):
Has joined the channel.

victor.martinez (Wed, 22 Jan 2020 09:54:33 GMT):
Is here anybody who is using mediator approach?

wip-abramson (Wed, 22 Jan 2020 10:46:37 GMT):
Has joined the channel.

mirgee (Thu, 23 Jan 2020 08:24:21 GMT):
Has joined the channel.

LokenathBhowmick (Thu, 23 Jan 2020 09:34:09 GMT):
Has joined the channel.

LokenathBhowmick (Thu, 23 Jan 2020 09:34:10 GMT):
Can anyone help me to solve these error? 1. cannot convert from 'AgentFramework.Core.Models.Records.ConnectionRecord' to 'string' Osma.Mobile.App C:\Users\Sourav\source\repos\osma\src\Osma.Mobile.App\ViewModels\Connections\AcceptInviteViewModel.cs 2. cannot convert from 'bool' to 'string[]' Osma.Mobile.App C:\Users\Sourav\source\repos\osma\src\Osma.Mobile.App\ViewModels\Connections\AcceptInviteViewModel.cs

LokenathBhowmick (Thu, 23 Jan 2020 09:34:10 GMT):
Can anyone help me to solve these error? 1. cannot convert from 'AgentFramework.Core.Models.Records.ConnectionRecord' to 'string' Osma.Mobile.App C:\Users\Lokenath\source\repos\osma\src\Osma.Mobile.App\ViewModels\Connections\AcceptInviteViewModel.cs 2. cannot convert from 'bool' to 'string[]' Osma.Mobile.App C:\Users\Lokenath\source\repos\osma\src\Osma.Mobile.App\ViewModels\Connections\AcceptInviteViewModel.cs

geonnave (Thu, 23 Jan 2020 22:58:23 GMT):
Has joined the channel.

swcurran (Fri, 24 Jan 2020 01:52:44 GMT):
Thanks to those that attended the ACA-Pug (ACA-Py User Group Meeting). The call recording is now available here: https://wiki.hyperledger.org/download/attachments/24780606/20200122-ACA-Pug_Meeting.mp4?version=1&modificationDate=1579830531606&api=v2

SuperSeiyan (Fri, 24 Jan 2020 05:30:16 GMT):
Has joined the channel.

amanji (Sat, 25 Jan 2020 22:09:00 GMT):
There seems to be an issue, running the ACA-py Faber demo using [Play With VON/Docker](https://github.com/hyperledger/aries-cloudagent-python/blob/master/demo/AriesOpenAPIDemo.md#running-in-a-browser) The Agent errors out when attempting to register a Credential Definition to the ledger. It appears that DID registration and Schema registration are successful because the result of those are output to the terminal. The issue does not surface when running the Agent with [Docker](https://github.com/hyperledger/aries-cloudagent-python/blob/master/demo/AriesOpenAPIDemo.md#running-in-docker) either using local VON network or any of the publicly available dev ledgers (ex LEDGER_URL=http://dev.greenlight.bcovrin.vonx.io)

amanji (Sat, 25 Jan 2020 22:09:00 GMT):
There seems to be an issue, running the ACA-py Faber demo using [Play With VON/Docker](https://github.com/hyperledger/aries-cloudagent-python/blob/master/demo/AriesOpenAPIDemo.md#running-in-a-browser) The Agent errors out when attempting to register a Credential Definition to the ledger. It appears that DID registration and Schema registration are successful because the result of those are output to the terminal. ~The issue does not surface when running the Agent with [Docker](https://github.com/hyperledger/aries-cloudagent-python/blob/master/demo/AriesOpenAPIDemo.md#running-in-docker) either using local VON network or any of the publicly available dev ledgers (ex LEDGER_URL=http://dev.greenlight.bcovrin.vonx.io)~ EDIT: I removed and rebuilt the demo images. It appears the problem exists when using a local VON Network as well, which suggests there is a general issue here that's not environment specific.

amanji (Sat, 25 Jan 2020 22:10:16 GMT):

amanji - Sat Jan 25 2020 14:09:46 GMT-0800 (PST).txt

amanji (Sat, 25 Jan 2020 22:12:18 GMT):
``` #1 Provision an agent and wallet, get back configuration details Faber | Registering Faber Agent with seed d_000000000000000000000000571985 Faber | Got DID: L5BebtFy22bpeA4cKPv68A ``` ``` #3/4 Create a new schema/cred def on the ledger Schema ID: L5BebtFy22bpeA4cKPv68A:2:degree schema:16.76.57 ```

sebastillar (Sun, 26 Jan 2020 19:27:28 GMT):
Has joined the channel.

sebastillar (Sun, 26 Jan 2020 19:27:28 GMT):
ec2

sebastillar (Sun, 26 Jan 2020 19:47:10 GMT):
Hello colleagues. I wonder if you know of any aca-py (and its corresponding controller) installation, configuration, deploy guide in an AWS EC2 environment to receive remote requests from edge agents.

sebastillar (Sun, 26 Jan 2020 19:47:10 GMT):
Hello colleagues. I wonder if you know of any aca-py (and its corresponding controller) configuration or deploy guide in an AWS EC2 environment to receive remote requests from edge agents.

sebastillar (Sun, 26 Jan 2020 19:54:11 GMT):
In particular I have doubts regarding the IP and ports that should be used

swcurran (Sun, 26 Jan 2020 21:57:13 GMT):
@andrew.whitehead @ianco - can either of you help with this? Thanks!

gazelle (Mon, 27 Jan 2020 12:00:02 GMT):
Has joined the channel.

dgunseli (Tue, 28 Jan 2020 12:20:15 GMT):
hello there, can we create a credential offer with another one's credential schema?

sklump (Tue, 28 Jan 2020 14:38:58 GMT):
Credential offers cite a credential definition (identifier) and provide proof of issuer public DID. An issuer can register a credential definition from any schema on the ledger.

swcurran (Tue, 28 Jan 2020 16:39:51 GMT):
The wording in the original questi

swcurran (Tue, 28 Jan 2020 16:41:12 GMT):
You can create a credential offer for a credential definition that you own/created that is pointing to a schema that you or someone else created. You cannot create a credential offer for a credential definition that someone else created.

andrew.whitehead (Tue, 28 Jan 2020 19:58:24 GMT):
I have a PR in to fix this issue now

swcurran (Tue, 28 Jan 2020 20:06:14 GMT):
We have not done this, but have deployed to Digital Ocean, so similar. Do you have specific questions? @andrew.whitehead @WadeBarnes We do lots of deployments to OpenShift as well - Red Hat's distribution of Kubernetes.

swcurran (Tue, 28 Jan 2020 20:06:43 GMT):
It's this PR: https://github.com/hyperledger/aries-cloudagent-python/pull/346

amanji (Tue, 28 Jan 2020 20:39:21 GMT):
You guys are awesome!

sebastillar (Tue, 28 Jan 2020 21:49:00 GMT):
Finally we managed to perform the deployment correctly. Thank you very much as always!

ankita.p (Wed, 29 Jan 2020 07:59:51 GMT):
Hello everyone! Is there any way given in aca-py where I can get list of credentials(credential definitions) offered by a Issuer?

sheru (Wed, 29 Jan 2020 08:13:03 GMT):
Hey @dgunseli Yes we can, but before that you have to create your own credential-definition from the schema created by others. Once you created your own credential definition you can issue credential from your credential-definition. Note: schema can be used by anyone but credential definition can't be used by anyone except the owner. Feel free to PM if you have any doubts.

sheru (Wed, 29 Jan 2020 08:20:50 GMT):
Hey @ankita.p if you used swagger API then you will get the details from the API call like below curl -X GET "http://127.0.0.1:8021/credentials" -H "accept: application/json Here you just need to modify the IP address and port number as in your setup.

ankita.p (Wed, 29 Jan 2020 08:50:18 GMT):
This provides the credentials stored in user's wallet

ankita.p (Wed, 29 Jan 2020 08:52:02 GMT):
I am looking for the all the credential definitions created by user

priyashankar (Wed, 29 Jan 2020 13:20:48 GMT):
I think you are looking for /credential-definitions/created

priyashankar (Wed, 29 Jan 2020 13:20:48 GMT):
I think you are looking for /credential-definitions/created.

Dainius 2 (Wed, 29 Jan 2020 14:06:00 GMT):
Has joined the channel.

Dainius 2 (Wed, 29 Jan 2020 14:13:15 GMT):
Hello, I have a pretty dumb question. I have created an agent using the aca-py library not by using the demo agents and everything works just fine but my question is after the credential is generated and stored inside a holders wallet, what ID`s or data do I need to store inside my webapp so each user could use the credentials later on for verification.

sebastillar (Wed, 29 Jan 2020 14:21:26 GMT):
@swcurran Hi Stephen, we have an aca-py running on aws but now the problem we face is that, when we close ssh session, the agent stops working. Can you think of what could cause such a composition?

sebastillar (Wed, 29 Jan 2020 14:21:26 GMT):
@swcurran Hi Stephen, we have an aca-py running on aws but now the problem we face is that, when we close ssh session, the agent stops working. Have you any idea about the cause of that behavior?

swcurran (Wed, 29 Jan 2020 14:41:24 GMT):
@ankita.p - for that we need a new protocol/message to be defined in Aries. We've done a single-use version of that for a specific problem, but have not done a general purpose solution.

swcurran (Wed, 29 Jan 2020 14:41:57 GMT):
It's going to be necessary, but that has not come up in the use cases people are working on yet.

swcurran (Wed, 29 Jan 2020 14:42:05 GMT):
How would you like to see it work?

swcurran (Wed, 29 Jan 2020 16:54:27 GMT):
Using a credential is done when a verifier requests a presentation (aka proof) from the holder. Part of the processing the request involves passing in the request to the storage to find all of the credentials that the holder has which can satisfy the request. If just one, that's easy, if more than one, the controller has to do something to figure out which credential to use in responding to the request.

lauravuo (Wed, 29 Jan 2020 17:35:34 GMT):
Has joined the channel.

sklump (Wed, 29 Jan 2020 18:38:33 GMT):
Note that as a side-effect of the PR#330 merge, the `--auto-respond-presentation-request` option for proof-requests picks out wallet credentials to match a proof request if any fit the bill.

sklump (Wed, 29 Jan 2020 19:09:21 GMT):
_although I notice I have to touch up the help accordingly._

sebastillar (Wed, 29 Jan 2020 23:00:09 GMT):
Same issue in Digital Ocean. After: agent die after log out ssh session

andrew.whitehead (Wed, 29 Jan 2020 23:02:32 GMT):
It would need to be run as a daemon with something like supervisord, or at least backgrounded and detached from the shell

swcurran (Wed, 29 Jan 2020 23:06:55 GMT):
Yes, starting it in the background and detached from the terminal would work easily (e.g. https://www.tecmint.com/run-linux-command-process-in-background-detach-process/) but you really need to have something that will keep it running -- e.g. restarts when it stops, etc.

sebastillar (Wed, 29 Jan 2020 23:08:38 GMT):
Thanks guys!

acaldas18 (Wed, 29 Jan 2020 23:15:28 GMT):
Has joined the channel.

acaldas18 (Wed, 29 Jan 2020 23:29:50 GMT):
Hi!,I have some questions about the cloud agent, I am starting two cloud agents on an aws server in different ports and I want to establish a connection. But when I create the connection, the answer is a json who doesn't have the serverendpoint, just like the demo does. I give you two examples: This is the response: {"@type": "did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/connections/1.0/invitation", "@id": "bad61f4b-029c-4aa7-bd9c-d686b0d8a2d3", "recipientKeys":[ "6DV3LQG24K5UbwtpmndU3xYkpJ3uHQWzFowgL2HGC6Gk"]} And this is the demo response: {"@type": "did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/connections/1.0/invitation", "@id": "07b9d78e-a869-4c89-87f7-d3e185de6d34", "recipientKeys": [ "9KjZZyGGyJN6EBRbSETYopEpW3LPJqhDrBs2XLBaqQkv"], "label": "Faber Agent", "serviceEndpoint": "http://192.168.65.3:8020"} This is the comand i run to start the agent: aca-py start --inbound-transport http ip 8000 --inbound-transport ws ip 8001 --outbound-transport ws --outbound-transport http --admin ip 5000 --admin-insecure-mode 1)Do you know why the answer is that? Could it be that I have something wrong configured? 2) How do I pair a local to a cloud agent? 3)What is the relationship between the provisioning wallet and the cloud agent after running start?

acaldas18 (Wed, 29 Jan 2020 23:29:56 GMT):
Thanks!!

andrew.whitehead (Thu, 30 Jan 2020 04:10:29 GMT):
To add the endpoint, I think you just need to pass the `-e` (`--endpoint`) argument

lauravuo-techlab (Thu, 30 Jan 2020 06:41:55 GMT):
Has joined the channel.

lauravuo (Thu, 30 Jan 2020 06:49:26 GMT):
Has left the channel.

PaulA (Thu, 30 Jan 2020 09:53:45 GMT):
Has joined the channel.

HLFPOC (Thu, 30 Jan 2020 10:04:15 GMT):
Hi Team, Is there any recommended way to start the agent in background? I am currently using `run_docker start` command along with necessary flags to bring up the agents but they get closed once terminal is closed. What should be the ideal approach for starting the agents ?

priyashankar (Thu, 30 Jan 2020 10:46:51 GMT):
Suppose agents 'A' & 'B' are running at localhost:4000 & localhost:5000 accordingly. 'A' sends a POST request at /connections/create-invitation. Don't copy the entire JSON response. Just copy whatever's under the "invitation" key in the response BODY. Using the copied value as BODY, 'B' sends a POST request at /connections/receive-invitation. This creates a connection between 'A' & 'B'.

priyashankar (Thu, 30 Jan 2020 11:07:48 GMT):
Well, the agents have been constructed with the assumption that they stay available all the time. If you wish to run the agent containers in background, then edit the last line in the run_docker script and pass the -itd mode. $DOCKER run --rm -itd --name "aries-cloudagent-runner_${RAND_NAME}" $ARGS aries-cloudagent-run "$@"

acaldas18 (Thu, 30 Jan 2020 17:03:40 GMT):
Thanks

swcurran (Thu, 30 Jan 2020 18:50:14 GMT):
In Linux-based systems you can run the task with "nohup" and in the background. Those are not children of the terminal session shell and continue on after.

swcurran (Thu, 30 Jan 2020 18:51:47 GMT):
I'm going to be posting an issue to request for guidance/documentation for running ACA-Py in an AWS-type environment - particularly for production type processing (restart if instance goes away, auto-scaling, etc.). Great if you could add notes you find to the issue or using a PR to add a document to the repo.

sebastillar (Thu, 30 Jan 2020 22:09:40 GMT):
In our case we are working on Ubuntu 16.04. To initialize the agents we use crontab and @reboot rules. When the host computer reboot, crontab executes the rules (run scripts or commands).

swcurran (Thu, 30 Jan 2020 22:18:16 GMT):
Issue posted - https://github.com/hyperledger/aries-cloudagent-python/issues/351 We've had someone grab the issue and are working on it. w00t!

sebastillar (Thu, 30 Jan 2020 23:27:45 GMT):
Hi team! On send-ping POST request, api response with a 405: Method Not Allowed

sebastillar (Thu, 30 Jan 2020 23:31:24 GMT):
on the other hand, we are trying to send an accept flow. After acept invitation, if I get /connections => the response is { "results": [ { "connection_id": "42181961-4074-4326-a52f-0cc72bdbc6a4", "invitation_key": "7GA2Dm5eKSVXsqXnPND7RhLT7ZV964DXegP1Vkpfe1bz", "my_did": "JgHx3T7WHhRsHkeZnEuVvf", "updated_at": "2020-01-30 22:41:48.736956Z", "state": "request", "request_id": "3fea1770-53fc-4093-9a4c-7c7fdc93dc01", "routing_state": "none", "invitation_mode": "once", "alias": "5000a5001", "accept": "manual", "initiator": "self", "created_at": "2020-01-30 22:01:05.521790Z" } ] }

sebastillar (Thu, 30 Jan 2020 23:32:38 GMT):
so, why state is equal to request? and/or how can I set state key equal to "active"?

andrew.whitehead (Fri, 31 Jan 2020 01:11:58 GMT):
That means it has sent a connection request but not received a connection response

acaldas18 (Fri, 31 Jan 2020 13:58:17 GMT):
hi! How can i change the status of the connection to active? I follow this stepts: A->Create Invitation B->Receive and accept Conexion

dbluhm (Fri, 31 Jan 2020 18:24:29 GMT):
Currently, ACA-Py considers a a connection that has sent a message (often a trust ping) to be active

dbluhm (Fri, 31 Jan 2020 18:25:46 GMT):
The `auto-ping-connection` CLI argument will trigger trust-pings automatically being sent to new connections and will therefore cause all working connections to move to "Active" state automatically

swcurran (Fri, 31 Jan 2020 18:31:01 GMT):
We really need to fix the connections protocol to include an explicit ACK. Likewise DID-Exchange.

andrew.whitehead (Fri, 31 Jan 2020 18:31:30 GMT):
Maybe just DID-exchange :)

sebastillar (Fri, 31 Jan 2020 18:56:30 GMT):
I am working on the same project with @ acaldas18 In particular, we are passing --auto-ping-connection --auto-reply-messages in the agents start command, but it seems that it does not work because we do not get any connection to take status active.

swcurran (Fri, 31 Jan 2020 18:58:15 GMT):
Hmmm...we've definitely had this working a lot, so something is odd. This is a very basic operation.

swcurran (Fri, 31 Jan 2020 18:58:50 GMT):
I'll leave it to the devs ( @ianco , @esune ) to weigh in on this.

sebastillar (Fri, 31 Jan 2020 18:58:55 GMT):
we try create-invitation, receive-invitation, accept invitation and accept request but was not possible to set active connection

ianco (Fri, 31 Jan 2020 19:00:49 GMT):
This is working in all of our deployments (aca-py to aca-py connections)

ianco (Fri, 31 Jan 2020 19:01:10 GMT):
Have you tried running the Alice/Faber demo in the aca-py repository?

sebastillar (Fri, 31 Jan 2020 19:04:05 GMT):
I think it is possible that we are omitting some aspect of configuration. This is our start script => aca-py start --label $ 5 --auto-ping-connection --auto-reply-messages --inbound-transport http $ 1 $ 2 --inbound-transport ws $ 1 $ 3 --outbound-transport http --admin $1 $4 --admin-insecure-mode --endpoint 167.172.222.161:8005 --auto-accept-invites --auto-accept-requests --wallet-type $6 --wallet-name $7 --wallet-key $8

sebastillar (Fri, 31 Jan 2020 19:05:36 GMT):
Yes, we've tried

ianco (Fri, 31 Jan 2020 19:05:50 GMT):
It looks like it should work, I suggest to compare against the config used by the Alice/Faber demo, and also try running that demo to verify it works on your local

ianco (Fri, 31 Jan 2020 19:06:07 GMT):
... then compare what the demo si doing vs what your code is doing to see if there are any differences

esune (Fri, 31 Jan 2020 19:08:28 GMT):
We are also using `--auto-respond-messages`, however I am not sure this makes a big difference. I have also noticed that sometimes tehr is a bit of delay between the conneciton being accepted on one end and it being set as `active` on the other end even with auto-ping enabled: sending an additional message seems to force it to active quicker, but it should not be necessary.

swcurran (Fri, 31 Jan 2020 19:10:56 GMT):
If that is the case, we need to look at that in ACA-Py.

sebastillar (Fri, 31 Jan 2020 19:14:09 GMT):
We are already using the demo code as a reference. We will try with @esune suggestion. Thanks!

esune (Fri, 31 Jan 2020 19:15:20 GMT):
Please let us know if that makes any difference, it may very well be a red herring (it could be a network delay on my end and me being impatient by sending the message doesn't really make a difference, it just makes me think I am doing something).

esune (Fri, 31 Jan 2020 19:15:54 GMT):
My testing scenario is limited to a single use0case so far so it would be good to understand wether it has to do with my setup or not

esune (Fri, 31 Jan 2020 19:15:54 GMT):
My testing scenario is limited to a single use case so far so it would be good to understand wether it has to do with my setup or not

swcurran (Fri, 31 Jan 2020 19:17:33 GMT):
If everyone supported ~please_ack all would be good...

ianco (Fri, 31 Jan 2020 19:20:18 GMT):
The standard configs we use for our deployed agents are here: https://github.com/bcgov/indy-catalyst/blob/master/docker/docker-compose.yml#L176 and here: https://github.com/bcgov/indy-catalyst-issuer-controller/blob/master/docker/docker-compose.yml#L99

andrew.whitehead (Fri, 31 Jan 2020 19:21:02 GMT):
My guess would be there's an issue routing the connection response due to the endpoint given

andrew.whitehead (Fri, 31 Jan 2020 19:21:18 GMT):
Although it should log a warning eventually

dbluhm (Fri, 31 Jan 2020 20:24:04 GMT):
Submitted a PR that activates and adds more info to the result of `connections/create-static`: https://github.com/hyperledger/aries-cloudagent-python/pull/354

swcurran (Fri, 31 Jan 2020 22:16:09 GMT):
FYI: Aries Cloud Agent - Python Release 0.4.1 has been tagged and posted to PyPi. Release notes can be found here - https://github.com/hyperledger/aries-cloudagent-python/releases/tag/0.4.1. This release has a change that impacts interoperability with other agents in the handling of forward messages (RFC 0094). We'll upgrade our deployed instances of ACA-Py immediately after the public availability of the Streetcred mobile agents in the app stores to retain interoperability. Others should do the same. A list of other changes in the release are in the release notes. We're particularly pleased that the code base now has just a shade under 90% code coverage in unit tests. w00t! Code reference documentation has been generated to ReadTheDocs - https://aries-cloud-agent-python.readthedocs.io/en/latest/

DibbsZA (Sat, 01 Feb 2020 05:39:30 GMT):
Has joined the channel.

sebastillar (Sat, 01 Feb 2020 17:10:32 GMT):
Hi team! We are facing the same connection issue reported yesterday

sebastillar (Sat, 01 Feb 2020 17:12:32 GMT):
We just created an invitation and the answer is as follows: { "connection_id": "e8a3c381-07de-49a6-8462-98ed39f6f488", "invitation": { "@type": "did: sov: BzCbsNYhMrjHiqZDTUASHg; spec / connections / 1.0 / invitation", "@id": "7a5d389e-0902-4b12-a1f1-15e6128db36a", "serviceEndpoint": "http://my-domain:8001", "label": "BobORT", "recipient Keys": [ "AHwsNrU19eoXSdgPL4EhSGas8UdLMFaSj6b8WmLQyUEZ" ] }, "INVITATION_URL": "http://my-domain:8001?c_i=eyJAdHlwZSI6ICJkaWQ6c292OkJ6Q2JzTlloTXJqSGlxWkRUVUFTSGc7c3BlYy9jb25uZWN0aW9ucy8xLjAvaW52aXRhdGlvbiIsICJAaWQiOiAiN2E1ZDM4OWUtMDkwMi00YjEyLWExZjEtMTVlNjEyOGRiMzZhIiwgInNlcnZpY2VFbmRwb2ludCI6ICJodHRwOi8vZWMyLTE4LTIzMC0yNS04OS5zYS1lYXN0LTEuY29tcHV0ZS5hbWF6b25hd3MuY29tOjgwMDEiLCAibGFiZWwiOiAiQm9iT1JUIiwgInJlY2lwaWVudEtleXMiOiBbIkFId3NOclUxOWVvWFNkZ1BMNEVoU0dhczhVZExNRmFTajZiOFdtTFF5VUVaIl19" "alias": "5000a5001" }

sebastillar (Sat, 01 Feb 2020 17:13:52 GMT):
Could someone indicate that it could be the next step for the other agent to accept the invitation?

ianco (Sat, 01 Feb 2020 17:14:32 GMT):
Copy this content into the "accept invitation" service: ``` { "connection_id": "e8a3c381-07de-49a6-8462-98ed39f6f488", "invitation": { "@type": "did: sov: BzCbsNYhMrjHiqZDTUASHg; spec / connections / 1.0 / invitation", "@id": "7a5d389e-0902-4b12-a1f1-15e6128db36a", "serviceEndpoint": "http://my-domain:8001", "label": "BobORT", "recipient Keys": [ "AHwsNrU19eoXSdgPL4EhSGas8UdLMFaSj6b8WmLQyUEZ" ] } ```

ianco (Sat, 01 Feb 2020 17:14:53 GMT):
Also verify that the `my-domain:8001` is the correct host name and port

sebastillar (Sat, 01 Feb 2020 17:18:02 GMT):

Clipboard - February 1, 2020 2:17 PM

sebastillar (Sat, 01 Feb 2020 17:19:15 GMT):
(I appreciate your apology if my question is very silly)

ianco (Sat, 01 Feb 2020 17:19:22 GMT):
Hmmm maybe `receive-invitation`? I don't have the agent running now so I don't recall specifically

ianco (Sat, 01 Feb 2020 17:19:22 GMT):
Hmmm maybe try the `receive-invitation` service? I don't have the agent running now so I don't recall specifically

sebastillar (Sat, 01 Feb 2020 17:20:53 GMT):
in 'receive-invitation' service returns a 500 error

sebastillar (Sat, 01 Feb 2020 17:23:27 GMT):
we are working with 0.4.1 version

ianco (Sat, 01 Feb 2020 17:24:17 GMT):
You should see a stack trace in teh agent's logs then

ianco (Sat, 01 Feb 2020 17:24:27 GMT):
Also verify that you are using the correct domain/port

sebastillar (Sat, 01 Feb 2020 17:31:17 GMT):
ok, now receive-invitation response is:

sebastillar (Sat, 01 Feb 2020 17:31:19 GMT):
{ "initiator": "external", "created_at": "2020-02-01 17:30:34.143493Z", "invitation_mode": "once", "connection_id": "0f36ba33-af98-4b7f-9be2-7f6bb9de881c", "invitation_key": "9zWwSNNsTWn8XzvgWr3GZdPDhujsdWdHzMRq6xVNkgA8", "accept": "auto", "request_id": "598b7983-54f9-4aec-add7-264865e73ab2", "routing_state": "none", "updated_at": "2020-02-01 17:30:34.156011Z", "state": "request", "their_label": "BobORT", "my_did": "YMZCRZ31hcLbwNnEa3ExQ5" }

ianco (Sat, 01 Feb 2020 17:35:30 GMT):
Try fetching all connections now and see what their status is

sebastillar (Sat, 01 Feb 2020 17:36:39 GMT):
on agent port 5001: { "results": [ { "initiator": "external", "created_at": "2020-02-01 17:30:34.143493Z", "invitation_mode": "once", "connection_id": "0f36ba33-af98-4b7f-9be2-7f6bb9de881c", "invitation_key": "9zWwSNNsTWn8XzvgWr3GZdPDhujsdWdHzMRq6xVNkgA8", "accept": "auto", "request_id": "598b7983-54f9-4aec-add7-264865e73ab2", "routing_state": "none", "updated_at": "2020-02-01 17:30:34.156011Z", "state": "request", "their_label": "BobORT", "my_did": "YMZCRZ31hcLbwNnEa3ExQ5" } ] }

sebastillar (Sat, 01 Feb 2020 17:38:45 GMT):
agent port 5000: "results": [ { "my_did": "8FAPH1G6MKGyDPHeHV4o4C", "their_label": "AliceORT", "state": "response", "connection_id": "6dd262f2-a89c-4479-91d5-fe65358c6525", "accept": "auto", "invitation_key": "9zWwSNNsTWn8XzvgWr3GZdPDhujsdWdHzMRq6xVNkgA8", "invitation_mode": "once", "initiator": "self", "their_did": "YMZCRZ31hcLbwNnEa3ExQ5", "updated_at": "2020-02-01 17:30:34.214347Z", "routing_state": "none", "created_at": "2020-02-01 17:29:55.580132Z" }, { "state": "invitation", "connection_id": "fba7438d-8c3d-4699-bd8b-3eb27d599684", "accept": "auto", "invitation_key": "Ens697nmRKz7jesCoF1Yq4v177CETLnjgadL2w8MhNNr", "invitation_mode": "once", "initiator": "self", "updated_at": "2020-02-01 16:38:11.803729Z", "routing_state": "none", "created_at": "2020-02-01 16:38:11.803729Z" }, { "alias": "5000a5001", "state": "invitation", "connection_id": "e8a3c381-07de-49a6-8462-98ed39f6f488", "accept": "auto", "invitation_key": "AHwsNrU19eoXSdgPL4EhSGas8UdLMFaSj6b8WmLQyUEZ", "invitation_mode": "once", "initiator": "self", "updated_at": "2020-02-01 17:08:31.631426Z", "routing_state": "none", "created_at": "2020-02-01 17:08:31.631426Z" } ] }

ianco (Sat, 01 Feb 2020 17:39:53 GMT):
Not sure, maybe @swcurran or @andrew.whitehead can help

sebastillar (Sat, 01 Feb 2020 18:14:21 GMT):
Although the receive-invitation response is 200, the following traceback returns in the inviter console: 2020-02-01 18: 11: 57,014 aries_cloudagent.core.dispatcher ERROR Handler error: PackWireFormat.unpack Traceback (most recent call last): File "/usr/local/lib/python3.6/dist-packages/aries_cloudagent/wallet/indy.py", line 571, in unpack_message unpacked_json = await indy.crypto.unpack_message (self.handle, enc_message) File "/home/sebastillar/.local/lib/python3.6/site-packages/indy/crypto.py", line 498, in unpack_message unpack_message.cb) indy.error.WalletItemNotFound During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/usr/local/lib/python3.6/dist-packages/aries_cloudagent/transport/pack_format.py", line 113, in unpack unpacked = await wallet.unpack_message (message_body) File "/usr/local/lib/python3.6/dist-packages/aries_cloudagent/wallet/indy.py", line 573, in unpack_message raise WalletError ("Exception when unpacking message") aries_cloudagent.wallet.error.WalletError: Exception when unpacking message The above exception was the direct cause of the following exception: Traceback (most recent call last): File "/usr/local/lib/python3.6/dist-packages/aries_cloudagent/transport/pack_format.py", line 117, in unpack raise MessageParseError ("Message unpack failed") from e aries_cloudagent.transport.error.MessageParseError: Message unpack failed 2020-02-01 18: 11: 57,015 aries_cloudagent.core.dispatcher ERROR Message parsing failed: Message does not contain '@type' parameter, sending problem report

sebastillar (Sat, 01 Feb 2020 18:16:39 GMT):
Body parameter in receive-invitation service was: { "@type": "did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/connections/1.0/invitation", "@id": "ff67d7df-9f85-4e85-b152-627e85cab7dc", "recipientKeys": [ "9e28fxQfexoCuDkeNQefYAmbfxbhNX6DHyUy1FyProFu" ], "serviceEndpoint": "http://my-ip:8001", "label": "BobORT" }

ianco (Sat, 01 Feb 2020 18:29:25 GMT):
WalletItemNotFound usually means your wallet is out of sync with the ledger

ianco (Sat, 01 Feb 2020 18:29:39 GMT):
Try resetting your whole environment (von-network and agents) and start over

sebastillar (Sat, 01 Feb 2020 19:47:19 GMT):
Thanks for your help

sebastillar (Sat, 01 Feb 2020 19:47:41 GMT):
I'm Running the Network on a VPS from here: https://github.com/bcgov/von-network

sebastillar (Sat, 01 Feb 2020 19:47:59 GMT):
but I'm getting Pool "sandbox" has not been connected.

sebastillar (Sat, 01 Feb 2020 20:36:36 GMT):
It's working now!

sebastillar (Sat, 01 Feb 2020 20:36:49 GMT):
{ "results": [ { "state": "active", "invitation_key": "ETt2N5N4zFb4ipfE3M9xp9G7f8NZBitzfLBtPL3dqPHm", "their_did": "LKFY9gAAevKmcRRf672Ry1", "created_at": "2020-02-01 20:35:21.598284Z", "routing_state": "none", "invitation_mode": "once", "request_id": "e80c53a0-7891-4321-9cfb-32176d68d49f", "connection_id": "a8f28cae-05f1-4555-9068-8482dda88126", "accept": "auto", "their_label": "BobORT", "updated_at": "2020-02-01 20:35:22.568727Z", "my_did": "DRo4Jcveq8noEjuh9shhpB", "initiator": "external" } ] }

sebastillar (Sat, 01 Feb 2020 20:37:13 GMT):
thanksssss

ianco (Sat, 01 Feb 2020 21:34:03 GMT):
:+1:

sebastillar (Mon, 03 Feb 2020 00:50:27 GMT):
Good evening team. Could someone guide me on how I could perform the pairing of the edge agent (controlled by the client application) and the cloud agent?

swcurran (Mon, 03 Feb 2020 02:19:15 GMT):
I'm not a lot of help here. Are you talking about an edge agent connecting to a mediator agent? If so, the only sample code I know of that does is this is in the /demo folder. The "performance" demo has an option (--routing) that results in a mediator agent being started on one side of the demo, and all messages going through the routing agent.

victor.martinez (Mon, 03 Feb 2020 17:09:24 GMT):
HI all, I was wondering if you think support for credential revocation and recovation registry handle will be included in the next aca-py release ? I've noticed there is a pull request but still work in progress

victor.martinez (Mon, 03 Feb 2020 17:09:34 GMT):
https://github.com/hyperledger/aries-cloudagent-python/pull/306

sheldon.regular (Mon, 03 Feb 2020 18:01:49 GMT):
Has joined the channel.

swcurran (Mon, 03 Feb 2020 18:13:39 GMT):
It's a work in progress. We're not sure when it will be completed. Some folks at Medici Ventures are working on that.

ankita.p (Tue, 04 Feb 2020 06:30:35 GMT):
Thanks @swcurran for you response. I am looking for developing credential issuance flow in the way were holder will initiate the issuance flow and sending a proposal. For this holder must have list of credentials provided by the Issuer.

ankita.p (Tue, 04 Feb 2020 06:30:35 GMT):
Thanks @swcurran for you response. I am looking for developing credential issuance flow in the way were holder will initiate the issuance flow by sending a proposal. For this holder must have list of credentials provided by the Issuer.

ankita.p (Tue, 04 Feb 2020 06:31:23 GMT):
will look forward for updates on this protocol. Thanks!

sukalpomitra (Tue, 04 Feb 2020 06:43:17 GMT):
can someone approve sukalpomitra@gmail.com in iiwbook backend

dgunseli (Tue, 04 Feb 2020 07:03:52 GMT):
Hello all, I have a question and it might be a dumb question but, let's consider this: My clients can create proofs without any DID information (and also target DID), so generated proof doesn't contain any identifier about the holder as I saw. How can be any third party can be sure about ownership of the proof?

dgunseli (Tue, 04 Feb 2020 12:18:49 GMT):
As I explored more, while issuer issue the credential, prover creates credential request with a master secret. Than a proof about this credential can be created with only this master secret. Otherwise proof can not be verified by any other third parties. It guarantees this proof created by the credential holder. But there is no link between the proof and the individual that present this proof. Any other third party who already has this proof can present this proof like owner of this proof. What am I missing about this flow?

dgunseli (Tue, 04 Feb 2020 12:18:49 GMT):
As I explored more, while issuer issues the credential, prover creates a credential request with a master secret. Than a proof about this credential can be created with only this master secret. Otherwise proof can not be verified by any other third parties. It guarantees this proof created by the credential holder. But there is no link between the proof and the individual that present this proof. Any other third party who already has this proof can present this proof like owner of this proof. What am I missing about this flow?

ankita.p (Tue, 04 Feb 2020 12:20:50 GMT):
postgres

ankita.p (Tue, 04 Feb 2020 12:30:25 GMT):
Hi All, I am not able to configure postgres in aca-py. Getting error : `Initializing postgres wallet Traceback (most recent call last): File "./aca-py", line 32, in run_command(command, args) File "/home/ayanworks/anaconda3/lib/python3.7/site-packages/aries_cloudagent/commands/__init__.py", line 35, in run_command module.execute(argv) File "/home/ayanworks/anaconda3/lib/python3.7/site-packages/aries_cloudagent/commands/provision.py", line 49, in execute common_config(settings) File "/home/ayanworks/anaconda3/lib/python3.7/site-packages/aries_cloudagent/config/util.py", line 23, in common_config load_postgres_plugin() File "/home/ayanworks/anaconda3/lib/python3.7/site-packages/aries_cloudagent/postgres.py", line 20, in load_postgres_plugin stg_lib = cdll.LoadLibrary("libindystrgpostgres" + file_ext()) File "/home/ayanworks/anaconda3/lib/python3.7/ctypes/__init__.py", line 434, in LoadLibrary return self._dlltype(name) File "/home/ayanworks/anaconda3/lib/python3.7/ctypes/__init__.py", line 356, in __init__ self._handle = _dlopen(self._name, mode) OSError: libindystrgpostgres.so: cannot open shared object file: No such file or directory `

domwoe (Tue, 04 Feb 2020 12:30:36 GMT):
I'm not sure if I understand your question properly, but proof presentation like credential issuance is an interactive protocol. A verifier should only accept a proof based on a nonce it provider to the prover. Therefore a proof can't be used twice/replayed

sklump (Tue, 04 Feb 2020 12:33:39 GMT):
Au contraire, for some cred defs, one would expect the same proof request often, and a honey pot could accumulate stored proofs to respond. The nonce is more of a placeholder at this point for future robust checks: the indy-sdk throws it away.

dgunseli (Tue, 04 Feb 2020 12:34:57 GMT):
Yes, @domwoe you are right but let's consider this scenario: 1) Person A has connection with a car rental agency who has not driving licence 2) Car rental agency requests a proof for Person A's driving licence from Person A with a nonce X 3) Person A routes this nonce to the Person B who has driving licence credential 4) Person B creates a proof for his own driving licence with nonce X and transfer to the Person A 5) Person A present this proof to car rental agency 6) Car rental agency verify this proof

dgunseli (Tue, 04 Feb 2020 12:34:57 GMT):
Yes, @domwoe you are right but let's consider this scenario: 1) Person A who has not driving licence has connection with a car rental agency 2) Car rental agency requests a proof for Person A's driving licence from Person A with a nonce X 3) Person A routes this nonce to the Person B who has driving licence credential 4) Person B creates a proof for his own driving licence with nonce X and transfer to the Person A 5) Person A present this proof to car rental agency 6) Car rental agency verify this proof

dgunseli (Tue, 04 Feb 2020 12:34:57 GMT):
Yes, @domwoe you are right but let's consider this scenario: 1) Person A who has not driving licence has connection with a car rental agency 2) Car rental agency requests a proof for Person A's driving licence from Person A with a nonce X 3) Person A routes this nonce to the Person B who has driving licence credential 4) Person B creates a proof for his own driving licence with nonce X and transfer this proof message to Person A 5) Person A present this proof to car rental agency 6) Car rental agency verify this proof

dgunseli (Tue, 04 Feb 2020 12:34:57 GMT):
Yes, @domwoe you are right but let's consider this scenario: 1) Person A who has not driving licence has connection with a car rental agency 2) Car rental agency requests a proof for Person A's driving licence from Person A with a nonce X 3) Person A routes this nonce to the Person B who has driving licence credential 4) Person B creates a proof for his own driving licence with nonce X and transfer this proof message to Person A 5) Person A presents this proof to car rental agency 6) Car rental agency verify this proof

dgunseli (Tue, 04 Feb 2020 12:34:57 GMT):
Yes, @domwoe you are right but let's consider this scenario: 1) Person A who has not driving licence has connection with a car rental agency 2) Car rental agency requests a proof for Person A's driving licence from Person A with a nonce X 3) Person A routes this nonce to the Person B who has driving licence credential 4) Person B creates a proof for his own driving licence with nonce X and transfer this proof message to Person A 5) Person A presents this proof to car rental agency 6) Car rental agency verifies this proof

domwoe (Tue, 04 Feb 2020 13:15:27 GMT):
Yes, I think if A and B collude they could cheat the verifier. Happy to get convinced otherwise :)

domwoe (Tue, 04 Feb 2020 13:16:53 GMT):
@sklump Is there a discussion anywhere about this?

sklump (Tue, 04 Feb 2020 13:17:50 GMT):
https://github.com/hyperledger/aries-rfcs/tree/master/concepts/0207-credential-fraud-threat-model is the place to start

dgunseli (Tue, 04 Feb 2020 14:03:53 GMT):
I think this scenario really fits with the scenario 1.2 in the RFC

swcurran (Tue, 04 Feb 2020 14:31:08 GMT):
Looks like you are running it natively (not on docker) and there is a libindy component missing. We usually run on docker. Perhaps you have to manually install that library? Or perhaps your library path is not set?

victor.martinez (Tue, 04 Feb 2020 14:52:50 GMT):
Hi team, what would be the most pragmatic approach currently in aca-py to implement a DID resolver mechanism? It is my understanding that VDRI component will support pluggable DID resolution in the future but I'm not sure when this shared library we will be available ... Also, I've noticed there are other initiatives to integrate the universal resolver via Http or DIDcomm bindings. Happy to understand what would be the correct approach to take on this topic and if there is any ongoing work available.

swcurran (Tue, 04 Feb 2020 15:01:00 GMT):
I'm not aware of any work on this in the Aries community. I would think using the Universal Resolver would be easy, since it is a REST API. I'm not sure where the DIDs would be coming from to be resolved - that sounds like more effort, as it means creating an integration with other things that are passing DIDs. That seems like a larger use case.

dgunseli (Tue, 04 Feb 2020 15:09:34 GMT):
I guess there is no any native solution for this fraud method, we should create a business-wise solution

ankita.p (Tue, 04 Feb 2020 15:41:35 GMT):
[ ](https://chat.hyperledger.org/channel/aries-cloudagent-python?msg=QLXJBAWjqwvPqcBX2)
postgres.png

ankita.p (Tue, 04 Feb 2020 15:41:46 GMT):
I am running in docker, the way it is mentioned in aca-py document

ankita.p (Tue, 04 Feb 2020 15:42:17 GMT):
I am running it in docker, the way mentioned in aca-py document.

swcurran (Tue, 04 Feb 2020 15:45:37 GMT):
Hmmm...that's very odd. @ianco ?

ianco (Tue, 04 Feb 2020 16:09:40 GMT):
No idea, this should be in the docker container: `OSError: libindystrgpostgres.so: cannot open shared object file: No such file or directory`

swcurran (Tue, 04 Feb 2020 16:10:32 GMT):
What exactly are you doing (what docker script)?

victor.martinez (Tue, 04 Feb 2020 16:17:32 GMT):
thanks, @swcurran In the case of integrating the Universal Resolver, after checking quickly the aca-py source code, do you think the effort would be to adapt only the ledger package? (roughly the ledger/indy.py class) Also if the public key type is not ED25519_SIG_2018 I guess more changes would be needed like provide a specific wallet implementation?

swcurran (Tue, 04 Feb 2020 16:38:42 GMT):
If you are interested in doing that, I would recommend collaborating with @andrew.whitehead to build on the model he has implemented in indy-vdr. The goal is to have a common, pluggable interface within Aries (aries-vdri - where the i is "interface"), with things like indy-vdr being one of many implementations. It would be really good to have another implementation so that we can build a more general Aries interface. Andrew's work is here: https://github.com/andrewwhitehead/indy-vdr

swcurran (Tue, 04 Feb 2020 16:40:22 GMT):
A possible future is that an aries agent might be deployed with concrete implementations for several ledgers (especially, ones to which writes will occur) and use the universal resolver for other DIDs.

victor.martinez (Tue, 04 Feb 2020 17:03:53 GMT):
ok, I'll follow up with Andrew. many thanks!

daveek (Tue, 04 Feb 2020 20:47:29 GMT):
Has joined the channel.

haniavis (Tue, 04 Feb 2020 21:08:02 GMT):
Has joined the channel.

swcurran (Tue, 04 Feb 2020 22:09:31 GMT):
The second ACA-Pug (ACA-Py User Group) meeting is tomorrow at 11AM Pacific Time/2PM Eastern. We'll cover updates in the ACA-Py ecosystem, AIP 1.0 and @andrew.whitehead will give us a demo of the work he is doing on the indy-vdr ledger component he has been working on (ping @victor.martinez ). We'll also have a Q&A with the developers and get updates on work going on in the community. Anyone else with a demo they want to share? Let me know. Meeting details are here: https://wiki.hyperledger.org/display/ARIES/ACA-Pug+Meetings -- we will be recording the meeting.

priyashankar (Wed, 05 Feb 2020 05:47:15 GMT):
I have registered an *aca-py agent* on the Greenlight Dev Ledger. Now, I want to connect to the same using *Osma Mobile Agent* on *Android.* So, I changed the contents of the *genesis file* at *src\Osma.Mobile.App.Android\Assets\pool_genesis.Remote.txn* with *http://dev.greenlight.bcovrin.vonx.io/genesis*. On trying to connect, I get the message "*Failed to accept Invite*". On further logging the exception, I get this "*object reference not set to an instance of an object*". Where is this getting wrong? Thanks.

priyashankar (Wed, 05 Feb 2020 05:47:15 GMT):
I have registered an *aca-py agent* on the Greenlight Dev Ledger. Now, I want to connect to the same using *Osma Mobile Agent* on *Android.* So, I changed the contents of the *genesis file* at *src\Osma.Mobile.App.Android\Assets\pool_genesis.Remote.txn* with *http://dev.greenlight.bcovrin.vonx.io/genesis*. On trying to connect, I get the message "*Failed to accept Invite*". On further logging the exception, I get "*object reference not set to an instance of an object*". Where is this getting wrong? Thanks.

priyashankar (Wed, 05 Feb 2020 05:47:15 GMT):
I have registered an *aca-py agent* on the Greenlight Dev Ledger. Now, I want to connect to the same using *Osma Mobile Agent* on *Android.* So, I changed the contents of the *genesis file* at *src\Osma.Mobile.App.Android\Assets\pool_genesis.Remote.txn* with *http://dev.greenlight.bcovrin.vonx.io/genesis*. On trying to connect, I get the message "*Failed to accept Invite*". On further logging the exception, I get "*object reference not set to an instance of an object*". The detailed log is given in the thread. Where is this getting wrong? Thanks.

ankita.p (Wed, 05 Feb 2020 08:02:00 GMT):

postgres.png

ankita.p (Wed, 05 Feb 2020 08:04:42 GMT):
I used the script(run_postgres) given under /aries-cloudagent-python/scripts/ folder /aries-cloudagent-python/scripts/run_postgres

priyashankar (Wed, 05 Feb 2020 09:13:14 GMT):
Exception=System.NullReferenceException: Object reference not set to an instance of an object. Exception=System.NullReferenceException: Object reference not set to an instance of an object. at Hyperledger.Aries.Decorators.Signature.SignatureUtils.UnpackAndVerifyData[T] (Hyperledger.Aries.Decorators.Signature.SignatureDecorator decorator) [0x00000] in d:\a\1\s\src\Hyperledger.Aries\Decorators\Signature\SignatureUtils.cs:57 at Hyperledger.Aries.Features.DidExchange.DefaultConnectionService.ProcessResponseAsync (Hyperledger.Aries.Agents.IAgentContext agentContext, Hyperledger.Aries.Features.DidExchange.ConnectionResponseMessage response, Hyperledger.Aries.Features.DidExchange.ConnectionRecord connection) [0x00052] in d:\a\1\s\src\Hyperledger.Aries\Features\DidExchange\DefaultConnectionService.cs:252 at Osma.Mobile.App.ViewModels.Connections.AcceptInviteViewModel.CreateConnection (Hyperledger.Aries.Agents.IAgentContext context, Hyperledger.Aries.Features.DidExchange.ConnectionInvitationMessage invite) [0x00410] in D:\Project\Xamarin\osma_latest_update_git\src\Osma.Mobile.App\ViewModels\Connections\ AcceptInviteViewModel.cs:81 02-05 13:44:24.133 I/mono-stdout(17442): at Hyperledger.Aries.Decorators.Signature.SignatureUtils.UnpackAndVerifyData[T] (Hyperledger.Aries.Decorators.Signature.SignatureDecorator decorator) [0x00000] in d:\a\1\s\src\Hyperledger.Aries\Decorators\Signature\SignatureUtils.cs:57

ianco (Wed, 05 Feb 2020 14:07:35 GMT):
Are you running aca-py using docker?

sebastillar (Wed, 05 Feb 2020 14:46:26 GMT):
Hello team. Today I share the following question: is it necessary for an edge agent to have to be connected to a von-network (or some ledger) to communicate with other agents?

swcurran (Wed, 05 Feb 2020 14:46:48 GMT):
@sukalpomitra @esune - any thoughts on this? Is this a newer ACA-Py - older version of OSMA issue?

sukalpomitra (Wed, 05 Feb 2020 14:48:14 GMT):
Hi @swcurran I am not sure. I have not tested with the osma master branch.

swcurran (Wed, 05 Feb 2020 14:52:06 GMT):
Good question. For operation as just a mediator, it probably does not - establishing peer-to-peer connections, managing routing tables and forwarding messages is probably all that is required. The only thing that I can think of is if in connecting to a new mobile agent it needs to exchange verifiable credentials to prove who it is - e.g. typical authentication. But that is outside of the core mediator role, and so an extended use case.

andrew.whitehead (Wed, 05 Feb 2020 16:33:51 GMT):
It seems to be looking for a signature decorator in a connection invite?

swcurran (Wed, 05 Feb 2020 16:45:00 GMT):
Which would suggest old code in OSMA?

andrew.whitehead (Wed, 05 Feb 2020 16:56:28 GMT):
Actually no, it seems to be in the response stage

HLFPOC (Wed, 05 Feb 2020 16:59:08 GMT):
I also got the same issue

andrew.whitehead (Wed, 05 Feb 2020 17:04:02 GMT):
Specifically it's getting a NPE on the sig_data property of connection~sig

dbluhm (Wed, 05 Feb 2020 18:32:12 GMT):
@TelegramSam also happens to be working with connecting OSMA to ACA-Py; still in a debugging state last I heard

swcurran (Wed, 05 Feb 2020 18:36:17 GMT):
@sukalpomitra - now that Andrew has narrowed it down, maybe you can look and compare with what is on your branch?

sukalpomitra (Wed, 05 Feb 2020 18:37:18 GMT):
Sure, I will look into it tomorrow

victor.martinez (Wed, 05 Feb 2020 18:41:18 GMT):
Hi all, is it possible to encode a credential coming from the wallet in Json expressed as describe in verifiable credentials data model 1.0 ?

swcurran (Wed, 05 Feb 2020 18:49:10 GMT):
Yes it possible. It's not in Indy yet, but that is part of the Rich Schema work that is going on. Look for Rich Schema RFCs, Issues in both the aries-rfcs and indy-hipe repos for more background.

swcurran (Wed, 05 Feb 2020 18:49:43 GMT):
PoCs have been done of using Indy-style ZKPs in the W3C data model

victor.martinez (Wed, 05 Feb 2020 18:56:37 GMT):
Great, thanks!

ankita.p (Wed, 05 Feb 2020 19:12:32 GMT):
No

ankita.p (Wed, 05 Feb 2020 19:12:56 GMT):
just postgersql, Do I need to?

ianco (Wed, 05 Feb 2020 19:13:19 GMT):
if you are running locally then you need all the libraries locally (libindy, libpostgres, etc)

ianco (Wed, 05 Feb 2020 19:13:30 GMT):
The error you are getting is that the postgres plug-in library is missing

ianco (Wed, 05 Feb 2020 19:13:58 GMT):
Did you build libindy locally or install a pre-built library?

ankita.p (Wed, 05 Feb 2020 19:14:09 GMT):
I have libindy, not sure about libpostgres

ankita.p (Wed, 05 Feb 2020 19:15:03 GMT):
libindy is installed locally

ianco (Wed, 05 Feb 2020 19:15:43 GMT):
you'll need to build libpostgres, I don't think there is a pre-built library available to install

ianco (Wed, 05 Feb 2020 19:16:19 GMT):
https://github.com/hyperledger/indy-sdk/tree/master/experimental/plugins/postgres_storage

ankita.p (Wed, 05 Feb 2020 19:18:11 GMT):
Okay. I have to build indy-sdk with this postgres plugin first!?

ianco (Wed, 05 Feb 2020 19:18:38 GMT):
If you already have libindy installed you just need to build the postgres plug in

ankita.p (Wed, 05 Feb 2020 19:18:53 GMT):
okay, got you

ianco (Wed, 05 Feb 2020 19:18:56 GMT):
(Or it might be easier to just use the docker version of aca-py, it has everything installed in the docker image)

ankita.p (Wed, 05 Feb 2020 19:19:16 GMT):
Okay. will try that as well.

ankita.p (Wed, 05 Feb 2020 19:20:35 GMT):
Thanks!

swcurran (Wed, 05 Feb 2020 21:58:31 GMT):
The recording from today's ACA-Pug Meeting is now available here: https://wiki.hyperledger.org/download/attachments/29033843/20200205%20ACA-Pug%20Bi-Weekly%20Meeting.mp4?version=1&modificationDate=1580939550071&api=v2 Good discussions on ACA-Py releases, handling Author/Endorser transactions, mediators and overriding core message handlers.

sukalpomitra (Thu, 06 Feb 2020 04:28:54 GMT):
@swcurran my doubt is that the connection response sent from aca-py is following protocol version 0.1. Is there a param that needs to be set for it to follow protocol version 1.0 @priyashankar which version of aca-py are u using?

priyashankar (Thu, 06 Feb 2020 04:33:47 GMT):
Thank you everyone for the quick responses. @sukalpomitra I am using protocol_version 2.

priyashankar (Thu, 06 Feb 2020 04:49:17 GMT):
As far as credential issuance protocol is concerned, then in my case it's aca-py at 0.1.

priyashankar (Thu, 06 Feb 2020 04:49:17 GMT):
@sukalpomitra As far as credential issuance protocol is concerned, then in my case it's aca-py at 0.1.

sukalpomitra (Thu, 06 Feb 2020 04:49:39 GMT):
ok thats why you are getting that error

swcurran (Thu, 06 Feb 2020 04:50:55 GMT):
The issue is with the invitation, not credential exchange. The version of credential exchange shouldn't come into play.

swcurran (Thu, 06 Feb 2020 04:52:23 GMT):
FYI - ACA-Py still supports the 0.1 version. Specific deployments may only support v1.0 (or v0.1), but the framework itself supports both. But neither should matter at invitation time.

sukalpomitra (Thu, 06 Feb 2020 04:55:44 GMT):
my bad. sorry, yes @swcurran you are right. This is at the time of connection invitation not at the time of credential exchange

sukalpomitra (Thu, 06 Feb 2020 04:57:08 GMT):
well code treatment wise I dont see a difference between osma master branch and my branch. But we can only tell if we carry out a test

sukalpomitra (Thu, 06 Feb 2020 04:57:52 GMT):
@priyashankar are your aca-py in AWS and can be reached through a public url? Then I can try testing it with my version of OSMA

priyashankar (Thu, 06 Feb 2020 05:25:05 GMT):
I have built an exact replica of my aca-py agent. You can access the same using the following ngrok url. http://3b8ebb80.ngrok.io

priyashankar (Thu, 06 Feb 2020 05:25:05 GMT):
@sukalpomitra I have built an exact replica of my aca-py agent. You can access the same using the following ngrok url. http://3b8ebb80.ngrok.io

sukalpomitra (Thu, 06 Feb 2020 05:31:49 GMT):
its taking me to the swagger link. Do u have a web app to show the qr code?

sukalpomitra (Thu, 06 Feb 2020 05:34:15 GMT):
the swagger gives me this connection invitation -> http://10.0.2.15:8020?c_i=eyJAdHlwZSI6ICJkaWQ6c292OkJ6Q2JzTlloTXJqSGlxWkRUVUFTSGc7c3BlYy9jb25uZWN0aW9ucy8xLjAvaW52aXRhdGlvbiIsICJAaWQiOiAiOTEzOGI2YzgtZmIyZi00MGUzLTliMTMtYWVkYjA5MDRmY2VhIiwgInNlcnZpY2VFbmRwb2ludCI6ICJodHRwOi8vMTAuMC4yLjE1OjgwMjAiLCAicmVjaXBpZW50S2V5cyI6IFsiODZ5R1ljYW1NVU5ENDUxR0V2UlpkTmpUd1htdm0zZ2tSWlU2eGdhZXY0UVEiXSwgImxhYmVsIjogIklzc3VlciBBZ2VudCJ9

sukalpomitra (Thu, 06 Feb 2020 05:34:35 GMT):
which is not helpful as I guess the ip address wont be reachable

swcurran (Thu, 06 Feb 2020 05:37:53 GMT):
I suspect you can make the endpoint in the peer dids use the ngrok. I think there is an ACA-Py parameter for that. The invite JSON looks fine. Nothing about a signature: {"@type": "did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/connections/1.0/invitation", "@id": "9138b6c8-fb2f-40e3-9b13-aedb0904fcea", "serviceEndpoint": "http://10.0.2.15:8020", "recipientKeys": ["86yGYcamMUND451GEvRZdNjTwXmvm3gkRZU6xgaev4QQ"], "label": "Issuer Agent"}

swcurran (Thu, 06 Feb 2020 05:39:03 GMT):
Here's the one from IIWBook: {"@type": "did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/connections/1.0/invitation", "@id": "13599da0-413c-4542-ae08-17e369633936", "serviceEndpoint": "https://iiwbook-agent.vonx.io", "recipientKeys": ["A7UkuRydbZVFNr7tp3dHrL8SxFSm17uksjp82vocm4Uu"], "label": "IIW"}

sukalpomitra (Thu, 06 Feb 2020 05:40:18 GMT):
@swcurran The error comes in the connection response. Since OSMA without a cloud agent uses a return route protocol, the error occurs in the same AcceptInvite method but it happens during processing of thye response

swcurran (Thu, 06 Feb 2020 05:40:33 GMT):
Ah...got it.

sukalpomitra (Thu, 06 Feb 2020 05:41:30 GMT):
thats why I was confused that maybe the connection response had some problem

priyashankar (Thu, 06 Feb 2020 05:46:50 GMT):
@sukalpomitra I didn't quite get you where is it getting wrong. Can you please elaborate?

priyashankar (Thu, 06 Feb 2020 05:49:52 GMT):
For the purpose of experimentation, I am copying the invite JSON and embedding it into a QR Code using this third party service, https://www.the-qrcode-generator.com/

priyashankar (Thu, 06 Feb 2020 05:49:52 GMT):
For the purpose of experimentation, I am copying the invite URL and embedding it into a QR Code using this third party service, https://www.the-qrcode-generator.com.

sukalpomitra (Thu, 06 Feb 2020 05:52:35 GMT):
but once i scan the qr, the service endpoint -> http://10.0.2.15:8020 wont be reachable

sukalpomitra (Thu, 06 Feb 2020 05:52:52 GMT):
u need to replace it with a ngrok ip

priyashankar (Thu, 06 Feb 2020 06:07:32 GMT):
I'm sorry, PORT 8020 is at http://95a0d647.ngrok.io You just need to work a little hard creating the invite URL from scratch. I just tested the setup using StreetCred and it's working with the ngrok endpoints.

priyashankar (Thu, 06 Feb 2020 06:07:32 GMT):
@sukalpomitra I'm sorry, PORT 8020 is at http://95a0d647.ngrok.io You just need to work a little hard creating the invite URL from scratch. I just tested the setup using StreetCred and it's working with the ngrok endpoints.

HLFPOC (Thu, 06 Feb 2020 06:08:23 GMT):
@sukalpomitra Can you please try with below invitation URL: http://13.127.152.88:8050?c_i=eyJAdHlwZSI6ICJkaWQ6c292OkJ6Q2JzTlloTXJqSGlxWkRUVUFTSGc7c3BlYy9jb25uZWN0aW9ucy8xLjAvaW52aXRhdGlvbiIsICJAaWQiOiAiYmNmY2RiMDAtYWU4OS00OWU5LTllZTEtNWMzNThkMWEwNDhkIiwgInJlY2lwaWVudEtleXMiOiBbIkJkUXFzU2g0b0tYVEZnZW5tajlHV0h1blNBa2JCYnZOQXFKMVVQTTJ3Q2taIl0sICJsYWJlbCI6ICJEdW1teUFnZW50IiwgInNlcnZpY2VFbmRwb2ludCI6ICJodHRwOi8vMTMuMTI3LjE1Mi44ODo4MDUwIn0= I have started a dummy agent on ACA-Py on AWS which is connected to http://138.197.138.255/ indy pool. So you can replace the genesis (http://138.197.138.255/genesis) and then try to scan the QR code.

priyashankar (Thu, 06 Feb 2020 06:14:01 GMT):
@sukalpomitra This might help. http://95a0d647.ngrok.io?c_i=eyJAdHlwZSI6ICJkaWQ6c292OkJ6Q2JzTlloTXJqSGlxWkRUVUFTSGc7c3BlYy9jb25uZWN0aW9ucy8xLjAvaW52aXRhdGlvbiIsICJAaWQiOiAiZjdjNGQ5YWQtZjcyOS00ZGRhLTg1MTctNjllZTk2ODJiZTAyIiwgInNlcnZpY2VFbmRwb2ludCI6ICJodHRwOi8vOTVhMGQ2NDcubmdyb2suaW8iLCAicmVjaXBpZW50S2V5cyI6IFsiSjVxYmI1Z3FZdVhhUlBEQ3Q4WnR0M1hqUnRGcE5nZXNwNmI3QUJRZ3hDVFgiXSwgImxhYmVsIjogIklzc3VlciBBZ2VudCJ9

sukalpomitra (Thu, 06 Feb 2020 06:14:50 GMT):
Thanks guys.. having lunch..will look into it after I get back

priyashankar (Thu, 06 Feb 2020 06:16:39 GMT):
FYI, I registered the aca-py agent on the greenlight dev ledger (http://dev.greenlight.bcovrin.vonx.io/genesis).

sukalpomitra (Thu, 06 Feb 2020 06:17:32 GMT):
For connection ledger is not important

sukalpomitra (Thu, 06 Feb 2020 06:17:48 GMT):
As we do did peer

sukalpomitra (Thu, 06 Feb 2020 06:18:02 GMT):
Afaik

sukalpomitra (Thu, 06 Feb 2020 06:32:19 GMT):
my OSMA is now connected with dummy agent

sukalpomitra (Thu, 06 Feb 2020 06:32:29 GMT):
trying this now

sukalpomitra (Thu, 06 Feb 2020 06:33:23 GMT):
connected to IssuerAgent

sukalpomitra (Thu, 06 Feb 2020 06:33:37 GMT):
for both of your connection I did not face any issue

sukalpomitra (Thu, 06 Feb 2020 06:34:47 GMT):

evidence.jpeg

HLFPOC (Thu, 06 Feb 2020 06:35:36 GMT):
yes, i can see the below entry while fetching the active connections: { "their_did": "6aTDcth4MerBZWkTSUEu7U", "initiator": "self", "invitation_mode": "once", "my_did": "TG9LRCRF9dko1QFuv8Uyj2", "invitation_key": "BdQqsSh4oKXTFgenmj9GWHunSAkbBbvNAqJ1UPM2wCkZ", "routing_state": "none", "created_at": "2020-02-06 06:06:15.577710Z", "state": "response", "alias": "dummyAgent", "connection_id": "4708c225-5706-478f-9251-687dfc30e99a", "accept": "auto", "updated_at": "2020-02-06 06:31:17.293535Z", "their_label": "sukalpo" }

HLFPOC (Thu, 06 Feb 2020 06:35:36 GMT):
yes, i can see the below entry while fetching the connections: { "their_did": "6aTDcth4MerBZWkTSUEu7U", "initiator": "self", "invitation_mode": "once", "my_did": "TG9LRCRF9dko1QFuv8Uyj2", "invitation_key": "BdQqsSh4oKXTFgenmj9GWHunSAkbBbvNAqJ1UPM2wCkZ", "routing_state": "none", "created_at": "2020-02-06 06:06:15.577710Z", "state": "response", "alias": "dummyAgent", "connection_id": "4708c225-5706-478f-9251-687dfc30e99a", "accept": "auto", "updated_at": "2020-02-06 06:31:17.293535Z", "their_label": "sukalpo"

HLFPOC (Thu, 06 Feb 2020 06:37:14 GMT):
but state is "response", what does that mean ? I guess it should be "active"

sukalpomitra (Thu, 06 Feb 2020 06:38:19 GMT):
i think you need to start aca-py with auto accept = true

sukalpomitra (Thu, 06 Feb 2020 06:38:33 GMT):
but I am not that sure

HLFPOC (Thu, 06 Feb 2020 06:39:13 GMT):
yes, i have set auto-accept-requests and auto-accept-invites flags while stating the agent

HLFPOC (Thu, 06 Feb 2020 06:39:39 GMT):
btw are you using master branch of OSMA app?

sukalpomitra (Thu, 06 Feb 2020 06:40:01 GMT):
query after some time again, sometimes it takes some time before the state changes

sukalpomitra (Thu, 06 Feb 2020 06:40:44 GMT):
no, I have my own fork and branch where I use my own cloud agent as a e=mediator with my own fork and branch of aries-framework-dotnet

sukalpomitra (Thu, 06 Feb 2020 06:42:04 GMT):
I dont use return route protocol

priyashankar (Thu, 06 Feb 2020 06:54:38 GMT):
@sukalpomitra I did try connecting one more time, it still says "Negotiating". Is there supposed to be a mediator between the aca-py and the mobile agents? In that case, can you please help me setting that up?

sukalpomitra (Thu, 06 Feb 2020 06:55:30 GMT):
there should not be any need of a mediator. The return route protocol should work

priyashankar (Thu, 06 Feb 2020 06:57:14 GMT):
FYI, I built the apk using the code provided in the master branch ---> https://github.com/mattrglobal/osma.

sukalpomitra (Thu, 06 Feb 2020 06:57:44 GMT):
I have not tested the OSMA master branch

priyashankar (Thu, 06 Feb 2020 06:58:12 GMT):
I'm confused, where do I go from here?

sukalpomitra (Thu, 06 Feb 2020 06:59:32 GMT):
I will try to fix this issue. Let me see what the issue is on the master branch. I need to set it up. So it will take some time. Keep looking in this place

priyashankar (Thu, 06 Feb 2020 07:01:30 GMT):
I definitely will. Thank you @sukalpomitra, @swcurran for your patience all along.

sukalpomitra (Thu, 06 Feb 2020 07:16:11 GMT):
hi @priyashankar is your service still running?

sukalpomitra (Thu, 06 Feb 2020 07:16:29 GMT):
can you give me another connection invitation message to connect to

sukalpomitra (Thu, 06 Feb 2020 07:16:54 GMT):
or HLFPOC is your service still running?

sukalpomitra (Thu, 06 Feb 2020 07:16:54 GMT):
or @HLFPOC is your service still running?

priyashankar (Thu, 06 Feb 2020 07:17:40 GMT):
Unfortunately, I dumped the agent since you said you had successfully created a connection.

sukalpomitra (Thu, 06 Feb 2020 07:18:03 GMT):
yeah but now I have the osma branch setup

sukalpomitra (Thu, 06 Feb 2020 07:18:10 GMT):
and i wanna do a similar test

priyashankar (Thu, 06 Feb 2020 07:18:14 GMT):
Give me a moment.

priyashankar (Thu, 06 Feb 2020 07:18:22 GMT):
I am setting things up once again.

priyashankar (Thu, 06 Feb 2020 07:22:29 GMT):
Here's an invite link from a newly constructed agent. http://798d3905.ngrok.io?c_i=eyJAdHlwZSI6ICJkaWQ6c292OkJ6Q2JzTlloTXJqSGlxWkRUVUFTSGc7c3BlYy9jb25uZWN0aW9ucy8xLjAvaW52aXRhdGlvbiIsICJAaWQiOiAiNzM4ZDJiOTgtZjU4ZS00OWI2LTkzMzQtNTdjYjU4NTE4ZmM1IiwgInNlcnZpY2VFbmRwb2ludCI6ICJodHRwOi8vNzk4ZDM5MDUubmdyb2suaW8iLCAibGFiZWwiOiAiSXNzdWVyIEFnZW50IiwgInJlY2lwaWVudEtleXMiOiBbIkRmeWRLQkhGdm45VVdQNk5uc2ZKSnVvMnh3NkdqZkVnTHlWMjhIa2FlSExGIl19

priyashankar (Thu, 06 Feb 2020 07:23:15 GMT):
You'll find the swagger interface at http://9abfab24.ngrok.io

priyashankar (Thu, 06 Feb 2020 07:24:05 GMT):
For PORT 8020, you'll find it at http://798d3905.ngrok.io. The Invite URL has the updated params.

sukalpomitra (Thu, 06 Feb 2020 07:26:40 GMT):
can u keep it running? I have a meeting to attend

sukalpomitra (Thu, 06 Feb 2020 07:26:50 GMT):
I will be back in half an hour

priyashankar (Thu, 06 Feb 2020 07:30:20 GMT):
I'll keep them awake. Although, the ngrok urls stay alive for another 7hrs. 50 mins to be exact.

sukalpomitra (Thu, 06 Feb 2020 09:25:23 GMT):
hey guys I used the osma branch and I found that when we are sending a connection request using return route protocol the response recived is a probloem report

sukalpomitra (Thu, 06 Feb 2020 09:25:25 GMT):
rsp.Id "20e87ad4-6beb-445b-b2a9-c17dd062a8d5" > rsp.ConnectionSig (null) > rsp.GetDecorator() Method `GetDecorator' not found in type `Hyperledger.Aries.Features.DidExchange.ConnectionResponseMessage'. > rsp.Type "did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/notification/1.0/problem-report"

sukalpomitra (Thu, 06 Feb 2020 09:25:58 GMT):
@priyashankar can you check the logs on your end to see why OSMA recived a problem report message?

priyashankar (Thu, 06 Feb 2020 09:47:04 GMT):

priyashankar - Thu Feb 06 2020 15:16:44 GMT+0530 (India Standard Time).txt

sukalpomitra (Thu, 06 Feb 2020 09:49:48 GMT):
ok let me check the connection request that OSMA is sending

sukalpomitra (Thu, 06 Feb 2020 10:21:23 GMT):
ok guys I have fixed the issue

sukalpomitra (Thu, 06 Feb 2020 10:21:27 GMT):
I will raise a PR

priyashankar (Thu, 06 Feb 2020 10:21:42 GMT):
I'll check and let you know.

priyashankar (Thu, 06 Feb 2020 10:23:37 GMT):
Thank you once again.

dgunseli (Thu, 06 Feb 2020 10:50:27 GMT):
Is there any plan for providing RFC 0211 and RFC 0212 https://github.com/hyperledger/aries-rfcs/blob/master/features/0211-route-coordination https://github.com/hyperledger/aries-rfcs/tree/master/features/0212-pickup

sukalpomitra (Thu, 06 Feb 2020 11:00:24 GMT):
Please follow https://github.com/mattrglobal/osma/pull/37

priyashankar (Thu, 06 Feb 2020 12:12:12 GMT):
@sukalpomitra I guess you made the recent commits at https://github.com/sukalpomitra/osma. I went ahead and built the apk using that. Still on trying to connect, it fails. After a long pause displayig "Processing", finally I see "Failed to accept invite."

sukalpomitra (Thu, 06 Feb 2020 12:14:25 GMT):
Wait for the pr to be merged. If you use my version you need a cloud agent

sukalpomitra (Thu, 06 Feb 2020 12:15:13 GMT):
And in my version this issue does not come anyways

daveek (Thu, 06 Feb 2020 12:16:37 GMT):
Hi, Is there anyone who worked on or know about how to build mobile app on top of aries, written in Python. I don't want to use 'aries-framework-dotnet/OSMA' (becoz they are written in .Net), but any other project written in Python.

TimoGlastra (Thu, 06 Feb 2020 12:25:41 GMT):
Has joined the channel.

sukalpomitra (Thu, 06 Feb 2020 12:31:33 GMT):
one more thing, you need to uninstall the last installed app. The code fix is given at createwallet stage

HLFPOC (Thu, 06 Feb 2020 14:01:42 GMT):
Can the holder verify its own credentials ? For example, can Alice verify her degree credentials (to check if they are valid or revoked ) which are issued to her by Faber?

swcurran (Thu, 06 Feb 2020 15:26:43 GMT):
Yes. The heavy lifting of a proof is done by the Holder, so if they can successful create a proof, it can be verified. However, they can also verify the proof they create. We've done that on one of our projects.

HLFPOC (Thu, 06 Feb 2020 15:30:03 GMT):
So in that case, what should be the flow? Should Alice send a proof request of the credentials on her on connection id?

swcurran (Thu, 06 Feb 2020 15:31:05 GMT):
We had a debate on that when it came up. They way we did it was to make a connection to ourself and then use that.

swcurran (Thu, 06 Feb 2020 15:31:24 GMT):
I'll see if I can get a pointer to the code.

HLFPOC (Thu, 06 Feb 2020 15:31:46 GMT):
okay, thanks for the info

swcurran (Thu, 06 Feb 2020 17:02:23 GMT):
Here is the place in the code where this is done: https://github.com/bcgov/indy-catalyst/blob/master/server/vcr-server/app-vonx.py#L38

acaldas18 (Thu, 06 Feb 2020 18:01:07 GMT):
I am trying to connect a local agent with a cloud agent, is this possible? How should I do it? Thanks to all who can help me

TelegramSam (Thu, 06 Feb 2020 19:08:34 GMT):
the toolbox is an example of an app that does this.

TelegramSam (Thu, 06 Feb 2020 19:08:49 GMT):
use return routing, and set the endpoint uri for the local agent to be blank.

TelegramSam (Thu, 06 Feb 2020 19:09:16 GMT):
also, check the acapy command line argument that enables outbound queues.

TelegramSam (Thu, 06 Feb 2020 19:09:28 GMT):
last, I highly recommend using a websocket for the transport.

sebastillar (Thu, 06 Feb 2020 19:34:47 GMT):
how do I set return routing?

sebastillar (Thu, 06 Feb 2020 19:35:46 GMT):
how do I set return routing? "set the endpoint uri for the local agent to be blank" means passing 0.0.0.0?

sebastillar (Thu, 06 Feb 2020 19:40:07 GMT):
I get this error when trying start agent on my local: OSError: dlopen(libindy.dylib, 6): Symbol not found: _CRYPTO_num_locks Referenced from: libindy.dylib Expected in: /usr/local/opt/openssl/lib/libcrypto.1.0.0.dylib in libindy.dylib

sebastillar (Thu, 06 Feb 2020 19:42:53 GMT):
aca-py --version 0.4.1

swcurran (Thu, 06 Feb 2020 21:08:34 GMT):
Hey folks, we're working on finishing the Aries Developer course to be published by the Linux Foundation and I'm looking for some help. I posted this issue in the ACA-Py repo. Would love some help and glad to recognize contributions in the course :-) . https://github.com/hyperledger/aries-cloudagent-python/issues/361

swcurran (Thu, 06 Feb 2020 21:08:34 GMT):
Hey folks, we're working on finishing the Aries Developer course to be published by the Linux Foundation on edX and I'm looking for some help. I posted this issue in the ACA-Py repo. Would love some help and glad to recognize contributions in the course :-) . https://github.com/hyperledger/aries-cloudagent-python/issues/361

swcurran (Fri, 07 Feb 2020 17:43:07 GMT):
In theory, you could use this project - https://github.com/kivy/kivy to create a mobile app built in python. I think it would be equivalent of using Xamarin for .NET to get a mobile. However, I don't know anything about it - just did a bit of googling. If you try it, please let us know.

swcurran (Fri, 07 Feb 2020 17:45:42 GMT):
Any progress on this? @andrew.whitehead - have you seen this?

daveek (Fri, 07 Feb 2020 17:46:55 GMT):
Thanks

sebastillar (Fri, 07 Feb 2020 18:02:13 GMT):
I got this error trying to install on macOS. I finally gave up and now we are also working with local on Ubuntu

swcurran (Fri, 07 Feb 2020 18:04:26 GMT):
Docker is a wonderful thing. Just sayin'...

swcurran (Fri, 07 Feb 2020 18:04:30 GMT):
:-)

sebastillar (Fri, 07 Feb 2020 18:10:23 GMT):
thanks Stephen!

andrew.whitehead (Fri, 07 Feb 2020 18:13:13 GMT):
Incompatible version of openssl maybe

shenoy (Sun, 09 Feb 2020 06:43:56 GMT):
anyone else seeing a problem at the "Issue credential" stage :( ? I tried the Alice/Faber OpenAPI demo multiple times and I keep getting "500 Internal Server Error Server got itself in trouble" in Response body with Response headers "access-control-allow-credentials: true access-control-allow-origin: http://ip10-1-82-4-bovq71tm4dlga5djnvsg-8021.direct.play-with-von.vonx.io access-control-expose-headers: content-length: 55 content-type: text/plain; charset=utf-8 date: Sun, 09 Feb 2020 06:42:15 GMT server: Python/3.6 aiohttp/3.5.4 "

shenoy (Sun, 09 Feb 2020 07:13:39 GMT):
@swcurran Turns out I am not very smart. I was following *only* the instructions that were there in the markdown file. It only asks to copy the correct cred_def_id and connection_id (apart from the given attributes for the degree schema). I realise now that it is also important to give the correct values for schema_version, schema_name, issuer_did, schema_id as well as schema_issuer_did to make things work. It might be a good idea to include this piece of information in the "Issuing a Credential" section.

swcurran (Sun, 09 Feb 2020 15:04:46 GMT):
Thanks for updating the instructions! I left you a note on the PR about the DCO requirements of the repo (and the Linux Foundation).

shenoy (Sun, 09 Feb 2020 15:20:29 GMT):
I read that. On clicking the details button next to the DCO error I was asked to do “git rebase HEAD~6 —signoff” then “git push —force-with-lease origin master” I had made the original changes online and committed them in GitHub itself so I cloned the repo to my local machine and did as instructed above. I am not familiar with git so I don’t know what to do next.

sukalpomitra (Sun, 09 Feb 2020 16:02:12 GMT):
@shenoy you need to raise a pull request after you have committed in your forked repo

shenoy (Sun, 09 Feb 2020 16:03:14 GMT):
@sukalpomitra Ah, so another PR has to be raised? I did the easy thing, closed the offending PR and submitted a new one. 🙂

swcurran (Sun, 09 Feb 2020 22:27:59 GMT):
FYI: Aries Cloud Agent - Python Release 0.4.2 has been tagged and posted to PyPi. Release notes can be found here - https://github.com/hyperledger/aries-cloudagent-python/releases/tag/0.4.2. This release improves handling of presentations and restores a route inadvertently dropped in 0.4.1 that handling ephemeral challenges (aka connection-less proof requests). Code reference documentation has been generated to ReadTheDocs - https://aries-cloud-agent-python.readthedocs.io/en/latest/

swcurran (Sun, 09 Feb 2020 22:27:59 GMT):
FYI: Aries Cloud Agent - Python Release 0.4.2 has been tagged and posted to PyPi. Release notes can be found here - https://github.com/hyperledger/aries-cloudagent-python/releases/tag/0.4.2. This release improves handling of presentations and restores a route inadvertently dropped in 0.4.1 for handling ephemeral challenges (aka connection-less proof requests). Code reference documentation has been generated to ReadTheDocs - https://aries-cloud-agent-python.readthedocs.io/en/latest/

sebastillar (Mon, 10 Feb 2020 02:06:27 GMT):
Good evening team. We already managed to send a proposal (from Alice to Acme). Now we intend to send a request in reference to that proposal (from Acme to Alice). When executing / present-proof / records / {pres_ex_id} / send-request we get an error 500. The parameters we send are the following: { "comment": "string", "proof_request": { "name": "Proof request", "requested_attributes": { "name": { "name": "alice", "restrictions": [ { "schema_id": "Bwj2Y2u1pCLnUTJ5nXshp1: 2: nameSchema: 1.0", "schema_name": "nameSchema", "schema_issuer_did": "Bwj2Y2u1pCLnUTJ5nXshp1", "schema_version": "1.0", "credential_definition_id": "Bwj2Y2u1pCLnUTJ5nXshp1: 3: CL: 40: credDefSchemaName", "cred_def_id": "Bwj2Y2u1pCLnUTJ5nXshp1: 3: CL: 40: credDefSchemaName", "issuer_did": "Bwj2Y2u1pCLnUTJ5nXshp1" } ] }, "nonce": "1234567890", "version": "1.0" }, "connection_id": "f0679ac0-b2d8-4bd6-9fa2-9d21e3036115" } } Can you tell us the structure of the parameters to be sent? Thank you!

sebastillar (Mon, 10 Feb 2020 02:07:24 GMT):
In console the traceback is: 2020-02-10 02:05:08,782 aiohttp.server ERROR Error handling request Traceback (most recent call last): File "/usr/local/lib/python3.6/dist-packages/aiohttp/web_protocol.py", line 418, in start resp = await task File "/usr/local/lib/python3.6/dist-packages/aiohttp/web_app.py", line 458, in _handle resp = await handler(request) File "/usr/local/lib/python3.6/dist-packages/aiohttp/web_middlewares.py", line 119, in impl return await handler(request) File "/usr/local/lib/python3.6/dist-packages/aries_cloudagent/admin/server.py", line 187, in apply_limiter return await task File "/usr/local/lib/python3.6/dist-packages/aries_cloudagent/protocols/present_proof/v1_0/routes.py", line 576, in presentation_exchange_send_bound_request context, connection_id File "/usr/local/lib/python3.6/dist-packages/aries_cloudagent/messaging/models/base_record.py", line 205, in retrieve_by_id cls.RECORD_TYPE, record_id, {"retrieveTags": False} File "/usr/local/lib/python3.6/dist-packages/aries_cloudagent/storage/indy.py", line 92, in get_record raise StorageError("Record ID not provided") aries_cloudagent.storage.error.StorageError: Record ID not provided

NikhilPrakash (Wed, 12 Feb 2020 00:45:37 GMT):
Has joined the channel.

DucaDellaForcoletta (Wed, 12 Feb 2020 15:25:13 GMT):
Has joined the channel.

DucaDellaForcoletta (Wed, 12 Feb 2020 15:26:03 GMT):
Hello everyone, I'm exploring aries-cloudagent-python in order to migrate an indy based agent. The endorsment mechanism of the transaction is actually handled by the aries agent? Looking at the admin apis I find nothing that makes me think about this management.

sebastillar (Thu, 13 Feb 2020 03:05:14 GMT):
Good evening team. The following questions arise: In the model implemented by aca-py, when is it necessary to connect your own database with the controller? Could you give me examples of data to persist in that database? On the other hand, does the aca-py model support the "peer" method for the pairwaise did? Because I see, those generated through the services of the api, correspond to the "sov" method. Thanks as always for your help.

swcurran (Thu, 13 Feb 2020 03:22:14 GMT):
Our feeling is that any data that is not related to keys, connections, held credentials and currently running Aries protocols should be managed by the controller - persisted or not at the discretion of the controller. For example, when an issuer issues a credential, the controller should save whatever is needed to be saved about the issuance. Another example might be a basic message. If the agent (e.g. the ACA-Py instance+controller) wants to save the message history of the agent with another connection, the controller should save that, not ACA-Py. ACA-Py implements pairwise DIDs for communication using peer exchanged DIDs not stored on a ledger. So while that is not full "did:peer" method support, it is along the way to that. For example, I don't think the current implementation generates the DID string in the way "did:peer" requires, and there is currently no way to rotate the keys with the current support. It is expected that the full "peer:did" support will come about as a result of the DIDComm standardization at DIF.

priyashankar (Thu, 13 Feb 2020 06:42:10 GMT):
Good Morning. While testing out a Mobile Agent (both, StreetCred & OSMA) connecting with an aca-py agent, the "state" remains "response" for a long time. Has anybody faced something like this before? Thanks.

priyashankar (Thu, 13 Feb 2020 06:42:10 GMT):
Good Morning. While testing out a Mobile Agent (both, StreetCred & OSMA) connecting with an aca-py agent, the "state" remains in "response" for a long time. Has anybody faced something like this before? On querying the connection-id, I see that pairwise dids have already been exchanged. I can even see the Agent Label I tried to connect with. So, when does the "state" become "active"? Thanks.

DucaDellaForcoletta (Thu, 13 Feb 2020 09:05:36 GMT):
[ ](https://chat.hyperledger.org/channel/aries-cloudagent-python?msg=HghY2vTituH9FSPTq) I'm talking about this functionality: https://github.com/hyperledger/indy-node/blob/master/design/transaction_endorser.md

sukalpomitra (Thu, 13 Feb 2020 09:11:10 GMT):
https://github.com/hyperledger/aries-cloudagent-python/blob/master/aries_cloudagent/ledger/base.py#L79

DucaDellaForcoletta (Thu, 13 Feb 2020 09:14:08 GMT):
This is for the TAA and is different from endorsment.

DucaDellaForcoletta (Thu, 13 Feb 2020 14:18:45 GMT):
This answer to me: https://github.com/hyperledger/aries-cloudagent-python/issues/352

andrew.whitehead (Thu, 13 Feb 2020 15:05:58 GMT):
It becomes active in aca-py when it receives any packed message using the keys from the connection response

sebastillar (Thu, 13 Feb 2020 16:58:41 GMT):
Did you passing --auto-ping argument when agent start?

dgunseli (Fri, 14 Feb 2020 12:32:13 GMT):
Is there any comment about the issue : https://github.com/hyperledger/aries-cloudagent-python/issues/365

swcurran (Fri, 14 Feb 2020 15:40:02 GMT):
@andrew.whitehead ^^^

AthiraSPillai123 (Fri, 14 Feb 2020 18:53:31 GMT):
Has joined the channel.

AthiraSPillai123 (Fri, 14 Feb 2020 18:53:33 GMT):
Is there any way to list all the schemas from ledger?

sklump (Fri, 14 Feb 2020 18:56:43 GMT):
[ ](https://chat.hyperledger.org/channel/aries-cloudagent-python?msg=yqczu22QMcF7RYwAt) There is no way to search the ledger except to get each transaction and inspect it. Schema transactions have type '101'.

swcurran (Fri, 14 Feb 2020 18:58:58 GMT):
There are ledger browsers that are searchable - that's the way you can do that. Download and search. See = http://indyscan.io/ for the Sovrin browser.

Scot32 (Fri, 14 Feb 2020 18:59:23 GMT):
Has joined the channel.

andrew.whitehead (Fri, 14 Feb 2020 19:00:29 GMT):
I'll look into making the context available for the outbound transport, it could vary by request. For the push token it might be better to use an environment variable rather than a config parameter

sebastillar (Sat, 15 Feb 2020 23:58:04 GMT):
Hello guys! There are some questions regarding database: how can I connect to the aca-py kms database? Is it possible to query directly to this database? What type of database is it?

sebastillar (Sat, 15 Feb 2020 23:59:19 GMT):
Regarding the aca-py design: Where can I find the aca-py class diagram?

swcurran (Sun, 16 Feb 2020 02:36:40 GMT):
You can connect to the database using the tools for whatever database you are using. For example, if you are using sqlite, use the sqlite tools (GUI or command line), and same for postgres. The data model is very simple - just a handful of tables, and is the same regardless of what database you are using. However, you will quickly discover that all the data in the database is encrypted, so there is not much to see. When forced, we have created mechanisms for looking at the data, but it's not been something we've needed to do very often, so we've not packaged those up for use. You select what database to use in ACA-Py command line parameters. There is also an in-memory mode you can use, but then you don't have any persistence and you can't look at the database.

swcurran (Sun, 16 Feb 2020 02:38:18 GMT):
There is not one that I'm aware of. Best view is probably the readthedocs stuff - https://aries-cloud-agent-python.readthedocs.io/en/latest/ If you know of tools to generate such a diagram that is useful, we'd love to know about it.

ankita.p (Mon, 17 Feb 2020 09:23:12 GMT):
Hello ,Is there any way to give metadata of schema attributes( like datatype) while registering schema on ledger?

matgnt (Mon, 17 Feb 2020 12:34:03 GMT):
Has joined the channel.

HLFPOC (Mon, 17 Feb 2020 17:43:26 GMT):
I have 3 agents running (Alice, Faber and Acme) and tried below steps: *Step1*: Faber issued Alice a credential having Name and Percentage (Actual Values -- name: Alice & percentage:75) *Step2*: Acme sent Alice a proof request to check if she has percentage greater than 80. Body of proof-request: `{ "connection_id": "9ebdef0e-39c2-4234-9cc7-78cc73ad702b", "proof_request": { "name": "Proof of Education", "version": "1.0", "requested_attributes": { "0_name_uuid": { "name": "name", "restrictions": [ { "cred_def_id": "6BDda7QVdvqZsuo4nL1iDp:3:CL:10:default" } ] } }, "requested_predicates": { "0_percentage_uuid": { "name": "percentage", "p_type": ">=", "p_value": 80, "restrictions": [ { "cred_def_id": "6BDda7QVdvqZsuo4nL1iDp:3:CL:10:default" } ] } } } }` *Step3*: Alice fetched the credentials form her wallet against the proof presentation exchange ID `[ { "cred_info": { "referent": "d39ac936-382b-4621-9839-5264212033e4", "attrs": { "percentage": "70", "name": "Alice" }, "schema_id": "6BDda7QVdvqZsuo4nL1iDp:2:degree schema:1.0.0", "cred_def_id": "6BDda7QVdvqZsuo4nL1iDp:3:CL:10:default", "rev_reg_id": null, "cred_rev_id": null }, "interval": null, "presentation_referents": [ "0_name_uuid" ] } ]` *Step4*: Alice sends the presentation proof by calling present-proof/records/{pres_ex_id}/send-presentation: `{ "requested_attributes": { "0_name_uuid": { "cred_id": "d39ac936-382b-4621-9839-5264212033e4", "revealed": true } }, "requested_predicates": { "0_percentage_uuid": { "cred_id": "d39ac936-382b-4621-9839-5264212033e4", "revealed": false } }, "self_attested_attributes": { } }` At step 4, I am getting below error: `File "/home/indy/aries_cloudagent/holder/indy.py", line 320, in create_presentation json.dumps({}) # We don't support revocation currently. File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/indy/anoncreds.py", line 1584, in prover_create_proof prover_create_proof.cb) indy.error.CommonInvalidStructure` Alice percentage in her credential is 70 which is less then value mentioned in proof request (>= 80). When I sent a new proof request with percentage condition >= 60, the flow worked fine and I was able to verify the presentation on Acme's agent. As per my understanding, step4 should have been successful and verification should have failed in case the credential value does not match the condition mentioned in the proof request. Any views on this ? @swcurran

HLFPOC (Mon, 17 Feb 2020 17:43:26 GMT):
I have 3 agents running (Alice, Faber and Acme) and tried below steps: *Step1*: Faber issued Alice a credential having Name and Percentage (Actual Values -- name: Alice & percentage:70) *Step2*: Acme sent Alice a proof request to check if she has percentage greater than 80. Body of proof-request: `{ "connection_id": "9ebdef0e-39c2-4234-9cc7-78cc73ad702b", "proof_request": { "name": "Proof of Education", "version": "1.0", "requested_attributes": { "0_name_uuid": { "name": "name", "restrictions": [ { "cred_def_id": "6BDda7QVdvqZsuo4nL1iDp:3:CL:10:default" } ] } }, "requested_predicates": { "0_percentage_uuid": { "name": "percentage", "p_type": ">=", "p_value": 80, "restrictions": [ { "cred_def_id": "6BDda7QVdvqZsuo4nL1iDp:3:CL:10:default" } ] } } } }` *Step3*: Alice fetched the credentials form her wallet against the proof presentation exchange ID `[ { "cred_info": { "referent": "d39ac936-382b-4621-9839-5264212033e4", "attrs": { "percentage": "70", "name": "Alice" }, "schema_id": "6BDda7QVdvqZsuo4nL1iDp:2:degree schema:1.0.0", "cred_def_id": "6BDda7QVdvqZsuo4nL1iDp:3:CL:10:default", "rev_reg_id": null, "cred_rev_id": null }, "interval": null, "presentation_referents": [ "0_name_uuid" ] } ]` *Step4*: Alice sends the presentation proof by calling present-proof/records/{pres_ex_id}/send-presentation: `{ "requested_attributes": { "0_name_uuid": { "cred_id": "d39ac936-382b-4621-9839-5264212033e4", "revealed": true } }, "requested_predicates": { "0_percentage_uuid": { "cred_id": "d39ac936-382b-4621-9839-5264212033e4", "revealed": false } }, "self_attested_attributes": { } }` At step 4, I am getting below error: `File "/home/indy/aries_cloudagent/holder/indy.py", line 320, in create_presentation json.dumps({}) # We don't support revocation currently. File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/indy/anoncreds.py", line 1584, in prover_create_proof prover_create_proof.cb) indy.error.CommonInvalidStructure` Alice percentage in her credential is 70 which is less then value mentioned in proof request (>= 80). When I sent a new proof request with percentage condition >= 60, the flow worked fine and I was able to verify the presentation on Acme's agent. As per my understanding, step4 should have been successful and verification should have failed in case the credential value does not match the condition mentioned in the proof request. Any views on this ? @swcurran

HLFPOC (Mon, 17 Feb 2020 17:43:26 GMT):
I have 3 agents running (Alice, Faber and Acme) and tried below steps: *Step1*: Faber issued Alice a credential having Name and Percentage (Actual Values -- name: Alice & percentage:70) *Step2*: Acme sent Alice a proof request to check if she has percentage greater than 80. Body of proof-request: `{ "connection_id": "9ebdef0e-39c2-4234-9cc7-78cc73ad702b", "proof_request": { "name": "Proof of Education", "version": "1.0", "requested_attributes": { "0_name_uuid": { "name": "name", "restrictions": [ { "cred_def_id": "6BDda7QVdvqZsuo4nL1iDp:3:CL:10:default" } ] } }, "requested_predicates": { "0_percentage_uuid": { "name": "percentage", "p_type": ">=", "p_value": 80, "restrictions": [ { "cred_def_id": "6BDda7QVdvqZsuo4nL1iDp:3:CL:10:default" } ] } } } }` *Step3*: Alice fetched the credentials form her wallet against the proof presentation exchange ID `[ { "cred_info": { "referent": "d39ac936-382b-4621-9839-5264212033e4", "attrs": { "percentage": "70", "name": "Alice" }, "schema_id": "6BDda7QVdvqZsuo4nL1iDp:2:degree schema:1.0.0", "cred_def_id": "6BDda7QVdvqZsuo4nL1iDp:3:CL:10:default", "rev_reg_id": null, "cred_rev_id": null }, "interval": null, "presentation_referents": [ "0_name_uuid" ] } ]` *Step4*: Alice sends the presentation proof by calling present-proof/records/{pres_ex_id}/send-presentation: `{ "requested_attributes": { "0_name_uuid": { "cred_id": "d39ac936-382b-4621-9839-5264212033e4", "revealed": true } }, "requested_predicates": { "0_percentage_uuid": { "cred_id": "d39ac936-382b-4621-9839-5264212033e4", "revealed": false } }, "self_attested_attributes": { } }` At step 4, I am getting below error: `File "/home/indy/aries_cloudagent/holder/indy.py", line 320, in create_presentation json.dumps({}) # We don't support revocation currently. File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/indy/anoncreds.py", line 1584, in prover_create_proof prover_create_proof.cb) indy.error.CommonInvalidStructure` Alice percentage in her credential is 70 which is less then value mentioned in proof request (>= 80). When I sent a new proof request with percentage condition >= 60, the flow worked fine and I was able to verify the presentation on Acme's agent. As per my understanding, step4 should have been successful and verification should have failed in case the credential value does not match the condition mentioned in the proof request. Any views on this ? @swcurran @andrew.whitehead

CyrilLeung (Tue, 18 Feb 2020 07:38:25 GMT):
Has joined the channel.

sklump (Tue, 18 Feb 2020 13:51:22 GMT):
It appears that indy refuses to create a proof on credential specs that do not satisfy the proof request's predicate conditions. *Quibble*: in the requested-credentials structure, `requested_predicates[...]['revealed']`: is invalid: with requested predicates, necessarily `revealed=False`. The toolkit ignores this, but don't be fooled into thinking it specifies anything.

HLFPOC (Tue, 18 Feb 2020 13:55:22 GMT):
If Indy refuses to create this, then can we assume that all the presentations sent by a holder to a verifier will have valid data (not tempered) ?

sklump (Tue, 18 Feb 2020 14:08:16 GMT):
No. One can always create a proof that does comply, then tamper with that data structure. There is validation of the proof for tamper evidence in more recent versions of aca-py though: https://github.com/hyperledger/aries-cloudagent-python/blob/ab8097d199ae07a31459509eec007451483526e3/aries_cloudagent/verifier/indy.py#L36

andrew.whitehead (Tue, 18 Feb 2020 17:09:25 GMT):
Seems to be similar to this issue: https://github.com/hyperledger/aries-cloudagent-python/issues/200

swcurran (Tue, 18 Feb 2020 18:28:53 GMT):
We have an ACA-Pug meeting tomorrow at 11AM Canadian Pacific time. Anyone have anything that they want to demo?

swcurran (Tue, 18 Feb 2020 18:28:53 GMT):
@here We have an ACA-Pug meeting tomorrow at 11AM Canadian Pacific time. Anyone have anything that they want to demo?

sebastillar (Tue, 18 Feb 2020 20:06:17 GMT):
We have a question about credentials on different devices. Does aca-py allow a user to have the same credentials stored on different devices? For example, access the same credentials on mobile phone and tablet. I understand that it is not possible. Today I did tests with agents storing credentials in different storages and it would not be possible. I would like some comment or explanation to know what the alternative would be to obtain a similar behavior.

swcurran (Tue, 18 Feb 2020 20:34:56 GMT):
Interesting question. To prove a credential, you must have access to the "Link Secret" that was used during the issue process. To this point, the Link Secret has been created in agent storage (aka Indy wallet) and never moved to another agent. That prevents the scenario you mention above. We think that such movement could be done, but it is definitely a dangerous activity. Evernym has done some testing of a "device authorization" mechanism that might make that possible, but that's not on the horizon AFAIK. Obviously, to be able to make a proof based on the credential, the credential would also have to be available on both devices. But that is not as risky a move.

AthiraSPillai123 (Wed, 19 Feb 2020 15:11:11 GMT):
Hi , Sorry if my question is silly. Am trying Alice-Faber demo. To start issuing credential by calling the api /issue-credential/send-offer do I need to have the attributes values(Alice name, age, degree) for the credentials upfront or I can send some placeholder values and Alice would be able to edit with actual values during this /issue-credential/records/{cred_ex_id}/send-request api calll?

bazmcl (Wed, 19 Feb 2020 15:53:46 GMT):
Has joined the channel.

swcurran (Wed, 19 Feb 2020 17:30:40 GMT):
The attribute values are optional on the offer. If they are sent and Alice disagrees with them, the expected pattern is that Alice would send back a proposal message with the values she thinks they should be. Faber would then respond with another offer. Of course all of that is based on business rules - the RFC supports the pattern, but the agent implementation needs to support it.

swcurran (Wed, 19 Feb 2020 17:33:19 GMT):
The expectation generally is that the issuer has the attribute values - e.g. Faber has the data in their Student Information System that they would interface with to get Alice's data.

AthiraSPillai123 (Wed, 19 Feb 2020 17:42:51 GMT):
Thank you @swcurran . Really appreciate the quick response and support from you guys

swcurran (Wed, 19 Feb 2020 17:48:05 GMT):
Looks like this message got missed. Correct - there is nothing in the current ACA-Py to do this. In our use, we've separated out the writing to the ledger with the running of the Agent. Andrew has been working on a new component that would make that easier (indy-vdr - https://github.com/andrewwhitehead/indy-vdr).

swcurran (Wed, 19 Feb 2020 17:48:34 GMT):
That said, we still recommend separating out the writing to a production ledger from an operating agent.

swcurran (Wed, 19 Feb 2020 17:51:40 GMT):
That said, we still recommend separating out the writing to a production ledger from an operating agent.

swcurran (Wed, 19 Feb 2020 17:51:58 GMT):
And I see this question did get a response later :-)

DucaDellaForcoletta (Thu, 20 Feb 2020 12:06:40 GMT):
Thanks so much for the reply. i agree with you abot the separation. I agree also with this proposal: https://github.com/hyperledger/aries-cloudagent-python/issues/352#issuecomment-582654303

kthomas (Thu, 20 Feb 2020 14:10:11 GMT):
Has joined the channel.

kthomas (Thu, 20 Feb 2020 14:10:12 GMT):
Hello everyone, Please forgive my ignorance, I would appreciate your help - I want to know how I can get 'faber' agent to reload the wallet/DIDs from the Postgres database. I mean, everytime I start faber, I get a new DID. Many thanks for your help.

sheru (Thu, 20 Feb 2020 14:20:04 GMT):
@kthomas I beleive you are using Postgres database in docker. You can persist the previoud data by creating a docker volume and attach it to the postgres docker container.

kthomas (Thu, 20 Feb 2020 14:22:15 GMT):
Thank you @sheru , yes I am able to do that i.e. connect it to a docker/postgres instance. The question is how do I get 'faber' agent to reload the data from the database, it appears the faber agent creates a new database every time I stop and restart the agent.

sheru (Thu, 20 Feb 2020 14:25:04 GMT):
can you please share your docker-compose file, so I can get how containers are linked with each other, will try to find where you miss.

sheru (Thu, 20 Feb 2020 14:25:04 GMT):
can you please share your docker-compose file, so I can get how containers are linked with each other.

kthomas (Thu, 20 Feb 2020 16:33:00 GMT):
Hi @sheru , I cloned the aries-cloudagent repo and did the following under demo directory: 1. docker run --name some-postgres -e POSTGRES_PASSWORD=mysecretpassword -d -p 5432:5432 postgres -c 'log_statement=all' -c 'logging_collector=on' -c 'log_destination=stderr' 2. When I ran the following command to start faber: GENESIS_FILE=/path/to/local-genesis.txt DEFAULT_POSTGRES=true python3 -m runners.faber --port 8020 I got this error: Traceback (most recent call last): File "/usr/lib/python3.5/runpy.py", line 174, in _run_module_as_main mod_name, mod_spec, code = _get_module_details(mod_name, _Error) File "/usr/lib/python3.5/runpy.py", line 144, in _get_module_details code = loader.get_code(mod_name) File "", line 767, in get_code File "", line 727, in source_to_code File "", line 222, in _call_with_frames_removed File "/home/vagrant/aries-cloudagent-python/demo/runners/faber.py", line 86 f"/issue-credential/records/{credential_exchange_id}/issue", 3. so I used: POSTGRES=true ./run_demo faber

kthomas (Thu, 20 Feb 2020 16:33:00 GMT):
Hi @sheru , I cloned the aries-cloudagent repo and did the following under demo directory: 1. docker run --name some-postgres -e POSTGRES_PASSWORD=mysecretpassword -d -p 5432:5432 postgres -c 'log_statement=all' -c 'logging_collector=on' -c 'log_destination=stderr' 2. When I ran the following command to start faber: GENESIS_FILE=/path/to/local-genesis.txt DEFAULT_POSTGRES=true python3 -m runners.faber --port 8020 I got Traceback (most recent call last): File "/usr/lib/python3.5/runpy.py", line 174, in _run_module_as_main mod_name, mod_spec, code = _get_module_details(mod_name, _Error) File "/usr/lib/python3.5/runpy.py", line 144, in _get_module_details code = loader.get_code(mod_name) File "", line 767, in get_code File "", line 727, in source_to_code File "", line 222, in _call_with_frames_removed File "/home/vagrant/aries-cloudagent-python/demo/runners/faber.py", line 86 f"/issue-credential/records/{credential_exchange_id}/issue", 3. so I used: POSTGRES=true ./run_demo faber

kthomas (Thu, 20 Feb 2020 16:35:37 GMT):
Apparently, the variable DEFAULT_POSTGRES is not used in run_demo script

kthomas (Thu, 20 Feb 2020 16:36:41 GMT):
I didn't change any of the docker-compose files

swcurran (Thu, 20 Feb 2020 17:30:45 GMT):
By default in the demo, the DID seed for faber is randomly created. You can change that (look for seed in the runners/support/agent.py), but for the demo it is intentional.

swcurran (Thu, 20 Feb 2020 17:33:27 GMT):
In a real app, the initialization is done at startup to check the state of the wallet and ledger and to take appropriate actions.

swcurran (Thu, 20 Feb 2020 17:34:30 GMT):
Our model is now that we have a program that makes sure everything is correct and then terminates once the appropriate writing is done.

swcurran (Thu, 20 Feb 2020 17:36:01 GMT):
Then the full agent makes sure that everything is correct and continues to run. If things aren't right, it terminates with an error. That way, the operational program would not need write-to-the-ledger capabilities.

HLFPOC (Thu, 20 Feb 2020 17:36:03 GMT):
Hello, By when can we expect the revocation APIs to be integrated in aca-py?

swcurran (Thu, 20 Feb 2020 17:36:42 GMT):
The team from Medici are working on that. You can see their progress on an in progress PR to ACA-Py.

VithushanJegatheeswaran (Thu, 20 Feb 2020 18:06:03 GMT):
Has joined the channel.

VithushanJegatheeswaran (Thu, 20 Feb 2020 18:06:05 GMT):
Hey guys, I'm having trouble running the verification service of the iiw-book example iiw-book-agent_1 | aries_cloudagent.ledger.error.LedgerError: Credential definition 4QxzWk3ajdnEA37NdNU5Kt:3:CL:1068:default is on ledger default but not in wallet default iiw-book-service_1 | INFO 2020-02-19 14:24:03,473 apps 30 140098540341056 500 Internal Server Error

VithushanJegatheeswaran (Thu, 20 Feb 2020 18:06:05 GMT):
Hey guys, I'm having trouble running the verification service of the iiw-book example `iiw-book-agent_1 | aries_cloudagent.ledger.error.LedgerError: Credential definition 4QxzWk3ajdnEA37NdNU5Kt:3:CL:1068:default is on ledger default but not in wallet default` `iiw-book-service_1 | INFO 2020-02-19 14:24:03,473 apps 30 140098540341056 500 Internal Server Error`

VithushanJegatheeswaran (Thu, 20 Feb 2020 18:07:16 GMT):

Docker logs

VithushanJegatheeswaran (Thu, 20 Feb 2020 18:07:52 GMT):
I already tried changing my seed

VithushanJegatheeswaran (Thu, 20 Feb 2020 18:26:52 GMT):
Thank you @swcurran. If anyone has the same issue: 1) change "INDY_SEED" in docker-compose.yml to a random string (with the same length) 2) run ./manage up (this will result in an error) 3) search for the new did in the docker logs 4) go to http://138.197.138.255/ and register your seed & did 5) kill all the docker container and run ./manage up

VithushanJegatheeswaran (Thu, 20 Feb 2020 18:26:52 GMT):
Thank you @swcurran If anyone has the same issue: 1) change "INDY_SEED" in docker-compose.yml to a random string (with the same length) 2) run ./manage up (this will result in an error) 3) search for the new did in the docker logs 4) go to http://138.197.138.255/ and register your seed & did 5) kill all the docker container and run ./manage up

VithushanJegatheeswaran (Thu, 20 Feb 2020 18:26:52 GMT):
Thank you @swcurran If anyone has the same issue: 1) change the values for "INDY_SEED" and "command" in docker-compose.yml to a random string (with the same length) 2) run ./manage up (this will result in an error) 3) search for the new did in the docker logs 4) go to http://138.197.138.255/ and register your seed & did 5) kill all the docker container and run ./manage up

lmtriet (Thu, 20 Feb 2020 21:55:24 GMT):
Has joined the channel.

priyashankar (Fri, 21 Feb 2020 09:23:38 GMT):
This is related to aca-py (py1.14-0_0.4.2), a possible bug maybe. I am successfully registering schema *attribute names* in whatever case, say in uppercase, lowercase or toggle case on a ledger. The ledger has an exact copy of what I am trying to do. In the event of issuing a credential though, those schema attribute names are internally getting converted to lowercase due to which an exception might get raised on not being able to find a key corresponding to the *credential preview*. Thanks.

priyashankar (Fri, 21 Feb 2020 09:23:38 GMT):
@swcurran This is related to aca-py (py1.14-0_0.4.2), a possible bug maybe. I am successfully registering schema *attribute names* in whatever case, say in uppercase, lowercase or toggle case on a ledger. The ledger has an exact copy of what I am trying to do. In the event of issuing a credential though, those schema attribute names are internally getting converted to lowercase due to which an exception might get raised on not being able to find a key corresponding to the *credential preview*. Thanks.

priyashankar (Fri, 21 Feb 2020 09:23:38 GMT):
@swcurran This is related to aca-py (py1.14-0_0.4.2), a possible bug maybe. I am successfully registering schema *attribute names* in whatever case, say in uppercase, lowercase or camel case on a ledger. The ledger has an exact copy of what I am trying to do. In the event of issuing a credential though, those schema attribute names are internally getting converted to lowercase due to which an exception might get raised on not being able to find a key corresponding to the *credential preview*. Thanks.

kthomas (Fri, 21 Feb 2020 10:21:44 GMT):
Thanks a lot @swcurran that really helps, I will do as you suggested. Thanks again, very helpful.

sklump (Fri, 21 Feb 2020 11:48:54 GMT):
This is an indy convention, not aca-py. Indy-sdk canonicalizes attribute names, converting to lower case and stripping out spaces, in some but not all data structures. Code around it; e.g., https://github.com/PSPC-SPAC-buyandsell/von_anchor/blob/7f39d1a6dcd3e5c0f363fe84a8838f0ec474aa21/von_anchor/canon.py#L40. In particular, `proof[proof]["proof"]["proofs"][i]["primary_proof"]["eq_proof"]["revealed_attrs"][*CANONICAL*]` and credential offer `offer["key_correctness_proof"]["xr_cap"][i][*CANONICAL*] for all indices `i`. Also, I believe you must canonicalize attribute names in WQL queries to match by attribute. There may be a few other spots.

sklump (Fri, 21 Feb 2020 11:48:54 GMT):
This is an indy convention, not aca-py. Indy-sdk canonicalizes attribute names, converting to lower case and stripping out spaces, in some but not all data structures. Code around it; e.g., https://github.com/PSPC-SPAC-buyandsell/von_anchor/blob/7f39d1a6dcd3e5c0f363fe84a8838f0ec474aa21/von_anchor/canon.py#L40. In particular, `proof[proof]["proof"]["proofs"][i]["primary_proof"]["eq_proof"]["revealed_attrs"][*CANONICAL*]` and credential offer `offer["key_correctness_proof"]["xr_cap"][i][*CANONICAL*]` for all indices `i`. Also, I believe you must canonicalize attribute names in WQL queries to match by attribute. There may be a few other spots.

sklump (Fri, 21 Feb 2020 11:48:54 GMT):
This is an indy convention, not aca-py. Indy-sdk canonicalizes attribute names, converting to lower case and stripping out spaces, in some but not all data structures. Code around it; e.g., https://github.com/PSPC-SPAC-buyandsell/von_anchor/blob/7f39d1a6dcd3e5c0f363fe84a8838f0ec474aa21/von_anchor/canon.py#L40. In particular, `proof[proof]["proof"]["proofs"][i]["primary_proof"]["eq_proof"]["revealed_attrs"][*CANONICAL*]` and credential offer `offer["key_correctness_proof"]["xr_cap"][i][*CANONICAL*]` for all indices `i`. Also, I believe you must canonicalize attribute names in WQL queries to match by attribute. There may be a few other spots. At any rate, aca-py canonicalizes on the way in to avoid tricky surprises on the way out.

blockLedger (Sun, 23 Feb 2020 16:46:56 GMT):
Has joined the channel.

VithushanJegatheeswaran (Mon, 24 Feb 2020 14:59:09 GMT):
Hey guys I'm having trouble issuing credentials. I'm using a modified version of https://github.com/bcgov/indy-email-verification . I can't really find out why.. here are the logs from the docker container: `docker_email-verifier-agent_1` 2020-02-24 14:53:39,455 aries_cloudagent.messaging.connections.manager WARNING No corresponding DID found for sender verkey: 45pCrC49C91HpjgPgWhdqk6V6pzpCd99scDcbznc8tio 2020-02-24 14:53:39,458 aries_cloudagent.messaging.connections.manager WARNING No corresponding DID found for recipient verkey: 8QuAYNVHxiC2zYKAEfzEkdoDXw9z3rT2Y8rcHxW1QC3f 2020-02-24 14:53:39,603 aiohttp.access INFO 172.20.0.1 [24/Feb/2020:14:53:39 +0000] "POST / HTTP/1.1" 200 149 "-" "-" 2020-02-24 14:53:44,645 aiohttp.access INFO 172.20.0.5 [24/Feb/2020:14:53:44 +0000] "POST /issue-credential/send-offer HTTP/1.1" 200 5226 "-" "python-requests/2.21.0" 2020-02-24 14:54:20,813 aries_cloudagent.task_processor WARNING Task failed: 2020-02-24 14:54:20,814 asyncio ERROR Future exception was never retrieved future: Traceback (most recent call last): File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aries_cloudagent/task_processor.py", line 14, in delay_task return await task File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aries_cloudagent/transport/outbound/manager.py", line 223, in dispatch_message await transport.handle_message(message) File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aries_cloudagent/transport/outbound/http.py", line 54, in handle_message raise Exception("Unexpected response status") Exception: Unexpected response status 2020-02-24 14:54:25,532 aries_cloudagent.task_processor WARNING Task failed: 2020-02-24 14:54:25,533 asyncio ERROR Future exception was never retrieved future: Traceback (most recent call last): File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aries_cloudagent/task_processor.py", line 14, in delay_task return await task File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aries_cloudagent/transport/outbound/manager.py", line 223, in dispatch_message await transport.handle_message(message) File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aries_cloudagent/transport/outbound/http.py", line 54, in handle_message raise Exception("Unexpected response status") Exception: Unexpected response status

AthiraSPillai123 (Mon, 24 Feb 2020 15:51:24 GMT):
Any demo web app available for ACA-py with simple user interface?

sklump (Mon, 24 Feb 2020 15:57:49 GMT):
Try `aries-cloudagent-python/demo/README.md`

swcurran (Mon, 24 Feb 2020 16:04:16 GMT):
Try this https://github.com/petridishdev/aries-acapy-controllers - three web controllers in different tech stacks.

sairanjit (Mon, 24 Feb 2020 17:20:21 GMT):
Has joined the channel.

AthiraSPillai123 (Mon, 24 Feb 2020 17:57:35 GMT):
Thanks!!

andrew.whitehead (Mon, 24 Feb 2020 19:18:19 GMT):
The message `No corresponding DID found for recipient verkey` might indicate that one side is using an out-dated connection, if the wallet for the other side has been reset. That agent is using an older version of aca-py which makes it a little harder to debug the issue

ultimo2020 (Mon, 24 Feb 2020 19:38:11 GMT):
Has joined the channel.

priyashankar (Tue, 25 Feb 2020 05:49:42 GMT):
@sklump I completely agree with you on that point. Either way, the same logic should apply to schemas as well. I think the lowercase conversion is not working while creating them.

LedgerXYZ (Tue, 25 Feb 2020 07:24:11 GMT):
Has joined the channel.

sklump (Tue, 25 Feb 2020 12:36:57 GMT):
Please give me an example and I can trace it through to see what's up.

priyashankar (Tue, 25 Feb 2020 13:23:00 GMT):
I am running a VON ledger. I registered a name schema with just one attribute "firstName" Keep in mind that the attribute name "firstName" is not converted to lowercase when writing the schema to the ledger. I have confirmed that on the ledger browser as well. While creating a credential definition though, I see the attribute_name as "firstname". On passing the schema_id, cred_def_id, credential attributes while issuing a credential, an exception "KeyError" is raised since "firstName" does not exist at all.

sklump (Tue, 25 Feb 2020 13:38:32 GMT):
Yes, good catch. I'll get a fix into the queue today.

sklump (Tue, 25 Feb 2020 13:38:32 GMT):
Yes, good catch. I'll investigate it today.

sklump (Tue, 25 Feb 2020 14:15:29 GMT):
... it turns out that indy-sdk does this, not aca-py. This test case drops into `indy-sdk/wrappers/python/tests/interation`: https://drive.google.com/open?id=1GbrhGqCZ9D825qdi0alREiROk1KJJaZx It demonstrates canonicalization of all cred def attributes, removing spaces and coercing to lower-case. You're going to have to code around it: once the attribute is on the ledger canonicalized, there is no way to know what its original state was (`' was It THIS'` or `'was it This'`, or maybe `'wasitthis'` ? Unknowable).

sklump (Tue, 25 Feb 2020 14:20:41 GMT):
The most future-proof approach is to get the cred def from the ledger and match its attributes against `canon(attr)` for attr in schema attributes with something like `def canon(attr): return attr.replace(' ', '').lower() if attr else attr`

sklump (Tue, 25 Feb 2020 14:22:08 GMT):
As a side effect, note that no two schema attributes should ever canonicalize to the same value.

blockLedger (Tue, 25 Feb 2020 16:25:18 GMT):
Hello all, in creating a schema using the swagger api to the project greenlight dev network, I get a Error Code 500: ``` 500 Internal Server Error Server got itself in trouble ```

blockLedger (Tue, 25 Feb 2020 16:27:06 GMT):
My test schema object: ``` { "attributes": [ "score" ], "schema_name": "testers", "schema_version": "12321.0" } ```

blockLedger (Tue, 25 Feb 2020 16:31:16 GMT):
My suspicion is that I am missing a prerequisite step during the agent creation that assigns ledger role or permission for schema creation. Can someone familiar with this error assist me

andrew.whitehead (Tue, 25 Feb 2020 16:35:02 GMT):
@blockLedger I can't really tell anything from that error, you'd need to check the logs for the agent

blockLedger (Tue, 25 Feb 2020 16:37:18 GMT):
@andrew.whitehead very solid suggestions. I am looking at the logs right now

blockLedger (Tue, 25 Feb 2020 16:42:24 GMT):
This is my error log ``` ot-devshell.appspot.com/api/doc" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36" 2020-02-25 16:22:38,498 aries_cloudagent.core.dispatcher ERROR Handler error: schemas_send_schema Traceback (most recent call last): File "/home/indy/aries_cloudagent/messaging/schemas/routes.py", line 121, in schemas_send_schema ledger: BaseLedger = await context.inject(BaseLedger) File "/home/indy/aries_cloudagent/config/injection_context.py", line 126, in inject return await self.injector.inject(base_cls, settings, required=required) File "/home/indy/aries_cloudagent/config/injector.py", line 83, in inject "No instance provided for class: {}".format(base_cls.__name__) aries_cloudagent.config.base.InjectorError: No instance provided for class: BaseLedger 2020-02-25 16:22:38,499 aiohttp.server ERROR Error handling request Traceback (most recent call last): File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aiohttp/web_protocol.py", line 418, in start resp = await task File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aiohttp/web_app.py", line 458, in _handle resp = await handler(request) File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aiohttp/web_middlewares.py", line 119, in impl return await handler(request) File "/home/indy/aries_cloudagent/admin/server.py", line 187, in apply_limiter return await task File "/home/indy/aries_cloudagent/messaging/schemas/routes.py", line 121, in schemas_send_schema ledger: BaseLedger = await context.inject(BaseLedger) File "/home/indy/aries_cloudagent/config/injection_context.py", line 126, in inject return await self.injector.inject(base_cls, settings, required=required) File "/home/indy/aries_cloudagent/config/injector.py", line 83, in inject "No instance provided for class: {}".format(base_cls.__name__) aries_cloudagent.config.base.InjectorError: No instance provided for class: BaseLedger 2020-02-25 16:22:38,504 aiohttp.access INFO 172.18.0.1 [25/Feb/2020:16:22:38 +0000] "POST /schemas HTTP/1.1" 500 398 "https://4000-dot-10838353-dot-devshell.appspot.com/api/doc" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36" ```

blockLedger (Tue, 25 Feb 2020 16:44:37 GMT):
The schemas_send_schema error above suggests that there is a required data or setting that isn't set

andrew.whitehead (Tue, 25 Feb 2020 16:46:42 GMT):
It looks like you're missing startup parameters for the ledger or wallet configuration

blockLedger (Tue, 25 Feb 2020 17:00:19 GMT):
Here is my start up script ``` cd ~/aries-cloudagent-python PORTS="4000:4000 8807:8807 8808:8808" ./scripts/run_docker start \ --admin 0.0.0.0 4000 \ --admin-insecure-mode \ --genesis-url http://dev.greenlight.bcovrin.vonx.io/genesis \ --auto-ping-connection \ --inbound-transport http 0.0.0.0 8808 \ --inbound-transport ws 0.0.0.0 8807 \ --outbound-transport http \ --outbound-transport ws \ --endpoint http://`docker run --net=host eclipse/che-ip`:4000 \ --label "gateman-landlord" \ --seed 000000000000000000000000BANKERLANDLORD \ --wallet-name landlord \ --wallet-key watersprinter \ --auto-accept-invites \ --auto-accept-requests \ --auto-respond-credential-request \ --auto-verify-presentation \ --auto-store-credential \ --log-level debug ```

blockLedger (Tue, 25 Feb 2020 17:00:19 GMT):
Here is my start up script ``` cd ~/aries-cloudagent-python PORTS="4000:4000 8807:8807 8808:8808" ./scripts/run_docker start \ --admin 0.0.0.0 4000 \ --admin-insecure-mode \ --genesis-url http://dev.greenlight.bcovrin.vonx.io/genesis \ --auto-ping-connection \ --inbound-transport http 0.0.0.0 8808 \ --inbound-transport ws 0.0.0.0 8807 \ --outbound-transport http \ --outbound-transport ws \ --endpoint http://`docker run --net=host eclipse/che-ip`:4000 \ --label "gateman-landlord" \ --seed 000000000000000000000000LANDLORD \ --wallet-name landlord \ --wallet-key watersprinter \ --auto-accept-invites \ --auto-accept-requests \ --auto-respond-credential-request \ --auto-verify-presentation \ --auto-store-credential \ --log-level debug ```

andrew.whitehead (Tue, 25 Feb 2020 17:00:55 GMT):
Try `--wallet-type indy`

blockLedger (Tue, 25 Feb 2020 17:08:07 GMT):
@andrew.whitehead thanks for your suggestion

blockLedger (Tue, 25 Feb 2020 17:08:46 GMT):
adding --wallet-type to startup now gives me the following error `Ledger rejected transaction request: client request invalid: could not authenticate, verkey for 2JgE9yM2Z XWQU8h8s1oYjA cannot be found`

blockLedger (Tue, 25 Feb 2020 17:08:46 GMT):
adding --wallet-type to startup now gives me the following error ``Ledger rejected transaction request: client request invalid: could not authenticate, verkey for 2JgE9yM2Z XWQU8h8s1oYjA cannot be found```

blockLedger (Tue, 25 Feb 2020 17:08:46 GMT):
adding --wallet-type to startup now gives me the following error ```Ledger rejected transaction request: client request invalid: could not authenticate, verkey for 2JgE9yM2Z XWQU8h8s1oYjA cannot be found```

andrew.whitehead (Tue, 25 Feb 2020 18:08:09 GMT):
The DID needs to be registered with permissions on the ledger

dbluhm (Tue, 25 Feb 2020 18:41:50 GMT):
With TAA recently being activated on the Sovrin Staging Net, I am working on adding support for TAA acceptance to the Toolbox. However, even after calling `ledger.accept_txn_author_agreement` with the appropriate values, I'm still getting back errors from the ledger saying I haven't accepted the TAA. Any ideas why that would be?

dbluhm (Tue, 25 Feb 2020 18:50:07 GMT):
`InvalidClientTaaAcceptanceError('Txn Author Agreement acceptance is required for ledger with id 1',)` is the returned error

dbluhm (Tue, 25 Feb 2020 18:51:47 GMT):
`ledger.get_latest_txn_author_acceptance` appears to be returning sane values as well (text omitted): ``` {'text': '...', 'version': '2.0', 'digest': '8cee5d7a573e4893b08ff53a0761a22a1607df3b3fcd7e75b98696c92879641f', 'mechanism': 'wallet_agreement', 'time': 1582588800} ```

swcurran (Tue, 25 Feb 2020 19:03:04 GMT):
@andrew.whitehead ^^^

andrew.whitehead (Tue, 25 Feb 2020 19:05:01 GMT):
I had another report that it might not be working when called via the API, can you try accepting it with `aca-py provision ...`?

swcurran (Tue, 25 Feb 2020 19:05:38 GMT):
Hey - we're getting close. @pengyuc from Medici Ventures has been working on it and it's looking good. There is a PR (https://github.com/hyperledger/aries-cloudagent-python/pull/306) that is nearing completion, including support for revocation in the Alice/Faber demo. Give it a try!

dbluhm (Tue, 25 Feb 2020 19:21:17 GMT):
Provision should ask for acceptance when given a genesis URL to a ledger that has TAA activated, correct? I'm not missing another parameter?

dbluhm (Tue, 25 Feb 2020 19:22:34 GMT):
I can't seem to get it to come up with that prompt for acceptance

dbluhm (Tue, 25 Feb 2020 19:24:10 GMT):
Ah looks like I need to give it a public DID too

andrew.whitehead (Tue, 25 Feb 2020 19:24:11 GMT):
It also needs --wallet-type indy to be activated

dbluhm (Tue, 25 Feb 2020 19:32:04 GMT):
Same error after using `aca-py provision` to accept the TAA

andrew.whitehead (Tue, 25 Feb 2020 19:33:21 GMT):
Hm. I tested it with von-network the other day and couldn't see any issues but it might depend on the indy-node version

andrew.whitehead (Tue, 25 Feb 2020 19:33:21 GMT):
Hm. I tested it with von-network the other day and couldn't see any issues but it might depend on the indy-node version. I'll test some more in a bit

dbluhm (Tue, 25 Feb 2020 19:36:42 GMT):
It looks like the TAA info isn't being appended to the request from the debug output of indy sign_and_submit

dbluhm (Tue, 25 Feb 2020 19:42:35 GMT):
Poking around in `aries_cloudagent/ledger/indy.py` only `register_nym` seems to set `taa_accept` to `True` when calling `self._submit`

dbluhm (Tue, 25 Feb 2020 19:44:50 GMT):
Adding `taa_accept=True` to the `self._submit` call in `send_schema` fixed the specific scenario I was attempting

andrew.whitehead (Tue, 25 Feb 2020 19:46:40 GMT):
Ah, that would explain it

andrew.whitehead (Tue, 25 Feb 2020 19:47:12 GMT):
It should default to true for signed requests

dbluhm (Tue, 25 Feb 2020 19:55:26 GMT):
So something like the following? ``` diff --git a/aries_cloudagent/ledger/indy.py b/aries_cloudagent/ledger/indy.py index 4530a9f..2ba0add 100644 --- a/aries_cloudagent/ledger/indy.py +++ b/aries_cloudagent/ledger/indy.py @@ -221,7 +221,7 @@ class IndyLedger(BaseLedger): self, request_json: str, sign: bool = None, - taa_accept: bool = False, + taa_accept: bool = None, public_did: str = "", ) -> str: """ @@ -249,6 +249,9 @@ class IndyLedger(BaseLedger): if public_did and sign is None: sign = True + if taa_accept is None and sign: + taa_accept = True + if sign: if not public_did: raise BadLedgerRequestError("Cannot sign request without a public DID") ```

andrew.whitehead (Tue, 25 Feb 2020 19:57:10 GMT):
That looks right

dbluhm (Tue, 25 Feb 2020 19:58:05 GMT):
Just tested as well and is working for writing schema and cred defs

dbluhm (Tue, 25 Feb 2020 19:58:09 GMT):
I'll submit a PR

andrew.whitehead (Tue, 25 Feb 2020 19:58:21 GMT):
Awesome, thanks

darrell.odonnell (Wed, 26 Feb 2020 11:56:28 GMT):
Has joined the channel.

wip-abramson (Wed, 26 Feb 2020 13:50:27 GMT):
Hi, I have been exploring the use of aries to secure communication within a distributed machine learning scenario. Last year we build a PoC using the python cloud agent which proved this was possible for a federated learning use case - https://github.com/blockpass-identity-lab/aries-fl-demo. To take this further we have been collaborating with https://www.openmined.org/ - an open source project for privacy-preserving machine learning. They have the ability to fund open source contributions, in part through a google school of code mentor scheme, I have put together a number of issues defining projects that will move this integration forwards : * https://github.com/OpenMined/PyGrid/issues/493 * https://github.com/OpenMined/PyGrid/issues/495 Two things: Do these issues seem logical in the context of aries? and if you know anyone who might be interested in working on one of these issues please share with them. Thanks!

sklump (Wed, 26 Feb 2020 18:44:52 GMT):
I think that the approach to issue credentials is to use the attribute names as they appear in the schema, not the cred def. It does seem a bit arbitrary.

swcurran (Wed, 26 Feb 2020 19:24:36 GMT):
FYI -- ACA-Py 0.4.3 coming soon that will include this.

dbluhm (Wed, 26 Feb 2020 19:25:45 GMT):
Awesome, thanks for the update

swcurran (Wed, 26 Feb 2020 23:34:01 GMT):
FYI: Aries Cloud Agent - Python Release 0.4.3 has been tagged and posted to PyPi. Release notes can be found here - https://github.com/hyperledger/aries-cloudagent-python/releases/tag/0.4.3. Includes an update for the Transaction Author Agreement (TAA) handling, implements step 1 of the transition process from DID-based to http-based message types and other improvements. Code reference documentation has been generated to ReadTheDocs - https://aries-cloud-agent-python.readthedocs.io/en/latest/

priyashankar (Thu, 27 Feb 2020 04:22:06 GMT):
And I was doing the same, using the attribute names as I had used while registering the schema.

sklump (Thu, 27 Feb 2020 12:29:05 GMT):
tt

sklump (Thu, 27 Feb 2020 12:29:37 GMT):
@priyashankar I think I've reproduced it. I'm taking a deeper look this (my) morning.

sklump (Thu, 27 Feb 2020 12:29:37 GMT):
@priyashankar I think I've reproduced it. https://github.com/hyperledger/aries-cloudagent-python/pull/389 addresses.

sklump (Thu, 27 Feb 2020 12:29:37 GMT):
@priyashankar I've reproduced it. https://github.com/hyperledger/aries-cloudagent-python/pull/389 addresses.

sklump (Thu, 27 Feb 2020 12:29:37 GMT):
@priyashankar I've reproduced it. https://github.com/hyperledger/aries-cloudagent-python/pull/389 addresses. _update_: it's merged into master.

swcurran (Thu, 27 Feb 2020 21:56:18 GMT):
Question from a Slack user for @andrew.whitehead or @ianco I'd like to establish a DIDComm connection using aries-cloudagent-python. I got it working with creating/receiving invitations using the REST API. Now I'd like to establish a connection using DIDComm only with public DIDs (implicit invitation). Receiving such a connection request for an implicit invitation seems to be supported by aries-cloudagent-python (https://github.com/hyperledger/aries-cloudagent-python/issues/358#issuecomment-581503697 and https://github.com/hyperledger/aries-cloudagent-python/blob/master/aries_cloudagent/protocols/connections/manager.py#L380). But I couldn't find how to send this connection request using aries-cloudagent-python - is this already possible, are there any examples available? Comment on #358 Use of public DID in connection hyperledger/aries-cloudagent-pythonhyperledger/aries-cloudagent-python | Feb 3rd | Added by GitHub aries_cloudagent/protocols/connections/manager.py:380 hyperledger/aries-cloudagent-pythonhyperledger/aries-cloudagent-python | Added by GitHub Stephen Curran 1:35 PM Hi Michael - I'm not sure. I'll check with the devs on this. I imagine what you are seeing is that a connection ID is required on the API call, but since it is supposed to be implicit, it shouldn't be required.

andrew.whitehead (Thu, 27 Feb 2020 22:02:04 GMT):
It should support connecting to a public DID, but you have to POST an invitation with a "did" property to /connections/receive_invitation

swcurran (Thu, 27 Feb 2020 22:07:52 GMT):
Ah, so the initee makes it's own invitation, posts it and then continues on.

ayushmanss (Fri, 28 Feb 2020 12:17:41 GMT):
Has joined the channel.

ayushmanss (Fri, 28 Feb 2020 12:17:42 GMT):
Hi all, I dont know if this question has been asked here or not, or if someone has tried it or not. As indy provides pluggable storage, is it possible to use google drive or dropbox as the storage. I want to run cloudagent for others with their respective clouds as storage. Basically I have trying to eliminate the need for an edge agent like smartphones without compromising privacy. Is it possible? I dont know where the master key that encrypts the wallet is stored though? Is it even possible to do this with just web agent?

blockLedger (Fri, 28 Feb 2020 17:22:48 GMT):
Hello all, I have been having a ton of problems trying to get the acap to work outside of the demos.

blockLedger (Fri, 28 Feb 2020 17:24:25 GMT):
During the start of an acap instance I keep getting the following error: ``` 2020-02-28 17:21:27,827 indy.libindy.native.indy.commands INFO src/commands/mod.rs:138 | LedgerCommand command received 2020-02-28 17:21:27,827 indy.libindy.native.ledger_command_executor INFO src/commands/ledger.rs:304 | SubmitAck command received 2020-02-28 17:21:27,828 indy.libindy DEBUG _indy_callback: >>> command_handle: 35, err , args: (b'{"op":"REQNACK","identifier":"9uogTBJtA2suZvn9XAribE","reqId" :1582910487734132685,"reason":"client request invalid: could not authenticate, verkey for 9uogTBJtA2suZvn9XAribE cannot be found"}',) 2020-02-28 17:21:27,828 indy.libindy DEBUG _indy_callback: <<< 2020-02-28 17:21:27,830 indy.libindy DEBUG _indy_loop_callback: >>> command_handle: 35, err , args: (b'{"op":"REQNACK","identifier":"9uogTBJtA2suZvn9XAribE","r eqId":1582910487734132685,"reason":"client request invalid: could not authenticate, verkey for 9uogTBJtA2suZvn9XAribE cannot be found"}',) 2020-02-28 17:21:27,830 indy.libindy DEBUG _indy_loop_callback: Function returned b'{"op":"REQNACK","identifier":"9uogTBJtA2suZvn9XAribE","reqId":1582910487734 132685,"reason":"client request invalid: could not authenticate, verkey for 9uogTBJtA2suZvn9XAribE cannot be found"}' 2020-02-28 17:21:27,830 indy.libindy DEBUG _indy_loop_callback <<< 2020-02-28 17:21:27,831 indy.ledger DEBUG sign_and_submit_request: <<< res: '{"op":"REQNACK","identifier":"9uogTBJtA2suZvn9XAribE","reqId":1582910487734132685, "reason":"client request invalid: could not authenticate, verkey for 9uogTBJtA2suZvn9XAribE cannot be found"}' 2020-02-28 17:21:27,832 aries_cloudagent.commands.start ERROR Exception during startup: Traceback (most recent call last): File "/home/indy/aries_cloudagent/commands/start.py", line 77, in init await startup File "/home/indy/aries_cloudagent/commands/start.py", line 27, in start_app await conductor.start() File "/home/indy/aries_cloudagent/core/conductor.py", line 144, in start await ledger_config(context, public_did) File "/home/indy/aries_cloudagent/config/ledger.py", line 78, in ledger_config await ledger.update_endpoint_for_did(public_did, endpoint) File "/home/indy/aries_cloudagent/ledger/indy.py", line 743, in update_endpoint_for_did await self._submit(request_json, True, True) File "/home/indy/aries_cloudagent/ledger/indy.py", line 288, in _submit f"Ledger rejected transaction request: {request_result['reason']}" aries_cloudagent.ledger.error.LedgerTransactionError: Ledger rejected transaction request: client request invalid: could not authenticate, verkey for 9uogTBJtA 2suZvn9XAribE cannot be found Shutting down ```

blockLedger (Fri, 28 Feb 2020 17:26:54 GMT):
I start with the following parameters:

blockLedger (Fri, 28 Feb 2020 17:27:24 GMT):
``` PORTS="4000:4000 8807:8807 8808:8808" ./scripts/run_docker start \ --admin 0.0.0.0 4000 \ --admin-insecure-mode \ --genesis-url http://dev.greenlight.bcovrin.vonx.io/genesis \ --auto-ping-connection \ --inbound-transport http 0.0.0.0 8808 \ --inbound-transport ws 0.0.0.0 8807 \ --outbound-transport http \ --outbound-transport ws \ --endpoint http://`docker run --net=host eclipse/che-ip`:8808 \ --label "begin-landlord" \ --seed 00000000000000000000000PROVISION \ --wallet-type indy \ --invite-role inviter \ --invite-label "begin-invite" \ --auto-accept-invites \ --auto-accept-requests \ --auto-respond-credential-request \ --auto-verify-presentation \ --auto-store-credential \ --log-level debug ```

blockLedger (Fri, 28 Feb 2020 17:29:10 GMT):
When I remove the option `--walle-type`, it starts up just fine

blockLedger (Fri, 28 Feb 2020 17:29:10 GMT):
When I remove the option `--wallet-type`, it starts up just fine

blockLedger (Fri, 28 Feb 2020 17:30:35 GMT):
However, I then run into the following error, when attempting to create a schema:

blockLedger (Fri, 28 Feb 2020 17:31:46 GMT):
`500 Internal Server Error`

blockLedger (Fri, 28 Feb 2020 17:32:43 GMT):
Checking the acapy instance logs, I see this:

blockLedger (Fri, 28 Feb 2020 17:32:55 GMT):
``` 2020-02-28 17:31:14,946 aries_cloudagent.core.dispatcher ERROR Handler error: schemas_send_schema Traceback (most recent call last): File "/home/indy/aries_cloudagent/messaging/schemas/routes.py", line 121, in schemas_send_schema ledger: BaseLedger = await context.inject(BaseLedger) File "/home/indy/aries_cloudagent/config/injection_context.py", line 126, in inject return await self.injector.inject(base_cls, settings, required=required) File "/home/indy/aries_cloudagent/config/injector.py", line 83, in inject "No instance provided for class: {}".format(base_cls.__name__) aries_cloudagent.config.base.InjectorError: No instance provided for class: BaseLedger 2020-02-28 17:31:14,947 aiohttp.server ERROR Error handling request Traceback (most recent call last): File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aiohttp/web_protocol.py", line 418, in start resp = await task File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aiohttp/web_app.py", line 458, in _handle resp = await handler(request) File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aiohttp/web_middlewares.py", line 119, in impl return await handler(request) File "/home/indy/aries_cloudagent/admin/server.py", line 187, in apply_limiter return await task File "/home/indy/aries_cloudagent/messaging/schemas/routes.py", line 121, in schemas_send_schema ledger: BaseLedger = await context.inject(BaseLedger) File "/home/indy/aries_cloudagent/config/injection_context.py", line 126, in inject return await self.injector.inject(base_cls, settings, required=required) File "/home/indy/aries_cloudagent/config/injector.py", line 83, in inject "No instance provided for class: {}".format(base_cls.__name__) aries_cloudagent.config.base.InjectorError: No instance provided for class: BaseLedger 2020-02-28 17:31:14,951 aiohttp.access INFO 172.18.0.1 [28/Feb/2020:17:31:14 +0000] "POST /schemas HTTP/1.1" 500 398 "https://4000-dot-10838353-dot-devshell.ap pspot.com/api/doc" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36" ```

dbluhm (Fri, 28 Feb 2020 17:33:02 GMT):
The Indy wallet is required for interacting with Indy ledgers

dbluhm (Fri, 28 Feb 2020 17:33:49 GMT):
``` aries_cloudagent.ledger.error.LedgerTransactionError: Ledger rejected transaction request: client request invalid: could not authenticate, verkey for 9uogTBJtA 2suZvn9XAribE cannot be found ``` I believe this means that your DID has not been written to the connected ledger

blockLedger (Fri, 28 Feb 2020 17:33:51 GMT):
@dbluhm I suppose that is true, I just don't know how to start the instance with that option

blockLedger (Fri, 28 Feb 2020 17:35:56 GMT):
@dbluhm is the process of connecting to the ledger automatic during acapy provisioning / start or is there a proactive step you're aware of tht I should take

dbluhm (Fri, 28 Feb 2020 17:42:13 GMT):
In the demos, this line is run on startup of the agent: https://github.com/hyperledger/aries-cloudagent-python/blob/master/demo/runners/faber.py#L140 If you follow that line to the definition of `register_did`, it calls into the admin API of the agent to write the DID to the connected ledger.

dbluhm (Fri, 28 Feb 2020 17:43:52 GMT):
I'm not sure which of your startup parameters is causing the agent to check the ledger for your DID on startup -- probably `--seed`? @andrew.whitehead would know. I would try removing that line and using the admin API to create and register your public DID

blockLedger (Fri, 28 Feb 2020 17:50:53 GMT):
@dbluhm thanks I will look into that right away

blockLedger (Fri, 28 Feb 2020 17:51:12 GMT):
also thanks for linking that example

andrew.whitehead (Fri, 28 Feb 2020 17:55:35 GMT):
That's right, --seed currently implies a public DID

andrew.whitehead (Fri, 28 Feb 2020 17:55:35 GMT):
That's right, --seed currently implies a public DID. When it starts up, aca-py will check and update your endpoint on the ledger in that case

blockLedger (Fri, 28 Feb 2020 18:11:13 GMT):
@andrew.whitehead does the option `--genesis-url` set the desired ledger or does the desired ledger has to set using the format `LEDGER_URL=xxx` as seen in the demo [here](https://github.com/hyperledger/aries-cloudagent-python/tree/master/demo)

blockLedger (Fri, 28 Feb 2020 18:11:13 GMT):
@andrew.whitehead does the option `--genesis-url` set the desired ledger or does the desired ledger have to set using the format `LEDGER_URL=xxx` as seen in the demo [here](https://github.com/hyperledger/aries-cloudagent-python/tree/master/demo)

andrew.whitehead (Fri, 28 Feb 2020 18:15:37 GMT):
The demo uses LEDGER_URL which is specifically for a von-network ledger, where there is an endpoint for the agent to register itself

blockLedger (Fri, 28 Feb 2020 18:16:33 GMT):
The von-network is also what I am using for development

blockLedger (Fri, 28 Feb 2020 18:18:20 GMT):
I was just wondering if `--genesis-url` somehow tells the agent to direct blockchain related transactions to ledger specified within the genesis file

andrew.whitehead (Fri, 28 Feb 2020 18:20:07 GMT):
--genesis-url gives it a URL to fetch the genesis file from, which is how it finds the addresses of the validator nodes

andrew.whitehead (Fri, 28 Feb 2020 18:20:07 GMT):
--genesis-url gives it a URL to fetch the genesis file from, which is how it finds the addresses of the validator nodes (--genesis-file does the same for one you've already downloaded)

swcurran (Fri, 28 Feb 2020 18:27:44 GMT):
@blockLedger - a point about the `register_did` issue you ran into. We're learning that a good pattern, especially for production is to have a provisioning process that: - looks in the wallet and ledger - makes sure that everything that is needed is exists or is created, and - exits Then, there should be the full agent that on startup: - looks in the wallet and on the ledger - makes sure that everything that is needed exists and errors/quits if not, and - runs to do all the agent-y things That is partially because it isolates provisioning things that can be tricky to do on different ledgers (e.g. the TAA and endorser process on Sovrin) and allows the full agent to operate the ledger as read-only for the most part. There could be exceptions, but we think it's a good pattern.

swcurran (Fri, 28 Feb 2020 18:28:15 GMT):
@blockLedger - we'd also love to incorporate your feedback into the getting started information to make it easier for those that follow.

blockLedger (Fri, 28 Feb 2020 18:28:54 GMT):
@swcurran thanks for your detailed response

blockLedger (Fri, 28 Feb 2020 18:30:20 GMT):
I am fairly new to the acapy ecosystem and I am still trying to wrap my mind around all the concepts and how they come together

blockLedger (Fri, 28 Feb 2020 18:31:13 GMT):
In doing that, I have studied the demos but still feel the best place to start is using the command line to start an instance

blockLedger (Fri, 28 Feb 2020 18:31:41 GMT):
Assuming that works, I plan to execute the different options available through the swagger api

blockLedger (Fri, 28 Feb 2020 18:33:33 GMT):
I suppose my hiccups thus far have been properly implementing the command line options, for example, I still do not fully grasp the impact of `--seed`

blockLedger (Fri, 28 Feb 2020 18:38:14 GMT):
As a request, it will be very helpful if someone can demonstrate the following (without the demos in the repo): - `provision` an agent using the command line options and discuss the what's, why's, where, when, maybe who's of the options - `start` an agent using the command line options and discuss the what's, why's, where, when, maybe who's of the options - run through some of the basic api funtions like: connections, schemas, etc

blockLedger (Fri, 28 Feb 2020 18:38:43 GMT):
During the demonstration, what will emerge are some of the questions that I have asked

swcurran (Fri, 28 Feb 2020 18:38:45 GMT):
Maybe we need to **not** lean on the Alice/Faber controllers when we start up the OpenAPI Demo. We think that is going to be the major way that Devs learn about what it takes to write a Controller.

swcurran (Fri, 28 Feb 2020 18:39:02 GMT):
I think we just said the same thing - good! :-)

blockLedger (Fri, 28 Feb 2020 18:40:21 GMT):
I think you're right. However, the demo have also been extremely helpful in visualizing the concepts

swcurran (Fri, 28 Feb 2020 18:41:34 GMT):
Yes - we're not going to get rid of them :-). But the specific OpenAPI demo could be more like you are saying.

blockLedger (Fri, 28 Feb 2020 18:41:53 GMT):
Yes sir

blockLedger (Fri, 28 Feb 2020 18:42:32 GMT):
Anyway, I will go back to tinkering with this thing and report back if I have any breakthrough

dbluhm (Fri, 28 Feb 2020 21:42:56 GMT):
@andrew.whitehead @swcurran I think I may have found a bug that seems to be breaking verification of predicates: https://github.com/hyperledger/aries-cloudagent-python/pull/390

dbluhm (Fri, 28 Feb 2020 21:44:37 GMT):
Slight revision: I think it breaks verifying a proof that has only predicates and not attributes

andrew.whitehead (Fri, 28 Feb 2020 21:45:23 GMT):
Yup, looks good thanks. Seems like it was also skipping attributes after the first one

swcurran (Fri, 28 Feb 2020 21:56:42 GMT):
@dbluhm - do you think we need an immediate release?

dbluhm (Fri, 28 Feb 2020 21:57:57 GMT):
Well, it broke our toolbox demos at least lol

dbluhm (Fri, 28 Feb 2020 21:58:55 GMT):
We're still pointing at the SF fork right now but we intended to start getting it running on 0.4.3

swcurran (Fri, 28 Feb 2020 21:59:50 GMT):
But others are likely to hit it.

dbluhm (Fri, 28 Feb 2020 22:00:03 GMT):
It would seem so, yes

swcurran (Fri, 28 Feb 2020 22:00:24 GMT):
We had something weird yesterday and we're retrying that one.

swcurran (Fri, 28 Feb 2020 23:38:49 GMT):
FYI: Aries Cloud Agent - Python Release 0.4.4 has been tagged and posted to PyPi. Release notes can be found here - https://github.com/hyperledger/aries-cloudagent-python/releases/tag/0.4.4. Includes a fix for a bug in presentation verification introduced in 0.4.3. An update to Indy SDK 1.14.2 was made to the docker images used in the demos. Code reference documentation has been generated to ReadTheDocs - https://aries-cloud-agent-python.readthedocs.io/en/latest/

swcurran (Fri, 28 Feb 2020 23:38:49 GMT):
FYI: Aries Cloud Agent - Python Release 0.4.4 has been tagged and posted to PyPi. Release notes can be found here - https://github.com/hyperledger/aries-cloudagent-python/releases/tag/0.4.4. Includes a fix for a bug in presentation verification introduced in 0.4.3. An update to Indy SDK 1.14.2 was made to the docker images used in the demos. Anyone running 0.4.3 should update to 0.4.4 as soon as possible. Code reference documentation has been generated to ReadTheDocs - https://aries-cloud-agent-python.readthedocs.io/en/latest/

priyashankar (Mon, 02 Mar 2020 04:59:48 GMT):
Thanks. Have a great day.

ashlinSajan (Mon, 02 Mar 2020 09:20:55 GMT):
Has joined the channel.

ashlinSajan (Mon, 02 Mar 2020 09:21:02 GMT):
Hi Anyone tried aries on raspberry pi?

AthiraSPillai123 (Mon, 02 Mar 2020 14:45:32 GMT):
Hi I have a question regarding demo agent. I was running demo agent locally using docker, the invitation created by faber from cli works perfect(when Alice use the same to connect),But when I use api to create invitation by faber and when Alice use that new invitation to connect it throws the following error on faber-cli even though api returns status 200. The error on faber-cli when Alice cqalls the accept invitation api is given below: steps used : 1. faber create invitation from api 2. Alice use that invitation and calls the api /connections/receive-invitation and got connection id from response -(no cli msg found on faber during this call) 3. Alice calls the api /connections/{id}/accept-invitation and got 200 status -but got the following error on faber-cli Please advise if am doing something wrong here Waiting for connection... Faber | 2020-03-02 14:37:56,051 aries_cloudagent.messaging.base_handler ERROR Error receiving connection request Faber | Traceback (most recent call last): Faber | File "/home/indy/aries_cloudagent/protocols/connections/manager.py", line 326, in receive_request Faber | self.context, connection_key, ConnectionRecord.INITIATOR_SELF Faber | File "/home/indy/aries_cloudagent/connections/models/connection_record.py", line 166, in retrieve_by_invitation_key Faber | return await cls.retrieve_by_tag_filter(context, tag_filter, post_filter) Faber | File "/home/indy/aries_cloudagent/messaging/models/base_record.py", line 238, in retrieve_by_tag_filter Faber | raise StorageNotFoundError("Record not found") Faber | aries_cloudagent.storage.error.StorageNotFoundError: Record not found Faber | Faber | During handling of the above exception, another exception occurred: Faber | Faber | Traceback (most recent call last): Faber | File "/home/indy/aries_cloudagent/protocols/connections/handlers/connection_request_handler.py", line 27, in handle Faber | await mgr.receive_request(context.message, context.message_receipt) Faber | File "/home/indy/aries_cloudagent/protocols/connections/manager.py", line 330, in receive_request Faber | "No invitation found for pairwise connection" Faber | aries_cloudagent.protocols.connections.manager.ConnectionManagerError: No invitation found for pairwise connection

AthiraSPillai123 (Mon, 02 Mar 2020 14:45:32 GMT):
Hi I have a question regarding ACA-py demo agent. I was running demo agent locally using docker, the invitation created by faber from cli works perfect(when Alice use the same to connect),But when I use api to create invitation by faber and when Alice use that new invitation to connect it throws the following error on faber-cli even though api returns status 200. The error on faber-cli when Alice cqalls the accept invitation api is given below: steps used : 1. faber create invitation from api 2. Alice use that invitation and calls the api /connections/receive-invitation and got connection id from response -(no cli msg found on faber during this call) 3. Alice calls the api /connections/{id}/accept-invitation and got 200 status -but got the following error on faber-cli Please advise if am doing something wrong here Waiting for connection... Faber | 2020-03-02 14:37:56,051 aries_cloudagent.messaging.base_handler ERROR Error receiving connection request Faber | Traceback (most recent call last): Faber | File "/home/indy/aries_cloudagent/protocols/connections/manager.py", line 326, in receive_request Faber | self.context, connection_key, ConnectionRecord.INITIATOR_SELF Faber | File "/home/indy/aries_cloudagent/connections/models/connection_record.py", line 166, in retrieve_by_invitation_key Faber | return await cls.retrieve_by_tag_filter(context, tag_filter, post_filter) Faber | File "/home/indy/aries_cloudagent/messaging/models/base_record.py", line 238, in retrieve_by_tag_filter Faber | raise StorageNotFoundError("Record not found") Faber | aries_cloudagent.storage.error.StorageNotFoundError: Record not found Faber | Faber | During handling of the above exception, another exception occurred: Faber | Faber | Traceback (most recent call last): Faber | File "/home/indy/aries_cloudagent/protocols/connections/handlers/connection_request_handler.py", line 27, in handle Faber | await mgr.receive_request(context.message, context.message_receipt) Faber | File "/home/indy/aries_cloudagent/protocols/connections/manager.py", line 330, in receive_request Faber | "No invitation found for pairwise connection" Faber | aries_cloudagent.protocols.connections.manager.ConnectionManagerError: No invitation found for pairwise connection

AthiraSPillai123 (Mon, 02 Mar 2020 16:09:47 GMT):
Can anyone point me where I can see some examples of aries cloudagent API authentication implemented?

swcurran (Mon, 02 Mar 2020 16:52:32 GMT):
Do you mean https://github.com/bcgov/vc-authn-oidc ? There is a demo folder there with a simple use case. There is a "Run in Play with Docker" script that is easy to use.

AthiraSPillai123 (Mon, 02 Mar 2020 17:40:29 GMT):
Thanks @swcurran. I will try the above repo. I was trying to add an authentication to admin APIs by changing "--admin-insecure-mode" to --admin-api-key.

swcurran (Mon, 02 Mar 2020 17:45:45 GMT):
Oh - sorry - then never mind. I was thinking you were asking something else.

swcurran (Mon, 02 Mar 2020 17:46:27 GMT):
I think the only uses of that we have are on production deployments. @WadeBarnes can probably help with an example.

WadeBarnes (Mon, 02 Mar 2020 17:46:27 GMT):
Has joined the channel.

AthiraSPillai123 (Mon, 02 Mar 2020 17:48:16 GMT):
Thanks @swcurran .That would be really helpful for a newbie like me

jayapalreddy (Tue, 03 Mar 2020 02:06:29 GMT):
Has joined the channel.

ashlinSajan (Tue, 03 Mar 2020 04:38:01 GMT):
Hi, while running aries cloud agent on raspberry pi I'm facing an issue

swcurran (Tue, 03 Mar 2020 05:17:01 GMT):
Interestingly - the example that I pointed to does use that. I dug around a bit. The example is not straight forward as we are using both a script (./manage) to run the example, and docker/docker-compose. But, in all that, we start ACA-Py with `--admin-api-key controller-api-key` and when we call the ADMIN API, we have to pass it in the header, using something like this: `curl -X GET "http://localhost:5000/api/vc-configs" -H "accept: application/json" -H "X-Api-Key: controller-api-key"`

swcurran (Tue, 03 Mar 2020 05:18:25 GMT):
If you start ACA-Py with `--admin-insecure-mode`, you can leave off the `-H "X-Api-Key: controller-api-key"` value set in the header. Hope that helps!

swcurran (Tue, 03 Mar 2020 05:19:29 GMT):
@esune - could you please confirm the above?

esune (Tue, 03 Mar 2020 05:25:53 GMT):
That seems correct. In the vc-authn example you indicated manage script infers wether the agent will be running in secure/insecure mode by checking the environment variable ACAPY_ADMIN_URL_API_KEY: if set, the agent will be started with the command above using the environment variable as value for the API key, and the appropriate header will be required to access the admin rest interface.

ashlinSajan (Tue, 03 Mar 2020 05:52:25 GMT):

2020-02-27-215839_1366x768_scrot.png

ashlinSajan (Tue, 03 Mar 2020 05:52:30 GMT):

2020-02-27-215830_1366x768_scrot.png

ashlinSajan (Tue, 03 Mar 2020 05:52:56 GMT):
Raspberry pi issue while running aries cloud agent

andrew.whitehead (Tue, 03 Mar 2020 06:15:55 GMT):
I think it just needs a longer timeout because it takes a while to generate the credential definition on that device

ashlinSajan (Tue, 03 Mar 2020 06:24:44 GMT):
I set the START_TIMEOUT = float(os.getenv("START_TIMEOUT", 1000.0))

ashlinSajan (Tue, 03 Mar 2020 06:24:52 GMT):
Still getting the same error

ashlinSajan (Tue, 03 Mar 2020 06:27:17 GMT):
Can anyone point out where I'm going wrong?

ashlinSajan (Tue, 03 Mar 2020 06:34:52 GMT):
I got this error while starting the agent not in generating the credential definition

WadeBarnes (Tue, 03 Mar 2020 14:20:23 GMT):
@ashlinSajan, part of the agent startup and initialization procedure is to generate credential definitions where needed. This is a time consuming task, and will take far longer on something like a Pi.

WadeBarnes (Tue, 03 Mar 2020 14:20:23 GMT):
@ashlinSajan, part of the agent startup and initialization procedure is to create and initialize the wallet with a few items. This can be time consuming taskon a device like a Pi.

jljordan_bcgov (Tue, 03 Mar 2020 14:22:18 GMT):
@ashlinSajan there was an intern at hyperledger last summer that had success on a Pi. https://wiki.hyperledger.org/display/INTERN/Collaboration%3A+Raspberry+Pi+Indy+Agent

jljordan_bcgov (Tue, 03 Mar 2020 14:22:34 GMT):
https://github.com/zzx02/Raspberry-Pi-Indy-Agent

WadeBarnes (Tue, 03 Mar 2020 14:22:51 GMT):
Thanks @jljordan_bcgov, I was just looking for that.

ashlinSajan (Tue, 03 Mar 2020 22:48:26 GMT):
I followed the same steps mentioned in the above link.

ashlinSajan (Tue, 03 Mar 2020 22:49:05 GMT):
But, still getting the timeout issue in fetch_process function in the agent.py file

ashlinSajan (Tue, 03 Mar 2020 22:50:15 GMT):
I tried to increase the timeout value to higher value still getting the same

TelegramSam (Tue, 03 Mar 2020 23:45:13 GMT):
Anybody have any problems with docker not displaying the invitation due to buffering issues?

swcurran (Wed, 04 Mar 2020 03:52:44 GMT):
Not seen that. We did accept the pull request and it's included in 0.4.5

CyrilLeung (Wed, 04 Mar 2020 04:53:22 GMT):
Hi everyone, I am trying to use von-network with aries cloud agent by installed on my local VM. And I try to start the agent as the following: aca-py start \ --label faber \ --seed 000000000000000000000000000Agent \ --wallet-type indy \ --wallet-key welldone \ --wallet-name myWallet \ --genesis-url http://127.0.0.1:9000/genesis \ --inbound-transport http 127.0.0.1 8000 \ --outbound-transport http \ --admin 127.0.0.1 8080 \ --admin-insecure-mode The agent start up successfully, but when I trying to create an invitation which is missing the "endpoint" and "did" attr in the JSON as the following, do I missed something when I use the aca-py command ? Thank you { "connection_id": "32320890-0655-491e-892d-9bcc114f5f88", "invitation": { "@type": "did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/connections/1.0/invitation", "@id": "2d82e58c-9d25-4ab1-b43f-7e2384ec8349", "label": "faber", "recipientKeys": [ "5uB2RwFtRVSnJZA9YFK7Ec8intK5kh95eSburJwbYbbW" ] }, "invitation_url": "?c_i=eyJAdHlwZSI6ICJkaWQ6c292OkJ6Q2JzTlloTXJqSGlxWkRUVUFTSGc7c3BlYy9jb25uZWN0aW9ucy8xLjAvaW52aXRhdGlvbiIsICJAaWQiOiAiMmQ4MmU1OGMtOWQyNS00YWIxLWI0M2YtN2UyMzg0ZWM4MzQ5IiwgImxhYmVsIjogImZhYmVyIiwgInJlY2lwaWVudEtleXMiOiBbIjV1QjJSd0Z0UlZTbkpaQTlZRks3RWM4aW50SzVraDk1ZVNidXJKd2JZYmJXIl19" }

andrew.whitehead (Wed, 04 Mar 2020 04:59:17 GMT):
Yes, you just missed the --endpoint parameter. The "did" property is only set for "public" invites, instead of the recipient keys and endpoint

CyrilLeung (Wed, 04 Mar 2020 05:05:12 GMT):
Thank you very much for your prompt reply, I added back the --endpoint parameter and now work properly

biligunb (Wed, 04 Mar 2020 05:59:14 GMT):
Has joined the channel.

biligunb (Wed, 04 Mar 2020 06:01:48 GMT):
Hey guys. 1 quick question. Is ACA-PY only for 1 user? (1 wallet : which seems to be configured before starting the agent)

sklump (Wed, 04 Mar 2020 11:39:47 GMT):
Correct.

swcurran (Wed, 04 Mar 2020 14:17:44 GMT):
The ACA-Py User Group Meeting is cancelled this week due to the Hyperledger Global Forum. We'll return in 2 weeks.

AthiraSPillai123 (Wed, 04 Mar 2020 17:24:35 GMT):
Hi how do I find ll the credentials issued by faber? I was trying this admin API /issue-credential/records it shows record for all the credential exchange during the send-offer and send -request phase with appropriate state value, but when faber finished calling this api /issue-credential/records/{cred_ex_id}/issue to issue credential the /issue-credential/record returns empty array

sklump (Wed, 04 Mar 2020 17:29:07 GMT):
The operation culls cred ex records by default on completion. Try argument `"--preserve-exchange-records"`.

AthiraSPillai123 (Wed, 04 Mar 2020 18:33:29 GMT):
Is that the only way to find out all credentials issued by an agent?

AthiraSPillai123 (Wed, 04 Mar 2020 18:33:29 GMT):
Is that the only way to find out all credentials issued by an agent? Am new to ACA-py.

sklump (Wed, 04 Mar 2020 18:38:43 GMT):
Yes - note that this is in essential part of the design of indy. Credentials are for the holder, not the issuer. Imagine a regime change situation where the new regime wants to find all credentialled journalists in the old party, for vengeance. The issuer ought not retain any provable trace of issued credentials. Credentials aren't certificates.

sklump (Wed, 04 Mar 2020 18:38:43 GMT):
Yes - note that this is in essential part of the design of indy. Credentials are for the holder, not the issuer. Imagine a regime change situation where the new regime wants to find all credentialled members the old party, for vengeance. The issuer ought not retain any provable trace of issued credentials. Credentials aren't certificates.

sklump (Wed, 04 Mar 2020 18:38:43 GMT):
Yes - note that this is in essential part of the design of indy. Credentials are for the holder, not the issuer. Imagine a regime change situation where the new regime wants to find all credentialled members of the old party, for vengeance. The issuer ought not retain any provable trace of issued credentials. Credentials aren't certificates.

sklump (Wed, 04 Mar 2020 18:38:43 GMT):
Yes - note that this is in essential part of the design of indy. Credentials are for the holder, not the issuer. Imagine a regime change situation where the new regime wants to find all credentialled members of the old party, for vengeance. The issuer ought not retain any provable trace of issued credentials. Credentials aren't certificates (or attribute certificates).

AthiraSPillai123 (Wed, 04 Mar 2020 18:43:12 GMT):
Totally make sense!! I was thinking more like a log book to refer back the events I did

sklump (Wed, 04 Mar 2020 18:47:25 GMT):
You would need to retain the cred ex records then.

AthiraSPillai123 (Wed, 04 Mar 2020 18:48:35 GMT):
Thanks a lot @sklump really appreciate your help

swcurran (Wed, 04 Mar 2020 20:00:48 GMT):
Another more likely option is that the controller would retain the record of issuance of the credentials. Instead of keeping them in the issuer Aries wallet, the controller gets notified of the issuance and stores the necessary info in the system of record from which the credential was issued. So Faber might have a record for Alice in their "Student Information System", and they would track that they issued credential to her with an ID with a date and time. That way they can go back later and revoke the credential. Separating out the controller data from the wallet data is a Good Thing we think.

ashlinSajan (Thu, 05 Mar 2020 07:24:36 GMT):
Hi Team

ashlinSajan (Thu, 05 Mar 2020 07:25:17 GMT):
I have increased the timeout value in raspberry pi to higher value and now I'm facing another issue of Pool Ledger getting timeout.

ashlinSajan (Thu, 05 Mar 2020 07:25:44 GMT):

2020-02-29-054732_1366x768_scrot.png

biligunb (Thu, 05 Mar 2020 09:47:40 GMT):
Is there any other options so I can switch between 2 wallets? (using ACA-PY)

sklump (Thu, 05 Mar 2020 11:48:43 GMT):
Run two instances, each with its own ports

dgunseli (Thu, 05 Mar 2020 12:36:42 GMT):
Hello all, we are currently using Sovring Sandbox ledger. Right now, we are facing with TAA acceptance when we start the ACA-Py. Even if we accept this, we can't create schema. Also, we call "/ledger/taa/accept" control with the text and other fields. Even if we did it, we are still facing with the error `Ledger rejected transaction request: client request invalid: InvalidClientTaaAcceptanceError('Txn Author Agreement acceptance is required for ledger with id 1',)` Is there anybody who faced with this before?

ajayjadhav (Thu, 05 Mar 2020 12:49:38 GMT):
Hi @swcurran , I was wondering if ACA-Py can be used as a Mediator/Router for mobile clients?

swcurran (Thu, 05 Mar 2020 13:11:00 GMT):
I think this has been seen before - there was a tweak done in a recent release to address it. Not certain of the process though.

swcurran (Thu, 05 Mar 2020 13:11:20 GMT):
Perhaps @dbluhm or @andrew.whitehead can help.

swcurran (Thu, 05 Mar 2020 13:12:14 GMT):
Yes. I think that @dgunseli is working on that. @sukalpomitra also has a mediator option that he has implemented.

dgunseli (Thu, 05 Mar 2020 13:13:21 GMT):
We didn't get the last version from repo, we applied the changes manually but I'll try with the newest version. Till that, we switched to GreenLight Dev Ledger :)

sukalpomitra (Thu, 05 Mar 2020 14:32:31 GMT):
HI @ajayjadhav if u want you can play with OSMA - https://play.google.com/store/apps/details?id=com.osma

sukalpomitra (Thu, 05 Mar 2020 14:32:50 GMT):
You can register the cloud agent here - http://52.77.24.12:8081/

sukalpomitra (Thu, 05 Mar 2020 14:33:35 GMT):
In the next iteration @swcurran , I was thinking of changing the implementation where OSMA comes already with a cloiud agent, like a OSMA agency

ajayjadhav (Thu, 05 Mar 2020 14:34:03 GMT):
This is great @sukalpomitra

ajayjadhav (Thu, 05 Mar 2020 14:34:13 GMT):
will have a look at it..

ajayjadhav (Thu, 05 Mar 2020 14:34:55 GMT):
do you have a github repo for me to look at the code ?

sukalpomitra (Thu, 05 Mar 2020 14:36:05 GMT):
its not yet open sourced - I am working with @swcurran to make it under hyperledger. In the mean time you can read this RFC, on which the cloud agent idea is based

sukalpomitra (Thu, 05 Mar 2020 14:36:17 GMT):
https://github.com/hyperledger/aries-rfcs/tree/master/concepts/0346-didcomm-between-two-mobile-agents

ajayjadhav (Thu, 05 Mar 2020 14:40:24 GMT):
Thanks for sharing @sukalpomitra

dbluhm (Thu, 05 Mar 2020 14:44:40 GMT):
@dgunseli sounds like the issue I ran into a bit ago that we got taken care of; pulling the latest version should fix that problem

victor.martinez (Thu, 05 Mar 2020 14:45:42 GMT):
@swcurran , @pengyuc . I would like to start integrating revocation APIs in our controller. Can I asume that the Interfaces currently define in the PR would be mantain until the completion of the PR ? (i.e the classes RevocationRegistry, IssuerRevocationRecord and new admin routes and the new 2 parameters in the credential-definition and issue-credential rotues )

AthiraSPillai123 (Thu, 05 Mar 2020 14:52:58 GMT):
Hi @sklump where do I have to pass the parameter --preserve-exchange-records? I tried this on def get_agent_args(self): of agent.py but gt this error aca-py start: error: unrecognized arguments. Please help

sklump (Thu, 05 Mar 2020 14:58:35 GMT):
It's a command line argument - I found it here: https://github.com/hyperledger/aries-cloudagent-python/blob/3c719eb74febd20bac97e95b6fece793f0a4a66a/aries_cloudagent/config/argparse.py#L564

sklump (Thu, 05 Mar 2020 15:00:23 GMT):
I guess you'd pass it in extra_args

sklump (Thu, 05 Mar 2020 15:00:23 GMT):
I guess you'd pass it in extra_args in the demo

sklump (Thu, 05 Mar 2020 15:02:31 GMT):
... so I'd stick it in here: https://github.com/hyperledger/aries-cloudagent-python/blob/3c719eb74febd20bac97e95b6fece793f0a4a66a/demo/runners/faber.py#L39

kthomas (Thu, 05 Mar 2020 15:03:56 GMT):
From what I have read of the spec, a aries/indy wallet can hold other types of data i.e. other than credentials in JSON. The question is - can a photo or pdf be sent to a person's (aca-py) wallet? Many thanks in advance.

sklump (Thu, 05 Mar 2020 15:04:38 GMT):
for immediate gratification, otherwise I'd plumb it into the run_demo script and tweak code accordingly

AthiraSPillai123 (Thu, 05 Mar 2020 15:07:06 GMT):
Thanks a lot!!

sklump (Thu, 05 Mar 2020 15:08:40 GMT):
You can specify a mime-type in the offer or the proposal, base64-encode the payload, and the wallet will retain it with a non-secrets record for query via API `issue-credential/mime-types/{credential_id}`.

sklump (Thu, 05 Mar 2020 15:08:40 GMT):
You can specify a mime-type in the proposal/request/offer, base64-encode the payload, and the wallet will retain it with a non-secrets record for query via API `issue-credential/mime-types/{credential_id}`.

sklump (Thu, 05 Mar 2020 15:08:40 GMT):
You can specify a mime-type in the proposal/request/offer, base64-encode the value, and the wallet will retain the mime-type with a non-secrets record for query via API `issue-credential/mime-types/{credential_id}`.

kthomas (Thu, 05 Mar 2020 15:10:16 GMT):
Thanks you so much for your reply @sklump , really appreciate it. I did see the mime types, wasn't too sure. I will try it out now. Thanks again

andrew.whitehead (Thu, 05 Mar 2020 17:14:53 GMT):
The PR is merged now so you should be relatively safe to use it :)

DibbsZA (Thu, 05 Mar 2020 20:42:15 GMT):
Well I don't think it is resolved. I pull the latest realease and then did a the aca-py provision. I chose option 1 to accept the TAA and saved it to the wallet. This seemed to function correctly. The I started the agent normally and in the logs it started showing this message.

DibbsZA (Thu, 05 Mar 2020 20:42:15 GMT):
Well I don't think it is resolved. I pull the latest release and then did the `aca-py provision`. I chose option 1 to accept the TAA and save it to the wallet. This seemed to function correctly. The I started the agent normally and in the logs it started showing this message.

DibbsZA (Thu, 05 Mar 2020 20:43:20 GMT):
After I used the API to set the TAA again that 1st message went away, but now I continuously get this error: `indy.ledger DEBUG sign_and_submit_request: <<< res: '{"op":"REJECT","identifier":"8fqdoeYMe72jayjajmyL6b","reason":"client request invalid: InvalidClientTaaAcceptanceError(\'Incorrect Txn Author Agreement(digest=6e12ccd435d9d71485af2f57e6101839f8dc68d1f4f80524aac228ab4d94432a) in the request\',)","reqId":1583439168343344235}' `

DibbsZA (Thu, 05 Mar 2020 20:50:07 GMT):
Was I not supposed to do the manual provision?

DibbsZA (Thu, 05 Mar 2020 20:50:48 GMT):
Did I choose the wrong mechanism option in setting the TAA via the API?

dbluhm (Thu, 05 Mar 2020 21:07:47 GMT):
The manual provision should work and option one should have been fine as well.

dbluhm (Thu, 05 Mar 2020 21:08:07 GMT):
I'll pull down the latest version myself and verify that it's working on my end at least

DibbsZA (Thu, 05 Mar 2020 21:08:42 GMT):
Thanks. That would be greatly appreciated.

andrew.whitehead (Thu, 05 Mar 2020 21:09:46 GMT):
Are you testing with 0.4.5 or master?

DibbsZA (Thu, 05 Mar 2020 21:10:11 GMT):
0.4.5

DibbsZA (Thu, 05 Mar 2020 21:10:33 GMT):
bcgovimages/aries-cloudagent:py36-1.14-1_0.4.5

andrew.whitehead (Thu, 05 Mar 2020 21:10:52 GMT):
Okay, just checking in case it was the PR from this morning that broke something

DibbsZA (Thu, 05 Mar 2020 21:11:20 GMT):
And we have it configured to persist to the postgres db if that makes a difference

andrew.whitehead (Thu, 05 Mar 2020 21:12:09 GMT):
It shouldn't but good to know. What acceptance method were you using?

DibbsZA (Thu, 05 Mar 2020 21:14:03 GMT):
`request_json: "{\"identifier\":\"8fqdoeYMe72jayjajmyL6b\",\"operation\":{\"data\":{\"attr_names\":[\"name\",\"gender\"],\"name\":\"pm_bovine_test\",\"version\":\"1.0\"},\"type\":\"101\"},\"protocolVersion\":2,\"reqId\":1583439168343344235,\"signature\":\"iU6Lm7MGfymgcrmJG336Dk5vmBUbG2jbSwrFS61Bb7QvgpkA62fypc9xQ7oaMNV4NwMzXQTmRdwzf8uq4hJFDQa\",\"taaAcceptance\":{\"mechanism\":\"wallet_agreement\",\"taaDigest\":\"6e12ccd435d9d71485af2f57e6101839f8dc68d1f4f80524aac228ab4d94432a\",\"time\":1583366400}}" `

DibbsZA (Thu, 05 Mar 2020 21:14:31 GMT):
wallet_agreement. but I have also tried some of the others.

dbluhm (Thu, 05 Mar 2020 21:20:16 GMT):
As another data point, I was able to successfully write a schema from master. TAA was accepted through Aries-Toolbox rather than manual provisioning so that path needs to be tested still.

andrew.whitehead (Thu, 05 Mar 2020 21:21:26 GMT):
Looks like it was added to the request so.. dunno, sandbox is on a weird indy-node version?

AthiraSPillai123 (Thu, 05 Mar 2020 21:28:05 GMT):
Hi, is it possible to use one controller which is configured to route to(common Angular front-end) with multiple instance of agent If so how does the web-hook integration works ?

AthiraSPillai123 (Thu, 05 Mar 2020 21:28:05 GMT):
Hi, is it possible to use one controller which is configured to route (use a common Angular front-end) with multiple instance of agent If so how does the web-hook integration works ?

biligunb (Fri, 06 Mar 2020 01:27:30 GMT):
[ ](https://chat.hyperledger.org/channel/aries-cloudagent-python?msg=ZbK45wDmqjAeNfBhS)
Clipboard - March 6, 2020 9:27 AM

biligunb (Fri, 06 Mar 2020 01:27:34 GMT):
My goal is to use 1 docker container & switch context on that ACA-PY agent.

biligunb (Fri, 06 Mar 2020 01:27:42 GMT):
My goal is to use 1 docker container & switch context on that ACA-PY agent.

biligunb (Fri, 06 Mar 2020 01:28:36 GMT):
I ca see from `aca-py start --help` that --wallet-name Specifies the wallet name to be used by the agent. This is useful if your deployment has multiple wallets.

biligunb (Fri, 06 Mar 2020 01:29:18 GMT):
what does it mean? (I thought i can use multiple wallets on 1 agent)

biligunb (Fri, 06 Mar 2020 01:34:37 GMT):
I think so. You can design the CONTROLLER however you want.

biligunb (Fri, 06 Mar 2020 01:35:49 GMT):
Is there any command to STOP aca-py ? (all i can see is that i need to manually stop the docker container to stop it)

biligunb (Fri, 06 Mar 2020 01:35:49 GMT):
Is there any command to STOP aca-py ? (all i can see is that i need to manually stop the docker container to stop it) ``` aca-py provision aca-py start ```

andrew.whitehead (Fri, 06 Mar 2020 01:41:41 GMT):
Ctrl-c?

biligunb (Fri, 06 Mar 2020 01:43:58 GMT):
i ran it inside docker. So I cant CTRL+C

andrew.whitehead (Fri, 06 Mar 2020 01:46:27 GMT):
Then docker stop is the right way. That sends a SIGTERM which it should process

biligunb (Fri, 06 Mar 2020 02:59:00 GMT):
that seems to be the only way. I was trying to - docker exec -it bash - STOP the aca-py process - START new aca-py with different wallet credential

CyrilLeung (Fri, 06 Mar 2020 09:05:43 GMT):
Hi everyone, I want to ask in OpenAPI Demo has a method "/connections/{id}/send-message" It help to send a JSON to target connection and the message can be receive in target connection agent in webhook But how can the target agent know the message come from which connection ? Since the connection IDs are not the same in both agent If i pass the DID in the JSON, then I need to look up all the connections to find out it belong to which connection Or I missed something in the message ? Thank you

DibbsZA (Fri, 06 Mar 2020 10:36:00 GMT):
Still having issues with Accepting the TAA via the API. I have had these observations: In order to accept TAA the API asks you to provide a JSON payload like this: ```{ "version": "2.0", "mechanism": "on_file", "text": "..the whole text of the TAA .." }``` The digest is calculated by the concatenation of the version and the text fields. The only problem is that the ledger expects this to be done in way that the result should *ALWAYS?* be `8cee5d7a573e4893b08ff53a0761a22a1607df3b3fcd7e75b98696c92879641f` and this will ONLY be correct if the text is 100% correct (with formatting/encoding etc) I can't get it to match the digest, as it seems that the pasted text is altered somehow in the pasting. I also noticed that the TAA on the ledger ( https://indyscan.io/tx/sovstaging/config/25265 ) actually starts with an unprintable character.

AthiraSPillai123 (Fri, 06 Mar 2020 14:10:04 GMT):
Hi I have pulled the latest ACA-py code and ran it locally using ./run_demo script when Alice receive invitation from faber using cli, the state shows "requested", even though the connection is already active.(the admin API /connections/receive-invitation also shows the response state=requested) #9 Input faber.py invitation details Invite details: {"@type": "did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/connections/1.0/invitation", "@id": "ed2f330e-da11-497a-bded-049812bb953b", "serviceEndpoint": "http://172.17.0.1:8020", "recipientKeys": ["4 AbqF3q3aP6gS7etJSfdCjST9Dm9irsRGQVSi3j4F9ju"], "label": "Faber Agent"} Invitation response: { "updated_at": "2020-03-05 21:49:47.440534Z", "request_id": "b5c774ed-17ee-4603-b23d-cdcf776acb11", "invitation_key": "4AbqF3q3aP6gS7etJSfdCjST9Dm9irsRGQVSi3j4F9ju", "initiator": "external", "routing_state": "none", "connection_id": "a5aeffb3-c281-4046-9f5a-71f58345dd8e", "created_at": "2020-03-05 21:49:47.412367Z", "my_did": "8AGoTpjPJ4NkGREdGB9caS", "state": "request", "accept": "auto", "invitation_mode": "once", "their_label": "Faber Agent" }

AthiraSPillai123 (Fri, 06 Mar 2020 14:10:04 GMT):
Hi I have pulled the latest ACA-py code and ran it locally using ./run_demo script when Alice receive invitation from faber using cli, the state shows "requested", even though the connection is already active.(the admin API /connections/receive-invitation and /accept_invitation also shows the response state=requested) #9 Input faber.py invitation details Invite details: {"@type": "did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/connections/1.0/invitation", "@id": "ed2f330e-da11-497a-bded-049812bb953b", "serviceEndpoint": "http://172.17.0.1:8020", "recipientKeys": ["4 AbqF3q3aP6gS7etJSfdCjST9Dm9irsRGQVSi3j4F9ju"], "label": "Faber Agent"} Invitation response: { "updated_at": "2020-03-05 21:49:47.440534Z", "request_id": "b5c774ed-17ee-4603-b23d-cdcf776acb11", "invitation_key": "4AbqF3q3aP6gS7etJSfdCjST9Dm9irsRGQVSi3j4F9ju", "initiator": "external", "routing_state": "none", "connection_id": "a5aeffb3-c281-4046-9f5a-71f58345dd8e", "created_at": "2020-03-05 21:49:47.412367Z", "my_did": "8AGoTpjPJ4NkGREdGB9caS", "state": "request", "accept": "auto", "invitation_mode": "once", "their_label": "Faber Agent" } Alice | Connected Connect duration: 0.38s (3) Send Message (4) Input New Invitation (X) Exit? [3/4/X]:

AthiraSPillai123 (Fri, 06 Mar 2020 14:10:04 GMT):
Hi I have pulled the latest ACA-py code and ran it locally using ./run_demo script when Alice receive invitation from faber using cli, the state shows "requested", even though the connection is already active.(the admin API /connections/receive-invitation and /accept_invitation also shows the response state=requested).Am I missing something here? #9 Input faber.py invitation details Invite details: {"@type": "did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/connections/1.0/invitation", "@id": "ed2f330e-da11-497a-bded-049812bb953b", "serviceEndpoint": "http://172.17.0.1:8020", "recipientKeys": ["4 AbqF3q3aP6gS7etJSfdCjST9Dm9irsRGQVSi3j4F9ju"], "label": "Faber Agent"} Invitation response: { "updated_at": "2020-03-05 21:49:47.440534Z", "request_id": "b5c774ed-17ee-4603-b23d-cdcf776acb11", "invitation_key": "4AbqF3q3aP6gS7etJSfdCjST9Dm9irsRGQVSi3j4F9ju", "initiator": "external", "routing_state": "none", "connection_id": "a5aeffb3-c281-4046-9f5a-71f58345dd8e", "created_at": "2020-03-05 21:49:47.412367Z", "my_did": "8AGoTpjPJ4NkGREdGB9caS", "state": "request", "accept": "auto", "invitation_mode": "once", "their_label": "Faber Agent" } Alice | Connected Connect duration: 0.38s (3) Send Message (4) Input New Invitation (X) Exit? [3/4/X]:

swcurran (Fri, 06 Mar 2020 16:15:38 GMT):
Looks good. The reason for the state you are seeing is because at the time the query was done, that was the state. After that, the response came back from Faber and that bumped the state. to become active.

AthiraSPillai123 (Fri, 06 Mar 2020 16:19:09 GMT):
Thank you @swcurran . Just a followup question when I use admin API (/connections/accept_invitation)to accept invitation, the response body expect a state=active or required? earlier I used to see state=active, just wondering if it has to do somethin with my local setup

AthiraSPillai123 (Fri, 06 Mar 2020 16:19:09 GMT):
Thank you @swcurran . Just a followup question when I use admin API (/connections/accept_invitation)to accept invitation, the response body expect a state=active or request? earlier I used to see state=active, just wondering if it has to do somethin with my local setup

dileban (Fri, 06 Mar 2020 17:13:14 GMT):
Has joined the channel.

kthomas (Fri, 06 Mar 2020 22:47:22 GMT):
Pardon my ignorance, I perhaps have missed reading the syntax of constructing a proof request. All the examples I have seen so far uses a numeric value i.e. 'age' what would the predicate look like if I requested to match a string e.g. name=Alice

swcurran (Fri, 06 Mar 2020 23:37:43 GMT):
I believe it should be request, as it is the state as of the moment the "accept_invitation" is run. That action triggers the "request" protocol message to be sent. If you query the connection (GET /connections) the state could be other than that, as additional actions have occurred. With that it is a timing thing.

BrianRichter (Mon, 09 Mar 2020 05:15:16 GMT):
Has joined the channel.

daveek (Mon, 09 Mar 2020 09:24:58 GMT):
Hi.. What Cryptographic Primitives are used in Indy & Aries?

HLFPOC (Mon, 09 Mar 2020 13:00:30 GMT):
Is there any documentation about using the revocation APIs? Wanted to understand the flow of revocation of credentials. Is it integrated with the existing Faber-Alice demo?

dgunseli (Mon, 09 Mar 2020 13:37:22 GMT):
According to issue https://github.com/hyperledger/aries-cloudagent-python/issues/365 we create a context property on outbound/base.py but after our changes, codecov rate decreased for this file. Actually we only added a getter - setter for this changes. Our getter which is really simple gives fail. Can someone help us, why we are getting this error? ` @property def context(self) -> InjectionContext: """Accessor for InjectionContext for any context injection purposes.""" return self._context @context.setter def context(self, conn: InjectionContext): """Assign a new InjectionContext to instance.""" self._context = conn`

dgunseli (Mon, 09 Mar 2020 13:37:22 GMT):
According to issue https://github.com/hyperledger/aries-cloudagent-python/issues/365 we created a context property on tansport/outbound/base.py but after our changes, codecov rate decreased for this file. Actually we only added a getter - setter for this changes. Our getter which is really simple gives fail. Can someone help us, why we are getting this error? ` @property def context(self) -> InjectionContext: """Accessor for InjectionContext for any context injection purposes.""" return self._context @context.setter def context(self, conn: InjectionContext): """Assign a new InjectionContext to instance.""" self._context = conn`

dgunseli (Mon, 09 Mar 2020 13:37:22 GMT):
According to issue https://github.com/hyperledger/aries-cloudagent-python/issues/365 we created a context property on tansport/outbound/base.py but after our changes, codecov rate decreased for this file. Actually we only added a getter - setter for this changes. Our getter which is really simple gives fail. Can someone help us, why we are getting this error? ``` @property def context(self) -> InjectionContext: """Accessor for InjectionContext for any context injection purposes.""" return self._context @context.setter def context(self, conn: InjectionContext): """Assign a new InjectionContext to instance.""" self._context = conn`

swcurran (Mon, 09 Mar 2020 17:08:17 GMT):
Take a look in Ursa. Most are common (e.g. ed25519 curve) are CL-Signatures for the Indy ZKP-based verifiable credentials, and BLS Signatures for Indy ledger read efficiency.

andrew.whitehead (Mon, 09 Mar 2020 17:13:22 GMT):
Codecov will go down because it sees lines that aren't covered by unit tests. The outbound transport instance isn't created with a context and doesn't have a _context property

AthiraSPillai123 (Mon, 09 Mar 2020 18:55:40 GMT):
hi @swcurran is there any documentation for revocation APIs? also I see a limit of 100 for max_creds, is that the maximum value one could use?

swcurran (Mon, 09 Mar 2020 18:58:11 GMT):
I'm not sure yet - I haven't gone through the materials yet. I would think that the Swagger APIs have been updated to include the new API calls related to revocation. I'm sure that while 100 may be the default, it is not the maximum possible. That said, the uses of this version of revocation should be limited to a relatively small number of credentials - e.g. in the 25k-50k. Note that there is no mention of revocation in the Aries protocols.

AthiraSPillai123 (Mon, 09 Mar 2020 20:05:56 GMT):
Thanks @swcurran .I will play around with those APIs to get familiar with registry_def and revocation steps

swcurran (Mon, 09 Mar 2020 21:53:20 GMT):
FYI: Aries Cloud Agent - Python Release 0.4.5 has been tagged and posted to PyPi. Release notes can be found here - https://github.com/hyperledger/aries-cloudagent-python/releases/tag/0.4.5. Includes a fix to the handling of self-attested attributes. And we now have a NOTICES file - the only Linux Foundation required file we were missing from the repo. Code reference documentation has been generated to ReadTheDocs - https://aries-cloud-agent-python.readthedocs.io/en/latest/ NOTE: We have merged the "support anoncreds 1.0 revocation" PR into the master branch and will include that in the next ACA-Py release. Not too much in documentation, but for those interested, check it out! w00t!!

kthomas (Tue, 10 Mar 2020 11:53:40 GMT):
Hi, I am trying to generate a proof request to match a string i.e. name=Alice instead of the current proof requests that contain a condition to check if the 'age' which is a numeric value. Any links to the syntax of constructing proof requests. It seems to break with string values in the predicates. Or perhaps I am doing something wrong.

dbluhm (Tue, 10 Mar 2020 13:30:40 GMT):
An equality predicate is semantically equivalent to revealing the attribute so requesting the name attribute and then checking the value would be the way to do this, I believe

dbluhm (Tue, 10 Mar 2020 13:32:56 GMT):
For revealed attributes, the credential verification process would certify that the issuer attests that the attribute in the credential it issued is accurate and subsequently making sure that value is what they want is left to the verifier

swcurran (Tue, 10 Mar 2020 14:24:49 GMT):
The way to do this is to use the "restrctions" instead of the predicate. In the restrictions, use this form: "attr::::value":

swcurran (Tue, 10 Mar 2020 14:24:55 GMT):
The way to do this is to use the "restrctions" instead of the predicate. In the restrictions, use this form: "attr::::value":

swcurran (Tue, 10 Mar 2020 14:27:36 GMT):
That is used in the WQL (Wallet Query Language) to limit the credentials returned to those that match. That said, since there is not a predicate for this, you would want to have the user display the value since they would not (cryptographically) have to use the restricted credential, and you need to check the result against what you asked for.

swcurran (Tue, 10 Mar 2020 14:32:54 GMT):
A question from @mirgee about the revocation support in ACA-Py: Is there a way to perform revocation of a batch of multiple credentials?

kthomas (Tue, 10 Mar 2020 15:06:13 GMT):
Thanks a million @swcurran, it works when I put in under "restrictions". Thanks a lot to @dbluhm, really appreciate you taking the time to help me.

swcurran (Tue, 10 Mar 2020 21:07:04 GMT):
FYI - I added a new issue to ACA-Py about handling minor protocol versions in standard ways - e.g. ignoring unrecognized fields etc. Check it out. https://github.com/hyperledger/aries-cloudagent-python/issues/409

swcurran (Tue, 10 Mar 2020 21:37:45 GMT):
FYI - And another issue posted - adding support in ACA-Py for separating out the revocation of a credential from the update to the revocation registry to enable bulk revocation. https://github.com/hyperledger/aries-cloudagent-python/issues/410

dbluhm (Wed, 11 Mar 2020 15:59:54 GMT):
@andrew.whitehead small fix for IndyLedger where raised indy errors were not being properly wrapped in LedgerError: https://github.com/hyperledger/aries-cloudagent-python/pull/412

andrew.whitehead (Wed, 11 Mar 2020 17:00:06 GMT):
I think that's already a part of my pending PR

dbluhm (Wed, 11 Mar 2020 17:00:18 GMT):
Ah, nice

dbluhm (Wed, 11 Mar 2020 17:00:30 GMT):
Didn't think to check in pending PRs :slightly_smiling_face:

andrew.whitehead (Wed, 11 Mar 2020 17:00:42 GMT):
#406

dbluhm (Wed, 11 Mar 2020 17:01:51 GMT):
Yep, you're right. Thanks for pointing that out!

swcurran (Wed, 11 Mar 2020 18:22:15 GMT):
Great minds...

victor.martinez (Thu, 12 Mar 2020 07:53:52 GMT):
Hi, quick question . Does aca-py supports connectionless proof presentations ?

swcurran (Thu, 12 Mar 2020 15:17:29 GMT):
Yes. You can see an example of this here: https://github.com/bcgov/vc-authn-oidc/blob/master/demo/Running-In-Play-With-Docker.md

victor.martinez (Thu, 12 Mar 2020 20:04:52 GMT):
thanks @swcurran

kthomas (Thu, 12 Mar 2020 20:58:20 GMT):
Hello everyone, I'd appreciate your help, I am not sure why I am getting this error when I feel I have followed the guidance from the tutorial. I am able to issue a credential, in this case a 'birth record' which has the schema ```{ "schema_version": "3.0", "schema_name": "birth-record", "attributes": [ "nhsno", "mothername", "dateofbirth", "timeofbirth", ``` "sex", "weight" ] }

kthomas (Thu, 12 Mar 2020 21:07:50 GMT):
Hello everyone, I'd appreciate your help, I am not sure where I am going wrong. I am able to issue a credential to ALICE and I can see it is stored, but unable to send a proof request. Thank you so much for your help. ===schema (FABER)=== { "schema_version": "3.0", "schema_name": "birth-record", "attributes": [ "nhsno", "mothername", "dateofbirth", "timeofbirth", "sex", "weight" ] } ======Credential Issued by FABER to ALICE==== { "auto_issue": true, "connection_id": "2864d30a-f151-4993-99c1-b7aa5cbdf8e3", "credential_preview": { "@type": "did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/issue-credential/1.0/credential-preview", "attributes": [ {"name":"nhsno","value":"12345"}, {"name":"mothername","value":"Alisha Patel"}, {"name":"dateofbirth","value":"01-01-2000"}, {"name":"timeofbirth","value":"22-30"}, {"name":"sex","value":"Female"}, {"name":"weight","value":"3.150kgs"} ] }, "comment": "string", "cred_def_id": "DPJ8UeB6CvMvhhwobscZeq:3:CL:12:default" } ======== Proof request from ACME to ALICE ======= { "connection_id": "3c780456-1628-4175-b287-cd0073726ee3", "proof_request": { "name": "Proof of birth", "version": "2.0", "requested_attributes": { "0_mothername_uuid": { "name": "mothername", "restrictions": [ { "cred_def_id": "DPJ8UeB6CvMvhhwobscZeq:3:CL:12:default" } ] }, "0_dateofbirth_uuid": { "name": "dateofbirth", "restrictions": [ { "cred_def_id": "DPJ8UeB6CvMvhhwobscZeq:3:CL:12:default" } ] }, "0_timeofbirth_uuid": { "name": "timeofbirth", "restrictions": [ { "cred_def_id": "DPJ8UeB6CvMvhhwobscZeq:3:CL:12:default" } ] }, "0_weight_uuid": { "name": "weight", "restrictions": [ { "cred_def_id": "DPJ8UeB6CvMvhhwobscZeq:3:CL:12:default" } ] }, "0_sex_uuid": { "name": "sex", "restrictions": [ { "cred_def_id": "DPJ8UeB6CvMvhhwobscZeq:3:CL:12:default" } ] }, "0_self_attested_thing_uuid": { "mothername": "self_attested_thing" } }, "requested_predicates": { "0_nhsno_GE_uuid": { "name": "nhsno", "p_type": ">=", "p_value": 12345, "restrictions": [ { "cred_def_id": "DPJ8UeB6CvMvhhwobscZeq:3:CL:12:default" } ] } } } } ======= Error from ALICE Agent ====== Traceback (most recent call last): File "/home/indy/aries_cloudagent/protocols/present_proof/v1_0/routes.py", line 359, in presentation_exchange_credentials_list extra_query, File "/home/indy/aries_cloudagent/holder/indy.py", line 173, in get_credentials_for_presentation_request_by_referent json.dumps(extra_query), File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/indy/anoncreds.py", line 1325, in prover_search_credentials_for_proof_req prover_search_credentials_for_proof_req.cb) indy.error.CommonInvalidStructure 2020-03-12 20:47:42,162 aiohttp.server ERROR Error handling request Traceback (most recent call last): File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aiohttp/web_protocol.py", line 418, in start resp = await task File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aiohttp/web_app.py", line 458, in _handle resp = await handler(request) File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aiohttp/web_middlewares.py", line 119, in impl return await handler(request) File "/home/indy/aries_cloudagent/admin/server.py", line 187, in apply_limiter return await task File "/home/indy/aries_cloudagent/protocols/present_proof/v1_0/routes.py", line 359, in presentation_exchange_credentials_list extra_query, File "/home/indy/aries_cloudagent/holder/indy.py", line 173, in get_credentials_for_presentation_request_by_referent json.dumps(extra_query), File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/indy/anoncreds.py", line 1325, in prover_search_credentials_for_proof_req prover_search_credentials_for_proof_req.cb) indy.error.CommonInvalidStructure

kthomas (Thu, 12 Mar 2020 21:11:17 GMT):
Hello everyone, I'd appreciate your help, I am not sure where I am going wrong. I am able to issue a credential to ALICE and I can see it is stored, but unable to send a proof request. Thank you so much for your help. ``` ===schema (FABER)=== { "schema_version": "3.0", "schema_name": "birth-record", "attributes": [ "nhsno", "mothername", "dateofbirth", "timeofbirth", "sex", "weight" ] } ======Credential Issued by FABER to ALICE==== { "auto_issue": true, "connection_id": "2864d30a-f151-4993-99c1-b7aa5cbdf8e3", "credential_preview": { "@type": "did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/issue-credential/1.0/credential-preview", "attributes": [ {"name":"nhsno","value":"12345"}, {"name":"mothername","value":"Alisha Patel"}, {"name":"dateofbirth","value":"01-01-2000"}, {"name":"timeofbirth","value":"22-30"}, {"name":"sex","value":"Female"}, {"name":"weight","value":"3.150kgs"} ] }, "comment": "string", "cred_def_id": "DPJ8UeB6CvMvhhwobscZeq:3:CL:12:default" } ======== Proof request from ACME to ALICE ======= { "connection_id": "3c780456-1628-4175-b287-cd0073726ee3", "proof_request": { "name": "Proof of birth", "version": "2.0", "requested_attributes": { "0_mothername_uuid": { "name": "mothername", "restrictions": [ { "cred_def_id": "DPJ8UeB6CvMvhhwobscZeq:3:CL:12:default" } ] }, "0_dateofbirth_uuid": { "name": "dateofbirth", "restrictions": [ { "cred_def_id": "DPJ8UeB6CvMvhhwobscZeq:3:CL:12:default" } ] }, "0_timeofbirth_uuid": { "name": "timeofbirth", "restrictions": [ { "cred_def_id": "DPJ8UeB6CvMvhhwobscZeq:3:CL:12:default" } ] }, "0_weight_uuid": { "name": "weight", "restrictions": [ { "cred_def_id": "DPJ8UeB6CvMvhhwobscZeq:3:CL:12:default" } ] }, "0_sex_uuid": { "name": "sex", "restrictions": [ { "cred_def_id": "DPJ8UeB6CvMvhhwobscZeq:3:CL:12:default" } ] }, "0_self_attested_thing_uuid": { "mothername": "self_attested_thing" } }, "requested_predicates": { "0_nhsno_GE_uuid": { "name": "nhsno", "p_type": ">=", "p_value": 12345, "restrictions": [ { "cred_def_id": "DPJ8UeB6CvMvhhwobscZeq:3:CL:12:default" } ] } } } } ======= Error from ALICE Agent ====== Traceback (most recent call last): File "/home/indy/aries_cloudagent/protocols/present_proof/v1_0/routes.py", line 359, in presentation_exchange_credentials_list extra_query, File "/home/indy/aries_cloudagent/holder/indy.py", line 173, in get_credentials_for_presentation_request_by_referent json.dumps(extra_query), File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/indy/anoncreds.py", line 1325, in prover_search_credentials_for_proof_req prover_search_credentials_for_proof_req.cb) indy.error.CommonInvalidStructure 2020-03-12 20:47:42,162 aiohttp.server ERROR Error handling request Traceback (most recent call last): File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aiohttp/web_protocol.py", line 418, in start resp = await task File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aiohttp/web_app.py", line 458, in _handle resp = await handler(request) File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aiohttp/web_middlewares.py", line 119, in impl return await handler(request) File "/home/indy/aries_cloudagent/admin/server.py", line 187, in apply_limiter return await task File "/home/indy/aries_cloudagent/protocols/present_proof/v1_0/routes.py", line 359, in presentation_exchange_credentials_list extra_query, File "/home/indy/aries_cloudagent/holder/indy.py", line 173, in get_credentials_for_presentation_request_by_referent json.dumps(extra_query), File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/indy/anoncreds.py", line 1325, in prover_search_credentials_for_proof_req prover_search_credentials_for_proof_req.cb) indy.error.CommonInvalidStructure ```

dbluhm (Thu, 12 Mar 2020 21:14:26 GMT):
Adding `--log-level DEBUG` to your startup script usually helps a lot with libindy errors in my experience. It dumps a whole lot of information but more error information is often included in there.

kthomas (Thu, 12 Mar 2020 21:21:12 GMT):
Thanks @dbluhm , yes will switch on and try again. Thank you.

kthomas (Thu, 12 Mar 2020 23:34:10 GMT):
Hi @dbluhm , the logs indicate that there is a field "missing", I can't understand why it is looking for 'name' field when my schema doesn't have a 'name' field. The only piece that I borrowed from the example and that I kept the same is ```@type": "did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/issue-credential/1.0/credential-preview"``` in the credential preview. The logs are below: ```2020-03-12 23:03:22,481 indy.anoncreds DEBUG prover_search_credentials_for_proof_req: Creating callback 23:03:22,481 indy.libindy DEBUG create_cb: >>> cb_type: .CFunctionType'> 23:03:22,481 indy.libindy DEBUG create_cb: <<< res: 23:03:22,481 indy.libindy DEBUG do_call: >>> name: indy_prover_search_credentials_for_proof_req, args: (c_int(3), c_char_p(94776283579680), c_char_p(140263385467432), ) 23:03:22,481 indy.libindy DEBUG do_call: Function indy_prover_search_credentials_for_proof_req returned err: 113 23:03:22,485 indy.libindy WARNING _do_call: Function indy_prover_search_credentials_for_proof_req returned error 113 23:03:22,485 indy.libindy DEBUG _get_error_details: >>> 23:03:22,485 indy.libindy DEBUG _get_error_details: <<< error_details: {'backtrace': '', 'message': 'Error: Invalid structure\n Caused by: Invalid ProofRequest json has been passed\n Caused by: missing field `name` at line 1 column 729\n'} 23:03:22,498 indy.libindy DEBUG do_call: <<< 23:03:22,498 aries_cloudagent.core.dispatcher ERROR Handler error: presentation_exchange_credentials_list Traceback (most recent call last): File "/home/indy/aries_cloudagent/protocols/present_proof/v1_0/routes.py", line 359, in presentation_exchange_credentials_list extra_query, File "/home/indy/aries_cloudagent/holder/indy.py", line 173, in get_credentials_for_presentation_request_by_referent json.dumps(extra_query), File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/indy/anoncreds.py", line 1325, in prover_search_credentials_for_proof_req prover_search_credentials_for_proof_req.cb) indy.error.CommonInvalidStructure 23:03:22,532 aiohttp.server ERROR Error handling request Traceback (most recent call last): File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aiohttp/web_protocol.py", line 418, in start resp = await task File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aiohttp/web_app.py", line 458, in _handle resp = await handler(request) File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aiohttp/web_middlewares.py", line 119, in impl return await handler(request) File "/home/indy/aries_cloudagent/admin/server.py", line 187, in apply_limiter return await task File "/home/indy/aries_cloudagent/protocols/present_proof/v1_0/routes.py", line 359, in presentation_exchange_credentials_list extra_query, File "/home/indy/aries_cloudagent/holder/indy.py", line 173, in get_credentials_for_presentation_request_by_referent json.dumps(extra_query), File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/indy/anoncreds.py", line 1325, in prover_search_credentials_for_proof_req prover_search_credentials_for_proof_req.cb) indy.error.CommonInvalidStructure 23:03:22,651 aiohttp.access INFO 172.17.0.1 [12/Mar/2020:23:03:22 +0000] "GET /present-proof/records/cd983762-f185-47ee-a3ef-11b8198e93f6/credentials HTTP/1.1" 500 244 "-" "Python/3.6 aiohttp/3.5.4" indy.non_secrets DEBUG open_wallet_search: >>> wallet_handle: 3, type_: 'presentation_exchange_v10', query_json: '{}', options_json: '{"retrieveRecords": true, "retrieveTotalCount": false, "retrieveType": false, "retrieveValue": true, "retrieveTags": false}'```

swcurran (Thu, 12 Mar 2020 23:48:07 GMT):
I think the format of your presentation request is not right. Here is one that I know is valid: https://github.com/bcgov/vc-authn-oidc/blob/master/demo/presentationRequest.json It looks to be structurally different from yours.

swcurran (Thu, 12 Mar 2020 23:48:40 GMT):
I'm not certain of that, but it looks suspicious to me.

kthomas (Fri, 13 Mar 2020 10:08:54 GMT):
Thanks @swcurran, I have followed the structure provided in the OpenAPI Demo. https://github.com/hyperledger/aries-cloudagent-python/blob/master/demo/AriesOpenAPIDemo.md#using-the-openapiswagger-user-interface

kthomas (Fri, 13 Mar 2020 10:10:23 GMT):
Thanks @swcurran, I have followed the structure provided in the OpenAPI Demo. https://github.com/hyperledger/aries-cloudagent-python/blob/master/demo/AriesOpenAPIDemo.md#using-the-openapiswagger-user-interface

sklump (Fri, 13 Mar 2020 11:45:12 GMT):
Your version is 2.0 but your restrictions are unqualified: take the version out and see what happens? It ought to default to 1.0.

sklump (Fri, 13 Mar 2020 11:45:12 GMT):
Your version is `"2.0"` but your restrictions are unqualified: take try `"1.0"`?

sklump (Fri, 13 Mar 2020 11:45:12 GMT):
Your version is `"2.0"` but your restrictions are unqualified: try `"1.0"`?

sklump (Fri, 13 Mar 2020 11:45:12 GMT):
Your version is `"2.0"` but your restrictions are unqualified: try `"1.0"`? You're also missing the nonce.

sheru (Fri, 13 Mar 2020 11:51:25 GMT):
Hey everyone, I am curious if there is a way to know "who issued the credential to the holder agent"?

kthomas (Fri, 13 Mar 2020 12:21:04 GMT):
Thanks @sklump , I followed the instructions on https://github.com/hyperledger/aries-cloudagent-python/blob/master/demo/AriesOpenAPIDemo.md#using-the-openapiswagger-user-interface, it doesn't have a nounce in the proof-request pasted there. Isn't the field 'version' for our reference or does it matter for the proof? This format works perfectly for the Faber-Alice-Acme demo but it doesn't work on custom schema/credentail. I feel I am missing a step somewhere which is perhaps not documented.

kthomas (Fri, 13 Mar 2020 12:21:04 GMT):
Thanks @sklump , I followed the instructions on https://github.com/hyperledger/aries-cloudagent-python/blob/master/demo/AriesOpenAPIDemo.md#using-the-openapiswagger-user-interface, it doesn't have a nounce in the proof-request pasted there. Isn't the field 'version' for our reference or does it matter for the proof? This format works perfectly for the Faber-Alice-Acme demo but it doesn't work on custom schema/credential. I feel I am missing a step somewhere which is perhaps not documented.

kthomas (Fri, 13 Mar 2020 12:24:43 GMT):
Its also confusing that there are several "versions" of the proof, one on the demo and one on the OpenAPI examples, not sure which to follow.

kthomas (Fri, 13 Mar 2020 12:24:43 GMT):
Its also confusing that there are several versions of the proof, one on the demo and one on the OpenAPI examples, not sure which to follow.

sklump (Fri, 13 Mar 2020 13:34:23 GMT):
... you're right, the operation fills in the nonce if not present - but I still think the version is significant and the instructions have 1.0.

sklump (Fri, 13 Mar 2020 13:37:08 GMT):
The version tells indy-sdk whether identifiers are qualified (e.g., "did:sov:WgWxqztrNooG92RXvxSTWv:3:CL:17:tag" instead of "WgWxqztrNooG92RXvxSTWv:3:CL:17:tag")

sklump (Fri, 13 Mar 2020 13:37:38 GMT):
The version tells indy-sdk whether identifiers are qualified (e.g., "did:sov:WgWxqztrNooG92RXvxSTWv:3:CL:17:tag" instead of "WgWxqztrNooG92RXvxSTWv:3:CL:17:tag")

sklump (Fri, 13 Mar 2020 13:37:38 GMT):
The version tells indy-sdk whether identifiers are qualified (2.0 for qualified, 1.0 for unqualified; e.g., "did:sov:WgWxqztrNooG92RXvxSTWv:3:CL:17:tag" instead of "WgWxqztrNooG92RXvxSTWv:3:CL:17:tag")

sklump (Fri, 13 Mar 2020 13:37:42 GMT):
The version tells indy-sdk whether identifiers are qualified (e.g., "did:sov:WgWxqztrNooG92RXvxSTWv:3:CL:17:tag" instead of "WgWxqztrNooG92RXvxSTWv:3:CL:17:tag")

swcurran (Fri, 13 Mar 2020 13:50:21 GMT):
@ianco ^^^ Anything we need to change?

kthomas (Fri, 13 Mar 2020 13:54:05 GMT):
Thanks a lot @sklump , I try what as you have advised.

kthomas (Fri, 13 Mar 2020 13:54:48 GMT):
I have now downloaded the latest version of the cloudagent and I am going through it again.

swcurran (Fri, 13 Mar 2020 13:55:51 GMT):
The proof contains the Credential Definition that was used for each claim. From the credential definition, the verifier knows the DID of the Issuer. Often the DIDs will be well known (e.g. the verifier will hard code the values they will accept in their agent) and the it's just a check. In a dynamic situation, the verifier may have to do some investigation to find if they trust the issuer and accept the cache.

kthomas (Fri, 13 Mar 2020 15:48:53 GMT):
Hi @swcurran, I am finding loads of issues with the updated documentation on https://github.com/hyperledger/aries-cloudagent-python/blob/master/demo/AriesOpenAPIDemo.md#using-the-openapiswagger-user-interface, whom do it pass it on to? Thank you. BTW I can help with documentation if needed.

kthomas (Fri, 13 Mar 2020 15:51:19 GMT):
For example, issuing of credentials doesn't work if we followed the steps.

swcurran (Fri, 13 Mar 2020 15:53:01 GMT):
Either PR or just send me the notes would be great -- whatever is easier for you. We want the input ASAP. We'll do a pass through it and clean it up. Appreciate the feedback!

swcurran (Fri, 13 Mar 2020 15:56:47 GMT):
We need a separate doc on presentation requests.

swcurran (Fri, 13 Mar 2020 15:59:44 GMT):
Love to have your example once you have it working.

andrew.whitehead (Fri, 13 Mar 2020 16:01:43 GMT):
` "0_self_attested_thing_uuid": { "mothername": "self_attested_thing" } },` is invalid - it should be a block with a `name` and no `restrictions`

andrew.whitehead (Fri, 13 Mar 2020 16:01:43 GMT):
``` "0_self_attested_thing_uuid": { "mothername": "self_attested_thing" } },``` is invalid - it should be a block with a `name` and no `restrictions`

victor.martinez (Fri, 13 Mar 2020 16:19:05 GMT):
Hello, I've issued a credential with aca-py. I got the credential offer in my mobile wallet (streetCred walle) , once I've acceptd the credential I got this error in aca-py. Any ideas why ?

victor.martinez (Fri, 13 Mar 2020 16:19:05 GMT):
Hello, I've issued a credential with aca-py. I got the credential offer in my mobile wallet (streetCred wallet) , once I've accepted the credential I got this error back in aca-py. Any ideas why I'm getting this error ?

victor.martinez (Fri, 13 Mar 2020 16:19:08 GMT):
2020-03-13 16:03:35,821 aries_cloudagent.core.conductor ERROR Exception in message handler: Traceback (most recent call last): File "/home/indy/aries_cloudagent/issuer/indy.py", line 87, in create_credential credential_value = credential_values[attribute] KeyError: 'imagehash' During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/home/indy/aries_cloudagent/core/dispatcher.py", line 169, in handle_message await handler(context, responder) File "/home/indy/aries_cloudagent/protocols/issue_credential/v1_0/handlers/credential_request_handler.py", line 54, in handle cred_exchange_rec.credential_proposal_dict File "/home/indy/aries_cloudagent/protocols/issue_credential/v1_0/manager.py", line 518, in issue_credential tails_reader, File "/home/indy/aries_cloudagent/issuer/indy.py", line 91, in create_credential + f"for the schema attribute '{attribute}'" aries_cloudagent.issuer.indy.IssuerError: Provided credential values are missing a value for the schema attribute 'imagehash' 2020-03-13 16:03:35,823 aries_cloudagent.core.dispatcher ERROR Handler error: Dispatcher.handle_message Traceback (most recent call last): File "/home/indy/aries_cloudagent/issuer/indy.py", line 87, in create_credential credential_value = credential_values[attribute] KeyError: 'imagehash'

andrew.whitehead (Fri, 13 Mar 2020 16:25:40 GMT):
What methods are you using exactly?

victor.martinez (Fri, 13 Mar 2020 16:27:37 GMT):
I'm issuing the credential with the endpoint /issue-credential/send

victor.martinez (Fri, 13 Mar 2020 16:28:38 GMT):
my aca-py agent is started with --auto-respond-credential-request

andrew.whitehead (Fri, 13 Mar 2020 16:29:04 GMT):
And does the payload have credential values with 'imagehash'?

victor.martinez (Fri, 13 Mar 2020 16:30:03 GMT):
yes, all the values are displayed correctly in the wallet when accepting the credencial offer (including the imagehash)

victor.martinez (Fri, 13 Mar 2020 16:30:03 GMT):
yes, all the values are displayed correctl in the wallet when accepting the credencial offer

victor.martinez (Fri, 13 Mar 2020 16:30:03 GMT):
yes, all the values are displayed correctly in the wallet when accepting the credencial offer

victor.martinez (Fri, 13 Mar 2020 16:33:10 GMT):
you can find the credential definition here transacction #4475 http://test.bcovrin.vonx.io/browse/domain?page=2&query=3avoBCqDMFHFaKUHug9s8W&txn_type=

andrew.whitehead (Fri, 13 Mar 2020 16:37:53 GMT):
That looks fine but it seems like something is wrong with the credential values submitted to /send. What version of aca-py are you using?

victor.martinez (Fri, 13 Mar 2020 16:49:43 GMT):
Latest for develop branch

victor.martinez (Fri, 13 Mar 2020 16:49:43 GMT):
Latest of develop branch

swcurran (Fri, 13 Mar 2020 16:56:02 GMT):
FYI - we are removing the 0.1 versions of the credential exchange (issue, presentation) APIs from ACA-Py. These were deprecated quite awhile ago when the Credential Exchange 1.0 (RFCs 0036 and 0037) were added. This will be part of the next release, which will be numbered 0.5.0.

kthomas (Fri, 13 Mar 2020 17:17:46 GMT):
Thanks a ton @andrew.whitehead, I will fix this now and try again.

victor.martinez (Sat, 14 Mar 2020 16:50:37 GMT):
Hi everyone, I'm trying to point my aca-py to sovrin Staging Net. I'm don't know how to use the /ledger/taa/accept endpoint to accept the TAA. So far when I send a NYM registration to the ledger I'm getting this error ``` `Ledger rejected transaction request: client request invalid: InvalidClientTaaAcceptanceError('Incorrect Txn Author Agreement(digest=e1ae5e99eaa17627d943c295e14e343e8acac0485896d45f38c4943ef5260ab2) in the request',) ` ```

victor.martinez (Sat, 14 Mar 2020 16:50:37 GMT):
Hi everyone, I'm trying to point my aca-py to sovrin Staging Net. I'm not how to use /ledger/taa/accept endpoint to accept the TAA. So far when I send a NYM registration to the ledger I'm getting this error ``` `Ledger rejected transaction request: client request invalid: InvalidClientTaaAcceptanceError('Incorrect Txn Author Agreement(digest=e1ae5e99eaa17627d943c295e14e343e8acac0485896d45f38c4943ef5260ab2) in the request',) ` ```

swcurran (Sat, 14 Mar 2020 19:33:53 GMT):
@andrew.whitehead ^^ Can you help, and we'll get this documented and added to the repo?

andrew.whitehead (Sun, 15 Mar 2020 16:57:24 GMT):
It seems like you have accepted the TAA but the ledger doesn't like digest of it?

swcurran (Sun, 15 Mar 2020 18:55:10 GMT):
What does that mean? What is the digest?

andrew.whitehead (Sun, 15 Mar 2020 19:07:00 GMT):
It’s calculated from the combination of the text and version, which has to match what’s on the ledger

victor.martinez (Sun, 15 Mar 2020 19:08:37 GMT):
Yes most probably I ejecuted the Accept TAA endpoint without paying attention to the payload. What are the values expected in the payload ?

andrew.whitehead (Sun, 15 Mar 2020 19:09:29 GMT):
It must be constructed from the values you get by retrieving the current TAA

andrew.whitehead (Sun, 15 Mar 2020 19:09:50 GMT):
There’s a GET request for that

victor.martinez (Sun, 15 Mar 2020 19:11:30 GMT):
Yes I ejecuted as well the endpoint for gettinng the TAA info but not sure what values should I map into the the acceptance end point

andrew.whitehead (Sun, 15 Mar 2020 19:11:58 GMT):
I think you just copy over the text and the version

victor.martinez (Sun, 15 Mar 2020 19:12:59 GMT):
Thanks I'll try it then

kthomas (Sun, 15 Mar 2020 23:12:10 GMT):
Thanks a lot @andrew.whitehead , you saved me a lot of pain :-) The presentation request works now. @swcurran - I was able to get the OpenAPI demo working from end-to-end (but the revocation part still needs some attention). I will share the poc I am working on, once it is ready. I found a few more issues on the documentation, which I will send end of business tomorrow (London time). Thanks a lot for your kind support, really appreciate it.

swcurran (Sun, 15 Mar 2020 23:21:20 GMT):
I'm most of the way cleaning up what I can. I've got the issue working (likely a change in the revocation PR that broke that), but am now having a problem with the proof. But it's better :-)

ssinew (Mon, 16 Mar 2020 01:44:56 GMT):
Has joined the channel.

ssinew (Mon, 16 Mar 2020 01:44:57 GMT):
Hi, im new in SSI but i need to do a PoC and I cant do the example about Alice in my virtual machine. I saw the tutorial with indy but I couldn't do it either. the links is it: https://github.com/hyperledger/indy-sdk/blob/master/docs/getting-started/indy-walkthrough.md

ssinew (Mon, 16 Mar 2020 01:48:06 GMT):
I have to do a job for the university and I would like to show that this works and if possible explain the content of did documnentos did or SSI issues, as much as possible through a local network through a virtual machine. What do you think? Thank you!!

swcurran (Mon, 16 Mar 2020 02:12:56 GMT):
In Aries Cloud Agent Python (ACA-Py), you can follow the examples in the /demo folder. You can follow the guidance here: https://github.com/hyperledger/aries-cloudagent-python/blob/master/docs/GettingStartedAriesDev/README.md That is a cut down version of this Linux Foundation, edX course that is available here: https://www.edx.org/course/becoming-a-hyperledger-aries-developer The easiest demo is the simple Alice Faber example in ACA-Py.

sukalpomitra (Mon, 16 Mar 2020 03:07:28 GMT):
Hi All, for the flow- https://github.com/hyperledger/aries-cloudagent-python/blob/master/demo/AriesOpenAPIDemo-mobile.md

sukalpomitra (Mon, 16 Mar 2020 03:07:38 GMT):
how do I go to the faber console?

sukalpomitra (Mon, 16 Mar 2020 03:08:28 GMT):
Also in the doc, I had to do a git init before I could add and push the tails files to my repo - maybe we need a little correction there

sukalpomitra (Mon, 16 Mar 2020 03:10:27 GMT):
I want to issuea. credential to the mobile agent. I am using "Play with docker"

sukalpomitra (Mon, 16 Mar 2020 15:46:11 GMT):

Screenshot 2020-03-16 at 11.44.15 PM.png

sukalpomitra (Mon, 16 Mar 2020 15:46:18 GMT):
Guys I am stuck here. I dont know, how to start the faber console

swcurran (Mon, 16 Mar 2020 15:50:59 GMT):
Try running without the --events option. The console is just a prompt.

ianco (Mon, 16 Mar 2020 15:53:29 GMT):
It's hung on the connection status

ianco (Mon, 16 Mar 2020 15:53:35 GMT):
... waiting to go active

sheldon.regular (Mon, 16 Mar 2020 19:37:19 GMT):
aries protocol test suite

biligunb (Tue, 17 Mar 2020 06:52:03 GMT):
goto 8021, 8031 ports. They are already started

HLFPOC (Tue, 17 Mar 2020 06:57:16 GMT):
Is this demo (https://github.com/hyperledger/aries-cloudagent-python/blob/master/demo/AriesOpenAPIDemo-mobile.md) compatible with OSMA app? After scanning the invitation QR code from the app, connection state was in `request` mode and after sending the `trust-ping` from the web agent, got below error on the agent console : Faber | 2020-03-17 05:10:27,386 aries_cloudagent.core.dispatcher ERROR Handler error: ConnectionManager.get_connection_targets Faber | Traceback (most recent call last): Faber | File "/home/indy/aries_cloudagent/protocols/connections/manager.py", line 949, in get_connection_targets Faber | targets = await self.fetch_connection_targets(connection) Faber | File "/home/indy/aries_cloudagent/protocols/connections/manager.py", line 1016, in fetch_connection_targets Faber | did_doc, my_info.verkey, connection.their_label Faber | File "/home/indy/aries_cloudagent/protocols/connections/manager.py", line 1037, in diddoc_connection_targets Faber | raise ConnectionManagerError("No services defined by DIDDoc") Faber | aries_cloudagent.protocols.connections.manager.ConnectionManagerError: No services defined by DIDDoc Faber | 2020-03-17 05:10:27,388 aries_cloudagent.core.conductor ERROR Error preparing outbound message for transmission Faber | Traceback (most recent call last): Faber | File "/home/indy/aries_cloudagent/core/conductor.py", line 330, in queue_outbound Faber | mgr.get_connection_targets(connection_id=outbound.connection_id) Faber | File "/home/indy/aries_cloudagent/protocols/connections/manager.py", line 949, in get_connection_targets Faber | targets = await self.fetch_connection_targets(connection) Faber | File "/home/indy/aries_cloudagent/protocols/connections/manager.py", line 1016, in fetch_connection_targets Faber | did_doc, my_info.verkey, connection.their_label Faber | File "/home/indy/aries_cloudagent/protocols/connections/manager.py", line 1037, in diddoc_connection_targets Faber | raise ConnectionManagerError("No services defined by DIDDoc") Faber | aries_cloudagent.protocols.connections.manager.ConnectionManagerError: No services defined by DIDDoc

andrew.whitehead (Tue, 17 Mar 2020 07:03:32 GMT):
It should be compatible, but the OSMA agent doesn’t have a persistent endpoint and is using return routing to get responses back, so you can’t just deliver it a message. You might need to enable automatic connection responses to get the connection established

HLFPOC (Tue, 17 Mar 2020 07:09:29 GMT):
Any reference on how to implement this ?

sukalpomitra (Tue, 17 Mar 2020 17:47:46 GMT):
@HLFPOC I am working on the integration currently

HLFPOC (Tue, 17 Mar 2020 17:54:52 GMT):
thanks for the update @sukalpomitra . Let me know if I can contribute to speed up the integration

swcurran (Tue, 17 Mar 2020 23:05:45 GMT):
An ACA-Py User Group meeting is planned for tomorrow, 11AM Pacific, 7PM CET, covering the recent merging of the revocation branch, an initial discussion of what might go in AIP 1.Next and more. We'll even cover some help wanted issues, in case you want to get involved at the code level. Please join us: https://wiki.hyperledger.org/display/ARIES/2020-03-18+Aries+Cloud+Agent+-+Python+Users+Group+Community+Meeting

FarrandTom (Wed, 18 Mar 2020 08:33:18 GMT):
Has joined the channel.

sukalpomitra (Wed, 18 Mar 2020 13:10:23 GMT):
Hello All - I am trying to integrate OSMA with Aries OpenAPI Mobile Dem

sukalpomitra (Wed, 18 Mar 2020 13:10:40 GMT):
I have reached a point where OSMA has received the. proof request

sukalpomitra (Wed, 18 Mar 2020 13:11:41 GMT):
It is then crashing at the point where it is trying to create the prrof json by calling AnonCreds.ProverCreateProofAsync. This is a indy sdk call - https://github.com/hyperledger/indy-sdk/blob/master/wrappers/dotnet/indy-sdk-dotnet/AnonCredsApi/AnonCreds.cs#L323

sukalpomitra (Wed, 18 Mar 2020 13:12:26 GMT):
It is giving a InvalidStructureException - ```Hyperledger.Indy.InvalidStructureException: A value being processed is not valid.```

sukalpomitra (Wed, 18 Mar 2020 13:12:36 GMT):
Can anyone help as to why I am getting this?

swcurran (Wed, 18 Mar 2020 13:22:23 GMT):
To confirm - in doing this, you are using revocation, correct? It might be worth running the sequence with revocation off, just to confirm you can (no --revocation in the startup option). Also, are you able to see the data structures passed to that function?

sukalpomitra (Wed, 18 Mar 2020 16:19:58 GMT):
Yes I am using revo. Cool I will turn it off and try once. And yes I can see the data structures passed

swcurran (Wed, 18 Mar 2020 16:34:54 GMT):
Cool

victor.martinez (Wed, 18 Mar 2020 17:01:47 GMT):
Hello, it is possible in aca-py to store key - values in the wallet ?

swcurran (Wed, 18 Mar 2020 17:19:50 GMT):
Not sure what you mean, could you expand? ACA-Py does store key values in the wallet -- related to DIDs and Cred Defs. ACA-Py also uses "non-secrets storage" to store "other stuff" in the wallet that is needed to run protocols. In general though, if it is arbitrary data, we would tend to think the controller ought to store it outside the wallet.

swcurran (Wed, 18 Mar 2020 17:54:23 GMT):
An ACA-Py User Group meeting starts in 6 minutes. Join us! Please join us: https://wiki.hyperledger.org/display/ARIES/2020-03-18+Aries+Cloud+Agent+-+Python+Users+Group+Community+Meeting

andrew.whitehead (Wed, 18 Mar 2020 18:01:53 GMT):
https://zoom.us/j/900111661 is the meeting link

victor.martinez (Wed, 18 Mar 2020 19:13:54 GMT):
Apologies @swcurran . Yes, what I ment was if aca-py store key values in the wallet as no- secrets data. Is this functionality expose via routes ?

swcurran (Wed, 18 Mar 2020 19:39:36 GMT):
Just checked the ACA-Py API and there is not one. It would (IMHO) go in /wallet section of the API. I'd also like to get rid of that name "wallet". But that's a separate issue.

athulramesh (Thu, 19 Mar 2020 06:50:59 GMT):
Has joined the channel.

ayushmanss (Thu, 19 Mar 2020 21:40:23 GMT):
are there routing agent implementation using python cloud agent? Will be better if I have some reference implementation

swcurran (Fri, 20 Mar 2020 00:06:07 GMT):
There are several mediator implementations available/being built. Unfortunately, I don't have direct experience with them, or how to tell you how to get them. Several people in the community ( @sukalpomitra @dgunseli @ajayjadhav ) are building/have built mediators -- the plan I think is to get those into repos in Hyperledger. The aries-framework-go folks say they have a package that includes one, but I'm not sure what it includes. They are out there! We just have to make them easy to get and deploy -- good docs, tutorials and docker images.

hugotardiou (Fri, 20 Mar 2020 09:08:20 GMT):
Has joined the channel.

hugotardiou (Fri, 20 Mar 2020 09:08:20 GMT):
Hi, I was wondering if the revocation protocol was usable or has this not been fully implemented? I see code on the master branch but not in any of the release tags ( 0.4.5 ) related to the revocation protocol. Thanks in advance

sklump (Fri, 20 Mar 2020 14:35:15 GMT):
That'

sklump (Fri, 20 Mar 2020 14:35:15 GMT):
That's accurate: it's brand new, slated for 0.5 but usable right now from master

swcurran (Fri, 20 Mar 2020 15:03:14 GMT):
We are still polishing things on it, but wanted to get it accessible to everyone.

hugotardiou (Fri, 20 Mar 2020 15:03:32 GMT):
Thanks for the information, Im trying to use it with the issue credential proposal protocol, I don't believe this works yet?

hugotardiou (Fri, 20 Mar 2020 15:03:32 GMT):
Thanks for the information, Im trying to use the revocation with the issue credential proposal protocol, I don't believe this works yet?

sklump (Fri, 20 Mar 2020 15:07:42 GMT):
I'm working on that over the next little while as it happens. You can do it manually through the admin API, but the auto-generation is untested and probably non-functional

hugotardiou (Fri, 20 Mar 2020 15:08:22 GMT):
Ok good to know, thanks!

swcurran (Fri, 20 Mar 2020 15:09:44 GMT):
Is revocation necessary with a proposal? That doesn't make sense to me. How would you express that? Why?

sklump (Fri, 20 Mar 2020 15:11:04 GMT):
Not as such, but the holder sends a proposal and the issuer has to come back with a proof request. The proof request should have sensible non-revocation intervals for the cred defs involved. Indy squawks if we just stick a proof-level interval on a proof over cred defs that don't support it. So it can get complicated.

sklump (Fri, 20 Mar 2020 15:11:35 GMT):
Then the holder has to respond with a proof including some timestamps where applicable inside these intervals.

sklump (Fri, 20 Mar 2020 15:12:23 GMT):
Not as such, but the holder sends a proposal and the issuer has to come back with a proof request. The proof request should have sensible non-revocation intervals for the cred defs involved. Indy squawks if we just stick a proof-level interval on a proof over cred defs that don't support it. So it can get complicated. Then the holder has to respond with a proof including some timestamps where applicable inside these intervals.

sklump (Fri, 20 Mar 2020 15:12:23 GMT):
~Not as such, but the holder sends a proposal and the issuer has to come back with a proof request. The proof request should have sensible non-revocation intervals for the cred defs involved. Indy squawks if we just stick a proof-level interval on a proof over cred defs that don't support it. So it can get complicated. Then the holder has to respond with a proof including some timestamps where applicable inside these intervals.~ (oops, none of this applies)

sklump (Fri, 20 Mar 2020 15:12:23 GMT):
~Not as such, but the holder sends a proposal and the issuer has to come back with a proof request. The proof request should have sensible non-revocation intervals for the cred defs involved. Indy squawks if we just stick a proof-level interval on a proof over cred defs that don't support it. So it can get complicated.~ ~Then the holder has to respond with a proof including some timestamps where applicable inside these intervals.~ (oops, none of this applies)

sklump (Fri, 20 Mar 2020 15:13:18 GMT):
There are some rough-ins in the code base but the logic that needs to be there is at best untested

swcurran (Fri, 20 Mar 2020 15:13:28 GMT):
I question it for proofs, but understand that. The question was on issue, which is why I was confused.

swcurran (Fri, 20 Mar 2020 15:13:28 GMT):
I guess it makes sense it for proofs (sort of). The question was on issue, which is why I was confused.

sklump (Fri, 20 Mar 2020 15:14:00 GMT):
Oh! You are right, I had present-proof on the brain.

hugotardiou (Fri, 20 Mar 2020 15:23:31 GMT):
Yes sorry the issue-crendential. The issue i'm running into is that the issuer when he receives the proposal, i believe he's expecting to retrieve the 'revoc_reg_id' from the credential exchange record, but this should not be sent from the Holder?

swcurran (Fri, 20 Mar 2020 15:27:25 GMT):
Hmm...that credential proposal should not have anything that specific, and the issuer should not expect to receive that from the holder. The holder doesn't (and shouldn't) know anything about the rev-reg that the issuer is using.

sklump (Fri, 20 Mar 2020 15:29:28 GMT):
What happens if the issuer initiates - i.e., the issuer sends a cred offer? Does it work then?

hugotardiou (Fri, 20 Mar 2020 15:31:17 GMT):
Yes, only that the holder cant find the tailfile ( which i believe is normal since its a localfile )

sklump (Fri, 20 Mar 2020 15:32:05 GMT):
Revocation integration is still evidently a work in progress

hugotardiou (Fri, 20 Mar 2020 15:34:15 GMT):
The error im getting for the proposal is here: https://github.com/hyperledger/aries-cloudagent-python/blob/master/aries_cloudagent/protocols/issue_credential/v1_0/manager.py#L250-L256 If i comment this out it will just issue a credential with no 'rev_reg_id' in the credential'

sklump (Fri, 20 Mar 2020 15:34:35 GMT):
thanks, that will hep

sklump (Fri, 20 Mar 2020 15:34:35 GMT):
thanks, that will help

hugotardiou (Fri, 20 Mar 2020 15:35:55 GMT):
If i leave it uncommented i get : Missing revocation registry ID for revocable credential definition Which made me thought the proposal had to send the ID but i am wrong about that

sklump (Fri, 20 Mar 2020 15:36:18 GMT):
which is no good if the cred def id supports revocation

sklump (Fri, 20 Mar 2020 15:37:21 GMT):
Leave it with me and I will get to it over the next little while.

hugotardiou (Fri, 20 Mar 2020 15:37:48 GMT):
thanks a lot!!

VineethRajesh (Fri, 20 Mar 2020 16:10:43 GMT):
Has joined the channel.

VineethRajesh (Fri, 20 Mar 2020 16:10:44 GMT):
Hey, I'm trying to add a new message type from scratch can someone guide me on the steps that need to be taken and some ideas on where modifications need to happen to the code.Thanks:)

swcurran (Fri, 20 Mar 2020 16:20:04 GMT):
There is a repo that might help you that has a bunch of them - https://github.com/hyperledger/aries-acapy-plugin-toolbox

swcurran (Fri, 20 Mar 2020 16:20:38 GMT):
Is this a new common message type that you want others to use, or is it specific to your use case?

VineethRajesh (Fri, 20 Mar 2020 16:24:32 GMT):
This is message type is something that I'd want others to use further down the line

VineethRajesh (Fri, 20 Mar 2020 16:30:11 GMT):
this is a message type I'd want others to use

VineethRajesh (Fri, 20 Mar 2020 16:30:11 GMT):
This is a message type I'd want others to use, Where would you suggest I should be making changes to implement the message type, any pointers?

VineethRajesh (Fri, 20 Mar 2020 17:51:30 GMT):
Awesome thanks

swcurran (Fri, 20 Mar 2020 17:59:31 GMT):
For that, you want to raise an RFC in the https://github.com/hyperledger/aries-rfcs repo. In the root, there is 0000-template-protocol.md. Some people just write a google doc or hackmd.io file to get started and have a few people look at it to get started, before doing a whole RFC.

VineethRajesh (Fri, 20 Mar 2020 18:02:52 GMT):
I haven't started actually coding the message type, I was wondering if i good get some guidance on where one would start if they planned to implement a message type, where would the changes need to be made to change it from the BasicMessage type

swcurran (Fri, 20 Mar 2020 18:05:55 GMT):
If you look at the ACA-Py repo all of the message types are in the protocol folder. I think that's the place to start.

swcurran (Fri, 20 Mar 2020 18:07:04 GMT):
Maybe take "BasicMessage" (https://github.com/hyperledger/aries-cloudagent-python/tree/master/aries_cloudagent/protocols/basicmessage), copy it to AdvanceMessage and go from there.

VineethRajesh (Fri, 20 Mar 2020 18:08:19 GMT):
For starters before I implement a message type from scratch, If I wanted to modify some attributes of the BasicMessage type and change its name where would the changes need to be made any clues or idea would be welcome.I think this would be a good starting point for me before I try to implement a message type from scratch

VineethRajesh (Fri, 20 Mar 2020 18:08:19 GMT):
For starters before I implement a message type from scratch, If I wanted to modify some attributes of the BasicMessage type and change its name, where would the changes need to be made any clues or ideas would be welcome.I think this would be a good starting point for me before I try to implement a message type from scratch

VineethRajesh (Fri, 20 Mar 2020 18:08:19 GMT):
If I wanted to modify some attributes of the BasicMessage type and change its name, where would the changes need to be made any clues or ideas would be welcome.I think this would be a good starting point for me before I try to implement a message type from scratch

swcurran (Fri, 20 Mar 2020 21:29:20 GMT):
Interested in contributing to ACA-Py? Just posted an issue for someone to add a new feature to revocation - https://github.com/hyperledger/aries-cloudagent-python/issues/428 --- This one is time sensitive, so if you want to grab it, we need it asap. To grab it, assign it to yourself. We have a few Help Wanted issues - Check them out here - https://github.com/hyperledger/aries-cloudagent-python/issues?q=is%3Aissue+is%3Aopen+label%3A%22help+wanted%22+

thinhnnd (Sat, 21 Mar 2020 01:52:48 GMT):
Has joined the channel.

VineethRajesh (Sat, 21 Mar 2020 16:24:08 GMT):
Thanks!

VineethRajesh (Sat, 21 Mar 2020 16:28:36 GMT):
Hello, If I want to replicate the BasicMessage type are there any tutorials or steps on how to do that, or perhaps and explanation on how to add a new message type to the acapy-plugin-toolbox.Any suggestions would be great:)

VineethRajesh (Sat, 21 Mar 2020 16:28:36 GMT):
Hello, If I want to replicate the BasicMessage type as a part of a project are there any tutorials or steps on how to do that, or perhaps an explanation on how to add a new message type to the acapy-plugin-toolbox. Any suggestions would be great:) Thanks

sukalpomitra (Sun, 22 Mar 2020 13:17:18 GMT):
Hi @swcurran , this was a. busy week for me. I found some time today. I am getting the same error even when I am not passing --revocation. The same error actually

ayushmanss (Sun, 22 Mar 2020 19:55:59 GMT):
Can someone help me understand what establish-inbound api do? 'Assign another connection as the inbound connection' is what is written in the doc? I am not able to understand the usage of it from performance.py implementation. How much it is different from routing, mediators?

sukalpomitra (Mon, 23 Mar 2020 12:51:30 GMT):
Hi @swe

sukalpomitra (Mon, 23 Mar 2020 12:51:30 GMT):
Hi @swcurran , @andrew.whitehead @ianco and all, in order to give you more information - Here are the input parameters to the Indy SDK call of AnonCreds.ProverCreateProofAsync

sukalpomitra (Mon, 23 Mar 2020 12:54:08 GMT):
```Proof request - "{\"name\":\"Proof of Education\",\"version\":\"1.0\",\"nonce\":\"71946250983044063287636152692009510882\",\"requested_attributes\":{\"0_name_uuid\":{\"name\":\"name\",\"restrictions\":[{\"issuer_did\":\"Jifbunoo8i84WCkTyfUpTN\"}]},\"0_date_uuid\":{\"name\":\"date\",\"restrictions\":[{\"issuer_did\":\"Jifbunoo8i84WCkTyfUpTN\"}]},\"0_degree_uuid\":{\"name\":\"degree\",\"restrictions\":[{\"issuer_did\":\"Jifbunoo8i84WCkTyfUpTN\"}]},\"0_self_attested_thing_uuid\":{\"name\":\"self_attested_thing\"}},\"requested_predicates\":{\"0_age_GE_uuid\":{\"p_type\":\">=\",\"p_value\":18,\"name\":\"age\",\"restrictions\":[{\"issuer_did\":\"Jifbunoo8i84WCkTyfUpTN\"}]}}}"```

sukalpomitra (Mon, 23 Mar 2020 12:54:32 GMT):
```Requested credentials - "{\"requested_attributes\":{\"0_name_uuid\":{\"cred_id\":\"a3a35ba4-bec3-4baa-a257-99b3c85cfcf3\",\"timestamp\":1584967297784,\"revealed\":true},\"0_date_uuid\":{\"cred_id\":\"a3a35ba4-bec3-4baa-a257-99b3c85cfcf3\",\"timestamp\":1584967299082,\"revealed\":true},\"0_degree_uuid\":{\"cred_id\":\"a3a35ba4-bec3-4baa-a257-99b3c85cfcf3\",\"timestamp\":1584967300381,\"revealed\":true},\"0_self_attested_thing_uuid\":{\"cred_id\":\"a3a35ba4-bec3-4baa-a257-99b3c85cfcf3\",\"timestamp\":1584967301863,\"revealed\":true}},\"self_attested_attributes\":{},\"requested_predicates\":{\"0_age_GE_uuid\":{\"cred_id\":\"a3a35ba4-bec3-4baa-a257-99b3c85cfcf3\",\"timestamp\":1584967304136}}}" ```

sukalpomitra (Mon, 23 Mar 2020 12:54:50 GMT):
```Provision record.mastersecretid - "4504f8c8-e83a-4e15-8d58-2c3ac62f444a"```

sukalpomitra (Mon, 23 Mar 2020 12:55:02 GMT):
```Schemas - "{\"Jifbunoo8i84WCkTyfUpTN:2:degree schema:64.43.29\":{\"ver\":\"1.0\",\"id\":\"Jifbunoo8i84WCkTyfUpTN:2:degree schema:64.43.29\",\"name\":\"degree schema\",\"version\":\"64.43.29\",\"attrNames\":[\"degree\",\"age\",\"name\",\"date\",\"timestamp\"],\"seqNo\":4899}}"```

sukalpomitra (Mon, 23 Mar 2020 12:55:57 GMT):

sukalpomitra - Mon Mar 23 2020 20:55:49 GMT+0800 (Singapore Standard Time).txt

priyashankar (Mon, 23 Mar 2020 13:31:18 GMT):
On running the vc-authn-oidc demo on an AWS instance, the oidc-django-service is failing to authenticate the Streetcred Mobile client. I am usually the default configuration provided in the demo at https://github.com/bcgov/vc-authn-oidc/blob/master/demo/README.md. On further querying the vc-authn-oidc-controller-agent, I see a presentation received but not yet verified. I manually tried to verify the same presentation using the verify-presentation API, but I got an exception "Record ID not provided". P.S. I am running Keycloak over HTTP. Is that why my requests are getting rejected?

esune (Mon, 23 Mar 2020 15:51:09 GMT):
Keycloak only acts as a broker for authentication, it should not have anything to do with whether the presentation is verified or not. Any logging in the agent supporting vc-authn that could help figuring what is happening?

swcurran (Mon, 23 Mar 2020 17:12:36 GMT):
@andrew.whitehead - maybe we need a proof request version of the performance demo, for fun and to perhaps expose this issue.

andrew.whitehead (Mon, 23 Mar 2020 17:34:20 GMT):
Those parameters are fine. What's being passed for revStates? It looks like the .net API will fail if that's an empty string or null

andrew.whitehead (Mon, 23 Mar 2020 17:34:20 GMT):
Those parameters look fine to me. What's being passed for revStates? It looks like the .net API will fail if that's an empty string or null

sukalpomitra (Mon, 23 Mar 2020 17:34:54 GMT):
oh I forgot to supply that. Let me do that too

andrew.whitehead (Mon, 23 Mar 2020 17:35:14 GMT):
https://github.com/hyperledger/indy-sdk/blob/c98b27a62589713785854fdc95b1d044016937a4/wrappers/dotnet/indy-sdk-dotnet/AnonCredsApi/AnonCreds.cs#L1496 for reference

sukalpomitra (Mon, 23 Mar 2020 17:36:20 GMT):
But we use the same code for any other proof request such as the iiwbook flow or vcoidc flow

sukalpomitra (Mon, 23 Mar 2020 17:36:34 GMT):
Anyways let me find the revstates first

andrew.whitehead (Mon, 23 Mar 2020 18:25:30 GMT):
Hm, it's possible the schemas and cred defs need to be encoded as strings within the JSON

priyashankar (Tue, 24 Mar 2020 06:59:28 GMT):
*VC-CONTROLLER-SERVICE* 2020-03-24 06:47:06,652 INFO Microsoft.AspNetCore.Hosting.Internal.WebHost - {RequestId=0HLUF37VRUMPH:0000000A, log4net:UserName=NOT AVAILABLE, log4net:Identity=NOT AVAILABLE, RequestPath=/vc/connect/callback, ConnectionId=0HLUF37VRUMPH, scope=(null), log4net:HostName=176daddda8ed, CorrelationId=(null)}Request finished in 4.0717ms 302 *KEYCLOAK* 11:08:43,829 WARN [org.keycloak.events] (default task-4) type=LOGIN_ERROR, realmId=master, clientId=null, userId=null, ipAddress=###.###.##.###, error=ssl_required

esune (Tue, 24 Mar 2020 07:02:39 GMT):
That actually seems to point to KC requiring SSL - non-ssl sessions seem to only be allowed in localhost. I do not really understand how the presentation request would not be completed/satisfied if you can get to that point, but let's fix one thing at a time.

priyashankar (Tue, 24 Mar 2020 07:03:38 GMT):
When I queried the presentation exchange id, it still showed "Presentation received".

priyashankar (Tue, 24 Mar 2020 07:05:46 GMT):
So, is it about Keycloak not being hosted over HTTPS?

esune (Tue, 24 Mar 2020 07:06:34 GMT):
Are your demo app URLs http or https? Not keycloak, the django-oidc demo and vc-authn

priyashankar (Tue, 24 Mar 2020 07:07:02 GMT):
HTTP, as of now.

priyashankar (Tue, 24 Mar 2020 07:07:24 GMT):
I am not using ngrok as listed in the demo for controller and agent inbound ports.

priyashankar (Tue, 24 Mar 2020 07:08:10 GMT):
PORTS 5000 & 5679 are bring hosted over HTTP unlike the instructions.

priyashankar (Tue, 24 Mar 2020 07:08:10 GMT):
PORTS 5000 & 5679 are being hosted over HTTP unlike the instructions.

esune (Tue, 24 Mar 2020 07:08:16 GMT):
Try switching your apps to https, the redirect from keycloak may need to have an ssl-protected url if it is not running on localhost

priyashankar (Tue, 24 Mar 2020 07:08:46 GMT):
Keycloak, I believe is running on PORT 8180. Since, it's not running over HTTPS, I cannot log in.

priyashankar (Tue, 24 Mar 2020 07:09:20 GMT):
I tried ngrok with 8180. This time, I was able to login with the default username and password.

priyashankar (Tue, 24 Mar 2020 07:09:46 GMT):
But after logging in to Keycloak, it showed an exception as in invalid redirect uri.

esune (Tue, 24 Mar 2020 07:11:59 GMT):
The django-oidc demo doesn't use keycloak at all, it used the OIDC protocol to talk directly to vc-authn. If you use KC you will have to update the configuration of the client used for authentication to include the appropriate redirect URIs.

priyashankar (Tue, 24 Mar 2020 07:13:37 GMT):
I am following https://github.com/bcgov/vc-authn-oidc/blob/master/demo/README.md I inspected the docker-compose files, and indeed it is using keycloak or maybe, I am missing something here.

esune (Tue, 24 Mar 2020 07:13:44 GMT):
Also the config in vc-authn requires redirectURIs to be specified, you can check appSettings.json to see an example - you would have to replace the URIs shipped for the demo/localhost with the ones of your hosted environment

esune (Tue, 24 Mar 2020 07:15:40 GMT):
I believe the keycloak services are not started for the demo, the manage script takes care of starting the appropriate services based on the command issued

esune (Tue, 24 Mar 2020 07:16:19 GMT):
The purpose of the demo is to operate a webapps that authenticates directly with vc-authn without intermediaries

esune (Tue, 24 Mar 2020 07:16:40 GMT):
Keycloak could be added to the flow, but the configuration needs to be updated accordingly

esune (Tue, 24 Mar 2020 07:22:03 GMT):
Please take a look at the values of the environment variables used in settings.py for the OIDC adapter, that may clarify the flow

esune (Tue, 24 Mar 2020 07:22:37 GMT):
(all the environment variables are set in the manage script in demo/docker)

priyashankar (Tue, 24 Mar 2020 07:47:56 GMT):
The controller-db running at 5432 has entries in the ClientRedirectUris table. I have replaced localhost with the public IP. Do you think I need to do the same at https://github.com/bcgov/vc-authn-oidc/blob/master/oidc-controller/src/VCAuthn/appsettings.json

esune (Tue, 24 Mar 2020 08:01:06 GMT):
It is not necessary, the content of appsettings.json is injected in the db upon first start

priyashankar (Tue, 24 Mar 2020 08:06:20 GMT):
I see it now. Thanks for all the help. I'll probably be looking into the ssl fix for now and see if that works.

wip-abramson (Tue, 24 Mar 2020 10:59:36 GMT):
Hi Stephen, I am hope to mentor Vineeth around tackling this issue I raised https://github.com/OpenMined/PyGrid/issues/495 Thing is I also have little understanding how to add a new message. You mention there are a bunch of messages but I can only see basic message implementation.

wip-abramson (Tue, 24 Mar 2020 11:00:27 GMT):
Also, do you know if anyone would be able and willing to give us both a deep dive on writing a message type. I would be happy to write this up in some form of documentation, or perhaps we could even video it? Cheers

hugotardiou (Tue, 24 Mar 2020 14:18:34 GMT):
Hi, I'm searching for a way to get my revoc_reg_id from the cred_def_id, is this possible and yes do you know which function allows me this? I've searched for the anon_creds.py and I can't find it :(

hugotardiou (Tue, 24 Mar 2020 14:18:34 GMT):
Hi, I'm searching for a way to get my revoc_reg_id from the cred_def_id, is this possible and if yes do you know which function allows me this? I've searched for the anon_creds.py and I can't find it :(

hugotardiou (Tue, 24 Mar 2020 14:39:11 GMT):
Found query_by_cred_def_id in issuer_rev_reg_record.py, i think it's what i'm looking for

rileyphughes (Tue, 24 Mar 2020 15:02:00 GMT):
Aries Framework dot net has a mediator implementation that Streetcred.id uses for our mobile products, as well as other things build on AF.net

sklump (Tue, 24 Mar 2020 15:18:20 GMT):
Yes - that code is under development at present

sklump (Tue, 24 Mar 2020 15:18:20 GMT):
Yes - that code is under development at present. It's getting closer but there are still some hurdles.

sklump (Tue, 24 Mar 2020 15:20:24 GMT):
If you wait for a few days it will work better. The state machine isn't properly engaged up to now.

hugotardiou (Tue, 24 Mar 2020 15:21:08 GMT):
Oh Ok! thanks for the information!

swcurran (Tue, 24 Mar 2020 15:21:22 GMT):
I don't know that repo intimately, but that's what I've been told it contains - plugins that extend the protocol implementations in ACA-Py. Unfortunately, I don't have a lot to offer in answer to the question other than to say "that codebase seems to do what you are asking about". :-(

wip-abramson (Tue, 24 Mar 2020 15:27:11 GMT):
No problem! Thanks Stephen we will figure it out :)

sukalpomitra (Tue, 24 Mar 2020 15:29:17 GMT):
@swcurran @andrew.whitehead here is the revocationstate - ```"{\"RpZMD7XY9QKnxLs5z4hckk:4:RpZMD7XY9QKnxLs5z4hckk:3:CL:4738:default:CL_ACCUM:49e24091-935c-4ac5-b64d-fdbadd2143c7\":{\"1585063843011\":{\"witness\":{\"omega\":\"21 128DE442DD0964CDB7687E243E7AD55BC37DC17BB8B7A152AACAEAEA1F986B667 21 111E72262AD2476C650E796198198802AC773090CCC7B44C527F0EEE85239A713 6 6A59FFFA5A00BC668C2F5FD8B08C6833C8BCA094C86C6F013CE368B73EB5E4C5 4 3A2A362EDFA76E773B789882F00B6F68694EB830CB32FC08AA63D21A884B0159 6 6273815E79F1B748BB4888D9EAE7B28B7BE1F0A7D21F2D041A0BD6CACB8CEAE4 4 1DE20DF5C02ADC6D5D0816F9E4757EA2C3240A03F2AFB64CB11C899954EB1212\"},\"rev_reg\":{\"accum\":\"21 1305A67E75A34B68DFA65D93D5114A75178A3D374E8D23F1A1ABB0FE55DF0591E 21 14A2C26BEEA05F7AC10906C8A0EFB56E9104A2E2C19891B0FA4B3438A9A306E66 6 603310D64B96D3AF9A733D6A929D49BF6398547B4A22FB9370599F965FE08240 4 3199575EA8895B51DD0A3C5A030F2935B87CCCB12A73E9571FC93D3CB5DA45D2 6 6999DDFE3028619D7E83B0164B1EB310DB63CDEDF8485142E4B48F5146361C6B 4 27BCE7D0ABB8A3D92A4E8831A2C214E1B807639E3BA40347D4DEC8011901B239\"},\"timestamp\":1584535751},\"1585063844215\":{\"witness\":{\"omega\":\"21 125F0D73B006B9166998F822CC7A906DEBCA5E8753268793D8D2D2AB13953CEA1 21 11BE083CA5F1A2ED6D32554591EDDD7D322621608711B0FD7755BFABA3EAEC6F1 6 6EB11F808D9FD9C4812A9E8BAD00AA535A141AEE9E99010B94750142A396F25A 4 14666A80981E812DC3A2DBEE896078ED98D394FD5558FDF6FFE5B0C3BC36426E 6 6BA568EFC4D805DB995D5FDACF6970520E60A74A6FF76142C9350DC98E51A5C5 4 3B191A57318307A651D92FFA4C6CD786CEF46409C45F6B3EAF7AC8E7F957FC3E\"},\"rev_reg\":{\"accum\":\"21 1305A67E75A34B68DFA65D93D5114A75178A3D374E8D23F1A1ABB0FE55DF0591E 21 14A2C26BEEA05F7AC10906C8A0EFB56E9104A2E2C19891B0FA4B3438A9A306E66 6 603310D64B96D3AF9A733D6A929D49BF6398547B4A22FB9370599F965FE08240 4 3199575EA8895B51DD0A3C5A030F2935B87CCCB12A73E9571FC93D3CB5DA45D2 6 6999DDFE3028619D7E83B0164B1EB310DB63CDEDF8485142E4B48F5146361C6B 4 27BCE7D0ABB8A3D92A4E8831A2C214E1B807639E3BA40347D4DEC8011901B239\"},\"timestamp\":1584535751},\"1585063845527\":{\"witness\":{\"omega\":\"21 11D94AF09DAA2966327EB0112080690FBC8133C227A0779814E74D44431C69A08 21 1285C7DA13ECAD65BBD7F11E9F1985DBF5545A8FEB6CE3C85EEA4DEDF96B0C4E1 6 7A80D7B93AABDA0F480A73B339A5D39940C7312AA4B6E349C2FFC6CB0BEC05BB 4 2EA83C9C4B241B782EDA8F7AD041C08E6D563DDFD0E56C13A48C9A77486E0EF1 6 5F8AEB54B80675385BF2907B1EBBC7A665EE74087263465D14FBE45C8EA7A907 4 2D0C43673DB5FFA96912555AD01AA4545D220AEE9A469F832D8E03D390498074\"},\"rev_reg\":{\"accum\":\"21 1305A67E75A34B68DFA65D93D5114A75178A3D374E8D23F1A1ABB0FE55DF0591E 21 14A2C26BEEA05F7AC10906C8A0EFB56E9104A2E2C19891B0FA4B3438A9A306E66 6 603310D64B96D3AF9A733D6A929D49BF6398547B4A22FB9370599F965FE08240 4 3199575EA8895B51DD0A3C5A030F2935B87CCCB12A73E9571FC93D3CB5DA45D2 6 6999DDFE3028619D7E83B0164B1EB310DB63CDEDF8485142E4B48F5146361C6B 4 27BCE7D0ABB8A3D92A4E8831A2C214E1B807639E3BA40347D4DEC8011901B239\"},\"timestamp\":1584535751},\"1585063847108\":{\"witness\":{\"omega\":\"21 12BE0A3746B5972FF26C3394891FB509E79C89B403B10AE51B47CCBB0A30DF966 21 1284421D7EA301438371810CFAB596421A0DDE1B52DCA768F739198C681EE6BA3 6 50C98D0D01970E28A6C672C4760EA1282022696347F98994083D958D4A768D70 4 30E56E7A021E9F98F15BF8566111ACB03E98C8DE22E780D255CA636972304C0C 6 6933F49CFAFEC134589470A85D09D01296DEFFFC2B16BBC7E2BE8D64113374DA 4 2551942342DCADC7F1BA5B8EB7607669FDE025FF35CE612EB17B7ED5DF21127D\"},\"rev_reg\":{\"accum\":\"21 1305A67E75A34B68DFA65D93D5114A75178A3D374E8D23F1A1ABB0FE55DF0591E 21 14A2C26BEEA05F7AC10906C8A0EFB56E9104A2E2C19891B0FA4B3438A9A306E66 6 603310D64B96D3AF9A733D6A929D49BF6398547B4A22FB9370599F965FE08240 4 3199575EA8895B51DD0A3C5A030F2935B87CCCB12A73E9571FC93D3CB5DA45D2 6 6999DDFE3028619D7E83B0164B1EB310DB63CDEDF8485142E4B48F5146361C6B 4 27BCE7D0ABB8A3D92A4E8831A2C214E1B807639E3BA40347D4DEC8011901B239\"},\"timestamp\":1584535751},\"1585063849235\":{\"witness\":{\"omega\":\"21 11F7E26CF050382660AF9F10C49B9668F06953610CB999B9355F4799834C7D1AC 21 1271CB63AE88A1F50BB00E7540E5F1410C11999C9DE65A94BB9987D9B20FFAB05 6 6B676619EFEEFD86D615BD733AC85BE62926ED2E8E339981222D0550C6A63ADD 4 2F1F191082C2C9FF2D6801AC9BE7E102C2DD9B37CA22E853D67034A335E81A16 6 6CEF023FD3CFFF6BD61F48902E91B26B77393F0DF2FF9D3BE811542086471C88 4 2F0FAB7133957737DA69DF8D99111902F9DEE899E61AADB4A8714FA92E6D97BB\"},\"rev_reg\":{\"accum\":\"21 1305A67E75A34B68DFA65D93D5114A75178A3D374E8D23F1A1ABB0FE55DF0591E 21 14A2C26BEEA05F7AC10906C8A0EFB56E9104A2E2C19891B0FA4B3438A9A306E66 6 603310D64B96D3AF9A733D6A929D49BF6398547B4A22FB9370599F965FE08240 4 3199575EA8895B51DD0A3C5A030F2935B87CCCB12A73E9571FC93D3CB5DA45D2 6 6999DDFE3028619D7E83B0164B1EB310DB63CDEDF8485142E4B48F5146361C6B 4 27BCE7D0ABB8A3D92A4E8831A2C214E1B807639E3BA40347D4DEC8011901B239\"},\"timestamp\":1584535751}}}"```

swcurran (Tue, 24 Mar 2020 15:39:07 GMT):
FYI - the "similar problem" we had was leading zeros in the nonce of the presentation request. Doesn't look like that is the issue that you are having.

sukalpomitra (Tue, 24 Mar 2020 15:48:03 GMT):
I think the rev_reg for iiwbook, vcoidc presentation req has always been null. Is that creating a problem now?

sklump (Tue, 24 Mar 2020 17:46:33 GMT):
Follow https://github.com/hyperledger/aries-cloudagent-python/pull/432 for an improvement. It is still painful, but possible to issue credentials with revocation support in theadmin API: * send the schema * send the cred def * create rev reg and note rev reg id from response (it's long; e.g., `4QxzWk3ajdnEA37NdNU5Kt:4:4QxzWk3ajdnEA37NdNU5Kt:3:CL:10:default:CL_ACCUM:50cb7de3-09bf-4fd6-966a-a1e812c0674c`) * PATCH rev reg with tails file public URI; e.g., ``` { "tails_public_uri": "http://192.168.56.133:5000/revocation/registry/4QxzWk3ajdnEA37NdNU5Kt:4:4QxzWk3ajdnEA37NdNU5Kt:3:CL:10:default:CL_ACCUM:50cb7de3-09bf-4fd6-966a-a1e812c0674c/tails-file" } ``` * publish rev reg * now holder can initiate with cred proposal and get a credential. I haven't tested anything further in present-proof but will make more improvements over the rest of the week.

sklump (Tue, 24 Mar 2020 17:46:33 GMT):
Follow https://github.com/hyperledger/aries-cloudagent-python/pull/432 for an improvement. It is still painful, but possible to issue credentials with revocation support in theadmin API: * send the schema * send the cred def * create rev reg and note rev reg id from response (it's long; e.g., `4QxzWk3ajdnEA37NdNU5Kt:4:4QxzWk3ajdnEA37NdNU5Kt:3:CL:10:default:CL_ACCUM:50cb7de3-09bf-4fd6-966a-a1e812c0674c`) * PATCH rev reg with tails file public URI; e.g., ``` { "tails_public_uri": "http://192.168.56.133:5000/revocation/registry/4QxzWk3ajdnEA37NdNU5Kt:4:4QxzWk3ajdnEA37NdNU5Kt:3:CL:10:default:CL_ACCUM:50cb7de3-09bf-4fd6-966a-a1e812c0674c/tails-file" } ``` * publish rev reg * now holder can initiate with cred proposal and get a credential. I haven't tested anything further (e.g., in present-proof) but will make more improvements over the rest of the week.

hugotardiou (Tue, 24 Mar 2020 17:47:10 GMT):
Thank you so much!!! I will read this in detail when I have time ( from europe )

swcurran (Tue, 24 Mar 2020 18:08:35 GMT):
Definitely could be a problem. That's what we are trying to solve - using revocation.

sklump (Wed, 25 Mar 2020 11:15:39 GMT):
... as it turns out, the prior work integrating revocation into proof presentation holds up just fine and you ought to be able to present and verify proofs from proposals now. It's in the current master, but there may be more improvements before the 0.5 release drops.

hugotardiou (Wed, 25 Mar 2020 11:16:51 GMT):
Yes! I have been working on it, seems to work great, im now trying to revoke a credential to test. But for some reason my Issuer can not find a exchange record from a given ID, am i doing something wrong or is this a known issue?

hugotardiou (Wed, 25 Mar 2020 11:17:03 GMT):
Thanks a lot for the help anyway :)

sklump (Wed, 25 Mar 2020 11:18:14 GMT):
There is a config option `--preserve-exchange-records` to retain records after credential issue is complete: is it on?

hugotardiou (Wed, 25 Mar 2020 11:18:35 GMT):
Oh that might be my problem

hugotardiou (Wed, 25 Mar 2020 11:19:18 GMT):
will test now

hugotardiou (Wed, 25 Mar 2020 11:23:55 GMT):
No, sadly after issueing a credential, and using the swagger UI /issue-credential/records/{cred_ex_id} Will not return me anything, even with that option

hugotardiou (Wed, 25 Mar 2020 11:26:07 GMT):
I've done a query aswell and it returns me an empty array

hugotardiou (Wed, 25 Mar 2020 11:32:41 GMT):
Ok i think i got it, it is because im using proposal https://github.com/hyperledger/aries-cloudagent-python/blob/master/aries_cloudagent/protocols/issue_credential/v1_0/manager.py#L193-L206 has no auto-remove parameter

sklump (Wed, 25 Mar 2020 11:36:31 GMT):
Probably, since it defaults to True

hugotardiou (Wed, 25 Mar 2020 11:37:13 GMT):
It fixed my issue, thanks for the info once again :)

sklump (Wed, 25 Mar 2020 11:53:26 GMT):
... this exercise brings me to revisit that request template - I think that auto_remove setting predates the config setting and it can go: it's counter-intuitive at least. There are other artifacts that I should prune out too (revocation registry does not ever belong in a proposal as we know it today).

sklump (Wed, 25 Mar 2020 12:01:36 GMT):
At the very least it needs a doc tweak

hugotardiou (Wed, 25 Mar 2020 15:37:36 GMT):
Hi, sorry to bother again, i believe there is an error here if the revocation does not exist: https://github.com/sklump/aries-cloudagent-python/blob/e85dc3aa55482ff00d4f8ff3c090b1a60e4de201/aries_cloudagent/protocols/issue_credential/v1_0/manager.py#L493 KeyError: 'revocation'

sklump (Wed, 25 Mar 2020 16:38:48 GMT):
I'll look into it later today

sklump (Wed, 25 Mar 2020 16:41:32 GMT):
I'll fix it next update

sklump (Wed, 25 Mar 2020 16:44:46 GMT):
in the meantime, you want ``` if credential_definition["value"].get("revocation"): ```

hugotardiou (Wed, 25 Mar 2020 16:45:17 GMT):
thanks :) i just put a try cause I am lazy but that is better !

hugotardiou (Wed, 25 Mar 2020 16:45:17 GMT):
thanks :) i just put a try/catch cause I am lazy but that is better !

sklump (Wed, 25 Mar 2020 16:45:57 GMT):
good catch, it was my fault - indy data structures can be tricky

hugotardiou (Wed, 25 Mar 2020 16:47:04 GMT):
Yeah i have issues sometimes too understanding the flow indy/aries

sklump (Wed, 25 Mar 2020 16:47:53 GMT):
aries is a straight pipe to indy - the indy wrapper tests are excellent to annottte and troubleshoot

sklump (Wed, 25 Mar 2020 16:47:53 GMT):
aries is a straight pipe to indy - the indy wrapper tests are excellent to annotate and troubleshoot

sklump (Wed, 25 Mar 2020 16:47:53 GMT):
aries is a straight pipe to indy once it parses the RFC-compliant (mostly) input - the indy wrapper tests are excellent to annotate and troubleshoot

kumar89 (Wed, 25 Mar 2020 17:23:15 GMT):
Has joined the channel.

JasSingh (Wed, 25 Mar 2020 17:28:27 GMT):
Has joined the channel.

JasSingh (Wed, 25 Mar 2020 17:44:46 GMT):
Hi, I'm attempting to use aca-py for the first time and I was connecting it to an local indy network network spun up using von-network. the Indy browser indicates to me that my indy network is up and running fine but when i run aca-py and todo any action except status operations or wallet operations i get a 403 forbidden error. The steps i followed are as such: 1. Register a new did using the von-network indy browser tool 2. execute: scripts/run_docker provision --wallet-type indy --seed 0123456789ABCDEF0123456789ABCDEF 3. execute: PORTS="8030:8030 8040:8040" scripts/run_docker start --genesis-file /home/indy/docker_pool_transactions_genesisBaf.txn -it http 0.0.0.0 8030 -ot http --admin 0.0.0.0 8040 --admin-insecure-mode --seed 0123456789ABCDEF0123456789ABCDEF 4. execute: curl -X GET "http://0.0.0.0:8040/ledger/did-endpoint?did=someDid" -H "accept: application/json"

JasSingh (Wed, 25 Mar 2020 17:44:46 GMT):
Hi, I'm attempting to use aca-py for the first time and I was connecting it to an local indy network network spun up using von-network. the Indy browser indicates to me that my indy network is up and running fine but when i run aca-py and todo any action except status operations or wallet operations i get a 403 forbidden error. The steps i followed are as such: 1. Register a new did using the von-network indy browser tool using seed 0123456789ABCDEF0123456789ABCDEF 2. execute: scripts/run_docker provision --wallet-type indy --seed 0123456789ABCDEF0123456789ABCDEF 3. execute: PORTS="8030:8030 8040:8040" scripts/run_docker start --genesis-file /home/indy/docker_pool_transactions_genesisBaf.txn -it http 0.0.0.0 8030 -ot http --admin 0.0.0.0 8040 --admin-insecure-mode --seed 0123456789ABCDEF0123456789ABCDEF 4. execute: curl -X GET "http://0.0.0.0:8040/ledger/did-endpoint?did=someDid" -H "accept: application/json" This results in a 403. I would appreciate any guidance here to get up and running

swcurran (Wed, 25 Mar 2020 18:22:26 GMT):
Perhaps it is that you don't have a wallet. Look at the ACA-Py startup options to configure/create an Indy walllet.

andrew.whitehead (Wed, 25 Mar 2020 18:31:05 GMT):
Yes I think `--wallet-type indy` needs to be added to the start command

JasSingh (Wed, 25 Mar 2020 18:36:24 GMT):
that seems to have been the exact problem! thanks a lot

andrew.whitehead (Wed, 25 Mar 2020 18:37:10 GMT):
Also, you can remove the seed from the start command

JasSingh (Wed, 25 Mar 2020 18:39:59 GMT):
doesn't the seed flag setup the agent to use the associate public did?

andrew.whitehead (Wed, 25 Mar 2020 18:53:26 GMT):
It does, but passing it once when using the provision command is sufficient

JasSingh (Wed, 25 Mar 2020 20:54:26 GMT):
I was able to run the agent and interact with the ledger, doing some simple operations. Now i have brought up a second agent on different ports and wanted to establish a connection between the two. i run the agents using the flags: `-it http 0.0.0.0 8030 -ot http --admin 0.0.0.0 8040 --admin-insecure-mode --wallet-type indy --endpoint 192.168.65.3:8030` and `-it http 0.0.0.0 8031 -ot http --admin 0.0.0.0 8041 --admin-insecure-mode --wallet-type indy --endpoint 192.168.65.3:8031` but when i follow the flow to connect (connection/create-invitation on 8040, connection/receive-invitation and connection/accept-invitation on 8041) and then when i go back to check the status of the connection on 8040 i still see its at invitation and i can't accept-request. Am i missing a step in the processes? I dont have a controller configured with a webhook so i cant see any events come in as the Readme for Faber/Alice shows (https://github.com/hyperledger/aries-cloudagent-python/blob/master/demo/AriesOpenAPIDemo.md)...Thanks

nacerix (Thu, 26 Mar 2020 12:46:53 GMT):
Has joined the channel.

gaila (Thu, 26 Mar 2020 13:32:23 GMT):
Has joined the channel.

gaila (Thu, 26 Mar 2020 13:32:23 GMT):
I am trying to call POST /present-proof/records/{id}/send-presentation with request body and i see that it is required to add a field cred_id . I can only find cred_def_id but no cred_id . How can i get my credential cred_id?

JasSingh (Thu, 26 Mar 2020 13:49:09 GMT):
that would be the id of the issued credential. you are presenting the proof for. This is some UUID type value such as 72d6a28c-6f68-11ea-bc55-0242ac130003

swcurran (Thu, 26 Mar 2020 14:48:14 GMT):
It's the presentation exchange record ID.

swcurran (Thu, 26 Mar 2020 14:48:56 GMT):
Keep in mind there are two - one for each participant. It's the ID of the "protocol state object" for the instance of the protocol.

JasSingh (Thu, 26 Mar 2020 15:22:53 GMT):
I stood up a basic web-hook listener and i see the event come in after i accept the invitation. what should be the action taken by the controller receiving the web-hook message to continue the connection flow... for reference i see the following `{"my_did": "65MHkUysuVfYtgD64qxjcH", "initiator": "external", "updated_at": "2020-03-26 15:17:37.584454Z", "created_at": "2020-03-26 15:17:25.488459Z", "invitation_key": "HpEhGs9r35oeywqDXrrHpAbjS4vtJmgCxUTnJBKfrvgP", "request_id": "4832d277-d464-4cd9-8aaf-66539bfb07c1", "routing_state": "none", "connection_id": "03377116-3cc3-4f93-979c-c8b00c95ba36", "state": "request", "accept": "manual", "invitation_mode": "once", "their_label": "Aries Cloud Agent"} `

JasSingh (Thu, 26 Mar 2020 15:31:12 GMT):
Hi.. I have stood up two aca-py agents and a basic web-hook listener now. I am following the flow to establish a connection 1. Create-invitation on agent a 2. Receive-invitation on agent b 3. Accept-invitation on agent b 4. Accept-request on agent a After the first three steps i see the event come in: `{"my_did": "65MHkUysuVfYtgD64qxjcH", "initiator": "external", "updated_at": "2020-03-26 15:17:37.584454Z", "created_at": "2020-03-26 15:17:25.488459Z", "invitation_key": "HpEhGs9r35oeywqDXrrHpAbjS4vtJmgCxUTnJBKfrvgP", "request_id": "4832d277-d464-4cd9-8aaf-66539bfb07c1", "routing_state": "none", "connection_id": "03377116-3cc3-4f93-979c-c8b00c95ba36", "state": "request", "accept": "manual", "invitation_mode": "once", "their_label": "Aries Cloud Agent"} ` Based on the documentations i should be able to execute step 4 now but that fails. I imagine the controller that received the webhook message needs to take one additional step that isnt documented and this is where I am stuck now as i can't accept the request on 'agent a'.

swcurran (Thu, 26 Mar 2020 15:33:47 GMT):
Probably should be on the #aries-cloudagent-python channel with this. I think we need to see the error - make sure you are passing the right parameters, etc. The examples in the /demo folder (the "faber.py" runner - which is a controller) should give you what you need.

swcurran (Thu, 26 Mar 2020 15:34:33 GMT):
And I see it is in the right channel :-)

swcurran (Thu, 26 Mar 2020 15:36:28 GMT):
I think we need to see the error - make sure you are passing the right parameters, etc. The examples in the /demo folder (the "faber.py" runner - which is a controller) should give you what you need.

JasSingh (Thu, 26 Mar 2020 15:37:38 GMT):
Haha, yup... heres the error i see on 'agent a' aca-py instance upon an accept-request... `2020-03-26 15:36:23,692 aries_cloudagent.core.dispatcher ERROR Handler error: connections_accept_request Traceback (most recent call last): File "/home/indy/aries_cloudagent/protocols/connections/routes.py", line 407, in connections_accept_request response = await connection_mgr.create_response(connection, my_endpoint) File "/home/indy/aries_cloudagent/protocols/connections/manager.py", line 443, in create_response "Connection is not in the request or response state" aries_cloudagent.protocols.connections.manager.ConnectionManagerError: Connection is not in the request or response state 2020-03-26 15:36:23,700 aiohttp.server ERROR Error handling request Traceback (most recent call last): File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aiohttp/web_protocol.py", line 418, in start resp = await task File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aiohttp/web_app.py", line 458, in _handle resp = await handler(request) File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aiohttp/web_middlewares.py", line 119, in impl return await handler(request) File "/home/indy/aries_cloudagent/admin/server.py", line 187, in apply_limiter return await task File "/home/indy/aries_cloudagent/protocols/connections/routes.py", line 407, in connections_accept_request response = await connection_mgr.create_response(connection, my_endpoint) File "/home/indy/aries_cloudagent/protocols/connections/manager.py", line 443, in create_response "Connection is not in the request or response state" aries_cloudagent.protocols.connections.manager.ConnectionManagerError: Connection is not in the request or response state`

swcurran (Thu, 26 Mar 2020 15:39:30 GMT):
So it looks like it did not receive the "accept-invitation" message.

swcurran (Thu, 26 Mar 2020 15:40:40 GMT):
I assume that you started up ACA-Py not in auto-accept mode.

swcurran (Thu, 26 Mar 2020 15:41:03 GMT):
Can you check the state of the connection protocol before invoking the request?

JasSingh (Thu, 26 Mar 2020 15:41:13 GMT):
Right, i didnt use the auto-accept flag

swcurran (Thu, 26 Mar 2020 15:41:55 GMT):
Just to be sure, are you running the controller as a single user.

swcurran (Thu, 26 Mar 2020 15:41:55 GMT):
Just to be sure, are you running the controller as a single controller?

swcurran (Thu, 26 Mar 2020 15:41:55 GMT):
Just to be sure, are you running the controller as a single process or two?

swcurran (Thu, 26 Mar 2020 15:42:37 GMT):
If one, are you using the right connection ID?

swcurran (Thu, 26 Mar 2020 15:42:54 GMT):
Remember that there are two - one for each agent.

JasSingh (Thu, 26 Mar 2020 15:45:46 GMT):
so on the invitation receiver i have { "invitation_mode": "once", "accept": "manual", "initiator": "external", "routing_state": "none", "my_did": "Q3S7NAcCDShoon4s9RbQAp", "state": "request", "connection_id": "2c017252-9ed1-49e4-8a27-37f5e3d656f7", "created_at": "2020-03-26 15:44:08.821928Z", "invitation_key": "8rHnkzUx4KpAhrScWJxVzV21QRsTGJFGWf2XPg15tjus", "request_id": "b2243608-8d2d-43e7-858b-b93878a38bac", "updated_at": "2020-03-26 15:44:20.768110Z", "their_label": "Aries Cloud Agent" } on the other end which is where the final step needs to occur i see { "created_at": "2020-03-26 15:42:35.278884Z", "initiator": "self", "invitation_mode": "once", "accept": "manual", "state": "request", "invitation_key": "8rHnkzUx4KpAhrScWJxVzV21QRsTGJFGWf2XPg15tjus", "their_did": "Q3S7NAcCDShoon4s9RbQAp", "routing_state": "none", "connection_id": "19dc91ad-e5d9-4a48-b5ba-dd3b71ebff06", "their_label": "Aries Cloud Agent", "updated_at": "2020-03-26 15:44:20.848053Z" }

JasSingh (Thu, 26 Mar 2020 15:47:33 GMT):
im not sing the faber controller.. im in the beginning of developing a new controller so in the place of the controller i have a basic webhook listener just spiting out the contents.. the last thing i see on the webhook is {"invitation_mode": "once", "accept": "manual", "initiator": "external", "routing_state": "none", "my_did": "Q3S7NAcCDShoon4s9RbQAp", "state": "request", "connection_id": "2c017252-9ed1-49e4-8a27-37f5e3d656f7", "created_at": "2020-03-26 15:44:08.821928Z", "invitation_key": "8rHnkzUx4KpAhrScWJxVzV21QRsTGJFGWf2XPg15tjus", "request_id": "b2243608-8d2d-43e7-858b-b93878a38bac", "updated_at": "2020-03-26 15:44:20.768110Z", "their_label": "Aries Cloud Agent"}'

JasSingh (Thu, 26 Mar 2020 15:47:33 GMT):
im not using the faber controller.. im in the beginning of developing a new controller so in the place of the controller i have a basic webhook listener just spiting out the contents.. the last thing i see on the webhook is {"invitation_mode": "once", "accept": "manual", "initiator": "external", "routing_state": "none", "my_did": "Q3S7NAcCDShoon4s9RbQAp", "state": "request", "connection_id": "2c017252-9ed1-49e4-8a27-37f5e3d656f7", "created_at": "2020-03-26 15:44:08.821928Z", "invitation_key": "8rHnkzUx4KpAhrScWJxVzV21QRsTGJFGWf2XPg15tjus", "request_id": "b2243608-8d2d-43e7-858b-b93878a38bac", "updated_at": "2020-03-26 15:44:20.768110Z", "their_label": "Aries Cloud Agent"}'

JasSingh (Thu, 26 Mar 2020 15:48:23 GMT):
annd suddenly the connection worked

JasSingh (Thu, 26 Mar 2020 15:51:53 GMT):
to verify... the connection status in both sides looks like such { "created_at": "2020-03-26 15:42:35.278884Z", "initiator": "self", "invitation_mode": "once", "accept": "manual", "my_did": "YEJnFFW7DG5m4UdhY6s9Qf", "state": "response", "invitation_key": "8rHnkzUx4KpAhrScWJxVzV21QRsTGJFGWf2XPg15tjus", "their_did": "Q3S7NAcCDShoon4s9RbQAp", "routing_state": "none", "connection_id": "19dc91ad-e5d9-4a48-b5ba-dd3b71ebff06", "their_label": "Aries Cloud Agent", "updated_at": "2020-03-26 15:48:08.216649Z" } { "invitation_mode": "once", "accept": "manual", "initiator": "external", "routing_state": "none", "my_did": "Q3S7NAcCDShoon4s9RbQAp", "their_did": "YEJnFFW7DG5m4UdhY6s9Qf", "state": "response", "connection_id": "2c017252-9ed1-49e4-8a27-37f5e3d656f7", "created_at": "2020-03-26 15:44:08.821928Z", "invitation_key": "8rHnkzUx4KpAhrScWJxVzV21QRsTGJFGWf2XPg15tjus", "request_id": "b2243608-8d2d-43e7-858b-b93878a38bac", "updated_at": "2020-03-26 15:48:08.272319Z", "their_label": "Aries Cloud Agent" }

JasSingh (Thu, 26 Mar 2020 15:57:20 GMT):
is the final state meant to be 'response'? this is further than i was before but is it correct

swcurran (Thu, 26 Mar 2020 16:17:06 GMT):
Well...

swcurran (Thu, 26 Mar 2020 16:17:06 GMT):
Well... :-)

swcurran (Thu, 26 Mar 2020 16:17:53 GMT):
The issue is that connection does not have a "Complete" (or "Ack") message, so the inviter does not know if the "response" message go to the invitee.

swcurran (Thu, 26 Mar 2020 16:18:44 GMT):
There is no event that moves it to "active". The solution to this point has been to have the invitee (agent b) send a trust ping after the response is received and that puts the connection in "active" state.

swcurran (Thu, 26 Mar 2020 16:19:01 GMT):
I would try that. Basic Message can be used as well with most implementations.

swcurran (Thu, 26 Mar 2020 16:19:14 GMT):
It's really, really annoying :-)

swcurran (Thu, 26 Mar 2020 16:20:16 GMT):
The connection shouldn't be just set to "active" because there is no guaranteed ordering of messages. A follow on message may get there before the "response".

JasSingh (Thu, 26 Mar 2020 16:37:27 GMT):
interesting.. and after doing a trust ping the connection moved to active on both side as you suspected

JasSingh (Thu, 26 Mar 2020 16:39:58 GMT):
thanks .. as for the the solution to the initial problem that magically worked... i believe my --endpoint flag was set incorrectly at first. i tried using 192.168.65.3:8030 at first but after changing to http://192.168.65.3:8030 things worked

gaila (Fri, 27 Mar 2020 09:53:57 GMT):
Thank You, I found it! I tried to check the status of a record and if I call GET present-proof/records I can see that my record has "state" : verified. But if I try POST present-proof/records/{id}/verify-presentation , I receive AssertError. I saw a note saying that verification part is not working. Does the note refer to this problem?

swcurran (Fri, 27 Mar 2020 17:27:37 GMT):
I haven't had time to recheck the process. The last run through the process we did had a problem, but I'm not sure that's it. Basically, what you are doing is rerunning the verify after it's been done, and I'm not sure if that works. It should, but I don't know for sure.

haardikkk (Fri, 27 Mar 2020 18:14:12 GMT):
Has joined the channel.

haardikkk (Fri, 27 Mar 2020 18:14:14 GMT):
is there a way to use ACA-py without typing in docker commands? does it expose a rest api or a SDK i can use?

haardikkk (Fri, 27 Mar 2020 18:14:53 GMT):
I was wondering how a mobile app edge agent would be built - can i have an aries cloud agent linked to multiple wallets such that it can handle DIDComm for them or do you need one agent per user

swcurran (Fri, 27 Mar 2020 18:34:23 GMT):
ACA-Py exposes a rest API that a controller (an app that uses that rest API) calls. The controller has all the business logic in it. It tells the ACA-Py instance what to do. Together, the controller and the ACA-Py instance are an agent.

haardikkk (Fri, 27 Mar 2020 18:36:22 GMT):
is it possible to use a single agent for managing various end-users? i.e. enabling didcomm between them

swcurran (Fri, 27 Mar 2020 18:37:27 GMT):
A mobile agent is built by using a an Aries Framework (e.g. the equivalent of ACA-Py) and a controller (the UI running on the phone). Since a mobile app (agent or otherwise) can't be directly addressed, a "mediator" is needed somewhere that acts as the address of the mobile agent to hold messages for the mobile agent. The mobile agent then requests messages from the mediator. There are several mediators being built in the community, soon to be released in separate open source repos in Hyperledger, so they can be easily evolved and deployed.

haardikkk (Fri, 27 Mar 2020 18:40:11 GMT):
the docs are pretty scattered so im a little confused. it looks like one ACA-py instance can use one indy wallet. So for example if there were a custodial wallet for multiple end users, can we have one agent handle didcomm for all of them?

haardikkk (Fri, 27 Mar 2020 18:40:35 GMT):
i understand the mediator part, im just wnodering if we need one aca-py instance per indy wallet

swcurran (Fri, 27 Mar 2020 18:42:21 GMT):
It depends on the use case. If you are thinking of multi-tenancy, how are you going to ensure that the users are in control of their own keys? That's the main issue. If everyone has their own device it's easy, if you are trying to have them on a cloud service, it's harder.

haardikkk (Fri, 27 Mar 2020 18:43:22 GMT):
even for non custodial wallets, say StreetCred, how would one implement a backend service for all end-users which would allow them to accept invites and create requests from issuers without having one agent for all users?

swcurran (Fri, 27 Mar 2020 18:43:46 GMT):
That's the current design. I believe others have done something with multi-wallets from one agent but they have not AFAIK shared their design or wallet. I'm not sure of their statue.

swcurran (Fri, 27 Mar 2020 18:44:17 GMT):
It would be great to document that in ACA-Py, but again, I've not seen a design or implementation.

haardikkk (Fri, 27 Mar 2020 18:45:10 GMT):
from what i understand, one aries agent corresponds to one "main" DID only

swcurran (Fri, 27 Mar 2020 18:49:06 GMT):
Sorry - I don't the terms/interactions you are talking about in that first bit about custodial wallets. On the second there is not limit on the number of DIDs an aries agent might have. Right now, only Verifiable Credential issuers have public DIDs.

swcurran (Fri, 27 Mar 2020 18:49:06 GMT):
Sorry - I don't get the terms/interactions you are talking about in that first bit about custodial wallets. On the second there is not limit on the number of DIDs an aries agent might have. Right now, only Verifiable Credential issuers have public DIDs.

swcurran (Fri, 27 Mar 2020 18:49:20 GMT):
No reason that they can't have multiple.

haardikkk (Fri, 27 Mar 2020 18:55:00 GMT):
Let's say I have a custodial wallet solution which has two wallets, one for Alice and one for Bob. (let's look past the security concerns of custodial walelts for now). Now, say Alice and Bob both individually want to connect to Faber. They get the invitation QR code from Faber's website. Now, to create an invitation request, ACA-py uses the provisioned wallet's DID to build the request. Assuming we can access their indy wallets - do alice and bob need individual aca py agents running in docker containers? - can i 'switch' the wallet that aca-py is using to build a request based on which service endpoint got the invite?

haardikkk (Fri, 27 Mar 2020 18:55:07 GMT):
If so, how? I cant seem to find any docs on it.

swcurran (Fri, 27 Mar 2020 19:10:35 GMT):
The current answer would be to have N instances of ACA-Py (N processes, different ports). The controller could be one per ACA-Py instance, or one controller for everything. That will get you some distance (depends on how fast you are adding clients), but definitely not a long term solution. First optimization would be a shared database. Provide a replacement database implementation that allowed for one database instance for all the agent storage units. Probably easiest to add an ID per agent and add a column, and a way to get the ID injected to all agent storage calls. You still have the problem that the API between the controller and the agent does not have an ID per agent, so that the agent knows the context of each message. That I think is a re-definition of the Admin API. Doable, I think, but a design has not been proposed nor has work gone on with the implementation. It's not a priority for the core team, but we'd help with the design and code review if someone wants to do this. Those are my quick thoughts.

swcurran (Fri, 27 Mar 2020 19:11:06 GMT):
Big question, how long can you live with only semi-automatic scaling?

haardikkk (Fri, 27 Mar 2020 19:15:29 GMT):
Alright, makes sense. I think it would be easier to have one agent capable of being the agency of multiple users, than building shared services between N-agents. We have the need for something like this, so I'll look into it further and see what can be done. Not being a python programmer myself, it will take some time for me to get used to the aca-py codebase before I can modify much. I'm not sure what you mean by semi-automatic scaling.

haardikkk (Fri, 27 Mar 2020 19:16:19 GMT):
it sounds like for the custodial wallet solution, if the only DIDComm we foresee is within our solution, we can overlook DIDComm and use an internal messaging system, and revisit this question for our non-custodial wallet app

haardikkk (Fri, 27 Mar 2020 19:16:31 GMT):
I'm curious as to how Streetcred does it

haardikkk (Fri, 27 Mar 2020 19:18:08 GMT):
it seems to me like running n-docker containers for n-users of your app can get really expensive really fast

swcurran (Fri, 27 Mar 2020 19:19:52 GMT):
Absolutely - for that use case you need one agent that can handle it. We weren't building for that. :-( The big questions are what would you like the APIs to look like? The Admin, the DIDComm inbound? Basically, how does the ACA-Py instance know what entity the requests (DIDComm or Admin API) are for? Second what does storage look like? How do you want the database to look.

swcurran (Fri, 27 Mar 2020 19:20:57 GMT):
FYI - for a mediator, you don't need all of that. As long as it is dumb, and just hands over messages, it doesn't need it. Is there a link to the Streetcred solution you are talking about?

haardikkk (Fri, 27 Mar 2020 19:21:38 GMT):
for the first question we can have an internal unique identifier for all our users which can be included with the request. for the wallets, the storage can be just the indy postgres plugin no? as far the aries connection related storage, an ID can be attached referring to the internal identifier

haardikkk (Fri, 27 Mar 2020 19:22:34 GMT):
The streetcred mobile app wallet is what im talking about. Each mobile app user has a local privatekey, and they can receive invitations by scanning a QR code. they then build a request from that invitation and respond back to the issuer. The "builds a request from the invitation" part is where im tripping - what agent does that? its not a part of indy-sdk, only aries

swcurran (Fri, 27 Mar 2020 19:24:45 GMT):
The streetcred mobile app runs entirely on the mobile phone - there is no custodial agent. It's all on the phone. So they aren't worried about what you are talking about. The only thing that is on the cloud is a mediator that routes (but can't decrypt) messages for the mobile agent. No magic there.

haardikkk (Fri, 27 Mar 2020 19:25:04 GMT):
how do they run an edge agent? is it aries framework dotnet which allows them to do that?

swcurran (Fri, 27 Mar 2020 19:25:29 GMT):
Well, lots of cool magic by the Streetcred folks, but no magic like you are talking about.

swcurran (Fri, 27 Mar 2020 19:27:19 GMT):
They probably are, but it's just a router - it has mobile agent specific voodoo. Maybe it makes a private key it owns (not the user) to encrypt traffic to the mobile agent, but that's it. It has one wallet. We've had another member of the community build a mediator with Kafka and the pack()/unpack() functions from the indy-sdk. No other Indy/Aries components.

swcurran (Fri, 27 Mar 2020 19:28:25 GMT):
Sorry...I misread your question. Their edge agent (the mobile agent/app) does have aries-framework-dotnet in it.

haardikkk (Fri, 27 Mar 2020 19:29:41 GMT):
okay interesting. So short of rewriting the aries rfc's to support mobile wallets, the solution is to use aries framework dotnet, afaik aries-framework-go also cant run on mobile right now, and javascript is far behind as well.

swcurran (Fri, 27 Mar 2020 19:31:09 GMT):
Nothing to do with rewriting Aries RFCs. I was talking about ACA-Py for a custodial agent on a multi-tenant cloud service

swcurran (Fri, 27 Mar 2020 19:31:09 GMT):
Nothing to do with rewriting Aries RFCs. I was talking about ACA-Py for a custodial agent on a multi-tenant cloud service.

haardikkk (Fri, 27 Mar 2020 19:31:45 GMT):
No I mean that, to be able to run an aries agent completely on mobile, the only solution rn is using aries framework dotnet

swcurran (Fri, 27 Mar 2020 19:31:56 GMT):
Right now, AF.NET is the only solution.

haardikkk (Fri, 27 Mar 2020 19:31:58 GMT):
or finishing the implementation in aries js and perhaps using react native

swcurran (Fri, 27 Mar 2020 19:32:09 GMT):
Yes - there are two other efforts on that.

haardikkk (Fri, 27 Mar 2020 19:32:19 GMT):
can you link me to them?

haardikkk (Fri, 27 Mar 2020 19:32:33 GMT):
we'd like to see if we can help out

swcurran (Fri, 27 Mar 2020 19:33:38 GMT):
https://github.com/AbsaOSS/rn-indy-sdk

swcurran (Fri, 27 Mar 2020 19:34:13 GMT):
https://github.com/ayanworks/ARNIMA

haardikkk (Fri, 27 Mar 2020 19:35:19 GMT):
the first one is just an indy implementation, and unfortunately looks like the second one is no longer being maintained :/

swcurran (Fri, 27 Mar 2020 19:35:23 GMT):
And just for fun...there is a framework that allows building python into a mobile app.

swcurran (Fri, 27 Mar 2020 19:36:09 GMT):
I know the people working on the second are working on it. Perhaps working on internal versions - they are in the community.

swcurran (Fri, 27 Mar 2020 19:37:28 GMT):
Definitely the fastest way forward in the short term is the Xamarin approach using OSMA. https://github.com/mattrglobal/osma

swcurran (Fri, 27 Mar 2020 19:37:39 GMT):
But if you don't like Xamarin...

haardikkk (Fri, 27 Mar 2020 19:39:52 GMT):
oh interesting, what framework is that?

haardikkk (Fri, 27 Mar 2020 19:40:12 GMT):
Thats great news, ill keep an eye out on the ARNIMA project. could you connect me with them?

haardikkk (Fri, 27 Mar 2020 19:40:38 GMT):
and thanks for the OSMA link - i dont have xamarin experience but i did use to do c# years ago hahah

swcurran (Fri, 27 Mar 2020 19:42:46 GMT):
OSMA should be moving to Hyperledger soon - aries-mobileagent-xamarin or something like that. `@ajayjadhav` heads up Ayanworks. This convo would have been easier if it started with "We want to build a mobile agent - how do we get started?" All of that early stuff goes away. There are use cases for all that, but not if all you want is a mobile agent :-).

swcurran (Fri, 27 Mar 2020 19:43:20 GMT):
Sorry if I led you in the wrong direction.

haardikkk (Fri, 27 Mar 2020 19:44:26 GMT):
It's all good, I just started experimenting with DIDComm/DIDExchange a couple days ago and am not fully clear on the terms yet.

swcurran (Fri, 27 Mar 2020 19:44:30 GMT):
And...if you want to start by building and iterating quickly on the UI for a mobile agent, just running an agent in the cloud and building the UI on the phone is a good approach.

haardikkk (Fri, 27 Mar 2020 19:44:38 GMT):
Also I wanted to ask about the custodial wallet thing as well, one agent for multiple users, so that got cleared as well

swcurran (Fri, 27 Mar 2020 19:45:22 GMT):
You don't need to scale that, and you can use great tools for rapidly evolving your UI before you start to be limited by mobile development cycles.

haardikkk (Fri, 27 Mar 2020 19:46:00 GMT):
good tip, time to install xamarin and dotnet

haardikkk (Fri, 27 Mar 2020 19:47:53 GMT):
thanks a lot btw!

Yano (Fri, 27 Mar 2020 20:17:20 GMT):
Has joined the channel.

blockLedger (Sat, 28 Mar 2020 15:40:27 GMT):
Can someone please explain the concept of the `tails file` and what it looks like

blockLedger (Sat, 28 Mar 2020 15:40:38 GMT):
Please forgive if this is a basic question

blockLedger (Sat, 28 Mar 2020 15:44:11 GMT):
Also is the wallet `seed` for an indy wallet indeed a 32 character without spaces or is it the traditional seed we see in other wallets which consist of random words eg: `silver water thomas etc..`

swcurran (Sat, 28 Mar 2020 19:09:17 GMT):
Best revocation doc I've seen is this one: https://github.com/hyperledger/indy-hipe/tree/master/text/0011-cred-revocation

swcurran (Sat, 28 Mar 2020 19:10:17 GMT):
It's a 32 character string, no space.

swcurran (Sat, 28 Mar 2020 19:11:35 GMT):
You can use the ACA-Py demo with Faber having a "--revocation" option to play with revocation. You should be able to download a tails file in that if you want.

blockLedger (Sat, 28 Mar 2020 21:54:04 GMT):
Thanks

jljordan_bcgov (Sun, 29 Mar 2020 15:35:43 GMT):
No leading “0”? Or is that just an issue with nonces

ankita.p (Mon, 30 Mar 2020 06:36:13 GMT):

Screenshot from 2020-03-30 11-59-34.png

priyashankar (Mon, 30 Mar 2020 08:54:05 GMT):
In the vc-authn-oidc demo, how is the aca-py agent supposed to know that it has to verify when receiving a presentation against a request?

swcurran (Mon, 30 Mar 2020 15:31:07 GMT):
When the IdP is set up, it has a configuration endpoint. The controller (e.g. the relying party) sends a challenge ID with a presentation request that is stored by the IdP. When the user is redirected to the IdP, the challenge ID is passed as a query param, and that results in the IdP (the ACA-Py part) sending the presentation request to the user (via the QR code, usually). If you looks in the `/demo` folder, you can see the "updatePresentation" script that sends the presentation request to the deployed IdP.

HLFPOC (Mon, 30 Mar 2020 15:43:54 GMT):
Hi Team, in existing alice/faber demo, while sending proof request, there is a condition on `age `attribute under `requested_predicates` in which condition is mentioned that it should be >= 18. Wanted to understand, does it demonstrates ZKP capabilities of the platform? If yes, is it possible to demonstrate the below scenario: 1. Instead of age, faber issues `date_of_birth `to Alice (lets say, it has value : 01/01/1990). 2. Now, in order to check if Alice's age is greater than 18, what should be the condition in the proof request ? 3. How and where this calculation will be handled? At Aries controller layer or agent will handle itself ?

sklump (Mon, 30 Mar 2020 15:49:13 GMT):
The only predicate supported at present is `>=`. It's a straight numeric comparison on 32-bit ints. Deeper predicate support is a future improvement.

swcurran (Mon, 30 Mar 2020 18:34:45 GMT):
So I think the answer has to be in terms of integers. So if the DoB is expressed in UNIX epoch format, then you can use DOB >= today()-years(18). I think that's right.

swcurran (Mon, 30 Mar 2020 18:35:06 GMT):
The mechanism greatly improves with Rich Schema support and data type information.

swcurran (Mon, 30 Mar 2020 18:36:05 GMT):
And there is not a technology limitation on the predicates that are possible. It's that no one has implemented them all the way into the Indy SDK.

sklump (Mon, 30 Mar 2020 18:41:16 GMT):
That gets it backwards: that will prove youth, not age. The only answers for age of majority are awkward: keep re-issuing age-attributed each birthday, or else enjoy negative birthday attributes to compare against negative time.

sklump (Mon, 30 Mar 2020 18:41:53 GMT):
Obviously, speaking only in indy-sdk.

swcurran (Mon, 30 Mar 2020 18:42:58 GMT):
OK - thanks. I wasn't sure of my expression. Dang - that's bad. :-(

HLFPOC (Mon, 30 Mar 2020 18:44:52 GMT):
@andrew.whitehead @swcurran Do we have any plans to support ATTRIB transactions in ACA-Py ?

swcurran (Mon, 30 Mar 2020 18:46:31 GMT):
@andrew.whitehead -- I think you just learned that other than `endpoints` can be attribs. Should we support more? If so - any constraints or can people post what they want?

sklump (Mon, 30 Mar 2020 18:48:51 GMT):
OTOH, it's been that way for years and every 18 months or so someone pipes up.

sklump (Mon, 30 Mar 2020 18:49:52 GMT):
There was code submitted about 18 months ago to allow other predicates, but it would have broken some data formats so it's in the hopper for improvements with the next generation.

swcurran (Mon, 30 Mar 2020 18:51:22 GMT):
@MALodder - what happened to other predicates? I recall that you did a PR at one point and it got pulled. Does that get reinstated with the Rich Schema work? Why did it not get merged?

andrew.whitehead (Mon, 30 Mar 2020 19:14:12 GMT):
I don't really know, somebody would have to test that

sklump (Mon, 30 Mar 2020 19:34:27 GMT):
it would have broken some data formats

sklump (Mon, 30 Mar 2020 19:35:22 GMT):
My PR integrated the indy group's from indy-sdk but it was discovered at the last moment that it would wreck some indy data structures - I can't remember which ones

swcurran (Mon, 30 Mar 2020 20:10:22 GMT):
What part don't you know? If ATTRIBs can be written or if ACA-Py supports it?

andrew.whitehead (Mon, 30 Mar 2020 20:10:41 GMT):
What formats are supported

pxt_uit (Tue, 31 Mar 2020 01:55:25 GMT):
Has joined the channel.

priyashankar (Tue, 31 Mar 2020 05:33:42 GMT):
@swcurran Glad to hear back. I was wondering what's a challenge id? Are you referring to "verified-email" in this case, the one that's getting configured with the controller? The QR code has a short url (base64 representation) embedded inside. Like you said, on getting redirected to the same url, the agent sends the presentation request which of course has a message decorator bundling all endpoint information. I am trying to find the code which invokes the deeplink though. Would you mind pointing that out for me?

nacerix (Tue, 31 Mar 2020 14:24:26 GMT):
Make sure you provided the schema version in the right format like this: WgWxqztrNooG92RXvxSTWv:2:schema_name:1.0

swcurran (Wed, 01 Apr 2020 00:17:54 GMT):
Join us for the ACA-Py User Group meeting *tomorrow* (Wed.) at 11AM Pacific, 8PM Amsterdam. We'll covering the latest on revocation, a new tracing capability, interop testing and a Identity Proof of Concept tool. Zoom link will be: https://zoom.us/j/900111661; Link to meeting agenda page: https://wiki.hyperledger.org/display/ARIES/2020-04-01+Aries+Cloud+Agent+-+Python+Users+Group+Community+Meeting

sklump (Wed, 01 Apr 2020 11:00:46 GMT):
It looks like any attribute/value pair could go in. Be careful of writing to the ledger - nothing ever can come off the ledger, so opening this up allows vandalism possibly to make the ledger illegal forever in your country.

l.m (Wed, 01 Apr 2020 13:18:30 GMT):
Has joined the channel.

lsm (Wed, 01 Apr 2020 14:08:02 GMT):
Has joined the channel.

lsm (Wed, 01 Apr 2020 14:20:24 GMT):
Hello ACA-Py community, is there any support for a proxy in aca-py? I am trying to deploy the agent behind a proxy and connect it to a public testnet (e.g. BCovrin). The same setup works fine with a self deployed indy net in our network. I can set the `trust_env` flag for the aiohttp package, after that I am able to retrieve the genesis transaction from the network (which didn't work without telling it to use the proxy environment variables so I assume my struggle is with the proxy). But I get a `indy.error.PoolLedgerTimeout` even after I could retreive the genesis, so I guess that the indy sdk is not able to connect to the public network? Does anyone have experience with aca-py behind a proxy or are there any workarounds? Thanks

thinhnnd (Wed, 01 Apr 2020 15:54:39 GMT):
Hi all. I catched some package communicating between OSMA and Acapy. The messages I found that has have "content-type":"application/ssi-application-wire". So I can not see the body of request or response. Is there any library to parse this content type? And I wonder that can Firebase Cloud Message forward that type of message?

swcurran (Wed, 01 Apr 2020 16:02:06 GMT):
That's my concern as well. One of the use cases discussed by the Sovrin Stewards is what happens when someone puts something illegal on the ledger. At the moment, ATTRIB is the only way to do that AFAIK. So the question is how do we make it useful, but not open in ACA-Py. FYI - discussed with the Stewards is a way to have a refuse-to-serve list of transactions per node (as they could be country specific) so that while content could go on the ledger, the nodes could refuse to serve it back. Not sure the status of that. So - do we add an arbitrary "write attrib" function or only allow structured attribs, added by use case?

victor.martinez (Wed, 01 Apr 2020 17:51:58 GMT):
Hi all, I'm getting 403: Forbidden error when calling the endpoint /issue-credential/send `2020-04-01 17:44:20,597 aiohttp.access INFO 172.23.0.1 [01/Apr/2020:17:44:20 +0000] "POST /issue-credential/send HTTP/1.1" 403 297 "http://localhost:8020/api/doc" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"` It is possible to enable some logging when running aca-py to know why i'm getting this error ?

victor.martinez (Wed, 01 Apr 2020 17:51:58 GMT):
Hi all, I'm getting 403: Forbidden error when calling the endpoint /issue-credential/send 2020-04-01 17:44:20,597 aiohttp.access INFO 172.23.0.1 [01/Apr/2020:17:44:20 +0000] "POST /issue-credential/send HTTP/1.1" 403 297 "http://localhost:8020/api/doc" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36" It is possible to enable some logging when running aca-py to know why i'm getting this error ?

sklump (Wed, 01 Apr 2020 17:54:03 GMT):
You get this when the connection isn't ready. Prime it with a trust ping each way or else specify `--auto-ping-connection` on the command line.

swcurran (Wed, 01 Apr 2020 17:55:12 GMT):
Join us for the ACA-Py User Group in 5 minutes. We'll covering the latest on revocation, a new tracing capability, interop testing and a Identity Proof of Concept tool. Zoom link will be: https://zoom.us/j/900111661; Link to meeting agenda page: https://wiki.hyperledger.org/display/ARIES/2020-04-01+Aries+Cloud+Agent+-+Python+Users+Group+Community+Meeting

victor.martinez (Thu, 02 Apr 2020 06:28:22 GMT):
yes, this was the problem. Thanks!

ankita.p (Thu, 02 Apr 2020 09:34:34 GMT):
yes, I gave schema_version in decimals only.

ankita.p (Thu, 02 Apr 2020 09:35:29 GMT):
this is with the latest version of the aries-cloudagent. Also, when I just put a logger and try running to aca-py agent using the codebase, it works.

priyashankar (Thu, 02 Apr 2020 10:21:55 GMT):
Is there any way for an aca-py agent to respond to a proof request made using a service decorator (ephemeral) which bundles all endpoint information?

priyashankar (Thu, 02 Apr 2020 10:21:55 GMT):
How can an aca-py agent respond to a proof request made using a service decorator (ephemeral) which bundles all endpoint information?

priyashankar (Thu, 02 Apr 2020 10:21:55 GMT):
How can an aca-py agent respond to a proof request made using a service decorator (ephemeral) which bundles all endpoint information? I see there's one such issue at https://github.com/hyperledger/aries-cloudagent-python/issues/195. Does aca-py support ephemeral protocol natively as of now?

priyashankar (Thu, 02 Apr 2020 10:21:55 GMT):
Does aca-py support ephemeral protocol natively as of now? How can an aca-py agent respond to a proof request made using such protocol? I see there's one such issue at https://github.com/hyperledger/aries-cloudagent-python/issues/195 but I see that's closed.

Audrius (Thu, 02 Apr 2020 12:48:44 GMT):
Has joined the channel.

ekubilay (Fri, 03 Apr 2020 06:57:48 GMT):
Has joined the channel.

ekubilay (Fri, 03 Apr 2020 06:57:49 GMT):
Hi everyone, here is a newbie question; I am trying to play around with the administration API of aca-py. And I'm using the following; https://github.com/sovrin-foundation/sovrin/blob/master/sovrin/pool_transactions_sandbox_genesis as the genesis url. I am trying to make a "/ledger/taa/accept" call however I am not fully sure which "mechanism" value I should be using and which network. I played around but I keep getting "Ledger rejected transaction request, UnauthorizedClientRequest..." errors when I try to interact with the ledger. I would appreciate any help! Many thanks in advance.

shonjs (Fri, 03 Apr 2020 12:01:56 GMT):
Has joined the channel.

skynet (Fri, 03 Apr 2020 12:53:28 GMT):
Has joined the channel.

andrew.whitehead (Fri, 03 Apr 2020 14:32:50 GMT):
We should probably put up a page on this since people keep running into issues. If you GET the /ledger/taa route, it should provide the current TAA for the ledger along with the acceptance mechanisms. You would take the text and version from that response, choose one of the mechanisms, and submit that to the /ledger/taa/accept endpoint

swcurran (Fri, 03 Apr 2020 15:35:19 GMT):
I'll add that to my doc list

esune (Fri, 03 Apr 2020 15:44:05 GMT):
@swcurran and @andrew.whitehead can confirm. aca-py does not support the ephemeral protocol, it however partially supports the service decorator.

swcurran (Fri, 03 Apr 2020 16:30:38 GMT):
That's where we are now - ACA-Py does generates, but does not currently respond to ephemeral challenges (e.g. messages with a service decorator). It's been considered, but there is no strong use case that we're aware of for implementing that. That may change (or may not) when we add support for the Out of Band protocol that has been proposed as an RFC.

pxt_uit (Sat, 04 Apr 2020 09:50:57 GMT):
Hello everyone, I currently using ACA-Py for my cloud agent, I want to develop a mobile app using Aries FW .NET (mobile agent - MB-A) and using ACA-Py for mediator agent (MA). Read the RFCs #0092 (https://github.com/hyperledger/aries-rfcs/tree/master/features/0092-transport-return-route) and based on it, I know I can develop MA for MB-A, but I don't know how to use it in ACA-Py. Somebody please help me explain the transport return route work and how to apply in my mediator agent using ACA-Py. Thank you so much. (and sorry for my bad english)

WadeBarnes (Mon, 06 Apr 2020 13:15:41 GMT):
This may be worth a look; https://github.com/hyperledger/aries-mobileagent-xamarin

newbiestat (Tue, 07 Apr 2020 09:41:53 GMT):
Has joined the channel.

SuperSeiyan (Tue, 07 Apr 2020 12:33:32 GMT):
edge agent

swcurran (Wed, 08 Apr 2020 00:17:06 GMT):
@all We are planning on removing the (long since) deprecated v0.1 Credential Exchange protocols and the related Admin interfaces. Is anyone using that functionality that would be affected by that change? The protocols for RFC 0036 and 0037 (Issue Credential and Present Proof) will of course remain. Speak now, please!

swcurran (Wed, 08 Apr 2020 00:17:06 GMT):
@all We are planning on removing the (long since) deprecated v0.1 Credential Exchange protocols and the related Admin interfaces. Is anyone using that functionality and would be affected by that change? The protocols for RFC 0036 and 0037 (Issue Credential and Present Proof) will of course remain. Speak now, please!

jcourt (Wed, 08 Apr 2020 04:34:00 GMT):
Has joined the channel.

jcourt (Wed, 08 Apr 2020 04:59:49 GMT):
Hi, I am trying to set up a productive development env for playing with aca-py Controllers. Trying to connect the VSCode IDE using ptsvd talking to a docker container on MAC. I have been following this readme https://github.com/hyperledger/aries-cloudagent-python/blob/master/DevReadMe.md#Developing The issue I have once exporting the correct port (i.e. 5678) from the docker container is that the handshake between the ide and ptsvd inside the container never completes successfully. Actually the ptvsd code inside the container throws an exception attached below. Has anyone had success with ptvsd on MAC or seen the following behaviour ? I have Wireshark traces of the loopback that show the two are communicating but the IDE side starts by asking for a "command" : "evaluate" and the container responds with "type":"event" returning the ptvsd version of 4.3.2 which is the same ptvsd version on both sides but then the IDE responds to that with a "command":"disconnect" and that's the end. Any pointers appreciated, here is the trace on the container side Successfully tagged aries-cloudagent-run:latest ptvsd is running === Waiting for debugger to attach === E00281.187: Traceback (most recent call last): File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/ptvsd/ipcjson.py", line 269, in process_one_message msg = self.__message.pop(0) IndexError: pop from empty list During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/ptvsd/ipcjson.py", line 170, in _wait_for_message length_text = headers['Content-Length'] KeyError: 'Content-Length' During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/ptvsd/ipcjson.py", line 258, in process_messages self.process_one_message() File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/ptvsd/ipcjson.py", line 272, in process_one_message self._wait_for_message() File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/ptvsd/ipcjson.py", line 179, in _wait_for_message raise InvalidHeaderError('Content-Length not specified in headers') ptvsd.ipcjson.InvalidHeaderError: Content-Length not specified in headers

jcourt (Wed, 08 Apr 2020 04:59:49 GMT):
Hi, I am trying to set up a productive development env for playing with aca-py Controllers. Trying to connect the VSCode IDE using ptvsd talking to a docker container on MAC. I have been following this readme https://github.com/hyperledger/aries-cloudagent-python/blob/master/DevReadMe.md#Developing The issue I have once exporting the correct port (i.e. 5678) from the docker container is that the handshake between the ide and ptvsd inside the container never completes successfully. Actually the ptvsd code inside the container throws an exception attached below. Has anyone had success with ptvsd on MAC or seen the following behaviour ? I have Wireshark traces of the loopback that show the two are communicating but the IDE side starts by asking for a "command" : "evaluate" and the container responds with "type":"event" returning the ptvsd version of 4.3.2 which is the same ptvsd version on both sides but then the IDE responds to that with a "command":"disconnect" and that's the end. Any pointers appreciated, here is the trace on the container side Successfully tagged aries-cloudagent-run:latest ptvsd is running === Waiting for debugger to attach === E00281.187: Traceback (most recent call last): File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/ptvsd/ipcjson.py", line 269, in process_one_message msg = self.__message.pop(0) IndexError: pop from empty list During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/ptvsd/ipcjson.py", line 170, in _wait_for_message length_text = headers['Content-Length'] KeyError: 'Content-Length' During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/ptvsd/ipcjson.py", line 258, in process_messages self.process_one_message() File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/ptvsd/ipcjson.py", line 272, in process_one_message self._wait_for_message() File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/ptvsd/ipcjson.py", line 179, in _wait_for_message raise InvalidHeaderError('Content-Length not specified in headers') ptvsd.ipcjson.InvalidHeaderError: Content-Length not specified in headers

jcourt (Wed, 08 Apr 2020 04:59:49 GMT):
Hi, I am trying to set up a productive development env for playing with aca-py Controllers. Trying to connect the VSCode IDE using ptvsd talking to a docker container on MAC. I have been following this readme https://github.com/hyperledger/aries-cloudagent-python/blob/master/DevReadMe.md#Developing The issue I have once exporting the correct port (i.e. 5678) from the docker container is that the handshake between the ide and ptvsd inside the container never completes successfully. Actually the ptvsd code inside the container throws an exception attached below. Has anyone had success with ptvsd on MAC or seen the following behaviour ? I have Wireshark traces of the loopback that show the two are communicating but the IDE side starts by asking for a "type":"request", "command" : "evaluate" and the container eventually responds with "type":"response", "message":"Unable to find thread for evaluation", "success":"false" then the IDE responds to that with a "type":"request","command":"disconnect" and that's the end. The disconnect actually is recorded before the fail in the trace but I am discounting that to timing vageries. Any pointers appreciated, here is the trace on the container side Successfully tagged aries-cloudagent-run:latest ptvsd is running === Waiting for debugger to attach === E00281.187: Traceback (most recent call last): File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/ptvsd/ipcjson.py", line 269, in process_one_message msg = self.__message.pop(0) IndexError: pop from empty list During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/ptvsd/ipcjson.py", line 170, in _wait_for_message length_text = headers['Content-Length'] KeyError: 'Content-Length' During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/ptvsd/ipcjson.py", line 258, in process_messages self.process_one_message() File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/ptvsd/ipcjson.py", line 272, in process_one_message self._wait_for_message() File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/ptvsd/ipcjson.py", line 179, in _wait_for_message raise InvalidHeaderError('Content-Length not specified in headers') ptvsd.ipcjson.InvalidHeaderError: Content-Length not specified in headers

jcourt (Wed, 08 Apr 2020 05:13:03 GMT):
Oh and here is the actual command to start the aca-py agent inside docker : PORTS="5678:5678 10000:10000" ./scripts/run_docker start --inbound-transport http 0.0.0.0 10000 --outbound-transport http --debug --log-level DEBUG

victor.martinez (Wed, 08 Apr 2020 05:56:10 GMT):
Hi all, I’m trying to use sovrin Staging Net with aca-py. I am trying to make a "/ledger/taa/accept" call however I am not fully sure which "mechanism" value I should be using , text and version. Currently this is the payload I’m using but still I’m getting Ledger rejected transaction request: client request invalid: InvalidClientTaaAcceptanceError('Incorrect Txn Author Agreement(digest=a93111e11f76bd60d8de4e4db329c0c8d937541c2ba221710a91965e073eb914) in the request',) when trying to write into the ledger.

victor.martinez (Wed, 08 Apr 2020 05:56:10 GMT):
Hi all, I’m trying to use sovrin Staging Net with aca-py. I am trying to make a "/ledger/taa/accept" call however I am not fully sure which "mechanism" value I should be using , text and version. Currently this is the payload I’m trying but still I’m getting Ledger rejected transaction request: client request invalid: InvalidClientTaaAcceptanceError('Incorrect Txn Author Agreement(digest=a93111e11f76bd60d8de4e4db329c0c8d937541c2ba221710a91965e073eb914) in the request',) when trying to write into the ledger.

victor.martinez (Wed, 08 Apr 2020 05:57:02 GMT):

/ledger/taa/accept-payload

andrew.whitehead (Wed, 08 Apr 2020 06:01:40 GMT):
Looks like a bug was introduced there, in scripts/run_docker line 15 should be `if [ "$arg" = "--debug" ]; then`

jcourt (Wed, 08 Apr 2020 06:04:41 GMT):
Ahh instead of if [ "$arg" = "--timing" ]; then ?

jcourt (Wed, 08 Apr 2020 06:04:41 GMT):
Ahh instead of *if [ "$arg" = "--timing" ]; then* ?

andrew.whitehead (Wed, 08 Apr 2020 06:06:26 GMT):
Yup

jcourt (Wed, 08 Apr 2020 06:07:14 GMT):
Let me give that a go, not sure how you worked that out so quickly but I will owe you beer if that's it

jcourt (Wed, 08 Apr 2020 06:09:58 GMT):
Now I think I have a different issue to investigate as the ports aren't being exposed by docker docker: Error response from daemon: Ports are not available: /forwards/expose/port returned unexpected status: 500. ERRO[0000] error waiting for container: context canceled

jcourt (Wed, 08 Apr 2020 06:10:23 GMT):
I will see what I might have upset.

jcourt (Wed, 08 Apr 2020 06:12:55 GMT):
More than likely because I am still specifying the 5678 port on the command

andrew.whitehead (Wed, 08 Apr 2020 06:13:10 GMT):
Yeah I think you can leave that off

jcourt (Wed, 08 Apr 2020 06:15:03 GMT):
Actually fixing the start script just means I don't have to put the ptvsd port on the command. I end up back at the same error situation though

jcourt (Wed, 08 Apr 2020 06:15:24 GMT):
Still throwing the exception when the IDE attempts to connect

jcourt (Wed, 08 Apr 2020 06:16:17 GMT):
I guess it answers one question, its likely with the bug in the startup script, no one has been attempting this of late using ptvsd

andrew.whitehead (Wed, 08 Apr 2020 06:19:18 GMT):
How are you launching the inspector from vscode?

jcourt (Wed, 08 Apr 2020 06:21:16 GMT):
With a launch.json config ? { "version": "0.2.0", "configurations": [ { "type": "node", "request": "attach", "name": "Docker: Attach to Cloud Agent", "remoteRoot": "/home/indy", "port" : 5678, "localRoot" : "${workspaceFolder}/bin", "timeout" : 20000, "trace" : true } ] }

andrew.whitehead (Wed, 08 Apr 2020 06:21:56 GMT):
Little different from mine, yours seems to be for node for one thing

andrew.whitehead (Wed, 08 Apr 2020 06:21:59 GMT):
```{ "name": "Python: Remote Attach", "type": "python", "request": "attach", "port": 5678, "host": "localhost", "pathMappings": [ { "localRoot": "${workspaceFolder}", "remoteRoot": "." } ] }```

jcourt (Wed, 08 Apr 2020 06:22:26 GMT):
So yours is working ?

andrew.whitehead (Wed, 08 Apr 2020 06:22:33 GMT):
Yep

jcourt (Wed, 08 Apr 2020 06:22:55 GMT):
I wonder if this is a version thing of the IDE

jcourt (Wed, 08 Apr 2020 06:23:34 GMT):
ohh hang on I see what you mean

jcourt (Wed, 08 Apr 2020 06:25:34 GMT):
This could be a stuffup on my part for being VSCode newbie. I will hunt this down before bothering you further. Thanks so much for the time.

andrew.whitehead (Wed, 08 Apr 2020 06:25:52 GMT):
Good luck! Bed time here

jcourt (Wed, 08 Apr 2020 06:26:40 GMT):
Sleep well and thanks again

jcourt (Wed, 08 Apr 2020 06:28:36 GMT):
Just fyi, that was the final issue thankyou

jcourt (Wed, 08 Apr 2020 06:29:24 GMT):
:beers:

ekubilay (Wed, 08 Apr 2020 06:57:56 GMT):
Hi all, I am trying to send a NYM registration to the Greenlight Dev Ledger through administration API, but i keep getting "Ledger rejected transaction request and Unauthorized client request" errors. Any ideas why it might happen? Thank you in advance.

victor.martinez (Wed, 08 Apr 2020 07:01:14 GMT):
same problem here, it is my understanding that you need to accept the transaction author agreement using the /ledger/taa/accept endpoint. My problem is that I don't know how to construct the payload with attributes (mechanism, text and version)

nikolas (Wed, 08 Apr 2020 07:13:19 GMT):
Has joined the channel.

ankita.p (Wed, 08 Apr 2020 10:38:28 GMT):
Hi @swcurran , in aca-py the module which is marked as *deprecated* is not using v0.1 Credential Exchange protocols, but the one which is not deprecated seems to have it implemented. Please find the screenshot I am referring to and confirm. Because I am using 'issue-credential' under protocols, which is using V10CredentialExchange protocol and not marked as deprecated.

ankita.p (Wed, 08 Apr 2020 10:41:06 GMT):

Screenshot from 2020-04-08 16-04-05.png

nacerix (Wed, 08 Apr 2020 12:48:09 GMT):
aca-py's logging best practices: I shared some proposals on github from my readings to start the discussion.

nacerix (Wed, 08 Apr 2020 12:50:11 GMT):
Your current DID should be registered with endorser role at minimum to do this

swcurran (Wed, 08 Apr 2020 13:52:42 GMT):
On the sandbox ledgers like Greenlight, you need to use the Endorser on the ledger to create the DID (NYM). Easiest way to do it is to use the ledger Web Interface to create the DID and use it in your program. Generally, you want to separate out provisioning (creating objects on the ledger) from running your application/controller. As such, it is reasonable to "cheat" by using the UI to create the DID. On a fully permissioned ledger, to write to the ledger requires get your transactions signed by an endorser.

swcurran (Wed, 08 Apr 2020 13:53:33 GMT):
We have a quite involved demo that goes over provisioning when endorser signing is needed - https://github.com/bcgov/von-network/blob/master/docs/Writing%20Transactions%20to%20a%20Ledger%20for%20an%20Un-privileged%20Author.md

swcurran (Wed, 08 Apr 2020 13:55:12 GMT):
Awesome that you are doing this - would love to get this added to the docs when it's working. @nbrempel @andrew.whitehead - can you help with this?

swcurran (Wed, 08 Apr 2020 13:57:10 GMT):
Awesome - @jcourt - maybe you could summarize what you did and let me know? Would love to have a doc to point folks to in the repo.

swcurran (Wed, 08 Apr 2020 13:57:42 GMT):
And I see @andrew.whitehead has already worked with you on the next thread - cool stuff!

ekubilay (Wed, 08 Apr 2020 14:13:50 GMT):
Thank you for your detailed response! In this case which ledger do you recommend to use for development purposes? Preferably without Taa requirement or needing to use Endorser role.

khalifa (Wed, 08 Apr 2020 14:17:24 GMT):
Has joined the channel.

swcurran (Wed, 08 Apr 2020 14:25:21 GMT):
We (BC Gov) run a number ledgers including the Greenlight one. All are more or less identical - 4-node instances of the Indy sandbox ledger. A full list is here: https://vonx.io/clickythings/ If you are working on a demo that uses a mobile agent (e.g. Streetcred or esatus) you can use http://test.bcovrin.vonx.io/, which they support.

nacerix (Wed, 08 Apr 2020 14:34:45 GMT):
or setup your own dev ledger on your computer with docker: https://github.com/bcgov/von-network/blob/master/docs/UsingVONNetwork.md

swcurran (Wed, 08 Apr 2020 14:35:26 GMT):
Absolutely. :-)

swcurran (Wed, 08 Apr 2020 23:57:14 GMT):
names

jcourt (Thu, 09 Apr 2020 00:17:44 GMT):
Hi Stephen, I will go back through the doc page and try and create some suggested changes. I actually ended up their as I am doing your EDX course for Aries developers only in Audit mode I'm afraid :-)

daveek (Fri, 10 Apr 2020 12:42:51 GMT):
And If I want to run my own private ledger for Production?

swcurran (Fri, 10 Apr 2020 15:30:06 GMT):
That seems like an oxymoron, but if you want to do that, you can run an instance of von-network with an many nodes as you want. That's what we're doing for the BCovrin networks, but we don't use those for production.

daveek (Fri, 10 Apr 2020 15:35:58 GMT):
Thanks and I posted some questions earlier in #aries channel, will u please answer them (when u get time). :)

nacerix (Fri, 10 Apr 2020 18:05:55 GMT):
I have played with 4 EC2 instances on aws that I configured following what has been done for von-network. I simply decomposed the manage script into individual commands that I ran on each node

nacerix (Fri, 10 Apr 2020 18:07:22 GMT):
But for real production you will need way more than that, particularly when it comes to crypto material management

daveek (Fri, 10 Apr 2020 18:21:07 GMT):
@swcurran @nacerix then how will I be able to run it in Production?

daveek (Fri, 10 Apr 2020 18:21:33 GMT):
Is there any Code, u could share?

daveek (Fri, 10 Apr 2020 18:22:55 GMT):
and also I posted some questions in #aries channel about how to make run Agents in Production?

nacerix (Fri, 10 Apr 2020 18:36:32 GMT):
Maybe I misunderstand your question but it's not a matter of code but your capability to deploy the existing code on your production server and configure them accordingly.

nacerix (Fri, 10 Apr 2020 18:37:57 GMT):
Same apply for agents. If you are comfortable with docker it is easy to reuse the scripts available in the acapy repo

daveek (Fri, 10 Apr 2020 18:39:36 GMT):
aah. so there isn't any difference between Development Environment and Production Environment?

swcurran (Fri, 10 Apr 2020 18:40:10 GMT):
No - it's a question of how you are managing the nodes, what keys have been used, etc.

daveek (Fri, 10 Apr 2020 18:41:25 GMT):
Ok.. then I think I should try it out (deploy project in Production)

daveek (Fri, 10 Apr 2020 18:41:45 GMT):
I had these concern about Pools and Wallets e.t.c and how to scale them

swcurran (Fri, 10 Apr 2020 18:41:59 GMT):
Or you can use Sovrin Mainnet - that's a full production network.

daveek (Fri, 10 Apr 2020 18:42:13 GMT):
that's why I posted qs in #aries

daveek (Fri, 10 Apr 2020 18:42:33 GMT):
And Price for that?

swcurran (Fri, 10 Apr 2020 18:42:41 GMT):
Saw those and will answer - doing other stuff right now.

daveek (Fri, 10 Apr 2020 18:42:54 GMT):
Ok.. thanks

swcurran (Fri, 10 Apr 2020 18:44:07 GMT):
They have a price list and it depends on number of issuers you have, number of credential types, and if you are doing revocation. I have a quick and dirty spreadsheet for such calcs because someone asked the same question. I should create a form :-)

daveek (Fri, 10 Apr 2020 18:45:13 GMT):
Our Issuers have more than Million Customers and there would be Millions of Transaction in a single day, what will u suggest? If somehow we manage to run our network, will it be scalable for that?

daveek (Fri, 10 Apr 2020 18:45:29 GMT):
Ok..

nacerix (Fri, 10 Apr 2020 18:46:35 GMT):
I will be interested too, I'm currently working on a project that will use sovrin in production

swcurran (Fri, 10 Apr 2020 18:46:48 GMT):
I think you need to learn a bit more about Indy. Credentials don't go on the ledger. Only DIDs of issuers, and some credential metadata. So - back to your use case - how many issuers, home many ereds, and are you doing revo?

swcurran (Fri, 10 Apr 2020 18:47:27 GMT):
We issued 2.5M credentials using 3 ledger transactions in our first production use case.

daveek (Fri, 10 Apr 2020 18:49:55 GMT):
When Issuer issue credentials to holder it stores in wallet, right?

daveek (Fri, 10 Apr 2020 18:52:21 GMT):
Isn't wallet/pools is something one should consider to scale?

swcurran (Fri, 10 Apr 2020 19:41:16 GMT):
The issuer will want to track all the issued credentials, but need not do that in the wallet. The holder needs a wallet capable of holding their credentials. Assuming we are talking people - mobile agents are likely sufficient for now.

swcurran (Fri, 10 Apr 2020 19:42:17 GMT):
I don't know your full use case, but issuer scaling is what is needed and that is pretty much enterprise web service scaling. Some unique challenges, but all the concepts are the same.

daveek (Fri, 10 Apr 2020 19:43:13 GMT):
Aah. now got it.

daveek (Fri, 10 Apr 2020 19:43:48 GMT):
And if bank (issuer) wants to give access to it's branches to issue credential, is it possible?

daveek (Fri, 10 Apr 2020 19:45:14 GMT):
and also I'm not clarified about Pool, can you please explain it?

swcurran (Fri, 10 Apr 2020 19:45:18 GMT):
Yes - we recently added some new code to use for that I think should work. Depends of course :-). How is the actual issuer - the bank or the branch?

daveek (Fri, 10 Apr 2020 19:45:39 GMT):
Bank is Issuer

daveek (Fri, 10 Apr 2020 19:45:53 GMT):
and want to give access to it's branches to issue credentials

swcurran (Fri, 10 Apr 2020 19:46:32 GMT):
The pool is just a local data struct that agent (issuer, holder, verifier) keeps to connect to the network. It's just the connection definition - nothing more than that. It's definitely not shared across agents.

daveek (Fri, 10 Apr 2020 19:47:28 GMT):
aah, so the only thing we need to scale is Ledger and this is what offered by sovrin?

swcurran (Fri, 10 Apr 2020 19:51:07 GMT):
No - the thing you need to scale is the issuer. Depending on the number of issuers (one?) and credential types (5?) you only will have a handful of transactions. Definitely the ledger will not be the issue - a handful of writes and cached reads by the participants. The scaling is on the issuer connecting to and issuing credentials to a million holders.

daveek (Fri, 10 Apr 2020 19:52:11 GMT):
:upside_down:

daveek (Fri, 10 Apr 2020 19:53:14 GMT):
for now we have one issuer (one organization) maybe in near future, multiple (and also want to distribute it with branches)

daveek (Fri, 10 Apr 2020 19:53:58 GMT):
schemas are less than 10

swcurran (Fri, 10 Apr 2020 20:03:16 GMT):
Are you going to want revocation? Be warned that it is early, and the current model doesn't scale to the millions of credentials. New version - Coming Soon!!!

swcurran (Fri, 10 Apr 2020 20:03:50 GMT):
With revocation, you are talking 21 ledger transactions.

swcurran (Fri, 10 Apr 2020 20:03:50 GMT):
Withouot revocation, you are talking 21 ledger transactions.

swcurran (Fri, 10 Apr 2020 20:03:50 GMT):
Without revocation, you are talking 21 ledger transactions.

daveek (Fri, 10 Apr 2020 20:13:12 GMT):
'Without revocation, you are talking 21 ledger transactions.' ?

daveek (Fri, 10 Apr 2020 20:13:27 GMT):
Revocation, YES!

swcurran (Fri, 10 Apr 2020 20:19:31 GMT):
You can do your PoC with current revocation ("1.0"), but you will need the 2.0 stuff. We're working on it now and hope it is available within a few months. The interface and mechanism (transactions) are the same, but the underlying implementation is WAY more scalable... To add revocation, you need 10 more ledger transactions, and likely 10 more transactions per day.

swcurran (Fri, 10 Apr 2020 20:20:12 GMT):
So that would be about $960 for the initial transactions on Sovrin, plus $1/day for revocations (assuming you are doing daily batch revocations).

daveek (Fri, 10 Apr 2020 20:21:34 GMT):
OK. Thank u so much for your time and when if you get a pricing list for sovirin network, kindly share with me and again thanks :)

daveek (Fri, 10 Apr 2020 20:21:34 GMT):
OK. Thank u so much for your time and when you get a pricing list for sovirin network, kindly share with me and again thanks :)

swcurran (Fri, 10 Apr 2020 20:22:30 GMT):
The pricing is on the sovrin.org site. I just did a quick calculator of costs based on the number of each transaction.

daveek (Fri, 10 Apr 2020 20:22:48 GMT):
:) :) :)

jcourt (Mon, 13 Apr 2020 00:02:09 GMT):
@swcurran and @andrew.whitehead I have a change set in my fork that adds the ability to use VSCode debugging with the alice, faber, and acme demos you may be interested in reviewing. Thanks for the help.

ankita.p (Mon, 13 Apr 2020 08:42:35 GMT):

Same did.png

sukalpomitra (Mon, 13 Apr 2020 12:53:23 GMT):
Are you using the same seed?

ankita.p (Mon, 13 Apr 2020 12:53:48 GMT):
No, I am not using any see

ankita.p (Mon, 13 Apr 2020 12:53:48 GMT):
No, I am not using any seed

swcurran (Mon, 13 Apr 2020 13:49:58 GMT):
How did you spin up the agents?

swcurran (Mon, 13 Apr 2020 13:49:58 GMT):
How did you spin up the agents? What commands. I would guess some seeds are the same.

SuperSeiyan (Tue, 14 Apr 2020 04:28:33 GMT):
Hello everyone, Is there any idea to deploy multiple ACA-py on a single GCP instance with Nginx using Docker?. Due to the GCP instance ports are allowed only 80 and 443 and do not want to open more port. Thank you in advance for your help.

andrew.whitehead (Tue, 14 Apr 2020 04:52:26 GMT):
I don't know much about GCP but maybe you can just set up reverse proxy rules in nginx so that a different prefix path maps to a different agent

ankita.p (Tue, 14 Apr 2020 07:09:10 GMT):
I provisioned wallets without any seed. aca-py provision --wallet-name alice --wallet-key alice --genesis-url

ankita.p (Tue, 14 Apr 2020 08:32:38 GMT):
revocation

biligunb (Wed, 15 Apr 2020 03:10:00 GMT):

biligunb - Wed Apr 15 2020 11:09:54 GMT+0800 (Ulaanbaatar Standard Time).txt

biligunb (Wed, 15 Apr 2020 03:11:02 GMT):
Hi guys. I tried ACA-PY with PostgreSQL and ran some tests. Which lead to PostgreSQL too many connections. Does aca-py open new connections everytime new request is received or does it keep the old one open? attachment log :

biligunb (Wed, 15 Apr 2020 03:11:15 GMT):

biligunb - Wed Apr 15 2020 11:11:13 GMT+0800 (Ulaanbaatar Standard Time).txt

ItsOmerShafiq (Wed, 15 Apr 2020 12:29:25 GMT):
Has joined the channel.

khalifa (Wed, 15 Apr 2020 12:42:49 GMT):
Hello everyone, I am new with indy and aries. I have just finished the two courses about aries and indy LFS172x and LFS173x in edx. I have a few questions: 1) How to create a public did: Anyone could create it or it depends on the deployed indy network (in its configuration)? 2) Using the aca-py agent, how could you obtain the diddoc? 3)In order to get a list of credentitals or schemas published in the ledger, we will need their id? we could not get all the lists of schemas for example? 4) My main goal is to use a local indy network with deployed fabric blockhain, we have to gaurantee the interoperability between this two BCs. Mainly, some chaincode deplyed in fabric should check some claims for the user. Is it possible to use the indy sdk, or aries inside the chaincode? Thank you in advance for your help/responses

khalifa (Wed, 15 Apr 2020 12:42:49 GMT):
Hello everyone, I am new with indy and aries. I have just finished the two courses about aries and indy LFS172x and LFS173x in edx. I have few questions: 1) How to create a public did: Anyone could create it or it depends on the deployed indy network (in its configuration)? 2) Using the aca-py agent, how could you obtain the diddoc? 3)In order to get a list of credentitals or schemas published in the ledger, we will need their id? we could not get all the lists of schemas for example? 4) My main goal is to use a local indy network with a deployed fabric blockhain, we have to gaurantee the interoperability between these two BCs. Mainly, some chaincode deployed in fabric should check some claims for the user. Is it possible to use the indy sdk, or aries inside the chaincode? Thank you in advance for your help/responses

MikeRichardson (Wed, 15 Apr 2020 15:04:31 GMT):
Has joined the channel.

MikeRichardson (Wed, 15 Apr 2020 15:04:32 GMT):
If I fire up aca-py from the command line with the admin api enabled I am seeing an error. Anyone know what this means? The command line I am using is aca-py start --inbound-transport http 0.0.0.0 8030 --outbound-transport http --endpoint http://192.168.99.100:8030 --admin 0.0.0.0 8031 --admin-insecure-mode There is an error: aries_cloudagent.core.plugin_registry ERROR Error loading admin routes: Unable to import module aries_cloudagent.protocols.present_proof.routes: No module named 'indy' (Ubuntu 16.04 on Windows w/Docker Toolbox, Python 3.7.4)

MikeRichardson (Wed, 15 Apr 2020 15:05:09 GMT):
i have tried this with the same parameters used by the alice python controller

andrew.whitehead (Wed, 15 Apr 2020 15:08:00 GMT):
That means that you don't have the python3-indy python module installed

MikeRichardson (Wed, 15 Apr 2020 15:09:24 GMT):
i have installed aries-cloud-agent as per the insructions; i.e, pip install aries-cloudagent

MikeRichardson (Wed, 15 Apr 2020 15:09:32 GMT):
what else would I need to do?

andrew.whitehead (Wed, 15 Apr 2020 15:11:30 GMT):
You'll need the indy SDK installed, instructions for that are here: https://github.com/hyperledger/indy-sdk#installing-the-sdk

andrew.whitehead (Wed, 15 Apr 2020 15:11:48 GMT):
Then `pip install aries-cloudagent[indy]` should bring in the indy python wrapper

HLFPOC (Wed, 15 Apr 2020 17:19:57 GMT):
Hi Team, Is it possible to capture the event of credential verification through the available ACA-Py Admin APIs ? I want to capture the count of verification done by Verifiers for a particular credential presented by the holders as response of the proof-request. So wanted to understand what all APIs/protocols are currently present in ACA-Py to handle such kind of data required for auditing and reporting purposes.

swcurran (Wed, 15 Apr 2020 17:38:46 GMT):
Yes. The webhook notifications of ACA-Py events would inform the controller of each proof/verification. The controller could track that in their own storage. We think that ACA-Py storage should be for operational infromation (e.g. connections, in flight protocol instances) and the controller should be tracking the business logic information - e.g. history, auditing, etc.

swcurran (Wed, 15 Apr 2020 17:40:31 GMT):
Join us for the ACA-Py User Group in 20 minutes. We'll covering the latest on revocation, pending new release (0.5.0) and a COVID-19 use case that we are building out at BC Gov Zoom link will be: https://zoom.us/j/900111661; Link to meeting agenda page: https://wiki.hyperledger.org/display/ARIES/2020-04-15+Aries+Cloud+Agent+-+Python+Users+Group+Community+Meeting

nacerix (Wed, 15 Apr 2020 18:58:12 GMT):
great meeting guys, unfortunately I missed half of it. Any recording to help me catch up?

anchit (Wed, 15 Apr 2020 19:02:48 GMT):
Has joined the channel.

swcurran (Wed, 15 Apr 2020 19:02:50 GMT):
Will post later today.

swcurran (Wed, 15 Apr 2020 19:03:14 GMT):
It will be on the Wiki page ^^

swcurran (Wed, 15 Apr 2020 20:46:53 GMT):
Posted the recording from the ACA-Pug meeting today covering recent updates, revocation 2.0 work and a new BC COVID-19 related initiative - SafeEntryBC

swcurran (Wed, 15 Apr 2020 20:46:53 GMT):
Posted the recording from the ACA-Pug meeting today covering recent updates, revocation 2.0 work and a new BC COVID-19 related initiative - SafeEntryBC. https://wiki.hyperledger.org/display/ARIES/2020-04-15+Aries+Cloud+Agent+-+Python+Users+Group+Community+Meeting

nacerix (Wed, 15 Apr 2020 21:45:29 GMT):
cool, thx a lot Stephen

victor.martinez (Thu, 16 Apr 2020 20:53:22 GMT):
Hi all, do you know if there is any documentation on how to use the revocation functionality in aca-py ?

victor.martinez (Thu, 16 Apr 2020 20:53:40 GMT):
My understading is the 1- Create a credential definiton with revocation enable 2- create arevocation registry by credential defintiion (/revocation/create-registry) 3rd- revoke the credential (/issue-credential/revoke)

victor.martinez (Thu, 16 Apr 2020 20:54:02 GMT):
Am I correct ? my other doubts are : What is the purpose of publishing a repository ? (/revocation/registry/{id}/publish) What is a tails file, and why aca-py allows to download a tails file ?

swcurran (Thu, 16 Apr 2020 22:35:13 GMT):
Hey @victor.martinez - here is a good document that explains Indy anoncreds 1.0 revocation that includes what and why there is a tails file - https://github.com/hyperledger/indy-hipe/tree/master/text/0011-cred-revocation ACA-Py has implemented that model. To create a proof that includes a revocable credential, the holder/prover must be download and process the tails file for a revocation registry. To enable the prover to get the file, the issuer must make the file available on a public URL. There is nothing secret in the tails file - the holder prover just needs to be able to get it.

DibbsZA (Thu, 16 Apr 2020 22:45:15 GMT):
Hi all, I have a challenge that's making me loose my mind (the hair is already gone). I have two ACA-Py 0.45 agents running in k8s pods, postgress wallets, successful TAA etc. I have an Angular App/NodeJs combo as controller wired up to the API. I can call the Create Connection, generate the invitation QR and scan it with Streetcred. I get the prompt and accept and the connection is in the wallet. BUT on the Agent side the connection is not completed and always gets stuck in the *response* state like so `{ "their_did": "2XJjDUa5r5Rq91d866syxY", "initiator": "self", "connection_id": "196d4b11-4869-4977-b946-8db60599e166", "invitation_mode": "once", "alias": "Jillian", "my_did": "JGxYTowhwfgpjp3BhxBsyL", "invitation_key": "C6rRMQ6Mdrwji8WDUg5GKkQpCDT6zkpV7H5MRgBJvgrM", "created_at": "2020-04-16 20:07:13.939210Z", "their_label": "🖖🤙🤘📱", "updated_at": "2020-04-16 20:07:31.618136Z", "routing_state": "none", "state": "response", "accept": "auto" }`

DibbsZA (Thu, 16 Apr 2020 22:45:15 GMT):
Hi all, I have a challenge that's making me loose my mind (the hair is already gone). I have two ACA-Py 0.45 agents running in k8s pods, postgress wallets, successful TAA etc. I have an Angular App/NodeJs combo as controller wired up to the API. I can call the Create Connection, generate the invitation QR and scan it with Streetcred. I get the prompt and accept and the connection is in the wallet. BUT on the Agent side the connection is not completed and always gets stuck in the *response* state like so ```{ "their_did": "2XJjDUa5r5Rq91d866syxY", "initiator": "self", "connection_id": "196d4b11-4869-4977-b946-8db60599e166", "invitation_mode": "once", "alias": "Jillian", "my_did": "JGxYTowhwfgpjp3BhxBsyL", "invitation_key": "C6rRMQ6Mdrwji8WDUg5GKkQpCDT6zkpV7H5MRgBJvgrM", "created_at": "2020-04-16 20:07:13.939210Z", "their_label": "🖖🤙🤘📱", "updated_at": "2020-04-16 20:07:31.618136Z", "routing_state": "none", "state": "response", "accept": "auto" }```

DibbsZA (Thu, 16 Apr 2020 22:45:15 GMT):
Hi all, I have a challenge that's making me loose my mind (the hair is already gone). I have two ACA-Py 0.45 agents running in k8s pods, postgress wallets, successful TAA etc. I have an Angular App/NodeJs combo as controller wired up to the API. I can call the Create Connection, generate the invitation QR and scan it with Streetcred. I get the prompt and accept and the connection is in the wallet. BUT on the Agent side the connection is not completed and always gets stuck in the *response* state like so and never completes? Any Idea what I am missing? ```{ "their_did": "2XJjDUa5r5Rq91d866syxY", "initiator": "self", "connection_id": "196d4b11-4869-4977-b946-8db60599e166", "invitation_mode": "once", "alias": "Jillian", "my_did": "JGxYTowhwfgpjp3BhxBsyL", "invitation_key": "C6rRMQ6Mdrwji8WDUg5GKkQpCDT6zkpV7H5MRgBJvgrM", "created_at": "2020-04-16 20:07:13.939210Z", "their_label": "🖖🤙🤘📱", "updated_at": "2020-04-16 20:07:31.618136Z", "routing_state": "none", "state": "response", "accept": "auto" }```

swcurran (Thu, 16 Apr 2020 23:01:59 GMT):
@andrew.whitehead ^^ My guess (but Andrew would know way more) is that you have to do a trust ping or basic message to push the state into active. The Connection RFC is missing an "Ack" back from the Request and it can be a problem.

andrew.whitehead (Thu, 16 Apr 2020 23:02:35 GMT):
Yup. From the Streetcred app you can try sending a message to the agent

DibbsZA (Thu, 16 Apr 2020 23:39:25 GMT):
Amazing. It worked Thank you! I'll just unsure I do that as part of my connection flow.

andrew.whitehead (Fri, 17 Apr 2020 01:07:14 GMT):
Having the connection in the 'response' state shouldn't limit the agent from doing anything

DibbsZA (Fri, 17 Apr 2020 05:28:45 GMT):
Mmmn. I may have been self-limiting my app then when it came to selecting only 'active' users as connections that It could interact with. Thanks for the tip

jcourt (Fri, 17 Apr 2020 05:47:06 GMT):
Quick question on the ACA-py Swagger support. Am I correct in concluding that the API is generated dynamically, mostly in the routes.py files for each protocol directory ? I understand why that can be handy in dynamically adding protocols but does this mean that the Swagger Codgen capability is not useable to quickly generate other language SDK stubs ?

DibbsZA (Fri, 17 Apr 2020 10:01:50 GMT):
I have used the swagger gen just like you describe with not much issue, although I have not tried to regen a project after creating it the 1st time....

DibbsZA (Fri, 17 Apr 2020 10:02:40 GMT):
The best side effect for me is getting all the interface models easily written for me.

swcurran (Fri, 17 Apr 2020 14:12:13 GMT):
Yes, @jcourt, the swagger can be used to generate a controller in any language. If you do extend the API by adding more protocols, the swagger is dynamically extended, but that model doesn't affect using it for generation. It just means that to get the swagger file, you have to be running an ACA-Py instance vs. just grabbing it from the repo.

jcourt (Fri, 17 Apr 2020 23:54:56 GMT):
@swcurran thanks

jcourt (Fri, 17 Apr 2020 23:54:56 GMT):
@DibbsZA and @swcurran thanks

victor.martinez (Sat, 18 Apr 2020 08:53:32 GMT):
Hi all, I'm still not able to revoke a credential. This are the steps I'm follwoing :

victor.martinez (Sat, 18 Apr 2020 08:53:32 GMT):
Hi all, I'm still not able to revoke a credential. This are the steps I'm following : - I create a revocation regestry

victor.martinez (Sat, 18 Apr 2020 08:53:32 GMT):
Hi all, I'm still not able to revoke a credential. This are the steps I'm following : - I have created a credential defintion with support_revocation = true - I have created a revocation registry with the previous credential defintion - I have updated the revocation registry with the public tiles uri - I have publish the revocation registry (not sure if this step is needed) - I've issue a credential using the route (/issue-credential/send) - The credential exchange that I get as a reponse from issuing the credential contains empty values for revocation_id and revoc_reg_id which are needed later for revoking the credential (/issue-credential/revoke) Any thoughts ? Thanks!

victor.martinez (Sat, 18 Apr 2020 08:53:32 GMT):
Hi all, I'm still not able to revoke a credential. This are the steps I'm following : - I have created a credential defintion with revocation with support_revocation = true - I have created a revocation registry with the previous credential defintion - I have updated the revocation registry with the public tiles uri - I have publish the revocation registry (not sure if this step is need it) - I've issue a credential using the route (/issue-credential/send) - The credential exchange that I get as a reponse from issuing the credential contains empty values for revocation_id and revoc_reg_id which are needed for revoke the credential (/issue-credential/revoke) Any thoughts ? Thanks!

victor.martinez (Sat, 18 Apr 2020 08:53:32 GMT):
Hi all, I'm still not able to revoke a credential. This are the steps I'm following : - I have created a credential defintion with support_revocation = true - I have created a revocation registry with the previous credential defintion - I have updated the revocation registry with the public tiles uri - I have publish the revocation registry (not sure if this step is need it) - I've issue a credential using the route (/issue-credential/send) - The credential exchange that I get as a reponse from issuing the credential contains empty values for revocation_id and revoc_reg_id which are needed later for revoking the credential (/issue-credential/revoke) Any thoughts ? Thanks!

victor.martinez (Sat, 18 Apr 2020 08:53:32 GMT):
Hi all, I'm still not able to revoke a credential. This are the steps I'm following : - I have created a credential defintion with support_revocation = true - I have created a revocation registry with the previous credential defintion - I have updated the revocation registry with the public tiles uri - I have publish the revocation registry (not sure if this step is need it) - I've issue a credential using the route (/issue-credential/send) - The credential exchange that I get as a reponse from issuing the credential contains empty values for revocation_id and revoc_reg_id which are needed for revoke the credential (/issue-credential/revoke) Any thoughts ? Thanks!

nacerix (Sun, 19 Apr 2020 00:04:50 GMT):
I have made a comment about the issue https://github.com/hyperledger/aries-cloudagent-python/issues/418# and I really need your feedback to validate my understanding before proceeding with a PR if necessary.

ultimo2020 (Sun, 19 Apr 2020 12:07:55 GMT):
Hi everyone. I am trying to start the demo sample with the Faber Agen but I am getting those errors on Ubuntu 16.04: /aries-cloudagent-python/demo# LEDGER_URL=http://dev.greenlight.bcovrin.vonx.io ./run_demo faber Preparing agent image... Sending build context to Docker daemon 2.421MB Step 1/15 : FROM bcgovimages/von-image:py36-1.11-1 ---> 8332718f6fa6 Step 2/15 : ENV ENABLE_PTVSD 0 ---> Using cache ---> 435cf309cde9 Step 3/15 : ADD requirements*.txt ./ ---> Using cache ---> a67add036ded Step 4/15 : RUN pip3 install --no-cache-dir -r requirements.txt -r requirements.dev.txt ---> Running in 18db36ba3409 Collecting aiohttp==3.5.4 (from -r requirements.txt (line 1)) WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError(': Failed to establish a new connection: [Errno -3] Temporary failure in name resolution',)': /simple/aiohttp/ WARNING: Retrying (Retry(total=3, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError(': Failed to establish a new connection: [Errno -3] Temporary failure in name resolution',)': /simple/aiohttp/ WARNING: Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError(': Failed to establish a new connection: [Errno -3] Temporary failure in name resolution',)': /simple/aiohttp/ WARNING: Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError(': Failed to establish a new connection: [Errno -3] Temporary failure in name resolution',)': /simple/aiohttp/ WARNING: Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError(': Failed to establish a new connection: [Errno -3] Temporary failure in name resolution',)': /simple/aiohttp/ ERROR: Could not find a version that satisfies the requirement aiohttp==3.5.4 (from -r requirements.txt (line 1)) (from versions: none) ERROR: No matching distribution found for aiohttp==3.5.4 (from -r requirements.txt (line 1)) The command '/bin/sh -c pip3 install --no-cache-dir -r requirements.txt -r requirements.dev.txt' returned a non-zero code: 1

ultimo2020 (Sun, 19 Apr 2020 12:31:05 GMT):
After some DNS tackling I am getting another error:

ultimo2020 (Sun, 19 Apr 2020 12:31:06 GMT):
#1 Provision an agent and wallet, get back configuration details Faber | Registering Faber Agent with seed d_000000000000000000000000440109 Traceback (most recent call last): File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/runpy.py", line 193, in _run_module_as_main "__main__", mod_spec) File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/runpy.py", line 85, in _run_code exec(code, run_globals) File "/home/indy/demo/runners/faber.py", line 293, in asyncio.get_event_loop().run_until_complete(main(args.port, args.timing)) File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/asyncio/base_events.py", line 484, in run_until_complete return future.result() File "/home/indy/demo/runners/faber.py", line 132, in main await agent.register_did() File "/home/indy/demo/runners/support/agent.py", line 215, in register_did raise Exception(f"Error registering DID, response code {resp.status}") Exception: Error registering DID, response code 500

ultimo2020 (Sun, 19 Apr 2020 12:31:19 GMT):
#1 Provision an agent and wallet, get back configuration details Faber | Registering Faber Agent with seed d_000000000000000000000000440109 Traceback (most recent call last): File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/runpy.py", line 193, in _run_module_as_main "__main__", mod_spec) File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/runpy.py", line 85, in _run_code exec(code, run_globals) File "/home/indy/demo/runners/faber.py", line 293, in asyncio.get_event_loop().run_until_complete(main(args.port, args.timing)) File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/asyncio/base_events.py", line 484, in run_until_complete return future.result() File "/home/indy/demo/runners/faber.py", line 132, in main await agent.register_did() File "/home/indy/demo/runners/support/agent.py", line 215, in register_did raise Exception(f"Error registering DID, response code {resp.status}") Exception: Error registering DID, response code 500

daveek (Sun, 19 Apr 2020 12:35:08 GMT):
Hi, Can anyone please explain or share some docs about Indy/Aries Threat Model? a) What's the Threat Model for Hyperledger Indy/Aries? b) Where is Indy/Aries most vulnerable to attack? c) What are the most relevant threats? d) What do I need to do to safeguard against these threats?

andrew.whitehead (Sun, 19 Apr 2020 12:37:21 GMT):
It looks like that ledger needs a kick, try just http://greenlight.bcovrin.vonx.io/

ultimo2020 (Sun, 19 Apr 2020 12:43:04 GMT):
Thanks Andrew. It looks better now: #5 Create a connection to alice and print out the invite details Generate invitation duration: 0.14s Invitation response: { "connection_id": "95c94b15-451e-49bf-967d-fe45b5f4582a", "invitation": { "@type": "did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/connections/1.0/invitation", "@id": "cfa24433-6076-476e-afa4-f11c85759dd7", "recipientKeys": [ "6arJBdd1YjbkzegYHvc97Ya87Tfo58ph3zbYr9y1Dx6g" ], "serviceEndpoint": "http://42342343242:8020", "label": "Faber Agent" }, "invitation_url": "http://423432432:8020?c_i=eyJAdHlwZSI6ICJkaWQ6c292OkJ6Q2JzTlloTXJqSGlxWkRUVUFTSGc7c3BlYy9jb25uZWN0aW9ucy8xLjAvaW52aXRhdGlvbiIsICJAaWQiOiAiY2ZhMjQ0MzMtNjA3Ni00NzZlLWFmYTQtZjExYzg1NzU5ZGQ3IiwgInJlY2lwaWVudEtleXMiOiBbIjZhckpCZGQxWWpia3plZ1lIdmM5N1lhODdUZm81OHBoM3piWXI5eTFEeDZnIl0sICJzZXJ2aWNlRW5kcG9pbnQiOiAiaHR0cDovLzg5LjE2My4yNTIuMjEzOjgwMjAiLCAibGFiZWwiOiAiRmFiZXIgQWdlbnQifQ==" } ***************** Invitation: {"@type": "did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/connections/1.0/invitation", "@id": "cfa24433-6076-476e-afa4-f11c85759dd7", "recipientKeys": ["6arJBdd1YjbkzegYHvc97Ya87Tfo58ph3zbYr9y1Dx6g"], "serviceEndpoint": "http://84324243", "label": "Faber Agent"} ***************** Waiting for connection...

ultimo2020 (Sun, 19 Apr 2020 12:44:19 GMT):
As I understood it , this is the web browser demo, a permament one to demonstrate later to my collegause would be the docker one, to start like: LEDGER_URL=http://dev.greenlight.bcovrin.vonx.io ./run_demo faber --events --no-auto --bg

ultimo2020 (Sun, 19 Apr 2020 12:44:45 GMT):
or simply just: ./run_demo faber

andrew.whitehead (Sun, 19 Apr 2020 12:45:39 GMT):
If you don't specify LEDGER_URL then you need to run a local von-network instance

ultimo2020 (Sun, 19 Apr 2020 12:46:04 GMT):
ok than this is the one to start the docker background processes: LEDGER_URL=http://dev.greenlight.bcovrin.vonx.io ./run_demo faber --events --no-auto --bg

andrew.whitehead (Sun, 19 Apr 2020 12:47:31 GMT):
Yes, that's when you want to do everything through the swagger interface

ultimo2020 (Sun, 19 Apr 2020 12:47:59 GMT):
ok. and if I want to have some interractions over a http GUI , which choice do I need then ?

ultimo2020 (Sun, 19 Apr 2020 12:48:08 GMT):
faber.py: error: unrecognized arguments: --events --no-auto --bg

andrew.whitehead (Sun, 19 Apr 2020 12:48:30 GMT):
I think you've got an old version of the library judging by the docker image version

ultimo2020 (Sun, 19 Apr 2020 12:48:52 GMT):
could be

andrew.whitehead (Sun, 19 Apr 2020 12:48:58 GMT):
By swagger interface I mean the 'http gui'

ultimo2020 (Sun, 19 Apr 2020 12:50:05 GMT):
ok. I know my ways with swagger, I was thinking that there was some http gui with aiohttp python routes or some "clicks" for non-tech person

ultimo2020 (Sun, 19 Apr 2020 12:50:43 GMT):
but no problem , I will see to start now as a backgrond docker process , this would help , because with swagger I can build an app riggering the REST API calls over your Swagger ?

andrew.whitehead (Sun, 19 Apr 2020 12:51:38 GMT):
Yes, you can. We call that a controller

ultimo2020 (Sun, 19 Apr 2020 12:51:44 GMT):
but I get this: faber.py: error: unrecognized arguments: --events --no-auto --bg

ultimo2020 (Sun, 19 Apr 2020 12:52:02 GMT):
as if the faber.py does not understand the parameter from the link:

andrew.whitehead (Sun, 19 Apr 2020 12:52:13 GMT):
Because you have an old version

ultimo2020 (Sun, 19 Apr 2020 12:52:51 GMT):
old version of a docker container

ultimo2020 (Sun, 19 Apr 2020 12:53:01 GMT):
it is cool your architect design of controller: The controller provides the business logic that defines how that particular agent instance behaves--how to respond to events in the agent, and when to trigger the agent to initiate events. The controller might be a web or native user interface for a person or it might be coded business rules driven by an enterprise system.

ultimo2020 (Sun, 19 Apr 2020 12:53:03 GMT):
nicely done

andrew.whitehead (Sun, 19 Apr 2020 12:53:26 GMT):
Thanks!

ultimo2020 (Sun, 19 Apr 2020 12:53:28 GMT):
Docker version 19.03.8, build afacb8b7f0

andrew.whitehead (Sun, 19 Apr 2020 12:53:45 GMT):
No, an old version of aries_cloudagent

ultimo2020 (Sun, 19 Apr 2020 12:53:55 GMT):
how can I pull a newer docker container, I would like to start this in background not be killed when I exit the ssh shell

ultimo2020 (Sun, 19 Apr 2020 12:54:18 GMT):
aries_cloudagent -- I cloned your latest repo, maybe you mean a docker container was older one

ultimo2020 (Sun, 19 Apr 2020 12:54:25 GMT):
that was downloaded?

ultimo2020 (Sun, 19 Apr 2020 12:54:38 GMT):
maybe you could point me what to git clone to be at the latest dev point ?

andrew.whitehead (Sun, 19 Apr 2020 12:54:53 GMT):
https://github.com/hyperledger/aries-cloudagent-python is the main repo

ultimo2020 (Sun, 19 Apr 2020 12:55:41 GMT):
ok just cloned it, let you know in a second

ultimo2020 (Sun, 19 Apr 2020 12:56:13 GMT):
looks better:

ultimo2020 (Sun, 19 Apr 2020 12:56:14 GMT):
root@kvm-213:~/aries-cloudagent-python/demo# LEDGER_URL=http://greenlight.bcovrin.vonx.io ./run_demo faber --events --no-auto --bg Running in faber in the background. Note that you cannot use the command line console in this mode. To see the logs use: "docker logs faber". While viewing logs, hit CTRL-C to return to the command line. To stop the agent, use: "docker stop faber". The docker environment will be removed on stop. Preparing agent image...

ultimo2020 (Sun, 19 Apr 2020 12:57:29 GMT):
hmm another error: Step 12/17 : RUN pip3 install --no-cache-dir -e . ---> Running in 0645b8bb37f4 /bin/sh: 1: pip3: not found The command '/bin/sh -c pip3 install --no-cache-dir -e .' returned a non-zero code: 127

ultimo2020 (Sun, 19 Apr 2020 13:00:00 GMT):
I got: /bin/sh: 1: pip3: not found

andrew.whitehead (Sun, 19 Apr 2020 13:02:09 GMT):
I just ran it fine here

ultimo2020 (Sun, 19 Apr 2020 13:02:27 GMT):
hmm , I am having ubuntu 16:03 with python 3.8

andrew.whitehead (Sun, 19 Apr 2020 13:02:50 GMT):
It's running inside docker so you're local python version shouldn't matter

andrew.whitehead (Sun, 19 Apr 2020 13:02:50 GMT):
It's running inside docker so your local python version shouldn't matter

ultimo2020 (Sun, 19 Apr 2020 13:03:09 GMT):
I know. Where is the docker compose file, to check how is it reaching for the pip3

andrew.whitehead (Sun, 19 Apr 2020 13:03:28 GMT):
I don't think you have a clean copy of the repo

ultimo2020 (Sun, 19 Apr 2020 13:03:43 GMT):
ok could be will change a new folder and clone

ultimo2020 (Sun, 19 Apr 2020 13:04:03 GMT):
this one: https://github.com/hyperledger/aries-cloudagent-python

andrew.whitehead (Sun, 19 Apr 2020 13:04:12 GMT):
Sounds good

ultimo2020 (Sun, 19 Apr 2020 13:04:51 GMT):
git clone https://github.com/hyperledger/aries-cloudagent-python Cloning into 'aries-cloudagent-python'... remote: Enumerating objects: 216, done. remote: Counting objects: 100% (216/216), done. remote: Compressing objects: 100% (181/181), done. remote: Total 17703 (delta 82), reused 103 (delta 34), pack-reused 17487 Receiving objects: 100% (17703/17703), 23.95 MiB | 9.83 MiB/s, done. Resolving deltas: 100% (12560/12560), done. Checking connectivity... done.

ultimo2020 (Sun, 19 Apr 2020 13:05:22 GMT):
and then starting: root@kvm-213:~/aries/aries-cloudagent-python/demo# LEDGER_URL=http://greenlight.bcovrin.vonx.io ./run_demo faber

ultimo2020 (Sun, 19 Apr 2020 13:05:51 GMT):
an then getting the error:

ultimo2020 (Sun, 19 Apr 2020 13:05:52 GMT):
Preparing agent image... Sending build context to Docker daemon 16.97MB Step 1/17 : FROM bcgovimages/von-image:py36-1.14-1 ---> 74087ed5480b Step 2/17 : ENV ENABLE_PTVSD 0 ---> Using cache ---> 781c505d3450 Step 3/17 : ENV ENABLE_PYDEVD_PYCHARM 0 ---> Using cache ---> cafcb9e43ec8 Step 4/17 : ENV PYDEVD_PYCHARM_HOST "host.docker.internal" ---> Using cache ---> 02df223fc4fb Step 5/17 : ADD requirements*.txt ./ ---> Using cache ---> dcf702ba9543 Step 6/17 : RUN pip3 install --no-cache-dir -r requirements.txt -r requirements.dev.txt ---> Using cache ---> d68060d36468 Step 7/17 : ADD aries_cloudagent ./aries_cloudagent ---> Using cache ---> 0c184b2bde31 Step 8/17 : ADD bin ./bin ---> Using cache ---> 04b36ee08222 Step 9/17 : ADD README.md ./ ---> Using cache ---> ed56b36886a3 Step 10/17 : ADD scripts ./scripts ---> Using cache ---> 4fedcdc685bd Step 11/17 : ADD setup.py ./ ---> Using cache ---> ce9d913ca397 Step 12/17 : RUN pip3 install --no-cache-dir -e . ---> Running in 7978e9c93949 /bin/sh: 1: pip3: not found The command '/bin/sh -c pip3 install --no-cache-dir -e .' returned a non-zero code: 127

ultimo2020 (Sun, 19 Apr 2020 13:07:06 GMT):
maybe it is because of Docke Layer caching ?

andrew.whitehead (Sun, 19 Apr 2020 13:07:51 GMT):
I guess you could try `docker pull bcgovimages/von-image:py36-1.14-1`

ultimo2020 (Sun, 19 Apr 2020 13:08:23 GMT):
docker pull bcgovimages/von-image:py36-1.14-1 py36-1.14-1: Pulling from bcgovimages/von-image Digest: sha256:39f45149d7bd3db65c21ceeb3c3c40429baed22ce3bce4d3d10c31f7830095a7 Status: Image is up to date for bcgovimages/von-image:py36-1.14-1 docker.io/bcgovimages/von-image:py36-1.14-1

ultimo2020 (Sun, 19 Apr 2020 13:08:39 GMT):
still error:

ultimo2020 (Sun, 19 Apr 2020 13:08:39 GMT):
root@kvm-213:~/aries/aries-cloudagent-python/demo# LEDGER_URL=http://greenlight.bcovrin.vonx.io ./run_demo faber Preparing agent image... Sending build context to Docker daemon 16.97MB Step 1/17 : FROM bcgovimages/von-image:py36-1.14-1 ---> 74087ed5480b Step 2/17 : ENV ENABLE_PTVSD 0 ---> Using cache ---> 781c505d3450 Step 3/17 : ENV ENABLE_PYDEVD_PYCHARM 0 ---> Using cache ---> cafcb9e43ec8 Step 4/17 : ENV PYDEVD_PYCHARM_HOST "host.docker.internal" ---> Using cache ---> 02df223fc4fb Step 5/17 : ADD requirements*.txt ./ ---> Using cache ---> dcf702ba9543 Step 6/17 : RUN pip3 install --no-cache-dir -r requirements.txt -r requirements.dev.txt ---> Using cache ---> d68060d36468 Step 7/17 : ADD aries_cloudagent ./aries_cloudagent ---> Using cache ---> 0c184b2bde31 Step 8/17 : ADD bin ./bin ---> Using cache ---> 04b36ee08222 Step 9/17 : ADD README.md ./ ---> Using cache ---> ed56b36886a3 Step 10/17 : ADD scripts ./scripts ---> Using cache ---> 4fedcdc685bd Step 11/17 : ADD setup.py ./ ---> Using cache ---> ce9d913ca397 Step 12/17 : RUN pip3 install --no-cache-dir -e . ---> Running in c4d07de5cab6 /bin/sh: 1: pip3: not found The command '/bin/sh -c pip3 install --no-cache-dir -e .' returned a non-zero code: 127

andrew.whitehead (Sun, 19 Apr 2020 13:09:08 GMT):
`docker run --rm -ti bcgovimages/von-image:py36-1.14-1 pip3 -V` ?

ultimo2020 (Sun, 19 Apr 2020 13:09:39 GMT):
I did also docker prune before

ultimo2020 (Sun, 19 Apr 2020 13:09:45 GMT):
root@kvm-213:~/aries/aries-cloudagent-python/demo# docker image prune -a WARNING! This will remove all images without at least one container associated to them. Are you sure you want to continue? [y/N] y Deleted Images: untagged: bcgovimages/von-image:py36-1.14-1 untagged: bcgovimages/von-image@sha256:39f45149d7bd3db65c21ceeb3c3c40429baed22ce3bce4d3d10c31f7830095a7 Total reclaimed space: 0B root@kvm-213:~/aries/aries-cloudagent-python/demo# docker run --rm -ti bcgovimages/von-image:py36-1.14-1 pip3 -V Unable to find image 'bcgovimages/von-image:py36-1.14-1' locally py36-1.14-1: Pulling from bcgovimages/von-image Digest: sha256:39f45149d7bd3db65c21ceeb3c3c40429baed22ce3bce4d3d10c31f7830095a7 Status: Downloaded newer image for bcgovimages/von-image:py36-1.14-1 pip 20.0.2 from /home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/pip (python 3.6)

ultimo2020 (Sun, 19 Apr 2020 13:10:04 GMT):
still error:

ultimo2020 (Sun, 19 Apr 2020 13:10:05 GMT):
root@kvm-213:~/aries/aries-cloudagent-python/demo# LEDGER_URL=http://greenlight.bcovrin.vonx.io ./run_demo faber Preparing agent image... Sending build context to Docker daemon 16.97MB Step 1/17 : FROM bcgovimages/von-image:py36-1.14-1 ---> 74087ed5480b Step 2/17 : ENV ENABLE_PTVSD 0 ---> Using cache ---> 781c505d3450 Step 3/17 : ENV ENABLE_PYDEVD_PYCHARM 0 ---> Using cache ---> cafcb9e43ec8 Step 4/17 : ENV PYDEVD_PYCHARM_HOST "host.docker.internal" ---> Using cache ---> 02df223fc4fb Step 5/17 : ADD requirements*.txt ./ ---> Using cache ---> dcf702ba9543 Step 6/17 : RUN pip3 install --no-cache-dir -r requirements.txt -r requirements.dev.txt ---> Using cache ---> d68060d36468 Step 7/17 : ADD aries_cloudagent ./aries_cloudagent ---> Using cache ---> 0c184b2bde31 Step 8/17 : ADD bin ./bin ---> Using cache ---> 04b36ee08222 Step 9/17 : ADD README.md ./ ---> Using cache ---> ed56b36886a3 Step 10/17 : ADD scripts ./scripts ---> Using cache ---> 4fedcdc685bd Step 11/17 : ADD setup.py ./ ---> Using cache ---> ce9d913ca397 Step 12/17 : RUN pip3 install --no-cache-dir -e . ---> Running in 5fdd7c67bc8e /bin/sh: 1: pip3: not found The command '/bin/sh -c pip3 install --no-cache-dir -e .' returned a non-zero code: 127

andrew.whitehead (Sun, 19 Apr 2020 13:10:25 GMT):
Not sure what's going on there

ultimo2020 (Sun, 19 Apr 2020 13:10:32 GMT):
should I start wit another parameter ?

ultimo2020 (Sun, 19 Apr 2020 13:10:46 GMT):
or this should be enough ?

ultimo2020 (Sun, 19 Apr 2020 13:10:47 GMT):
LEDGER_URL=http://greenlight.bcovrin.vonx.io ./run_demo faber

andrew.whitehead (Sun, 19 Apr 2020 13:11:00 GMT):
That command works fine for me

ultimo2020 (Sun, 19 Apr 2020 13:11:15 GMT):
ok, are you also on ubuntu 16.04 ?

ultimo2020 (Sun, 19 Apr 2020 13:11:22 GMT):
and which docker version ?

andrew.whitehead (Sun, 19 Apr 2020 13:11:57 GMT):
No, I'm on a mac. docker 19.03.8. ubuntu 16.04 is pretty old

ultimo2020 (Sun, 19 Apr 2020 13:13:09 GMT):
I have this docker version:

ultimo2020 (Sun, 19 Apr 2020 13:13:10 GMT):
Docker version 19.03.8, build afacb8b7f0

ultimo2020 (Sun, 19 Apr 2020 13:15:10 GMT):
what do you have at etc/default/docker

ultimo2020 (Sun, 19 Apr 2020 13:15:22 GMT):
maybe DNS issues here I think , since it is working fine at your side

andrew.whitehead (Sun, 19 Apr 2020 13:17:28 GMT):
I'm not sure. It runs pip3 successfully 6 lines before that

ultimo2020 (Sun, 19 Apr 2020 13:18:40 GMT):
I still get this: /bin/sh: 1: pip3: not found

ultimo2020 (Sun, 19 Apr 2020 13:18:45 GMT):
a comic :D

ultimo2020 (Sun, 19 Apr 2020 13:18:51 GMT):
will see maybe some other stuff missing

ultimo2020 (Sun, 19 Apr 2020 13:18:58 GMT):
thank you for the help

andrew.whitehead (Sun, 19 Apr 2020 13:19:26 GMT):
Maybe a linux file permissions issue but I'm not sure how it would produce that result

ultimo2020 (Sun, 19 Apr 2020 13:20:13 GMT):
the other one worked ok :D

ultimo2020 (Sun, 19 Apr 2020 13:21:37 GMT):
now I got a little bit furhter:

ultimo2020 (Sun, 19 Apr 2020 13:21:46 GMT):
Step 12/17 : RUN pip3 install --no-cache-dir -e . ---> Running in 9386f1c41748 /bin/sh: 1: pip3: not found

ultimo2020 (Sun, 19 Apr 2020 13:21:51 GMT):
now it is on the step 12

ultimo2020 (Sun, 19 Apr 2020 13:25:11 GMT):
network works fine

ultimo2020 (Sun, 19 Apr 2020 13:25:12 GMT):
docker run busybox ping -c 1 192.203.230.10 Unable to find image 'busybox:latest' locally latest: Pulling from library/busybox e2334dd9fee4: Pull complete Digest: sha256:a8cf7ff6367c2afa2a90acd081b484cbded349a7076e7bdf37a05279f276bc12 Status: Downloaded newer image for busybox:latest PING 192.203.230.10 (192.203.230.10): 56 data bytes 64 bytes from 192.203.230.10: seq=0 ttl=59 time=4.582 ms --- 192.203.230.10 ping statistics --- 1 packets transmitted, 1 packets received, 0% packe

ultimo2020 (Sun, 19 Apr 2020 13:52:37 GMT):
@andrew.whitehead Sorry to bother you, is there maybe a demo that interracts with the Sovrin Buildier Net based on Aries Cloud Agent ?

andrew.whitehead (Sun, 19 Apr 2020 13:59:06 GMT):
Not that I can think of. I think there's a form required for registering a DID on there

ultimo2020 (Sun, 19 Apr 2020 14:25:40 GMT):
Yes. There is a self.serve You have your own ledger the bcovrin.vonx.io , but I think there is also some kind of aries interraction with sovrin demo out there ?

andrew.whitehead (Sun, 19 Apr 2020 14:38:43 GMT):
Not sure what you mean. If you have a registered DID on there then you can connect your ACApy agent to a sovrin ledger. The demo agents (alice, faber, acme) don't support that though

ultimo2020 (Sun, 19 Apr 2020 14:47:53 GMT):
aha ok understood. Yes I have a registered DID on Sovrin Builder Net

ultimo2020 (Sun, 19 Apr 2020 14:48:09 GMT):
How can I connect ACApy there, is there some demo or docs ?

ultimo2020 (Sun, 19 Apr 2020 14:48:18 GMT):
sorry to bombard you with so many question

ultimo2020 (Sun, 19 Apr 2020 14:51:17 GMT):
I have now ubuntu 19.04 and Docker version 19.03.6, build 369ce74a3c but I am still getting the same pip3 install eror

ultimo2020 (Sun, 19 Apr 2020 14:51:21 GMT):
will check alter

ultimo2020 (Sun, 19 Apr 2020 14:51:57 GMT):
wait, I think it created ok now

ultimo2020 (Sun, 19 Apr 2020 14:51:58 GMT):
root@kvm-213:~# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 899caae4dfac faber-alice-demo "/bin/bash -c 'pytho…" 24 seconds ago Up 20 seconds 0.0.0.0:8020-8027->8020-8027/tcp faber

ultimo2020 (Sun, 19 Apr 2020 14:52:09 GMT):
root@kvm-213:~/aries-cloudagent-python/demo# LEDGER_URL=http://greenlight.bcovrin.vonx.io ./run_demo faber --events --no-auto --bg Running in faber in the background. Note that you cannot use the command line console in this mode. To see the logs use: "docker logs faber". While viewing logs, hit CTRL-C to return to the command line. To stop the agent, use: "docker stop faber". The docker environment will be removed on stop. Preparing agent image... sha256:1aba0c3267639800a6cc94cf191b2bb06446222d5323e71fc4a25ef00c463795 Unable to find image 'eclipse/che-ip:latest' locally latest: Pulling from eclipse/che-ip d6a5679aa3cf: Pulling fs layer 4498fa6d0d1b: Pulling fs layer 4498fa6d0d1b: Verifying Checksum 4498fa6d0d1b: Download complete d6a5679aa3cf: Verifying Checksum d6a5679aa3cf: Download complete d6a5679aa3cf: Pull complete 4498fa6d0d1b: Pull complete Digest: sha256:2ac584b1bd6e6ec2379760dd90ae63b61b67f40cc6331c6bfc46e5e747b767b5 Status: Downloaded newer image for eclipse/che-ip:latest 89.163.252.213 Starting faber... 899caae4dfacf703bb3657e63b9bf4e6f3397c293325e30b13dd6addc956ebf8

andrew.whitehead (Sun, 19 Apr 2020 14:52:48 GMT):
It does look happier

ultimo2020 (Sun, 19 Apr 2020 14:53:04 GMT):
yes it look cooler now, thanks

ultimo2020 (Sun, 19 Apr 2020 14:53:07 GMT):
I will start alice now

ultimo2020 (Sun, 19 Apr 2020 14:53:18 GMT):
and then I can make REST API Calls to your controller

RicardoPeixoto (Mon, 20 Apr 2020 10:59:16 GMT):
Has joined the channel.

ekubilay (Tue, 21 Apr 2020 06:57:18 GMT):
Hi everyone, I'm getting an error stating "we don't support revocation" when i try to call the "present-proof/records/{id}/send-presentation" endpoint. I haven't defined a "support_revocation" value in the associated credential definition btw. Any ideas how I can fix it? Many thanks for your help in advance:)

sklump (Tue, 21 Apr 2020 10:16:05 GMT):
Credential definitions are immutable. You cannot fix an existing one: you must issue a new one, on a distinct tag.

LokenathBhowmick (Tue, 21 Apr 2020 13:38:01 GMT):
Hello everyone, I clone this repo - https://github.com/hyperledger/aries-mobileagent-xamarin.git,change the genesis file. After that I build the solution run on my android mobile. Create wallet is working fine after that when I want accept the invitation, I got this error "Failed to accept invite".

LokenathBhowmick (Tue, 21 Apr 2020 14:36:44 GMT):
[ ](https://chat.hyperledger.org/channel/aries-cloudagent-python?msg=FYDFcPi4LSbbFxeP4) I already solve the issue, I Change the wallet configuration agent name.

GKumar (Tue, 21 Apr 2020 15:25:38 GMT):
Has joined the channel.

swcurran (Tue, 21 Apr 2020 17:12:07 GMT):
Is the question how to create a CredDef without revocation? I think the controller sets ` "support_revocation": False` when making the Admin call to create the CredDef.

swcurran (Tue, 21 Apr 2020 20:24:49 GMT):
FYI: Aries Cloud Agent - Python Release 0.5.0 has been tagged and posted to PyPi. Release notes can be found here - https://github.com/hyperledger/aries-cloudagent-python/releases/tag/0.5.0. The big addition is *revocation *support using Indy anoncreds 1.0. The breaking change triggering the 0.4.x -> 0.5.x is the removal of the old v0.1 credential exchange protocols, long since deprecated. Also important is the addition of proper major/minor protocol versioning support, and a new tracing facility for help in understanding agent performance. Code reference documentation has been generated to ReadTheDocs - https://aries-cloud-agent-python.readthedocs.io/en/latest/

swcurran (Tue, 21 Apr 2020 20:28:22 GMT):
FYI: Since the Internet Identity Workshop is happening (virtually) next week, the ACA-Pug meeting will be cancelled. There will be lots of Aries and ACA-Py activity at IIW and we strongly encourage everyone to attend and collaborate with us the rest of the decentralized identity community. It's an amazing conference! Information and Registration: https://internetidentityworkshop.com/

Audrius (Tue, 21 Apr 2020 21:19:07 GMT):
ACA-Py 0.5.0 "Support signed attachments according to the updated Aries RFC 0017" - Does anyone know available mobile agent that support this (RFC 0017) functionality too?

andrew.whitehead (Tue, 21 Apr 2020 21:25:22 GMT):
That's mainly in preparation for supporting the did-exchange protocol as a successor to the current connections protocol

Audrius (Tue, 21 Apr 2020 21:26:48 GMT):
I see... Thanks.

jayapalreddy (Wed, 22 Apr 2020 04:32:57 GMT):
is there any aries cloud wallet based applications/demos available?

swcurran (Wed, 22 Apr 2020 04:40:57 GMT):
A few :-). The `/demo` folder has examples. The repo `https://github.com/hyperledger/aries-acapy-controllers` has example controllers in other languages. The BC Gov team has examples like https://github.com/bcgov/vc-authn-oidc, https://github.com/bcgov/indy-email-verification/ and https://github.com/bcgov/identity-kit-poc.

biligunb (Wed, 22 Apr 2020 04:41:10 GMT):
Yes. And also check the ACA-PY version. (0.4.5 supports revocation)

jayapalreddy (Wed, 22 Apr 2020 04:42:50 GMT):
@swcurran thanks for quick reply

ekubilay (Wed, 22 Apr 2020 13:09:55 GMT):
I am using the following toolbox https://github.com/hyperledger/aries-acapy-plugin-toolbox, however this points to "https://github.com/sovrin-foundation/aries-cloudagent-python@8ba3f23" in the requirements.txt file. I tried to update it with the latest Aca-Py 0.5.0 and now i have incompatibility issues, the directory structures are not matching. Is there an agent toolbox version compatible with latest Aca-py? Thank you.

Shubham-koli (Thu, 23 Apr 2020 05:58:25 GMT):
Has joined the channel.

Shubham-koli (Thu, 23 Apr 2020 05:59:10 GMT):
Hi Good Afternoon Guys. I was playing with *Aries OpenAPI Demo*. I ran into an error while starting the agent for Faber. ``` [node1] (local) root@192.168.0.48 ~/aries-cloudagent-python/demo $ LEDGER_URL=http://dev.greenlight.bcovrin.vonx.io ./run_demo faber --events --no-auto --bg Running in faber in the background. Note that you cannot use the command line console in this mode. To see the logs use: "docker logs faber". While viewing logs, hit CTRL-C to return to the command line. To stop the agent, use: "docker stop faber". The docker environment will be removed on stop. Preparing agent image... sha256:528ea823655c8b1cb230b978988be3c0561a233e1cb4f12ec174c5b91900bda1 ip172-18-0-75-bqfsrvlim9m000fdt4vg-{PORT}.direct.labs.play-with-docker.com Starting faber... 04c7d0221815cc6891179f076441f2cd29999021df46bbcf388bb0602a0b14ed [node1] (local) root@192.168.0.48 ~/aries-cloudagent-python/demo $ docker logs -f faber #1 Provision an agent and wallet, get back configuration details Faber | Registering Faber.Agent with seed d_000000000000000000000000671507 Traceback (most recent call last): File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/runpy.py", line 193, in _run_module_as_main "__main__", mod_spec) File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/runpy.py", line 85, in _run_code exec(code, run_globals) File "/home/indy/demo/runners/faber.py", line 440, in main(args.port, args.no_auto, args.revocation, args.timing) File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/asyncio/base_events.py", line 484, in run_until_complete return future.result() File "/home/indy/demo/runners/faber.py", line 161, in main await agent.register_did() File "/home/indy/demo/runners/support/agent.py", line 348, in register_did raise Exception(f"Error registering DID, response code {resp.status}") Exception: Error registering DID, response code 500 ``` I tried this solution on a similar issue but it did not work. *https://github.com/hyperledger/aries-cloudagent-python/issues/139#issuecomment-521341580* I'm using let's play with docker for experimenting.

MikeRichardson (Thu, 23 Apr 2020 10:59:21 GMT):
[ ](https://chat.hyperledger.org/channel/aries-cloudagent-python?msg=Arop4WBbbkDHwxLN8) Just bought my ticket! Looking forward to this

swcurran (Thu, 23 Apr 2020 16:57:43 GMT):
Hey, a note to folks using the ACA-Py demos (such as @Shubham-koli ). The BCovrin Greenlight ledger was down for a bit, but is now fixed. Someone tried to add a node to the ledger, which meant the ledger went out of consensus. All good now and we're going to take steps to make sure that we are preventing that in the future.

swcurran (Thu, 23 Apr 2020 17:02:10 GMT):
@andrew.whitehead an issue was raised by Evernnym that the ACA-Py "Issue Credential" protocol (at least the Verify Email instance) is not RFC compliant because the "Credential Preview" is not sent. In reading the RFC, there is no indication that the the Credential Preview is optional. We can update the Verify Email instance to make add it. Should the RFC say that the preview is optional?

andrew.whitehead (Thu, 23 Apr 2020 17:10:59 GMT):
I think it's just the email service that needs updating, around here: https://github.com/bcgov/indy-email-verification/blob/master/src/email_verification/views.py#L173

swcurran (Thu, 23 Apr 2020 17:11:52 GMT):
Could you do a quick fix?

swcurran (Thu, 23 Apr 2020 17:12:35 GMT):
But the larger question is do we change the admin interface to make it required?

swcurran (Thu, 23 Apr 2020 17:12:35 GMT):
But the larger question is do we change the admin interface to make it required? Or the validation code for the data.

andrew.whitehead (Thu, 23 Apr 2020 17:13:05 GMT):
I don't have a preference

swcurran (Thu, 23 Apr 2020 17:32:54 GMT):
FYI: Aries Cloud Agent - Python Release 0.5.1 has been tagged and posted to PyPi. Release notes can be found here - https://github.com/hyperledger/aries-cloudagent-python/releases/tag/0.5.1. In dropping the old v0.1 credential exchange protocols, we had temporarily removed some admin routes that were generally useful across credential exchange. We added those back in before the 0.5.0 release, but missed a recent update to that code (e.g. we pulled them back from the wrong commit). This impacted the Aries VCR code base. This release addresses that. Code reference documentation has been generated to ReadTheDocs - https://aries-cloud-agent-python.readthedocs.io/en/latest/

ajayjadhav (Thu, 23 Apr 2020 21:15:00 GMT):
[ ](https://chat.hyperledger.org/channel/aries-cloudagent-python?msg=WQK47C3dW83HLyXZm) @ankita.p - FYI

swcurran (Thu, 23 Apr 2020 22:11:42 GMT):
Help Wanted - We've just posted an issue for help with an RFC alignment issue that would be good for a first timer wanting to contribute. See details here: https://github.com/hyperledger/aries-cloudagent-python/issues/477

haniavis (Thu, 23 Apr 2020 23:29:37 GMT):
Hi, is there somewhere documented a description of all the different endpoints provided by the aca-py API, without having to bring up an agent ?

swcurran (Thu, 23 Apr 2020 23:57:34 GMT):
No. Since the configuration of an instance may extend/alter the API, there is no static version. That said, once you have it running, you can hit the `/api/docs/swagger.json` link at the top of the page (e.g. /api/docs/swagger.json) to get the Swagger JSON and use it for whatever you want - e.g. to use swagger tools to generate a client for the API.

haniavis (Fri, 24 Apr 2020 00:03:08 GMT):
ok thanks @swcurran

KhageshSharma (Fri, 24 Apr 2020 07:27:20 GMT):
Has joined the channel.

MikeRichardson (Fri, 24 Apr 2020 07:30:17 GMT):
Thanks @andrew.whitehead for helping getting aca-py going with the need to install libindy. What I am trying to do is build an alice controller in nodejs. If I have understood the python correctly the agent spawns an aca-py subprocess then tries to connect to the admin API. I can see the result if I type the URL it attempts to connect to, namely http://192.168.99.100:8031/status I can also see this status object when I run aca-py from the command line. Now when I try to spawn the exact same aca-py process from nodejs the process appears to start up correctly as I see the aca-py initialisation output, and it says listening… The code is very simple `const { spawn } = require('child_process'); var proc = spawn('python3', ['./bin/aca-py', 'start', '--endpoint', 'http://192.168.99.100:8030', '--inbound-transport', 'http', '0.0.0.0', '8030', '--outbound-transport', 'http', '--admin', '0.0.0.0', '8031', '--admin-insecure-mode']);` But I cannot connect to the admin API (either in the code or in the browser) so something is wrong here. Can anyone help?

MikeRichardson (Fri, 24 Apr 2020 07:30:17 GMT):
Thanks @andrew.whitehead for helping getting aca-py going with the need to install libindy. What I am trying to do is build an alice controller in nodejs. If I have understood the python correctly the agent spawns an aca-py subprocess then tries to connect to the admin API. I can see the result if I type the URL it attempts to connect to, namely http://192.168.99.100:8031/status I can also see this status object when I run aca-py from the command line. Now when I try to spawn the exact same aca-py process from nodejs the process appears to start up correctly as I see the aca-py initialisation output, and it says listening… The code is very simple ``const { spawn } = require('child_process'); var proc = spawn('python3', ['./bin/aca-py', 'start', '--endpoint', 'http://192.168.99.100:8030', '--inbound-transport', 'http', '0.0.0.0', '8030', '--outbound-transport', 'http', '--admin', '0.0.0.0', '8031', '--admin-insecure-mode']);`` But I cannot connect to the admin API (either in the code or in the browser) so something is wrong here. Can anyone help?

MikeRichardson (Fri, 24 Apr 2020 07:30:17 GMT):
Thanks @andrew.whitehead for helping getting aca-py going with the need to install libindy. What I am trying to do is build an alice controller in nodejs. If I have understood the python correctly the agent spawns an aca-py subprocess then tries to connect to the admin API. I can see the result if I type the URL it attempts to connect to, namely http://192.168.99.100:8031/status I can also see this status object when I run aca-py from the command line. Now when I try to spawn the exact same aca-py process from nodejs the process appears to start up correctly as I see the aca-py initialisation output, and it says listening… The code is very simple const { spawn } = require('child_process'); var proc = spawn('python3', ['./bin/aca-py', 'start', '--endpoint', 'http://192.168.99.100:8030', '--inbound-transport', 'http', '0.0.0.0', '8030', '--outbound-transport', 'http', '--admin', '0.0.0.0', '8031', '--admin-insecure-mode']);`` But I cannot connect to the admin API (either in the code or in the browser) so something is wrong here. Can anyone help?

MikeRichardson (Fri, 24 Apr 2020 07:30:17 GMT):
I can also see this status object when I run aca-py from the command line. Now when I try to spawn the exact same aca-py process from nodejs the process appears to start up correctly as I see the aca-py initialisation output, and it says listening… The code is very simple const { spawn } = require('child_process'); var proc = spawn('python3', ['./bin/aca-py', 'start', '--endpoint', 'http://192.168.99.100:8030', '--inbound-transport', 'http', '0.0.0.0', '8030', '--outbound-transport', 'http', '--admin', '0.0.0.0', '8031', '--admin-insecure-mode']); But I cannot connect to the admin API (either in the code or in the browser) so something is wrong here. Can anyone help?

MikeRichardson (Fri, 24 Apr 2020 07:30:17 GMT):
Thanks @andrew.whitehead for helping getting aca-py going with the need to install libindy. What I am now trying to do is build an alice controller in nodejs. If I have understood the python correctly the agent spawns an aca-py subprocess then tries to connect to the admin API. I can see the result if I type the URL it attempts to connect to, namely http://192.168.99.100:8031/status I can also see this status object when I run aca-py from the command line. Now when I try to spawn the exact same aca-py process from nodejs the process appears to start up correctly as I see the aca-py initialisation output, and it says listening… The code is very simple const { spawn } = require('child_process'); var proc = spawn('python3', ['./bin/aca-py', 'start', '--endpoint', 'http://192.168.99.100:8030', '--inbound-transport', 'http', '0.0.0.0', '8030', '--outbound-transport', 'http', '--admin', '0.0.0.0', '8031', '--admin-insecure-mode']); But I cannot connect to the admin API (either in the code or in the browser) so something is wrong here. Can anyone help?

MikeRichardson (Fri, 24 Apr 2020 07:30:17 GMT):
Thanks @andrew.whitehead for helping getting aca-py going with the need to install libindy. What I am now trying to do is build an alice controller in nodejs. If I have understood the python correctly the agent spawns an aca-py subprocess then tries to connect to the admin API. With the python alice agent I can see the result if I type the URL it attempts to connect to, namely http://192.168.99.100:8031/status I can also see this status object when I run aca-py from the command line. Now when I try to spawn the exact same aca-py process from nodejs the process appears to start up correctly as I see the aca-py initialisation output, and it says listening… The code is very simple const { spawn } = require('child_process'); var proc = spawn('python3', ['./bin/aca-py', 'start', '--endpoint', 'http://192.168.99.100:8030', '--inbound-transport', 'http', '0.0.0.0', '8030', '--outbound-transport', 'http', '--admin', '0.0.0.0', '8031', '--admin-insecure-mode']); But I cannot connect to the admin API (either in the code or in the browser) so something is wrong here. Can anyone help?

MikeRichardson (Fri, 24 Apr 2020 07:30:17 GMT):
Thanks @andrew.whitehead for helping getting aca-py going with the need to install libindy. What I am now trying to do is build an alice controller in nodejs. If I have understood the python correctly the agent spawns an aca-py subprocess then tries to connect to the admin API. With the python alice agent I can see the result if I type the URL it attempts to connect to, namely http://192.168.99.100:8031/status I can also see this status object when I run aca-py from the command line. Now when I try to spawn the exact same aca-py process from nodejs the process appears to start up correctly as I see the aca-py initialisation output, and it says listening… The code is very simple const { spawn } = require('child_process'); var proc = spawn('python3', ['./bin/aca-py', 'start', '--endpoint', 'http://192.168.99.100:8030', '--inbound-transport', 'http', '0.0.0.0', '8030', '--outbound-transport', 'http', '--admin', '0.0.0.0', '8031', '--admin-insecure-mode']); But I cannot connect to the admin API (either in the code or in the browser) nor can I bring up the swagger page so something is wrong here. Can anyone help?

MikeRichardson (Fri, 24 Apr 2020 07:30:17 GMT):
Thanks @andrew.whitehead for helping getting aca-py going with the need to install libindy. What I am now trying to do is build an alice controller in nodejs. If I have understood the python correctly the agent spawns an aca-py subprocess then tries to connect to the admin API. With the python alice agent I can see the result if I type the URL it attempts to connect to, namely http://192.168.99.100:8031/status I can also see this status object when I run aca-py from the command line. Now when I try to spawn the exact same aca-py process from nodejs the process appears to start up correctly as I see the aca-py initialisation output, and it says listening… The code is very simple const { spawn } = require('child_process'); var proc = spawn('python3', ['./bin/aca-py', 'start', '--endpoint', 'http://192.168.99.100:8030', '--inbound-transport', 'http', '0.0.0.0', '8030', '--outbound-transport', 'http', '--admin', '0.0.0.0', '8031', '--admin-insecure-mode']); But I cannot connect to the admin API (either in the code or in the browser) nor can I bring up the Aries Cloudagent swagger page so something is wrong here. Can anyone help?

MikeRichardson (Fri, 24 Apr 2020 07:30:17 GMT):
Thanks @andrew.whitehead for helping getting aca-py going with the need to install libindy. What I am now trying to do is build an alice controller in nodejs. If I have understood the python correctly the agent spawns an aca-py subprocess then tries to connect to the admin API. With the python alice agent I can see the result if I type the URL it attempts to connect to, namely http://192.168.99.100:8031/status I can also see this status object when I run aca-py from the command line. Now when I try to spawn the exact same aca-py process from nodejs the process appears to start up correctly as I see the aca-py initialisation output, and it says listening… The code is very simple `const { spawn } = require('child_process'); var proc = spawn('python3', ['./bin/aca-py', 'start', '--endpoint', 'http://192.168.99.100:8030', '--inbound-transport', 'http', '0.0.0.0', '8030', '--outbound-transport', 'http', '--admin', '0.0.0.0', '8031', '--admin-insecure-mode']);` But I cannot connect to the admin API (either in the code or in the browser) nor can I bring up the Aries Cloudagent swagger page so something is wrong here. Can anyone help?

MikeRichardson (Fri, 24 Apr 2020 07:30:17 GMT):
Thanks @andrew.whitehead for helping getting aca-py going with the need to install libindy. What I am now trying to do is build an alice controller in nodejs. If I have understood the python correctly the agent spawns an aca-py subprocess then tries to connect to the admin API. With the python alice agent I can see the result if I type the URL it attempts to connect to, namely http://192.168.99.100:8031/status I can also see this status object when I run aca-py from the command line. Now when I try to spawn the exact same aca-py process from nodejs the process appears to start up correctly as I see the aca-py initialisation output, and it says listening… The code is very simple const { spawn } = require('child_process'); var proc = spawn('python3', ['./bin/aca-py', 'start', '--endpoint', 'http://192.168.99.100:8030', '--inbound-transport', 'http', '0.0.0.0', '8030', '--outbound-transport', 'http', '--admin', '0.0.0.0', '8031', '--admin-insecure-mode']); But I cannot connect to the admin API (either in the code or in the browser) nor can I bring up the Aries Cloudagent swagger page so something is wrong here. Can anyone help? Actually I don't see an aca-py process when I do ps -ax so it looks like the agent is starting up then immediately shutting down

MikeRichardson (Fri, 24 Apr 2020 07:30:17 GMT):
Thanks @andrew.whitehead for helping getting aca-py going with the need to install libindy. What I am now trying to do is build an alice controller in nodejs. I am running the docker container as per the usual alice; I have extended the dockerfile to install nodejs into the image provided with the demo. That seems to work ok. If I have understood the python correctly the agent spawns an aca-py subprocess then tries to connect to the admin API. With the python alice agent I can see the result if I type the URL it attempts to connect to, namely http://192.168.99.100:8031/status I can also see this status object when I run aca-py from the command line. Now when I try to spawn the exact same aca-py process from nodejs the process appears to start up correctly as I see the aca-py initialisation output, and it says listening… The code is very simple const { spawn } = require('child_process'); var proc = spawn('python3', ['./bin/aca-py', 'start', '--endpoint', 'http://192.168.99.100:8030', '--inbound-transport', 'http', '0.0.0.0', '8030', '--outbound-transport', 'http', '--admin', '0.0.0.0', '8031', '--admin-insecure-mode']); But I cannot connect to the admin API (either in the code or in the browser) nor can I bring up the Aries Cloudagent swagger page so something is wrong here. Can anyone help? Actually I don't see an aca-py process when I do ps -ax so it looks like the agent is starting up then immediately shutting down

ankita.p (Fri, 24 Apr 2020 13:39:03 GMT):
Hi, is there anything on this? I still face the same whenever spinup agent anywhere

swcurran (Fri, 24 Apr 2020 13:53:03 GMT):
Have you looked at https://github.com/hyperledger/aries-acapy-controllers ? It has a node controller in it. There is a second one that was created that was being built for production uses, but it has not been documented/maintained, so would be a use at your own risk. It was created by a pretty good node dev, so it might be good. But with no docs and no dev to reference... DM if you want more info on that.

swcurran (Fri, 24 Apr 2020 13:54:51 GMT):
Have you looked at https://github.com/hyperledger/aries-acapy-controllers? It has a node controller for one of Alice/Faber/Acme. I can also point you to a repo that has a node controller that was planned for production use, but we lost the dev and it was never documented. It help you, but no docs or dev... :shrug: DM me if you want a pointer.

MikeRichardson (Fri, 24 Apr 2020 16:13:51 GMT):
I managed to get this working in the end. I had misconfigured the Docker ports.

GKumar (Fri, 24 Apr 2020 16:35:26 GMT):
I am using following command to run agent, But i could not find any in db artifacts(database and tables) created in my pgsql admin console. Can some one help me to see the pgsql-agent connections really happening GENESIS_FILE=./indy_genensis POSTGRES=true DEFAULT_POSTGRES=true sudo python -m runners.faber --port 8020

GKumar (Fri, 24 Apr 2020 16:35:26 GMT):
I am using following command to run agent, But i could not find any in db artifacts(database and tables) created in my pgsql admin console. Can some one help me to see the pgsql-agent connections really happening *GENESIS_FILE=./indy_genensis POSTGRES=true DEFAULT_POSTGRES=true sudo python -m runners.faber --port 8020*

GKumar (Fri, 24 Apr 2020 16:36:03 GMT):
Can anybody help me to get some doc on pgsql with acp wallet store

MikeRichardson (Sat, 25 Apr 2020 07:13:44 GMT):
I can now spin up the aca-py agent from my nodejs controller but I notice I don't get the "Alice |" prefix on each line of output. A very minor point but I was wondering where this prefix comes from

RicardoPeixoto (Sat, 25 Apr 2020 19:05:59 GMT):
Hi, i am trying to connect the aca-py to a pool but i keep getting "403: Forbidden" when i try to access the ledger (in the swagger admin API). i already tried to look up in my local pool using the genesis file and in the von network used in the demo with the genesis url "http://dev.greenlight.bcovrin.vonx.io". Can someone tell me what is wrong in the command? ```` aca-py start --inbound-transport http 0.0.0.0 5010 \ --outbound-transport http \ --admin 0.0.0.0 5011 \ --admin-insecure-mode \ --ledger-pool-name von-network-local \ --genesis-url /home/ricardo/Desktop/aries/genesis.txt ````

RicardoPeixoto (Sat, 25 Apr 2020 19:12:11 GMT):
Hi, i was trying to connect the aca-py to a pool but i keep getting the error "403: Forbidden" in the swagger admin api when i try to read from the ledger. i already tried with a genesis file and with the genesis url from the demo pool ("http://dev.greenlight.bcovrin.vonx.io"). Can someone tell me what is missing in the command? ``` aca-py start --inbound-transport http 0.0.0.0 5010 \ --outbound-transport http \ --admin 0.0.0.0 5011 \ --admin-insecure-mode \ --ledger-pool-name von-network-local \ --genesis-file /home/ricardo/Desktop/aries/genesis.txt ```

RicardoPeixoto (Sat, 25 Apr 2020 19:28:22 GMT):
The problem was that I am required to create a wallet. Now all worked just fine.

andrew.whitehead (Sat, 25 Apr 2020 19:55:15 GMT):
The demo processes all the output from the agents before printing it, so they can be printed together and along with other logging statements

swcurran (Mon, 27 Apr 2020 02:30:34 GMT):
@andrew.whitehead - could you please take a look at this attached proof? It's from an Aries MAX (the agent formerly know as OSMA) agent using a revocable credential. It's like the errors we were seeing with the other mobile agents early on - the proof gets verified, but the verification fails. Log in the reply.

swcurran (Mon, 27 Apr 2020 02:31:14 GMT):
[ ](https://chat.hyperledger.org/channel/aries-cloudagent-python?msg=m88GFYYiCxBxtTSjw)
sukalpomitra - Sun Apr 26 2020 17_57_26 GMT+0800 (Singapore Standard Time).txt

swcurran (Mon, 27 Apr 2020 02:31:44 GMT):
[ ](https://chat.hyperledger.org/channel/aries-cloudagent-python?msg=m88GFYYiCxBxtTSjw)
sukalpomitra - Sun Apr 26 2020 17_57_26 GMT+0800 (Singapore Standard Time).txt

andrew.whitehead (Mon, 27 Apr 2020 02:40:31 GMT):
It appears to be combining four different proofs - one for the predicate, then one for each of the attributes separately. Haven't seen that before

andrew.whitehead (Mon, 27 Apr 2020 02:41:13 GMT):
Each also has a different timestamp for some reason

swcurran (Mon, 27 Apr 2020 02:42:12 GMT):
Worth getting a non-revocable example, to see if it is the same? You would think it would be the AF-.NET code that is handling the proof.

andrew.whitehead (Mon, 27 Apr 2020 02:42:18 GMT):
I guess ACA-py should be able to handle it but I'm not surprised it can't

andrew.whitehead (Mon, 27 Apr 2020 02:43:17 GMT):
Might be useful to see if it only happens with revocable proofs

andrew.whitehead (Mon, 27 Apr 2020 02:49:34 GMT):
These are the timestamps if it matters, within 6 seconds of each other which could be the time to generate the massive proof: ``` 2020-04-26 09:56:10 2020-04-26 09:56:04 2020-04-26 09:56:07 2020-04-26 09:56:05 ```

swcurran (Mon, 27 Apr 2020 02:50:59 GMT):
@sukalpomitra - could you send an example of a proof generated with revocation off? Just run the same thing without the "--revocation" when you start up Faber. Please upload the proof.

sukalpomitra (Mon, 27 Apr 2020 02:52:34 GMT):
yes sure

gaila (Mon, 27 Apr 2020 09:28:08 GMT):
I am trying the following example: https://github.com/hyperledger/aries-acapy-controllers And I tried issue the credential but it did not work for me. So I tried to do it via Api in Faber-Agent `/issue-credential/send` with the following request object: `{ "cred_def_id": "CDGUGdhJ18mQgHFUQ2rNAB:3:CL:15381:default", "schema_version": "92.76.86", "schema_name": "degree schema", "schema_id": "CDGUGdhJ18mQgHFUQ2rNAB:2:degree schema:92.76.86", "comment": "string", "credential_proposal": { "@type": "did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/issue-credential/1.0/credential-preview", "attributes": [ { "name": "ringaile", "degree": "bachelor", "age": "24", "date": "2010-01-01" } ] }, "schema_issuer_did": "CDGUGdhJ18mQgHFUQ2rNAB", "issuer_did": "CDGUGdhJ18mQgHFUQ2rNAB", "connection_id": "ded6f2b6-5aa1-43e1-81d5-dee143a5427e" }` but I get 500 error. Am I missing something?

gaila (Mon, 27 Apr 2020 09:28:08 GMT):
I am trying the following example: https://github.com/hyperledger/aries-acapy-controllers And I tried issue the credential but it did not work for me. So I tried to do it via Api in Faber-Agent `/issue-credential/send` with the following request object: `{ "cred_def_id": "CDGUGdhJ18mQgHFUQ2rNAB:3:CL:15381:default", "schema_version": "92.76.86", "schema_name": "degree schema", "schema_id": "CDGUGdhJ18mQgHFUQ2rNAB:2:degree schema:92.76.86", "comment": "string", "credential_proposal": { "@type": "did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/issue-credential/1.0/credential-preview", "attributes": [ { "name": "alice", "degree": "bachelor", "age": "24", "date": "2010-01-01" } ] }, "schema_issuer_did": "CDGUGdhJ18mQgHFUQ2rNAB", "issuer_did": "CDGUGdhJ18mQgHFUQ2rNAB", "connection_id": "ded6f2b6-5aa1-43e1-81d5-dee143a5427e" }` but I get 500 error. Am I missing something?

sklump (Mon, 27 Apr 2020 09:50:32 GMT):
In indy, the offer doesn't include a preview - only proof of cred def private key correctness. Other systems might use the offer for something else - when I coded this, my supposition was that the content of the (indy, etc) offer was opaque to the Aries layer, so the cred preview would be optional. In indy, the request initiates attributes and values into the conversation. In practice however, of course a holder isn't going to know the details of a cred def as well as the issuer, so the holder would typically need to get this out of band from the issuer. It looks relatively straightforward in any case, and I can propose a fix to match the text.

sklump (Mon, 27 Apr 2020 09:50:32 GMT):
In indy, the offer doesn't include a preview - only proof of cred def private key correctness. Other systems might use the offer for something else - when I coded this, my supposition was that the content of the (indy, etc) offer was opaque to the Aries layer, so the cred preview would be optional. In indy, the request initiates attributes and values into the conversation. In practice however, of course a holder isn't going to know the details of a cred def as well as the issuer, so the holder would typically need to get this out of band from the issuer. Also, I think the standard must have solidified in parallel or maybe just after this code. I do try not to code directly against the spec. It's a bit of a mystery how I could have got this wrong. It looks relatively straightforward in any case, and I can propose a fix to match the text.

sklump (Mon, 27 Apr 2020 09:56:13 GMT):
Attribute `student_id`: https://github.com/ianco/aries-cloudagent-python/blob/64dc8c4fc1317c0542d53fa66c2e36f75e981fef/demo/faber.py#L121

sklump (Mon, 27 Apr 2020 09:56:13 GMT):
Attribute `timestamp`: https://github.com/hyperledger/aries-cloudagent-python/blob/3f3c7dc64449886e0b84821209ffb5706c32adcf/demo/runners/faber.py#L185

sukalpomitra (Mon, 27 Apr 2020 10:20:12 GMT):

sukalpomitra - Mon Apr 27 2020 18:20:01 GMT+0800 (Singapore Standard Time).txt

sukalpomitra (Mon, 27 Apr 2020 10:21:05 GMT):
```***************** Invitation: {"@type": "did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/connections/1.0/invitation", "@id": "504f5be6-4911-4eeb-8a78-0f1a357fef4a", "serviceEndpoint": "http://ip172-18-0-91-bqjau4iosm4g00fhjvjg-8020.direct.labs.play-with-docker.com", "recipientKeys": ["CE4y5kfz2RjcFu1zpm4nNxiG6wz5diPUjkqydbBreaaC"], "label": "Faber.Agent"} ***************** Waiting for connection... Faber | Connected (1) Issue Credential (2) Send Proof Request (3) Send Message (T) Toggle tracing on credential/proof exchange (X) Exit? [1/2/3/T/X] 1 #13 Issue credential offer to X Faber | Credential: state = offer_sent, credential_exchange_id = 41f32e00-f550-46df-a26d-0432315ff0eb Faber | Connected Faber | Credential: state = request_received, credential_exchange_id = 41f32e00-f550-46df-a26d-0432315ff0eb #17 Issue credential to X Faber | Credential: state = credential_issued, credential_exchange_id = 41f32e00-f550-46df-a26d-0432315ff0eb (1) Issue Credential (2) Send Proof Request (3) Send Message (T) Toggle tracing on credential/proof exchange (X) Exit? [1/2/3/T/X] 2 #20 Request proof of degree from alice Faber | Presentation: state = request_sent , presentation_exchange_id = 079ace70-639a-4bcc-b6bd-d5f005250229 Faber | Presentation: state = presentation_received , presentation_exchange_id = 079ace70-639a-4bcc-b6bd-d5f005250229 #27 Process the proof provided by X #28 Check if proof is valid Faber | Proof = false Faber | Presentation: state = verified , presentation_exchange_id = 079ace70-639a-4bcc-b6bd-d5f005250229 Faber | 2020-04-27 10:20:35,446 aries_cloudagent.verifier.indy ERROR Validation of presentation on nonce=78902615866769380307991 failed with e rror Faber | Traceback (most recent call last): Faber | File "/home/indy/aries_cloudagent/verifier/indy.py", line 189, in verify_presentation Faber | json.dumps(rev_reg_entries), Faber | File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/indy/anoncreds.py", line 1756, in verifier_verify_proof Faber | verifier_verify_proof.cb) Faber | indy.error.CommonInvalidStructure (1) Issue Credential (2) Send Proof Request (3) Send Message (T) Toggle tracing on credential/proof exchange (X) Exit? [1/2/3/T/X] ```

sukalpomitra (Mon, 27 Apr 2020 10:22:08 GMT):
Please take note I have this code - ```if (proofJson.Contains("\"rev_reg_id\":null")) { String[] separator = { "\"rev_reg_id\":null" }; String[] proofJsonList = proofJson.Split(separator, StringSplitOptions.None); proofJson = proofJsonList[0] + "\"rev_reg_id\":null,\"timestamp\":null}]}"; }```

adamjlemmon (Mon, 27 Apr 2020 10:46:10 GMT):
Has joined the channel.

gaila (Mon, 27 Apr 2020 10:59:27 GMT):
so I included now timestamp as well, but I still get the same error: '{ "cred_def_id": "MfRuHWwGcrJHoxnJb73A68:3:CL:15399:default", "schema_version": "94.12.31", "schema_name": "degree schema", "schema_id": "MfRuHWwGcrJHoxnJb73A68:2:degree schema:94.12.31", "comment": "string", "credential_proposal": { "@type": "did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/issue-credential/1.0/credential-preview", "attributes": [ { "name": "alice", "date": "2010-01-01", "degree": "bachelor", "age": "24", "timestamp": "2020-01-01" } ] }, "schema_issuer_did": "MfRuHWwGcrJHoxnJb73A68", "issuer_did": "MfRuHWwGcrJHoxnJb73A68", "connection_id": "6687f072-38bd-462c-9745-bd3cda79d158" }'

sklump (Mon, 27 Apr 2020 11:31:49 GMT):
OK, I see. The preview is wrong. Each attribute needs a {"name": ..., "value": ...} dict as per https://github.com/hyperledger/aries-rfcs/tree/master/features/0036-issue-credential#preview-credential e.g., ``` { "cred_def_id": "MfRuHWwGcrJHoxnJb73A68:3:CL:10:default", "schema_version": "94.12.31", "schema_name": "degree schema", "schema_id": "MfRuHWwGcrJHoxnJb73A68:2:degree schema:94.12.31", "comment": "string", "credential_proposal": { "@type": "did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/issue-credential/1.0/credential-preview", "attributes": [ { "name": "name", "value": "alice" }, { "name": "date", "value": "2010-01-01" }, { "name": "degree", "value": "bachelor" }, { "name": "age", "value": "24" }, { "name": "timestamp", "value": "1587987026" } ] }, "schema_issuer_did": "MfRuHWwGcrJHoxnJb73A68", "issuer_did": "MfRuHWwGcrJHoxnJb73A68", "connection_id": "..." } ```

lauravuo-techlab (Mon, 27 Apr 2020 11:40:32 GMT):
hi folks! We are testing our own aries-compatible agent against aca-py. For this we are using the Faber-issuer from Aca-Py demo. Faber issues successfully a credential to our holder and the proof is also verified ok. However, we don't get the ACK-message when the proof has been verified. Is there any additional steps we need to take in order to enable the sending of the ACK for present-proof?

gaila (Mon, 27 Apr 2020 11:53:57 GMT):
you are right!! thanks a lot :)

sklump (Mon, 27 Apr 2020 14:25:30 GMT):
From what I can see, the issue-credential protocol in the aca-py implements the spec as it currently stands. Changing the spec will knock aca-py itself out of compliance.

swcurran (Mon, 27 Apr 2020 14:56:39 GMT):
I don't think there is a required ACK in the proof presentation, but I'm not working at the details. @sklump @andrew.whitehead - thoughts? Love to hear more about the agent you have created. Perhaps on a separate thread you can share more about that? Also, there is a channel called #aries-interop that we hope all agent builders will use to flesh out interop issue. Please join us there!

sklump (Mon, 27 Apr 2020 15:16:53 GMT):
The verifier acks the prover. The prover receives the ack and sets its presentation exchange record's state to `presentation_acked`. At present, the verifier doesn't change its presentation record's state from `verified`. The verifier doesn't need to track that, does it? As far as the verifier is concerned, verification is the point of the exchange and its operation can stop. And 'acked' in this case means 'interlocutor has acknowledged', so to get to `acked` state, the prover would need to send an ack to the prover's the ack. I think that's one exchange too many.

sklump (Mon, 27 Apr 2020 15:16:53 GMT):
The verifier acks the prover. The prover receives the ack and sets its presentation exchange record's state to `presentation_acked`. At present, the verifier doesn't change its presentation record's state from `verified`. The verifier doesn't need to track that, does it? As far as the verifier is concerned, verification is the point of the exchange and its operation can stop. And 'acked' in this case means 'interlocutor has acknowledged', so to get to `acked` state, the prover would need to send an ack to the verifier's the ack. I think that's one exchange too many.

sklump (Mon, 27 Apr 2020 15:16:53 GMT):
The verifier acks the prover. The prover receives the ack and sets its presentation exchange record's state to `presentation_acked`. At present, the verifier doesn't change its presentation record's state from `verified`. The verifier doesn't need to track that, does it? As far as the verifier is concerned, verification is the point of the exchange and its operation can stop. And 'acked' in this case means 'interlocutor has acknowledged', so to get to `acked` state, the prover would need to send an ack to the verifier's ack. I think that's one exchange too many.

swcurran (Mon, 27 Apr 2020 15:27:21 GMT):
We definitely don't want that.

sklump (Mon, 27 Apr 2020 15:28:04 GMT):
If there is a responder configured, the verifier replies with an ack. If it doesn't that's a problem to investigate.

swcurran (Mon, 27 Apr 2020 15:28:39 GMT):
Thanks for the clarification, Stephen. I didn't think ACA-Py sent a post-verification Ack, but when I looked at the RFC, it's pretty clear it should, so glad we are doing that.

swcurran (Mon, 27 Apr 2020 15:30:25 GMT):
True on the "if responder". In the case of the ephemeral challenge (connection-less proof request), there would only be a way to ACK the prover when the if the prover provided a ~service decorator.

swcurran (Mon, 27 Apr 2020 15:31:54 GMT):
@sklump - one other question about non-"Auto Respond" operation. Does ACA-Py automatically send an "ACK" when the proof is verified, or when the Controller tells ACA-Py to send the Ack? It should be the latter, as the controller may want to apply some post-verification logic before sending the Ack.

sklump (Mon, 27 Apr 2020 15:33:05 GMT):
Aca-py sends it.

swcurran (Mon, 27 Apr 2020 15:34:04 GMT):
We should look at that. I don't think that is right.

sklump (Mon, 27 Apr 2020 15:34:49 GMT):
Maybe a configuration option. Otherwise it will take more logic in any existing users, like the demo for example.

sklump (Mon, 27 Apr 2020 15:37:22 GMT):
But once we start down that road, the whole manager class infrastructure opens up like pulling on the loose thread. Why not have all business logic move up to the controller and default it to auto? I think this is a case of optimize-last and see-who-complains.

swcurran (Mon, 27 Apr 2020 15:43:15 GMT):
I think this particular one is a big deal. Cryptographically verifying the proof is one thing. Approving it as a business level is a different question.

sklump (Mon, 27 Apr 2020 15:45:53 GMT):
There have already been several steps by this point to intervene and inspect. The verification shows that the verifier got exactly what the verifier asked for (proof-request). I think not taking yes for an answer is a sign of overthinking. But this is not the hill I die on.

jcourt (Tue, 28 Apr 2020 01:56:58 GMT):
Looking through the ACA-py transport code I can't see any XMPP support, just HTTP and WS. What is the expected mechanism for an ACA-py based Agent to use an OpenFire XMPP endpoint to transfer DIDComm messages to a mobile Agent ? I hope I am being clear but this whole space still seems a little foggy in the training material I have done :-)

jcourt (Tue, 28 Apr 2020 02:00:41 GMT):
Actually maybe it just hits a HTTP port on the OpenFire and that gets converted (gatewayed) on the Mobile side ?

lauravuo-techlab (Tue, 28 Apr 2020 06:04:22 GMT):
Ok, thanks for your reply! We are currently working on figuring out if we can open source our codebase, we'll get back to you once we proceed with that. The use case that this acking is related to is building a chat UI between the verifier and the holder. The UI logic is built on receiving the ack ie. the proof changes its status to verified as the ack is received. (see our prototype: https://www.youtube.com/watch?v=gVr8KwISMS4&feature=youtu.be&t=146)

lauravuo-techlab (Tue, 28 Apr 2020 11:09:27 GMT):
Just one more clarification, is there a way we can enable the responder in this Faber-demo scenario?

sklump (Tue, 28 Apr 2020 16:28:30 GMT):
Good catch: it's a bug. Will address.

sklump (Tue, 28 Apr 2020 16:28:30 GMT):
Good catch: it's a bug. ~Will address.~ The fix is in: try it now

swcurran (Tue, 28 Apr 2020 16:33:21 GMT):
@lauravuo-techlab -- a chat app is a great use case. Very interested if you want to add a protocol into the Aries RFC repo that is more sophisticated than just "Basic Message". Would also love to have you demo at the Aries Working Group when you are ready.

swcurran (Wed, 29 Apr 2020 16:42:17 GMT):
Sorry for the late notice -- there is no ACA-Pug meeting this week because of IIW. We'll be back in 2 weeks with LOTS to talk about!

victor.martinez (Wed, 29 Apr 2020 20:47:34 GMT):

aca-py.log

victor.martinez (Wed, 29 Apr 2020 20:47:37 GMT):
Hi all, when presenting a proof from a credential that has been revoke aca-py returns that the proof has been verified .

victor.martinez (Wed, 29 Apr 2020 20:47:37 GMT):
Hi all, when presenting a proof for verification from a revoked credential aca-py returns that the proof has been verified . Find above the logs... I'm not sure if i'm not checking correctly the state of the proof_exchange but I would expect verfication=false

victor.martinez (Wed, 29 Apr 2020 20:47:37 GMT):
Hi all, when presenting a proof for verification from a revoke credential aca-py returns that the proof has been verified . Find above the logs... I'm not sure if i'm not checking correctly the state of the proof_exchange but I would expect verfication=false

sklump (Wed, 29 Apr 2020 22:17:56 GMT):
Did you publish the verifications? If not, they are pending.

sklump (Wed, 29 Apr 2020 22:17:56 GMT):
Did you publish pending revocations, or else revoke with publish=true? If not, they are pending.

sklump (Wed, 29 Apr 2020 22:17:56 GMT):
Did you publish pending revocations (`/issue-credential/publish-revocations`), or else revoke with publish=true? If not, they are pending.

sklump (Wed, 29 Apr 2020 22:17:56 GMT):
Did you publish pending revocations (`/issue-credential/publish-revocations`), or else revoke with `publish=true`? If not, they are pending.

swcurran (Wed, 29 Apr 2020 23:55:50 GMT):
I just ran the Faber demo and when I revoked the credential, it looks like it didn't publish the registry, even though I wanted to. It might be an issue with the terminal I was using. Anyway, when I did do 5) Publish Revocations, the revocation was published and the next proof came back correctly: ``` Faber | Presentation: state = verified , presentation_exchange_id = 6ceccf8b-4f85-482d-9946-b63c276fe34b Faber | Proof = false ```

victor.martinez (Thu, 30 Apr 2020 08:47:13 GMT):
@sklump @swcurran - I have created a credential defintion with support_revocation = true - I have created a revocation registry with the previous credential defintion - I have updated the revocation registry with the public tiles uri - I have publish the revocation registry (not sure if this step is needed) - I've issue a credential using the route (/issue-credential/send) - The credential exchange that I get as a reponse from issuing the credential contains empty values for revocation_id and revoc_reg_id which are needed later for revoking the credential (/issue-credential/revoke)

victor.martinez (Thu, 30 Apr 2020 08:47:13 GMT):
@sklump @swcurran This are the steps I've done : - I have created a credential defintion with support_revocation = true - I have created a revocation registry with the previous credential defintion - I have updated the revocation registry with the public tiles uri - I have publish the revocation registry (not sure if this step is needed) - I've issue a credential using the route (/issue-credential/send) - Holder accepts the credential and in aca-py the state is "issued" - I 've revoke the credential with publish=true - The proof is presented from a mobile agent ( .net Aries framework) - Verifier verifies the proof with stated = verified and verified = true

victor.martinez (Thu, 30 Apr 2020 08:47:13 GMT):
@sklump @swcurran This are the steps I've done : - I have created a credential defintion with support_revocation = true - I have created a revocation registry with the previous credential defintion - I have updated the revocation registry with the public tiles uri - I have publish the revocation registry (not sure if this step is needed) - I've issue a credential using the route (/issue-credential/send) - The credential exchange that I get as a reponse from issuing the credential contains empty values for revocation_id and revoc_reg_id which are needed later for revoking the credential (/issue-credential/revoke)

victor.martinez (Thu, 30 Apr 2020 08:47:13 GMT):
@sklump @swcurran This are the steps I've done : - I have created a credential defintion with support_revocation = true - I have created a revocation registry with the previous credential defintion - I have updated the revocation registry with the public tiles uri - I have publish the revocation registry (not sure if this step is needed) - I've issue a credential using the route (/issue-credential/send) - I 've revoke the credential with publish=true - The proof is presented from a mobile edgent ( .net Aries framework)

victor.martinez (Thu, 30 Apr 2020 08:47:13 GMT):
@sklump @swcurran This are the steps I've done : - I have created a credential defintion with support_revocation = true - I have created a revocation registry with the previous credential defintion - I have updated the revocation registry with the public tiles uri - I have publish the revocation registry (not sure if this step is needed) - I've issue a credential using the route (/issue-credential/send) - I 've revoke the credential with publish=true - The proof is presented from a mobile agent ( .net Aries framework)

victor.martinez I'm not sure at ``` es-cloudagent-issuer_1 aries-cloudagent-issuer_1 aries-cloudagent-issuer_1 aries-cloudagent-issuer_1 | aries-cloudagent-issuer_1 aries-cloudagent-issuer_1 | aries-cloudagent-issuer_1 aries-cloudagent-issuer_1 aries-cloudagent-issuer_1 aries-cloudagent-issuer_1 aries-cloudagent-issuer_1 | aries-cloudagent-issuer_1 aries-cloudagent-issuer_1 | aries-cloudagent-issuer_1 aries-cloudagent-issuer_1 | aries-cloudagent-issuer_1 aries-cloudagent-issuer_1 | aries-cloudagent-issuer_1 aries-cloudagent-issuer_1 | aries-cloudagent-issuer_1 aries-cloudagent-issuer_1 | aries-cloudagent-issuer_1 ``` (Thu, 30 Apr 2020 08:51:05 GMT):
which step I should publish revocation registry but if I do it after revoking a credential I got this error | 2020-04-30 08:47:13,862 aries_cloudagent.core.dispatcher ERROR Handler error: publish_registry | Traceback (most recent call last): | File "/home/indy/aries_cloudagent/revocation/routes.py", line 300, in publish_registry await revoc_registry.publish_registry_definition(context) | File "/home/indy/aries_cloudagent/revocation/models/issuer_rev_reg_record.py", line 200, in publish_registry_definition self.revoc_reg_id, self.state | aries_cloudagent.revocation.error.RevocationError: Revocation registry PiEVD2uU2qKEQ5oxx1BJ6A:4:PiEVD2uU2qKEQ5oxx1BJ6A:3:CL:89519:c64f09be-1a76-4f9c-ae29-f18f0b303ca1:CL_ACCUM:aaa78adc-e4c8-4785-af51-76d00a3fa30b in state active: cannot publish definition | 2020-04-30 08:47:13,863 aiohttp.server ERROR Error handling request | Traceback (most recent call last): | File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aiohttp/web_protocol.py", line 418, in start resp = await task | File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aiohttp/web_app.py", line 458, in _handle resp = await handler(request) | File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aiohttp/web_middlewares.py", line 119, in impl return await handler(request) | File "/home/indy/aries_cloudagent/admin/server.py", line 187, in apply_limiter return await task | File "/home/indy/aries_cloudagent/revocation/routes.py", line 300, in publish_registry await revoc_registry.publish_registry_definition(context) | File "/home/indy/aries_cloudagent/revocation/models/issuer_rev_reg_record.py", line 200, in publish_registry_definition self.revoc_reg_id, self.state | aries_cloudagent.revocation.error.RevocationError: Revocation registry PiEVD2uU2qKEQ5oxx1BJ6A:4:PiEVD2uU2qKEQ5oxx1BJ6A:3:CL:89519:c64f09be-1a76-4f9c-ae29-f18f0b303ca1:CL_ACCUM:aaa78adc-e4c8-4785-af51-76d00a3fa30b in state active: cannot publish definition

victor.martinez (Thu, 30 Apr 2020 08:51:05 GMT):
I'm not sure at which step I should publish revocation registry but if I do it after revoking a credential I got this error `es-cloudagent-issuer_1 | 2020-04-30 08:47:13,862 aries_cloudagent.core.dispatcher ERROR Handler error: publish_registry aries-cloudagent-issuer_1 | Traceback (most recent call last): aries-cloudagent-issuer_1 | File "/home/indy/aries_cloudagent/revocation/routes.py", line 300, in publish_registry aries-cloudagent-issuer_1 | await revoc_registry.publish_registry_definition(context) aries-cloudagent-issuer_1 | File "/home/indy/aries_cloudagent/revocation/models/issuer_rev_reg_record.py", line 200, in publish_registry_definition aries-cloudagent-issuer_1 | self.revoc_reg_id, self.state aries-cloudagent-issuer_1 | aries_cloudagent.revocation.error.RevocationError: Revocation registry PiEVD2uU2qKEQ5oxx1BJ6A:4:PiEVD2uU2qKEQ5oxx1BJ6A:3:CL:89519:c64f09be-1a76-4f9c-ae29-f18f0b303ca1:CL_ACCUM:aaa78adc-e4c8-4785-af51-76d00a3fa30b in state active: cannot publish definition aries-cloudagent-issuer_1 | 2020-04-30 08:47:13,863 aiohttp.server ERROR Error handling request aries-cloudagent-issuer_1 | Traceback (most recent call last): aries-cloudagent-issuer_1 | File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aiohttp/web_protocol.py", line 418, in start aries-cloudagent-issuer_1 | resp = await task aries-cloudagent-issuer_1 | File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aiohttp/web_app.py", line 458, in _handle aries-cloudagent-issuer_1 | resp = await handler(request) aries-cloudagent-issuer_1 | File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aiohttp/web_middlewares.py", line 119, in impl aries-cloudagent-issuer_1 | return await handler(request) aries-cloudagent-issuer_1 | File "/home/indy/aries_cloudagent/admin/server.py", line 187, in apply_limiter aries-cloudagent-issuer_1 | return await task aries-cloudagent-issuer_1 | File "/home/indy/aries_cloudagent/revocation/routes.py", line 300, in publish_registry aries-cloudagent-issuer_1 | await revoc_registry.publish_registry_definition(context) aries-cloudagent-issuer_1 | File "/home/indy/aries_cloudagent/revocation/models/issuer_rev_reg_record.py", line 200, in publish_registry_definition aries-cloudagent-issuer_1 | self.revoc_reg_id, self.state aries-cloudagent-issuer_1 | aries_cloudagent.revocation.error.RevocationError: Revocation registry PiEVD2uU2qKEQ5oxx1BJ6A:4:PiEVD2uU2qKEQ5oxx1BJ6A:3:CL:89519:c64f09be-1a76-4f9c-ae29-f18f0b303ca1:CL_ACCUM:aaa78adc-e4c8-4785-af51-76d00a3fa30b in state active: cannot publish definition`

victor.martinez (Thu, 30 Apr 2020 08:51:05 GMT):
I'm not sure at which step I should publish revocation registry but if I do it after revoking a credential I got this error es-cloudagent-issuer_1 | 2020-04-30 08:47:13,862 aries_cloudagent.core.dispatcher ERROR Handler error: publish_registry aries-cloudagent-issuer_1 | Traceback (most recent call last): aries-cloudagent-issuer_1 | File "/home/indy/aries_cloudagent/revocation/routes.py", line 300, in publish_registry aries-cloudagent-issuer_1 | await revoc_registry.publish_registry_definition(context) aries-cloudagent-issuer_1 | File "/home/indy/aries_cloudagent/revocation/models/issuer_rev_reg_record.py", line 200, in publish_registry_definition aries-cloudagent-issuer_1 | self.revoc_reg_id, self.state aries-cloudagent-issuer_1 | aries_cloudagent.revocation.error.RevocationError: Revocation registry PiEVD2uU2qKEQ5oxx1BJ6A:4:PiEVD2uU2qKEQ5oxx1BJ6A:3:CL:89519:c64f09be-1a76-4f9c-ae29-f18f0b303ca1:CL_ACCUM:aaa78adc-e4c8-4785-af51-76d00a3fa30b in state active: cannot publish definition aries-cloudagent-issuer_1 | 2020-04-30 08:47:13,863 aiohttp.server ERROR Error handling request aries-cloudagent-issuer_1 | Traceback (most recent call last): aries-cloudagent-issuer_1 | File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aiohttp/web_protocol.py", line 418, in start aries-cloudagent-issuer_1 | resp = await task aries-cloudagent-issuer_1 | File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aiohttp/web_app.py", line 458, in _handle aries-cloudagent-issuer_1 | resp = await handler(request) aries-cloudagent-issuer_1 | File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aiohttp/web_middlewares.py", line 119, in impl aries-cloudagent-issuer_1 | return await handler(request) aries-cloudagent-issuer_1 | File "/home/indy/aries_cloudagent/admin/server.py", line 187, in apply_limiter aries-cloudagent-issuer_1 | return await task aries-cloudagent-issuer_1 | File "/home/indy/aries_cloudagent/revocation/routes.py", line 300, in publish_registry aries-cloudagent-issuer_1 | await revoc_registry.publish_registry_definition(context) aries-cloudagent-issuer_1 | File "/home/indy/aries_cloudagent/revocation/models/issuer_rev_reg_record.py", line 200, in publish_registry_definition aries-cloudagent-issuer_1 | self.revoc_reg_id, self.state aries-cloudagent-issuer_1 | aries_cloudagent.revocation.error.RevocationError: Revocation registry PiEVD2uU2qKEQ5oxx1BJ6A:4:PiEVD2uU2qKEQ5oxx1BJ6A:3:CL:89519:c64f09be-1a76-4f9c-ae29-f18f0b303ca1:CL_ACCUM:aaa78adc-e4c8-4785-af51-76d00a3fa30b in state active: cannot publish definition

victor.martinez (Thu, 30 Apr 2020 08:53:24 GMT):
- then the verifier verifier verify the proof with this log ``` `aries-cloudagent-verifier_1 | 2020-04-30 08:54:49,188 indy.libindy.native.indy.services.ledger INFO src/services/ledger/mod.rs:328 | parse_get_revoc_reg_def_response() => Ok(("PiEVD2uU2qKEQ5oxx1BJ6A:4:PiEVD2uU2qKEQ5oxx1BJ6A:3:CL:89519:c64f09be-1a76-4f9c-ae29-f18f0b303ca1:CL_ACCUM:aaa78adc-e4c8-4785-af51-76d00a3fa30b", "{\"ver\":\"1.0\",\"id\":\"PiEVD2uU2qKEQ5oxx1BJ6A:4:PiEVD2uU2qKEQ5oxx1BJ6A:3:CL:89519:c64f09be-1a76-4f9c-ae29-f18f0b303ca1:CL_ACCUM:aaa78adc-e4c8-4785-af51-76d00a3fa30b\",\"revocDefType\":\"CL_ACCUM\",\"tag\":\"aaa78adc-e4c8-4785-af51-76d00a3fa30b\",\"credDefId\":\"PiEVD2uU2qKEQ5oxx1BJ6A:3:CL:89519:c64f09be-1a76-4f9c-ae29-f18f0b303ca1\",\"value\":{\"issuanceType\":\"ISSUANCE_BY_DEFAULT\",\"maxCredNum\":1000,\"publicKeys\":{\"accumKey\":{\"z\":\"1 0C7631E0CDD16F71587471AD30188B893DB1584359949032779FF047A71A79D1 1 09F003AF6D94716B56ECC99C1A8D052FC57D05783D2D164DCF43139EA5475AE0 1 2315D8702BDDEDDE5FFBF2D104BD94751360B44EB4E1CD78B6E4EDE1161268BD 1 03947600F6D5B00BD87BE5B733972984427097081B85894B4D326DA76D200778 1 017EC0FA6D6889C6A9C8B4BB8866CDDC4947A8B54B5BB4B7CAF162024C027CB7 1 240730854EAAF51BB6B8E0271FC166643BA9968E2E0D21B80215851001D0C862 1 11721E07F9932763938244DDF0708CECCE6BB7F79A990CF08AEC40FC62948BFB 1 0916FD9AAD094774BAA5A7F3BC63E2E30DA0A59826FE400D84BA0930E48470AA 1 1EACB911349054395491D5D0B7FEADCBFD3686509117CFB72D502ADC0E50D025 1 152A6BE80CE9BCE50D105AF63BC105A83C4CFB9454DF11E8779D8BBCE3D99ADA 1 0FE80154D19EBDF4893AFB43DCAACFA27FA2C6A37829FFE78B00B4A7D0C731B4 1 1FE98C63F4425E24CBA8416346E2B6A645B8D87ED8CCCF4E934910EEDB4BF762\"}},\"tailsHash\":\"A1uEFFJnBfMhY3txE9kHY8zE4CwGCyKn7xSC5DFp4dkK\",\"tailsLocation\":\"http://192.168.0.241:8086/tails/PiEVD2uU2qKEQ5oxx1BJ6A%3A4%3APiEVD2uU2qKEQ5oxx1BJ6A%3A3%3ACL%3A89519%3Ac64f09be-1a76-4f9c-ae29-f18f0b303ca1%3ACL_ACCUM%3Aaaa78adc-e4c8-4785-af51-76d00a3fa30b\"}}")) aries-cloudagent-verifier_1 | 2020-04-30 08:54:49,219 indy.libindy.native.anoncreds_service INFO /home/indy/.cargo/registry/src/github.com-1ecc6299db9ec823/ursa-0.3.0/src/cl/verifier.rs:313 | Verifier verify proof -> done ```

victor.martinez (Thu, 30 Apr 2020 08:53:24 GMT):
- then the verifier verifier verify the proof with this log `aries-cloudagent-verifier_1 | 2020-04-30 08:54:49,188 indy.libindy.native.indy.services.ledger INFO src/services/ledger/mod.rs:328 | parse_get_revoc_reg_def_response() => Ok(("PiEVD2uU2qKEQ5oxx1BJ6A:4:PiEVD2uU2qKEQ5oxx1BJ6A:3:CL:89519:c64f09be-1a76-4f9c-ae29-f18f0b303ca1:CL_ACCUM:aaa78adc-e4c8-4785-af51-76d00a3fa30b", "{\"ver\":\"1.0\",\"id\":\"PiEVD2uU2qKEQ5oxx1BJ6A:4:PiEVD2uU2qKEQ5oxx1BJ6A:3:CL:89519:c64f09be-1a76-4f9c-ae29-f18f0b303ca1:CL_ACCUM:aaa78adc-e4c8-4785-af51-76d00a3fa30b\",\"revocDefType\":\"CL_ACCUM\",\"tag\":\"aaa78adc-e4c8-4785-af51-76d00a3fa30b\",\"credDefId\":\"PiEVD2uU2qKEQ5oxx1BJ6A:3:CL:89519:c64f09be-1a76-4f9c-ae29-f18f0b303ca1\",\"value\":{\"issuanceType\":\"ISSUANCE_BY_DEFAULT\",\"maxCredNum\":1000,\"publicKeys\":{\"accumKey\":{\"z\":\"1 0C7631E0CDD16F71587471AD30188B893DB1584359949032779FF047A71A79D1 1 09F003AF6D94716B56ECC99C1A8D052FC57D05783D2D164DCF43139EA5475AE0 1 2315D8702BDDEDDE5FFBF2D104BD94751360B44EB4E1CD78B6E4EDE1161268BD 1 03947600F6D5B00BD87BE5B733972984427097081B85894B4D326DA76D200778 1 017EC0FA6D6889C6A9C8B4BB8866CDDC4947A8B54B5BB4B7CAF162024C027CB7 1 240730854EAAF51BB6B8E0271FC166643BA9968E2E0D21B80215851001D0C862 1 11721E07F9932763938244DDF0708CECCE6BB7F79A990CF08AEC40FC62948BFB 1 0916FD9AAD094774BAA5A7F3BC63E2E30DA0A59826FE400D84BA0930E48470AA 1 1EACB911349054395491D5D0B7FEADCBFD3686509117CFB72D502ADC0E50D025 1 152A6BE80CE9BCE50D105AF63BC105A83C4CFB9454DF11E8779D8BBCE3D99ADA 1 0FE80154D19EBDF4893AFB43DCAACFA27FA2C6A37829FFE78B00B4A7D0C731B4 1 1FE98C63F4425E24CBA8416346E2B6A645B8D87ED8CCCF4E934910EEDB4BF762\"}},\"tailsHash\":\"A1uEFFJnBfMhY3txE9kHY8zE4CwGCyKn7xSC5DFp4dkK\",\"tailsLocation\":\"http://192.168.0.241:8086/tails/PiEVD2uU2qKEQ5oxx1BJ6A%3A4%3APiEVD2uU2qKEQ5oxx1BJ6A%3A3%3ACL%3A89519%3Ac64f09be-1a76-4f9c-ae29-f18f0b303ca1%3ACL_ACCUM%3Aaaa78adc-e4c8-4785-af51-76d00a3fa30b\"}}")) aries-cloudagent-verifier_1 | 2020-04-30 08:54:49,219 indy.libindy.native.anoncreds_service INFO /home/indy/.cargo/registry/src/github.com-1ecc6299db9ec823/ursa-0.3.0/src/cl/verifier.rs:313 | Verifier verify proof -> done`

victor.martinez (Thu, 30 Apr 2020 08:55:49 GMT):
and then when I check the present-proof exchange record I have this : ``` "state": "verified", "initiator": "self", "verified": "true", ```

victor.martinez (Thu, 30 Apr 2020 08:55:49 GMT):
and then when I check the present-proof exchange record I have this : ` "state": "verified", "initiator": "self", "verified": "true",`

sklump (Thu, 30 Apr 2020 10:14:54 GMT):
The issuer publishes the revocation registry only once, after updating the definition (PATCH `/revocation/registry/{rev_reg_id}`)with its public tails URL. This writes the revocation registry _definition_ and initial revocation registy _entry_ to the ledger (POST `/revocation/registry/{rev_reg_id}/publish`), which makes its state _active_. Thereafter, any revocation with publication (POST `/issue-credential/revoke?rev_reg_id=...&cred_rev_id=...&publish=true`) or subsequent publication (POST `/issue-credential/publish-revocations`) sends a revocation registry _entry_ to the ledger, which does not change its state until a publication makes it _full_. From what I see, what you've done ought to work. If you check the ledger, it should have at least two revocation registry entries on the revocation registry identifier (e.g., 17NatTDW9JWG8D4WyGhTPf:4:17NatTDW9JWG8D4WyGhTPf:3:CL:8:default:CL_ACCUM:7c30c860-c6c4-4821-ba6c-df67d688e50e).

sklump (Thu, 30 Apr 2020 10:14:54 GMT):
The issuer publishes the revocation registry only once, after updating the definition (PATCH `/revocation/registry/{rev_reg_id}`) with its public tails URL. This writes the revocation registry _definition_ and initial revocation registy _entry_ to the ledger (POST `/revocation/registry/{rev_reg_id}/publish`), which makes its state _active_. Thereafter, any revocation with publication (POST `/issue-credential/revoke?rev_reg_id=...&cred_rev_id=...&publish=true`) or subsequent publication (POST `/issue-credential/publish-revocations`) sends a revocation registry _entry_ to the ledger, which does not change its state until a publication makes it _full_. From what I see, what you've done ought to work. If you check the ledger, it should have at least two revocation registry entries on the revocation registry identifier (e.g., 17NatTDW9JWG8D4WyGhTPf:4:17NatTDW9JWG8D4WyGhTPf:3:CL:8:default:CL_ACCUM:7c30c860-c6c4-4821-ba6c-df67d688e50e).

sklump (Thu, 30 Apr 2020 10:14:54 GMT):
The issuer publishes the revocation registry only once, after updating the definition (PATCH `/revocation/registry/{rev_reg_id}`) with its public tails URL. This writes the revocation registry _definition_ and initial revocation registy _entry_ to the ledger (POST `/revocation/registry/{rev_reg_id}/publish`), which makes its state _active_. Thereafter, any revocation with publication (POST `/issue-credential/revoke?rev_reg_id=...&cred_rev_id=...&publish=true`) or subsequent publication (POST `/issue-credential/publish-revocations`) sends a revocation registry _entry_ to the ledger, which does not change its state until a publication makes it _full_. From what I see, what you've done ought to work. If you check the ledger (e.g., `http://192.168.56.133:9000/browse/domain?page=1&query=&txn_type=114`), it should have at least two revocation registry entries on the revocation registry identifier (e.g., `17NatTDW9JWG8D4WyGhTPf:4:17NatTDW9JWG8D4WyGhTPf:3:CL:8:default:CL_ACCUM:7c30c860-c6c4-4821-ba6c-df67d688e50e`).

victor.martinez (Thu, 30 Apr 2020 10:23:20 GMT):

Screenshot 2020-04-30 at 12.25.26.png

victor.martinez (Thu, 30 Apr 2020 10:23:22 GMT):
Yes I can see 2 entries...

sklump (Thu, 30 Apr 2020 10:25:35 GMT):
Are you sure you've revoked the credential with the right cred rev id? I'm grasping at straws a bit. One tactic might be to run the aries_cloudagent_python demo with revocation and see if there is any difference to the ledger.

sklump (Thu, 30 Apr 2020 10:25:35 GMT):
Are you sure you've revoked the credential with the right cred rev id? I'm grasping at straws a bit. The cred rev id is a small number starting at 1 and incrementing with each issued credential. One tactic might be to run the aries_cloudagent_python demo with revocation and see if there is any difference to the ledger, relative to the package you are trying to get to work.

victor.martinez (Thu, 30 Apr 2020 10:32:52 GMT):
let me double check and I'll come back to you

victor.martinez (Thu, 30 Apr 2020 10:42:33 GMT):
The value of cred rev id = 1 . I'm getting the value from the webhook when the state of the credential exchange is "credential issued"

victor.martinez (Thu, 30 Apr 2020 10:45:17 GMT):
when revoking the credential the value of the revocation registry id = PiEVD2uU2qKEQ5oxx1BJ6A:4:PiEVD2uU2qKEQ5oxx1BJ6A:3:CL:89519:a6a750aa-3825-4d9b-adaf-543233ff8cc1:CL_ACCUM:4e4f45ed-a529-42df-8f97-1ab59a9ad1c3 and credRevId = 1

victor.martinez (Thu, 30 Apr 2020 10:45:17 GMT):
when revoking the credential the value of the revocation registry ``` id = PiEVD2uU2qKEQ5oxx1BJ6A:4:PiEVD2uU2qKEQ5oxx1BJ6A:3:CL:89519:a6a750aa-3825-4d9b-adaf-543233ff8cc1:CL_ACCUM:4e4f45ed-a529-42df-8f97-1ab59a9ad1c3 ``` and `credRevId = 1`

victor.martinez (Thu, 30 Apr 2020 10:46:47 GMT):
I can see 2 revoc_reg_entry in the ledger https://indyscan.io/tx/SOVRIN_STAGINGNET/domain/96348 and https://indyscan.io/tx/SOVRIN_STAGINGNET/domain/96347

victor.martinez (Thu, 30 Apr 2020 10:48:54 GMT):
and this is the revoc_reg_def https://indyscan.io/tx/SOVRIN_STAGINGNET/domain/96346

sklump (Thu, 30 Apr 2020 11:07:24 GMT):
Yep, it's revoked and published to the ledger. If a proof on it still verifies, that is a mystery.

victor.martinez (Thu, 30 Apr 2020 11:45:20 GMT):
what I should expect to get as a reponse in the verifier ? ``` "state": "verified", "verified": "false" ```

victor.martinez (Thu, 30 Apr 2020 11:45:20 GMT):
what I should expect to get as a reponse in the verifier ? "state": "verified", "verified": "false"

sklump (Thu, 30 Apr 2020 11:45:57 GMT):
Yes: the verification process has completed but the proof does not verify correctly.

victor.martinez (Thu, 30 Apr 2020 11:46:33 GMT):

response_1588236991730.text

victor.martinez (Thu, 30 Apr 2020 11:47:46 GMT):
yep, verified is true.. :thinking:

sklump (Thu, 30 Apr 2020 11:47:56 GMT):
Unfortunately this one comes back true. Maddening.

sklump (Thu, 30 Apr 2020 11:51:18 GMT):
Can you get the credential and post it? `/credential/{credential_id}` I do notice that this proof cites a rev reg id distinct from the ones in on hte ledger at 96347, 96348?

victor.martinez (Thu, 30 Apr 2020 11:52:06 GMT):
sorry this was and old reponse. sure let me post it

sklump (Thu, 30 Apr 2020 11:52:41 GMT):
No problem, it's all troubleshootnig

sklump (Thu, 30 Apr 2020 11:52:41 GMT):
No problem, it's all troubleshooting

victor.martinez (Thu, 30 Apr 2020 11:55:23 GMT):

response_1588247813739.text

victor.martinez (Thu, 30 Apr 2020 11:55:36 GMT):
this are the latest 2 verifications

victor.martinez (Thu, 30 Apr 2020 11:58:19 GMT):

response_credentials.text

victor.martinez (Thu, 30 Apr 2020 11:58:37 GMT):
and the latest credentials issued

sklump (Thu, 30 Apr 2020 12:06:57 GMT):
My next step if I were you would be to load this data into a copy of the `test_interaction.py` indy-sdk unit test and see if the indy-sdk itself verifies it. Because you already have the tails file, it might take some time to get everything lined up.

sklump (Thu, 30 Apr 2020 12:06:57 GMT):
My next step if I were you would be to load this data into a modified copy of the `test_interaction.py` indy-sdk unit test and see if the indy-sdk itself verifies it. Because you already have the tails file, it might take some time to get everything lined up.

sklump (Thu, 30 Apr 2020 12:08:01 GMT):
If indy-sdk verifies it, it looks like a bug in indy. If not, there is a cache somewhere that is not picking up revocation info.

victor.martinez (Thu, 30 Apr 2020 12:08:51 GMT):
ok sounds like a plan , I'll do that.

victor.martinez (Thu, 30 Apr 2020 12:09:01 GMT):
thanks for your help

victor.martinez (Thu, 30 Apr 2020 15:01:07 GMT):
another detail is that the agent is configured with the paramter auto-verify-presentation , should this affect revocation somehow?

victor.martinez (Thu, 30 Apr 2020 15:01:07 GMT):
another details i that the agent is configure to auto-verify-presentation , should this affect the revocation ?

sklump (Thu, 30 Apr 2020 15:05:21 GMT):
No

kukgini (Fri, 01 May 2020 07:54:32 GMT):
Has joined the channel.

sklump (Fri, 01 May 2020 10:04:09 GMT):
Oh! Your cred def doesn't support revocation. If it did, your proof req would need non_revoked interval(s) and your proof would need timestamp(s).

sklump (Fri, 01 May 2020 10:04:24 GMT):
Can you post your cred def?

victor.martinez (Fri, 01 May 2020 10:05:33 GMT):
sure, let me do a dry run of the flow again and I'll post you the cred-definition

victor.martinez (Fri, 01 May 2020 10:05:42 GMT):
checking now the cred-defintion

sklump (Fri, 01 May 2020 10:07:15 GMT):
... although if an issuer can revoke a cred on a non-revokable cred def, that in itself is a bug and a use case I hadn't thought of

victor.martinez (Fri, 01 May 2020 10:08:00 GMT):
``` fun createCredentialDefinitionWithRandomTag(schemaId: String): String { val request = CredentialDefinitionSendRequest() request.schemaId(schemaId) request.tag(java.util.UUID.randomUUID().toString()) request.supportRevocation(true) val response = credentialDefinitionApi.credentialDefinitionsPost(request) logger.debug { "Credential definition has been created successfully with values $response" } return response.credentialDefinitionId } ```

victor.martinez (Fri, 01 May 2020 10:08:00 GMT):
` fun createCredentialDefinitionWithRandomTag(schemaId: String): String { val request = CredentialDefinitionSendRequest() request.schemaId(schemaId) request.tag(java.util.UUID.randomUUID().toString()) request.supportRevocation(true) val response = credentialDefinitionApi.credentialDefinitionsPost(request) logger.debug { "Credential definition has been created successfully with values $response" } return response.credentialDefinitionId }`

sklump (Fri, 01 May 2020 10:09:06 GMT):
The code asks for revocation support - can you get it from the ledger?

sklump (Fri, 01 May 2020 10:10:14 GMT):
... the next step is to see how the proof req is made, because it needs to check for revocation support and put in non-revocation interval(s).

sklump (Fri, 01 May 2020 10:11:24 GMT):
The patch is going to be to get it to do that, but bug is that the software (aries? indy-sdk?) can validate a proof on a revocable credential without a timestamp.

sklump (Fri, 01 May 2020 10:11:54 GMT):
It should reject it out of hand before even hitting the crypto library.

victor.martinez (Fri, 01 May 2020 10:12:32 GMT):
this is the credenital defintion PiEVD2uU2qKEQ5oxx1BJ6A:3:CL:89519:2e3e1fd6-28bc-496d-a155-78482b53ff81

sklump (Fri, 01 May 2020 10:12:47 GMT):
No, that's the cred def id

victor.martinez (Fri, 01 May 2020 10:13:07 GMT):
I have created a fresh new one

victor.martinez (Fri, 01 May 2020 10:13:32 GMT):
I can't not find it in indyscan.io

victor.martinez (Fri, 01 May 2020 10:14:14 GMT):
revocation registry id -> PiEVD2uU2qKEQ5oxx1BJ6A:4:PiEVD2uU2qKEQ5oxx1BJ6A:3:CL:89519:2e3e1fd6-28bc-496d-a155-78482b53ff81:CL_ACCUM:f6f18a51-7284-40a9-acbd-bc93ce7cefa0

sklump (Fri, 01 May 2020 10:14:30 GMT):
It should be a transaction on the ledger with transaction type 102 (CRED_DEF)

victor.martinez (Fri, 01 May 2020 10:15:34 GMT):
ok I have found the cred_defintion transacion is this one . https://indyscan.io/tx/SOVRIN_STAGINGNET/domain/96767

sklump (Fri, 01 May 2020 10:16:38 GMT):
OK, it supports revocation. How do you build the proof request?

sklump (Fri, 01 May 2020 10:16:38 GMT):
OK, it supports revocation (`txn["data"]["data"]["revocation"]). How do you build the proof request?

victor.martinez (Fri, 01 May 2020 10:18:05 GMT):
```` fun presentProofRequest(connectionId: String) { val presentationRequest = V10PresentationRequestRequest() presentationRequest.proofRequest = getIndyProofRequest() presentationRequest.connectionId = UUID.fromString(connectionId) presentationRequest.comment = "Present the PRC credential in order to blablabla.." val presentation = presentProofApi.presentProofSendRequestPost(presentationRequest) logger.info { "proof request send sucessfully with id ${presentation.presentationExchangeId}" } } ``` `

victor.martinez (Fri, 01 May 2020 10:18:31 GMT):
``` private fun getIndyProofRequest(): IndyProofRequest { val indyProofRequest = IndyProofRequest() indyProofRequest.name = "Permanent Residence Card Proof request" indyProofRequest.version = "1.0" // indyProofRequest.nonce = generateNonce() indyProofRequest.requestedAttributes = getRequestedAttributes() return indyProofRequest } private fun getRequestedAttributes(): Map { // TODO add as a restriction the issuer DID return mapOf( "0_givenname_uuid" to IndyProofReqAttrSpec().apply { name = "givenname" }, "0_familyname_uuid" to IndyProofReqAttrSpec().apply { name = "familyname" }, "0_gender_uuid" to IndyProofReqAttrSpec().apply { name = "gender" }, "0_residentsince_uuid" to IndyProofReqAttrSpec().apply { name = "residentsince" }, "0_lprcategory_uuid" to IndyProofReqAttrSpec().apply { name = "lprcategory" }, "0_lprnumber_uuid" to IndyProofReqAttrSpec().apply { name = "lprnumber" }, "0_commuterclassification_uuid" to IndyProofReqAttrSpec().apply { name = "commuterclassification" }, "0_birthcountry_uuid" to IndyProofReqAttrSpec().apply { name = "birthcountry" }, "0_birthdate_uuid" to IndyProofReqAttrSpec().apply { name = "birthdate" }, "0_birthcountry_uuid" to IndyProofReqAttrSpec().apply { name = "birthcountry" } ) } ```

victor.martinez (Fri, 01 May 2020 10:19:58 GMT):
ok , I have noticed the nonce is not generated but i guess this should only impact the replay attack

victor.martinez (Fri, 01 May 2020 10:21:19 GMT):
the proof is generated with .net Aries framework

sklump (Fri, 01 May 2020 10:24:21 GMT):
Before using the proof request, the logic should check for revocation support on nominated cred def and add in a non-revocation interval where possible; e.g., https://github.com/hyperledger/aries-cloudagent-python/blob/cd5ec2ad85bf8a67ad9f7d0462335add5262a0c6/aries_cloudagent/protocols/present_proof/v1_0/messages/inner/presentation_preview.py#L277 It's python - I don't know anything about the .NET framework but I suggest you chase it down there. To prove the concept, can you bolt on ``` { ... "non_revoked": { "to": 1588328630 } } to the proof request (use current EPOCH time) ? ```

sklump (Fri, 01 May 2020 10:24:21 GMT):
Before using the proof request, the logic should check for revocation support on nominated cred def and add in a non-revocation interval where possible; e.g., https://github.com/hyperledger/aries-cloudagent-python/blob/cd5ec2ad85bf8a67ad9f7d0462335add5262a0c6/aries_cloudagent/protocols/present_proof/v1_0/messages/inner/presentation_preview.py#L277 It's python - I don't know anything about the .NET framework but I suggest you chase it down there. To prove the concept, can you bolt on ``` { ... "non_revoked": { "from": 1588328630, "to": 1588328630 } } to the proof request (use current EPOCH time) ? ```

sklump (Fri, 01 May 2020 10:24:21 GMT):
Before using the proof request, the logic should check for revocation support on nominated cred def and add in a non-revocation interval where possible; e.g., https://github.com/hyperledger/aries-cloudagent-python/blob/cd5ec2ad85bf8a67ad9f7d0462335add5262a0c6/aries_cloudagent/protocols/present_proof/v1_0/messages/inner/presentation_preview.py#L277 It's python - I don't know anything about the .NET framework but I suggest you chase it down there. To prove the concept, can you bolt on ``` { ... "non_revoked": { "from": 1588328630, "to": 1588328630 } } ``` to the proof request (use current EPOCH time) ? ```

sklump (Fri, 01 May 2020 10:24:21 GMT):
Before using the proof request, the logic should check for revocation support on nominated cred def and add in a non-revocation interval where possible; e.g., https://github.com/hyperledger/aries-cloudagent-python/blob/cd5ec2ad85bf8a67ad9f7d0462335add5262a0c6/aries_cloudagent/protocols/present_proof/v1_0/messages/inner/presentation_preview.py#L277 It's python - I don't know anything about the .NET framework but I suggest you chase it down there. To prove the concept, can you bolt on ``` { ... "non_revoked": { "from": 1588328630, "to": 1588328630 } } ``` to the proof request (use current EPOCH time) ?

sklump (Fri, 01 May 2020 10:24:35 GMT):
And then send it into the machine

victor.martinez (Fri, 01 May 2020 10:28:25 GMT):
I think most probabliy this is the problem, let me check and I'll come back to you .

sklump (Fri, 01 May 2020 10:30:13 GMT):
I am technically off today, so please keep our watchers up to date and I will investigate on Monday.

sklump (Fri, 01 May 2020 10:30:13 GMT):
I am technically off today, so please keep our watchers up to date and I will investigate on Monday. But I realized what it was _("no timestamp!")_ as I was falling asleep last night and couldn't let it ride for 3 days.

victor.martinez (Fri, 01 May 2020 10:33:31 GMT):
wow many thanks.. we are working against the clock since we have a presentation next week for DHS but if I undertood BCgov is invited to the plugfest event

victor.martinez (Fri, 01 May 2020 10:34:17 GMT):
so hopefully we can show you guys the demo with aca-py under the hood.. specially the offline demo ;)

sklump (Fri, 01 May 2020 10:36:22 GMT):
One thing to note is the semantics of the non-revocation interval. It states that the verifier is happy with ANY timestamp between "from" (default 0) and "to" (default forever -- but at least one must be present). So to be safe in this case, make both the current moment - otherwise, if not using "from", the prover can choose a timestamp before his credential's revocation. It's not an X.509 non-revocation interval, which requires proof of non-revocation over the entire duration.

sklump (Fri, 01 May 2020 10:36:22 GMT):
One thing to note is the semantics of the non-revocation interval. It states that the verifier is happy with ANY timestamp between "from" (default 0) and "to" (default forever -- but at least one must be present). So to be safe in this case, make both the current moment - otherwise, if not using "from", the prover can choose a timestamp before his credential's revocation. It's not an X.509 validity (not-before/not-after) period, which stipulates an entire duration.

victor.martinez (Fri, 01 May 2020 10:36:56 GMT):
ok I think I understood , noted.

ultimo2020 (Sat, 02 May 2020 11:55:57 GMT):
Hey guys. I would like to see to finisht the ACME part of the ACA-PY https://github.com/hyperledger/aries-cloudagent-python/blob/master/demo/runners/acme.py to learn more about ACA-PY

ultimo2020 (Sat, 02 May 2020 11:56:34 GMT):
Is there maybe in the demo a web GUI demo also ? Or maybe some other WEB Gui for triggering basic functions of the ACA-PY alice/faber demo ?

ultimo2020 (Sat, 02 May 2020 11:57:08 GMT):
maybe those features like basich Swagger API commands etc.

profae (Sat, 02 May 2020 13:43:54 GMT):
Has joined the channel.

amanji (Sat, 02 May 2020 21:55:52 GMT):
There are a set of demo web implementations you may be interested in at https://github.com/hyperledger/aries-acapy-controllers

amanji (Sat, 02 May 2020 21:57:49 GMT):
These are web controllers built on top of the cloud agents. There’s an example written with .NET, Angular and Node.js

ultimo2020 (Sun, 03 May 2020 05:38:38 GMT):
Thanks. Will take a look

kh_touati (Mon, 04 May 2020 18:48:27 GMT):
Has joined the channel.

sigma67 (Mon, 04 May 2020 19:03:07 GMT):
Has joined the channel.

sigma67 (Mon, 04 May 2020 19:03:08 GMT):
Hey everyone, we're working with the ACA-py demo and trying to request a proof for a string attribute. We'd like to request a proof from Alice that her degree is "Physics". Since in the demo Alice has the degree "Maths", the proof should fail. We attempted to do this by including `{"name": "degree", "cred_def_id": "8c6LLR4pa5t2CDiSxGXh4w:3:CL:15992:default", value": "Physics"}` in the req_attributes. However, when we try to verify the proof, it shows as 'verified: true', even though Alice sent 'Maths' as her degree. Where did we go wrong? Is there a different approach you need to take to assert a string attribute's value?

sigma67 (Mon, 04 May 2020 19:03:08 GMT):
Hey everyone, we're working with the ACA-py demo and trying to request a proof for a string attribute. We'd like to request a proof from Alice that her degree is "Physics". Since in the demo Alice has the degree "Maths", the proof should fail. We attempted to do this by including ``` {"name": "degree", "cred_def_id": "8c6LLR4pa5t2CDiSxGXh4w:3:CL:15992:default", value": "Physics"} ``` in the req_attributes. However, when we try to verify the proof, it shows as 'verified: true', even though Alice sent 'Maths' as her degree. Where did we go wrong? Is there a different approach you need to take to assert a string attribute's value?

sigma67 (Mon, 04 May 2020 19:03:08 GMT):
Hey everyone, we're working with the ACA-py demo and trying to request a proof for a string attribute. We'd like to request a proof from Alice that her degree is "Physics". Since in the demo Alice has the degree "Maths", the proof should fail. We attempted to do this by including ``` {"name": "degree", "cred_def_id": "8c6LLR4pa5t2CDiSxGXh4w:3:CL:15992:default", value: "Physics"} ``` in the req_attributes. However, when we try to verify the proof, it shows as 'verified: true', even though Alice sent 'Maths' as her degree. Where did we go wrong? Is there a different approach you need to take to assert a string attribute's value?

sigma67 (Mon, 04 May 2020 19:03:08 GMT):
Hey everyone, we're working with the ACA-py demo and trying to request a proof for a string attribute. We'd like to request a proof from Alice that her degree is "Physics". Since in the demo Alice has the degree "Maths", the proof should fail. We attempted to do this by including ``` {"name": "degree", "cred_def_id": "8c6LLR4pa5t2CDiSxGXh4w:3:CL:15992:default", "value": "Physics"} ``` in the req_attributes. However, when we try to verify the proof, it shows as 'verified: true', even though Alice sent 'Maths' as her degree. Where did we go wrong? Is there a different approach you need to take to assert a string attribute's value?

sigma67 (Mon, 04 May 2020 19:04:21 GMT):
`{"name": "degree", "cred_def_id": "8c6LLR4pa5t2CDiSxGXh4w:3:CL:15992:default", value": "Physics"}`

sigma67 (Mon, 04 May 2020 19:05:16 GMT):
``` {"name": "degree", "cred_def_id": "8c6LLR4pa5t2CDiSxGXh4w:3:CL:15992:default", value": "Physics"} ```

sklump (Tue, 05 May 2020 10:23:40 GMT):
A proof request can restrict requested attributes with the following restrictions: * `schema_id` * `schema_issuer_did` * `schema_name` * `schema_version` * `cred_def_id` * `issuer_did`. The prover finds credentials to fit any such restrictions that the proof request specifies, and creates a proof with them, revealing attributes that the proof request specifies in `requested_attributes`. The verifier can check the revealed attributes once proven to evaluate whether they satisfy policy. The proof request cannot specify a particular value as a restriction. The prover can pass additional WQL (https://github.com/hyperledger/indy-sdk/tree/master/docs/design/011-wallet-query-language) to isolate credentials of interest in the wallet when selecting them for proof creation; in particular, `attr::`__`::marker: 1` for attribute presence and `attr::`__`::value: `__ for attribute value. Of interest for your case would be: ``` { 'attr::degree::value': "Physics" } ```

sklump (Tue, 05 May 2020 10:23:40 GMT):
A proof request can restrict requested attributes with the following restrictions: * `schema_id` * `schema_issuer_did` * `schema_name` * `schema_version` * `cred_def_id` * `issuer_did`. The prover finds credentials to fit any such restrictions that the proof request specifies, and creates a proof with them, revealing attributes that the proof request specifies in `requested_attributes`. The verifier can check the revealed attributes once proven to evaluate whether they satisfy policy. The proof request cannot specify a particular value as a restriction. The prover can pass additional WQL (https://github.com/hyperledger/indy-sdk/tree/master/docs/design/011-wallet-query-language) to isolate credentials of interest in the wallet when selecting them for proof creation; in particular, `attr::::value: ` for attribute value. Of interest for your case would be: ``` { 'attr::degree::value': "Physics" } ```

sklump (Tue, 05 May 2020 10:23:40 GMT):
A proof request can restrict requested attributes with the following restrictions: * `schema_id` * `schema_issuer_did` * `schema_name` * `schema_version` * `cred_def_id` * `issuer_did`. The prover finds credentials to fit any such restrictions that the proof request specifies, and creates a proof with them, revealing attributes that the proof request specifies in `requested_attributes`. The verifier can check the revealed attributes once proven to evaluate whether they satisfy policy. The proof request cannot specify a particular value as a restriction. The prover can pass additional WQL (https://github.com/hyperledger/indy-sdk/tree/master/docs/design/011-wallet-query-language) to isolate credentials of interest in the wallet when selecting them for proof creation; in particular, `attr::::marker: 1` for attribute presence and `attr::::value: ` for attribute value. Of interest for your case would be: ``` { 'attr::degree::value': "Physics" } ```

sigma67 (Tue, 05 May 2020 11:46:42 GMT):
Thanks for the detailed information. "The proof request cannot specify a particular value as a restriction." So I take it that the value in the proof request is only a suggestion? Am I correct to assume that for the verifier the only way to assert a specific string value is manually comparing the revealed value to the requested suggested value? In that scenario the Aries verify-credentials endpoint would only verify the validity of the proof (i.e. signatures), and not its compliance with requested attributes

sklump (Tue, 05 May 2020 11:47:24 GMT):
There is no value in a proof request.

sklump (Tue, 05 May 2020 11:47:24 GMT):
No proof request ever specifies an attribute value to match.

sklump (Tue, 05 May 2020 11:48:12 GMT):
Otherwise, correct.

sigma67 (Tue, 05 May 2020 11:49:53 GMT):
Ah it seems I misinterpreted this Aries RFC. https://github.com/hyperledger/aries-rfcs/tree/master/features/0037-present-proof#presentation-preview

sigma67 (Tue, 05 May 2020 11:49:58 GMT):
Thanks!

sklump (Tue, 05 May 2020 11:55:24 GMT):
The preview is part of the proposal, which the prover may use to initiate the interaction. The other path is that the verifier sends a proof request. One could argue that a proof request should be able to ask for attribute values, but there are historical reasons why it doesn't at the moment.

victor.martinez (Tue, 05 May 2020 12:07:29 GMT):
hello after updated aca-py to the lastest master branch the /revocation/registry/{rev_reg_id}/tails-file endpoint , the tails file is not specify in the swagger defintion

sklump (Tue, 05 May 2020 12:17:12 GMT):
Retaining it blew up marshmallow http-apispec extension validation middleware on startup. It's still there for download, or else the demo wouldn't work. No?

victor.martinez (Tue, 05 May 2020 12:25:01 GMT):

Screenshot 2020-05-05 at 14.26.53.png

victor.martinez (Tue, 05 May 2020 12:25:05 GMT):
I havnt run the demo but this is what i get when accesing swagger html aca-py API

victor.martinez (Tue, 05 May 2020 12:26:16 GMT):
this is the auto generate swagger client api , the tiles file is not expose anymore ``` /** * Download the tails file of revocation registry * * @param revRegId Revocation Registry identifier (required) * @throws ApiException If fail to call the API, e.g. server error or cannot deserialize the response body */ public void revocationRegistryRevRegIdTailsFileGet(String revRegId) throws ApiException { revocationRegistryRevRegIdTailsFileGetWithHttpInfo(revRegId); } ```

sklump (Tue, 05 May 2020 12:29:03 GMT):
Sorry for your loss, but it's not negotiable. The server can't start with it: the middleware tries to instantiate `"schema": {"type": "file"}` as a Marshmallow schema (as opposed to a json-schema) from the docs and crashes. If you can find a way to make it work, kindly submit as a PR.

victor.martinez (Tue, 05 May 2020 12:30:46 GMT):
how can I get the TailsFile from aca-py ? If I undertand correctly I need to expose the tail files via my controller in order to let the wallet download it

victor.martinez (Tue, 05 May 2020 12:30:46 GMT):
how can I access the TailsFile then ? If I undertand correctly I need to expose the tail files via my controller in order to let the wallet download it

sklump (Tue, 05 May 2020 12:33:27 GMT):
`GET /revocation/registry/{rev_reg_id}/tails-file`

sklump (Tue, 05 May 2020 12:33:42 GMT):
I suspect I'm missing something fundamental here

victor.martinez (Tue, 05 May 2020 12:36:28 GMT):
yes this is the endpoint i'm using but before there was a model define to access the file after the 200 response, right now there is not model define ..

sklump (Tue, 05 May 2020 12:37:59 GMT):
So? You know that endpoint's response is a file. The swagger API clearly describes it as a file. Download it to a file. Again, I must be missing the point here.

victor.martinez (Tue, 05 May 2020 12:43:37 GMT):
ok I think I understand, however even it is specify in the API swagger client generation is going to auto-generate a method returning void

victor.martinez (Tue, 05 May 2020 12:46:17 GMT):
I wish we could mantain backward compatibitly , and let this old api methods for a while marked as deprecated

sklump (Tue, 05 May 2020 12:46:54 GMT):
I can spend some time trying to make it work, but I am a little out of my depth here.

sklump (Tue, 05 May 2020 12:47:49 GMT):
Marshmallow and its extensions are opinionated and harsh.

sklump (Tue, 05 May 2020 12:47:49 GMT):
Marshmallow and its extensions are opinionated and harsh and cryptic.

sklump (Tue, 05 May 2020 13:21:32 GMT):
Question: do you get a response type with revocation/routes.py `get_active_registry()` ?

philippede (Tue, 05 May 2020 13:32:09 GMT):
Has joined the channel.

philippede (Tue, 05 May 2020 13:32:11 GMT):
Hi, when I start the Aries Cloudagent it can't connect to my Ledger. It says "Ledger instance not provided". I setup a pool with docker and started the Aries Cloudagent with the following command: aca-py start --inbound-transport http 0.0.0.0 8070 --outbound-transport http -e http:///endpoint --admin 8073 --admin-insecure-mode --genesis-file /var/sovrin/temp.txn --debug --log-level DEBUG I started the Pool with the IP adress of my domain. Does somebody know what the problem is? Thank you!

andrew.whitehead (Tue, 05 May 2020 15:06:15 GMT):
Try setting `--wallet-type indy`

SuperSeiyan (Tue, 05 May 2020 17:53:32 GMT):
Hi, I have a question is does aries-cloudagent currently support to run as agency/mediator? I cannot found any document in the repository.

swcurran (Tue, 05 May 2020 18:03:47 GMT):
It has the capability to do that, but there is no configuration/setup for that yet. There are some folks in the community that are nearing completion of that though, so should be available soon. Suggest that you connect with @dgunseli

kh_touati (Tue, 05 May 2020 20:02:59 GMT):
Hi I have just installed the aca-py however, when I try to launch it, I got this error

kh_touati (Tue, 05 May 2020 20:03:00 GMT):
aca-py start --inbound-transport http 0.0.0.0 8000 --outbound-transport http File "/home/ubuntu/.local/bin/aca-py", line 33 print(f"aca-py remote debugging to {PYDEVD_PYCHARM_HOST}:{PYDEVD_PYCHARM_AGENT_PORT}") ^ SyntaxError: invalid syntax

kh_touati (Tue, 05 May 2020 20:03:32 GMT):
Have you any idea how to resolve it

swcurran (Tue, 05 May 2020 20:03:43 GMT):
What version of python are you using?

kh_touati (Tue, 05 May 2020 20:07:27 GMT):
Python 2.7.12

swcurran (Tue, 05 May 2020 20:12:07 GMT):
You need to be running Python 3.6+ ACA-Py doesn't work with 2.x.

MikeRichardson (Wed, 06 May 2020 06:43:41 GMT):
I can run all the agent use cases but when I try to request a proof with acme (of the credentials previously issued by faber) it all seems to work (state goes to verified) but I get an error related to the age predicate: Acme | Presentation: state = verified , presentation_exchange_id = e1b7d72d-d311-40da-911d-9e26a9509033 Acme | 2020-05-06 06:37:25,880 aries_cloudagent.verifier.indy ERROR Presentation on nonce=1021953025885080438661203 cannot be validated: missing essential components [Missing requested predicate '0_age_GE_uuid'] I am using v 0.4.5 of the aca-py.

MikeRichardson (Wed, 06 May 2020 06:43:41 GMT):
I can run all the demo agent use cases but when I try to request a proof with acme (of the credentials previously issued by faber) it all seems to work (state goes to verified) but I get an error related to the age predicate: Acme | Presentation: state = verified , presentation_exchange_id = e1b7d72d-d311-40da-911d-9e26a9509033 Acme | 2020-05-06 06:37:25,880 aries_cloudagent.verifier.indy ERROR Presentation on nonce=1021953025885080438661203 cannot be validated: missing essential components [Missing requested predicate '0_age_GE_uuid'] I am using v 0.4.5 of the aca-py. How can I fix this?

MikeRichardson (Wed, 06 May 2020 06:43:41 GMT):
I can run all the demo agent use cases (the example python ones that are provided) but when I try to request a proof with acme (of the credentials previously issued by faber) it all seems to work (state goes to verified) but I get an error related to the age predicate: Acme | Presentation: state = verified , presentation_exchange_id = e1b7d72d-d311-40da-911d-9e26a9509033 Acme | 2020-05-06 06:37:25,880 aries_cloudagent.verifier.indy ERROR Presentation on nonce=1021953025885080438661203 cannot be validated: missing essential components [Missing requested predicate '0_age_GE_uuid'] I am using v 0.4.5 of the aca-py. How can I fix this?

MikeRichardson (Wed, 06 May 2020 06:43:41 GMT):
I can run all the demo agent use cases (using the example python agents provided) but when I try to request a proof with acme (of the credentials previously issued by faber) it all seems to work (state goes to verified) but I get an error related to the age predicate: Acme | Presentation: state = verified , presentation_exchange_id = e1b7d72d-d311-40da-911d-9e26a9509033 Acme | 2020-05-06 06:37:25,880 aries_cloudagent.verifier.indy ERROR Presentation on nonce=1021953025885080438661203 cannot be validated: missing essential components [Missing requested predicate '0_age_GE_uuid'] I am using v 0.4.5 of the aca-py. How can I fix this?

MikeRichardson (Wed, 06 May 2020 06:43:41 GMT):
I can run all the demo agent use cases (using the example python agents provided) but when I try to request a proof with acme (of the credentials previously issued by faber) it all seems to work (state goes to verified) but I get an error in Acme related to the age predicate: Acme | Presentation: state = verified , presentation_exchange_id = e1b7d72d-d311-40da-911d-9e26a9509033 Acme | 2020-05-06 06:37:25,880 aries_cloudagent.verifier.indy ERROR Presentation on nonce=1021953025885080438661203 cannot be validated: missing essential components [Missing requested predicate '0_age_GE_uuid'] I am using v 0.4.5 of the aca-py. How can I fix this?

philippede (Wed, 06 May 2020 07:13:33 GMT):
Thanks for the answer! It seems to connect to my ledger now. But 3 Seconds after my aca-py has started it drops the sockets to the nodes and gets a pool ledger timeout.

gaila (Wed, 06 May 2020 07:24:18 GMT):
Hello, I tried to follow the example to build aries app: https://github.com/hyperledger/aries-acapy-controllers but now I want to build my own agents instead of using the demo file. What are the requirements to build your own aries agent with swagger UI?

MikeRichardson (Wed, 06 May 2020 07:44:26 GMT):
unless you are requesting -say- an age be above a certain value using predicates in which case the value of the age attribute becomes inportant

MikeRichardson (Wed, 06 May 2020 07:44:26 GMT):
unless you are requesting -say- an age be above a certain value using predicates in which case the value of the age attribute becomes important

MikeRichardson (Wed, 06 May 2020 07:45:09 GMT):
so could you not use a predicate for a ZKP for degree subject?

kh_touati (Wed, 06 May 2020 08:36:39 GMT):
Thank you, it works now

sklump (Wed, 06 May 2020 10:06:25 GMT):
Please post the proof request and the proof.

MikeRichardson (Wed, 06 May 2020 14:25:22 GMT):
it seems to work ok with faber, but not acme, so i can live with that I guess

MikeRichardson (Wed, 06 May 2020 14:25:43 GMT):
it seems to work ok with faber, but not acme, so i can live with that I guess

swcurran (Wed, 06 May 2020 15:14:30 GMT):
Assuming you are going to use ACA-Py, you need an app that (a) interfaces with the swagger API that ACA-Py exposes, (b) receives HTTP events from ACA-Py and (c) provides the logic for handling events from (b) and initiate events using (a). The app can be in any language/stack. We have built controllers using django, flask, vue and node. The one we planned to be "a starter kit" lost it's dev team member before it got mature enough to use (no docs :-( ).

kh_touati (Wed, 06 May 2020 16:02:27 GMT):
Hi All, I created two agents and I have initiated a connection between them. However, when I tried to issue a credential I got this error 403: forbidden. This is my request: curl -X POST "http://192.168.208.79:8091/issue-credential/send" -H "accept: application/json" -H "Content-Type: application/json" -d "{ \"connection_id\": \"924c999d-4734-453f-83c3-753ab7f3eb58\", \"cred_def_id\": \"GUKVAkqNuMpUNymYj2h9Kh:3:CL:54:default\", \"credential_proposal\": { \"@type\": \"did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/issue-credential/1.0/credential-preview\", \"attributes\": [ { \"name\": \"score\", \"value\": \"10\" } ] }}"

kh_touati (Wed, 06 May 2020 16:02:27 GMT):
Hi All, I created two agents and I have initiated a connection between them. However, when I tried to issue a credential I got this error 403: forbidden. This is my request: curl -X POST "http://127.0.01:8091/issue-credential/send" -H "accept: application/json" -H "Content-Type: application/json" -d "{ \"connection_id\": \"924c999d-4734-453f-83c3-753ab7f3eb58\", \"cred_def_id\": \"GUKVAkqNuMpUNymYj2h9Kh:3:CL:54:default\", \"credential_proposal\": { \"@type\": \"did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/issue-credential/1.0/credential-preview\", \"attributes\": [ { \"name\": \"score\", \"value\": \"10\" } ] }}"

sklump (Wed, 06 May 2020 16:10:03 GMT):
Note that acme is part of a workshop and the operator must add code to get it to work: https://github.com/hyperledger/aries-cloudagent-python/blob/master/demo/AcmeDemoWorkshop.md

kulkarnikk (Wed, 06 May 2020 17:45:51 GMT):
Has joined the channel.

ankita.p (Wed, 06 May 2020 17:46:49 GMT):
Hi All, I am trying to dynamically spin up containerised aca-py agents. What is the best way to do the same.

ankita.p (Wed, 06 May 2020 17:46:49 GMT):
Hi All, I am trying to dynamically spin up containerised aca-py agents. What is the best way to do the same. @swcurran @jljordan_bcgov Any help is really appreciated

swcurran (Wed, 06 May 2020 17:55:19 GMT):
Could you provide a little more context? A use case of what you mean by dynamically?

ankita.p (Wed, 06 May 2020 18:02:13 GMT):
Thanks Stephen. Here is the use case - I add Issuers/Verifiers dynamically. Whenever they get on-boarded, I need to spin up aca-py agent for them. I was thinking of using Kubernetes cluster with pods for this. However, aca-py needs inbound and outbound IP and endpoint. I am stuck with this point on how to route and use the IPs

swcurran (Wed, 06 May 2020 18:21:46 GMT):
So you are isolating the issuers/verifiers entirely, correct? Each has their own agent, own controller, own storage (may be in a single DB instance) and their own inbound/outbound ports, right? Want to confirm that. This would be different from having multiple containers each being part of one logical agent. We do that in our use case, but that is different from above. Inviting @WadeBarnes and @andrew.whitehead to the conversation.

WadeBarnes (Wed, 06 May 2020 18:28:46 GMT):
@ankita.p, `aca-py` agents can be addressed via a publicly available URL, you don't need to use `ip:port` for addressing, which means you can use a route. We host our `aca-py` agents (well the whole issuer stack) in OpenShift with get success.

WadeBarnes (Wed, 06 May 2020 18:33:02 GMT):
[bcgov/aries-vcr](https://github.com/bcgov/aries-vcr) and [bcgov/von-bc-registries-agent - aries branch](https://github.com/bcgov/von-bc-registries-agent/tree/aries-refactoring) contain examples of agents we host in OpenShift. The OpenShift configurations for those can be found here: - [bcgov/orgbook-configurations](https://github.com/bcgov/orgbook-configurations) - [bcgov/von-bc-registries-agent-configurations](https://github.com/bcgov/von-bc-registries-agent-configurations)

WadeBarnes (Wed, 06 May 2020 18:35:03 GMT):
Here is an example of the endpoint registration for one of the agents:

WadeBarnes (Wed, 06 May 2020 18:35:15 GMT):

Clipboard - May 6, 2020 11:33 AM

swcurran (Wed, 06 May 2020 18:41:06 GMT):
But note -- that information is for a single logical agent with multiple running containers (a single service), not for dynamically spinning up independent agents.

ankita.p (Wed, 06 May 2020 18:41:58 GMT):
I thought so @swcurran

swcurran (Wed, 06 May 2020 18:42:33 GMT):
And that's not what you want?

ankita.p (Wed, 06 May 2020 18:43:02 GMT):
Correct

ankita.p (Wed, 06 May 2020 18:43:02 GMT):
yes

ankita.p (Wed, 06 May 2020 18:43:02 GMT):
yes, I am looking to spin up agents dynamically

WadeBarnes (Wed, 06 May 2020 18:43:47 GMT):
I agree, not exactly what you want, but it speaks to your `ip:port` addressing issues.

WadeBarnes (Wed, 06 May 2020 18:43:47 GMT):
I agree, not exactly what you want, but it speaks to your `ip:port` addressing issues. Which seemed to be one of your blockers.

WadeBarnes (Wed, 06 May 2020 18:47:20 GMT):
Just an example that agents can be easily hosted in Kubernetes

swcurran (Wed, 06 May 2020 18:48:50 GMT):
My thought would be a script to generate a deployment script to spin up the next agent, tracking the parameters. If using OpenShift (which is k8s underneath - but I'm not certain of where k8s stops and openshift starts) generate a configuration that starts a service and then execute that script to start the service. Scale would be by scaling k8s/openshift. The service could handle the scheduling, routing and load-balancing. For privacy (if that matters), you could have a mediator in front so that all traffic looked the same, regardless of the specific agent. Otherwise, use a wildcard cert and generate a unique route to each new service.

swcurran (Wed, 06 May 2020 18:48:50 GMT):
My thought would be a script to generate a deployment script to spin up the next agent, tracking the parameters. If using OpenShift (which is k8s underneath - but I'm not certain of where k8s stops and openshift starts) generate a configuration that starts a service+route and then execute that script to start the service. Scale would be by scaling k8s/openshift. The service could handle the scheduling, routing and load-balancing. For privacy (if that matters), you could have a mediator in front so that all traffic looked the same, regardless of the specific agent. Otherwise, use a wildcard cert and generate a unique route to each new service.

swcurran (Wed, 06 May 2020 18:48:50 GMT):
My thought would be a script to generate a deployment script to spin up the next agent, tracking the parameters. If using OpenShift (which is k8s underneath - but I'm not certain of where k8s stops and openshift starts) generate a configuration that starts a service+route and then execute that script to start the service. Scale would be by scaling k8s/openshift. k8s could handle the scheduling, routing and load-balancing. For privacy (if that matters), you could have a mediator in front so that all traffic looked the same, regardless of the specific agent. Otherwise, use a wildcard cert and generate a unique route to each new service.

swcurran (Wed, 06 May 2020 18:48:50 GMT):
My thought would be a script to generate a deployment script to spin up the next agent, tracking the parameters. If using OpenShift (which is k8s underneath - but I'm not certain of where k8s stops and openshift starts) generate a configuration that starts a service+route and then execute that script to start the service. Scale would be by scaling k8s/openshift. k8s handles the scheduling, routing and load-balancing. For privacy (if that matters), you could have a mediator in front so that all traffic looked the same, regardless of the specific agent. Use a wildcard cert and generate a unique route to each new service that is visible to the mediator only, or to anyone.

ankita.p (Wed, 06 May 2020 19:02:32 GMT):
Thanks @swcurran @WadeBarnes , I will consume all this and will definitely get back

spartan101 (Wed, 06 May 2020 19:31:43 GMT):
Has joined the channel.

spartan101 (Wed, 06 May 2020 19:31:44 GMT):
Familiar with digital identity but just getting started with aca-py. Is docker a requirement to run aca-py locally?

swcurran (Wed, 06 May 2020 21:08:58 GMT):
Not required, but we generally find people spend several extra days getting going if you don't do it. Our recommendation is to learn using Docker and then once you understand the concepts.

kh_touati (Wed, 06 May 2020 22:25:49 GMT):
Hi All, I created two agents and I have initiated a connection between them. However, when I tried to issue a credential I got this error 403: forbidden. This is my request: curl -X POST "http://127.0.01:8091/issue-credential/send" -H "accept: application/json" -H "Content-Type: application/json" -d "{ \"connection_id\": \"924c999d-4734-453f-83c3-753ab7f3eb58\", \"cred_def_id\": \"GUKVAkqNuMpUNymYj2h9Kh:3:CL:54:default\", \"credential_proposal\": { \"@type\": \"did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/issue-credential/1.0/credential-preview\", \"attributes\": [ { \"name\": \"score\", \"value\": \"10\" } ] }}"

sklump (Wed, 06 May 2020 23:39:23 GMT):
You must send a trust ping to prime the connection, or else use the `--auto-ping-connection` command line argument.

MikeRichardson (Thu, 07 May 2020 06:03:30 GMT):
There is also an example Acme with the code inserted. I used that.

LokenathBhowmick (Thu, 07 May 2020 09:45:05 GMT):
Hello everyone. I Installed the osma APP on Android 10 simulator but when I tap on create wallet button getting "Hyperledger.Indy.IOException".

LokenathBhowmick (Thu, 07 May 2020 09:45:05 GMT):
Hello everyone. I Installed the osma APP on Android 10 simulator but when I tap on create wallet button getting "Hyperledger.Indy.IOException". In Android 9 is working fine.

sklump (Thu, 07 May 2020 10:04:48 GMT):
I'll take a look, but I am likely going to need specifics.

rh7 (Thu, 07 May 2020 10:07:25 GMT):
Has joined the channel.

MikeRichardson (Thu, 07 May 2020 10:33:11 GMT):
Just issue credentials with faber and request a proof with the acme code suppied. You should see the error. Not sure what else I can give you.

MikeRichardson (Thu, 07 May 2020 10:33:11 GMT):
fair enough. acme does work you just get a strange error message.

MikeRichardson (Thu, 07 May 2020 10:34:23 GMT):
But don't sweat on it: faber proof request works fine. I don't need to use acme

sklump (Thu, 07 May 2020 10:35:39 GMT):
The demo has probably slipped out from under acme. We do want everything to work.

sklump (Thu, 07 May 2020 11:56:03 GMT):
Hoo boy. Recent changes have made a mess of the demo in lots of ways. Please stand by.

sklump (Thu, 07 May 2020 12:44:55 GMT):
OK I think I have a suspicion of what is up: Alice picks the most recent cred by timestamp, but the timestamp in the docs is hard-coded to "123456789", which is in 1973.

sklump (Thu, 07 May 2020 13:32:56 GMT):
There are a number of problems with the demo right now, but I can't reproduce your results. There are many ways to get there, and one of them must be broken. What script are you following?

spartan101 (Thu, 07 May 2020 15:02:52 GMT):
Thanks. Also, how is key management done? I can't find any information in the docs

swcurran (Thu, 07 May 2020 15:20:40 GMT):
You hold a key to the wallet (which should be called "secure storage"). All the other keys are encrypted in the storage. Note that there is also the usual password for the database. The key and encryption of the data within the database is on top of the database security.

kh_touati (Thu, 07 May 2020 16:22:14 GMT):
Thanks sklump for the response. I have tried to start the agents with --auto-ping-connection but I still have the same prob

kh_touati (Thu, 07 May 2020 16:39:26 GMT):
This is how I am starting my agent

kh_touati (Thu, 07 May 2020 16:39:26 GMT):
This is how I am starting my agent PORTS="8090:8090 8091:8091" scripts/run_docker start --genesis-url http://192.168.208.79:9000/genesis --wallet-type indy -it http 0.0.0.0 8090 -ot http --admin 0.0.0.0 8091 --admin-insecure-mode --auto-ping-connection --seed 0923456ERFDZSXCVTYUO9986OREDFERT -e http://192.168.208.79:8090

kh_touati (Thu, 07 May 2020 16:39:27 GMT):
PORTS="8090:8090 8091:8091" scripts/run_docker start --genesis-url http://192.168.208.79:9000/genesis --wallet-type indy -it http 0.0.0.0 8090 -ot http --admin 0.0.0.0 8091 --admin-insecure-mode --auto-ping-connection --seed 0923456ERFDZSXCVTYUO9986OREDFERT -e http://192.168.208.79:8090

sklump (Thu, 07 May 2020 16:44:21 GMT):
What do you get when you use `GET /connections` under *connection* on the issuer agent's admin API? I get: ``` { "results": [ { "accept": "auto", "updated_at": "2020-05-07 16:42:52.611420Z", "initiator": "self", "invitation_key": "HWLY3H8BtVaEYKkUHrQsHDaEH8TJFtvtUN4tyaKYQcSs", "connection_id": "22c577c5-f0e5-4b5a-9610-0d1633831638", "invitation_mode": "once", "created_at": "2020-05-07 16:42:34.296629Z", "their_did": "25xqspu1vM5vvPDSht6Kkw", "my_did": "81aSU4TRVwNoNcK5QfPxnj", "routing_state": "none", "their_label": "Aries Cloud Agent", "state": "active" } ] } ```

sklump (Thu, 07 May 2020 16:45:50 GMT):
If the `state` is neither `active` nor `response`, that's when you get 403: Forbidden operating on the connection.

kh_touati (Thu, 07 May 2020 16:54:48 GMT):
{ "results": [ { "their_label": "Aries Cloud Agent", "initiator": "external", "state": "invitation", "updated_at": "2020-05-07 16:52:27.709274Z", "connection_id": "38830026-3099-479b-beca-c84b10a25b63", "invitation_key": "7XAM8p32x7a1cJCpE3oaTipNbJdcprcfxqmMvQyWkhUb", "accept": "manual", "routing_state": "none", "invitation_mode": "once", "created_at": "2020-05-07 16:52:27.709274Z" } ] }

sklump (Thu, 07 May 2020 17:00:12 GMT):
You have accept: manual - I think you might also need command-line argument `--auto-accept-invites`

kh_touati (Thu, 07 May 2020 17:05:01 GMT):
Thank you for the reply Indeed, I have tried it. However, when I try to establish the connection (when I call /connection/receive-invitation) I got a 500 internal server error.

kh_touati (Thu, 07 May 2020 17:05:24 GMT):
With this error message Traceback (most recent call last): File "/home/indy/aries_cloudagent/protocols/connections/routes.py", line 317, in connections_receive_invitation invitation, accept=accept, alias=alias File "/home/indy/aries_cloudagent/protocols/connections/manager.py", line 231, in receive_invitation request = await self.create_request(connection) File "/home/indy/aries_cloudagent/protocols/connections/manager.py", line 275, in create_request my_endpoints.extend(self.context.settings.get("additional_endpoints")) TypeError: 'NoneType' object is not iterable

sklump (Thu, 07 May 2020 17:05:45 GMT):
Give me a few minutes, that tastes like a bug

sklump (Thu, 07 May 2020 17:15:24 GMT):
How old is this code? That directory structure is different since 0.5.0. The agent will tell you the version on startup in the box with all the colons (`:`).

kh_touati (Thu, 07 May 2020 17:18:59 GMT):
yes I am using 0.4.5

kh_touati (Thu, 07 May 2020 17:19:11 GMT):
I will check the new one and I will inform you

sklump (Thu, 07 May 2020 17:19:44 GMT):
OK thanks - I think it will be the same but it will be working from the same code base. 0.5.1 is best. Master is unstable for the moment.

kh_touati (Thu, 07 May 2020 17:20:27 GMT):
Ok I will check

ultimo2020 (Thu, 07 May 2020 17:41:00 GMT):
Hi. I have just tried the controllers demo. It is a great one. I have only a red dot on the Alice controller, the other two are green and running

ultimo2020 (Thu, 07 May 2020 17:41:13 GMT):
Where could I start troubleshooting?

sklump (Thu, 07 May 2020 17:42:20 GMT):
To get past this null exception, specify another endpoint on the command line (space-separated, I think) for the -e argument

sklump (Thu, 07 May 2020 17:42:34 GMT):
Just to get to the next thing

amanji (Thu, 07 May 2020 17:48:36 GMT):
What’s your setup like for the controllers? Are you running them locally or on a cloud service?

ultimo2020 (Thu, 07 May 2020 17:59:51 GMT):
I am running them on a VPS Ubuntu. Have started the demo with the bcgovrin ledger

MikeRichardson (Thu, 07 May 2020 18:10:22 GMT):
i run alice and connect to faber. faber issues credentials

MikeRichardson (Thu, 07 May 2020 18:11:34 GMT):
then i run acme and alice connects to acme. Then i request credentials with acme and i see the error although status goes to verified. I could be running different version of the code. I haven't pulled in latest code for a couple of weeks. I will try.

sklump (Thu, 07 May 2020 18:13:45 GMT):
I think this must be wrong. One doesn't verify credentials - one verifies proof. What instructions were you following? I need a URL or some text.

ultimo2020 (Thu, 07 May 2020 18:19:50 GMT):
I am running them on a VPS Ubuntu. Have started the demo with the bcgovrin ledger

sklump (Thu, 07 May 2020 18:23:14 GMT):
In any case, the immediate problem is that the holder hasn't accepted the invitation. Once it does, the connection record will be ready for credential issue.

amanji (Thu, 07 May 2020 19:05:29 GMT):
Ah yes. The issue has come up a few times when using a VPS instance. It’s something I have been meaning to fix as part of this issue https://github.com/hyperledger/aries-acapy-controllers/issues/17

amanji (Thu, 07 May 2020 19:07:39 GMT):
If you’re able to run it on a local environment in the meantime you will be able to complete the Alice demo.

ultimo2020 (Thu, 07 May 2020 19:41:49 GMT):
Hi @amanji you mean this: ARG ALICE_AGENT_HOST=localhost ARG ALICE_AGENT_HOST=${ALICE_AGENT_HOST-"localhost"}

ultimo2020 (Thu, 07 May 2020 19:43:32 GMT):
But I think you updated this env. varible fix some time ago. I think I have downloaded the latest repo two weeks ago. This should work ? Maybe I can change it manually in the container before starting the alice demo

ultimo2020 (Thu, 07 May 2020 19:50:19 GMT):
I have started like this: LEDGER_URL=http://greenlight.bcovrin.vonx.io ./run_demo webstart

ultimo2020 (Thu, 07 May 2020 19:56:18 GMT):
You fix is inside the code: constructor() { this.hostname = $ENV.RUNMODE === 'pwd' ? $ENV.ALICE_AGENT_HOST : 'localhost'; this.port = $ENV.RUNMODE === 'pwd' ? '' : ':8031'; this.formattedAgentUrl = `http://${this.hostname}` + this.port; console.log('Agent is running on: ' + this.formattedAgentUrl); }

ultimo2020 (Thu, 07 May 2020 19:57:40 GMT):
but the docker file was built without it: # Stage: build FROM node:10 as build WORKDIR /app COPY package*.json /app/ RUN npm install COPY . . ARG RUNMODE ARG ALICE_AGENT_HOST=localhost ENV RUNMODE=${RUNMODE} ALICE_AGENT_HOST=${ALICE_AGENT_HOST} RUN npm run build

ultimo2020 (Thu, 07 May 2020 19:57:46 GMT):
will check it out and rebuild

amanji (Thu, 07 May 2020 20:05:49 GMT):
Yeah I may have pushed a fix here https://github.com/hyperledger/aries-acapy-controllers/commit/2f3d88c32dd6bba489742691768ab19a1c272868 I just haven't issued a PR yet.

amanji (Thu, 07 May 2020 20:05:49 GMT):
Yeah I may have pushed a fix [here]( https://github.com/hyperledger/aries-acapy-controllers/commit/2f3d88c32dd6bba489742691768ab19a1c272868) I just haven't issued a PR yet.

amanji (Thu, 07 May 2020 20:08:13 GMT):
If you'd like, try checking out the `aws` branch. The fix should be the last commit on that one.

amanji (Thu, 07 May 2020 20:08:47 GMT):
If it works for you I'll go ahead and issue the PR so others don't keep running into the same issue :slight_smile:

ultimo2020 (Thu, 07 May 2020 20:21:21 GMT):
Thanks. I have changed the docker file but I get: ---> 08e5815e64d6 Step 7/14 : ARG ALICE_AGENT_HOST=${ALICE_AGENT_HOST-"localhost"} ERROR: Service 'alice-controller' failed to build: failed to process "${ALICE_AGENT_HOST-\"localhost\"}": missing ':' in substitution

ultimo2020 (Thu, 07 May 2020 20:21:29 GMT):
I am not using AWS , but another VPS provider

ultimo2020 (Thu, 07 May 2020 20:21:43 GMT):
maybe I missed a syntax inside dockerfile

ultimo2020 (Thu, 07 May 2020 20:26:10 GMT):
ok I added my IP address there and it continued to build furhter

ultimo2020 (Thu, 07 May 2020 20:29:40 GMT):
but it is still red in the container

amanji (Thu, 07 May 2020 20:49:35 GMT):
Have you created a firewall rule to allow incoming connections on that IP?

amanji (Thu, 07 May 2020 21:57:15 GMT):
Sorry I should have added my last message to the thread. I’m guessing you have a firewall rule to allow incoming connections on that IP on your VPS. I will test out the whether the fix I pushed will actually resolve the issue.

ultimo2020 (Fri, 08 May 2020 01:57:40 GMT):
Yes. Incoming are allowed

MikeRichardson (Fri, 08 May 2020 06:52:21 GMT):
yes ok...acme requests a proof. I think you go that from my original posting

MikeRichardson (Fri, 08 May 2020 06:52:21 GMT):
actually if you're going to be pedantic one doesn't verify proof, one requests a proof

MikeRichardson (Fri, 08 May 2020 06:52:48 GMT):
don't be pedantic

MikeRichardson (Fri, 08 May 2020 06:56:48 GMT):
i have no more information i can give you. If you can't help just leave it.

sklump (Fri, 08 May 2020 11:50:10 GMT):
Track https://github.com/hyperledger/aries-cloudagent-python/pull/497: it shouldn't crash on accepting an invitation. Have the holder accept the connection invitation and trust-ping the connection; then, have the issuer issue a credential on it. Kindly respond here with results when convenient.

sklump (Fri, 08 May 2020 11:50:10 GMT):
Track https://github.com/hyperledger/aries-cloudagent-python/pull/497: it shouldn't crash on accepting an invitation (neither auto- nor manual). Have the holder accept the connection invitation and trust-ping the connection (either manually or with auto- via command line); then, have the issuer issue a credential on it. Kindly respond here with results when convenient.

DucaDellaForcoletta (Fri, 08 May 2020 15:16:06 GMT):
Hi All, I'm looking to the presentation admin API in particular the service "/present-proof/create-request -> Creates a presentation request not bound to any proposal or existing connection" but in the payload request it expect a connection-id. Is possible to execute a presentation request without an established connection? The connection-id parameter requested must be of a connection invitation created in order to performed a pairwise before the proof sharing?

sklump (Fri, 08 May 2020 15:27:18 GMT):
Yes, you're right. It's a deficiency. I'll take care of it later today.

sklump (Fri, 08 May 2020 15:28:25 GMT):
For now you can specify any uuid4 e.g. `aries_cloudagent.messaging.valid.UUIDFour.EXAMPLE`. The code ignores it, but it won't pass middleware validation without it.

DucaDellaForcoletta (Fri, 08 May 2020 15:33:50 GMT):
Thanks so much! So an holder can share proof also without connection, perfect. In that case the payload will be anoncrypted with the verifier/holder key? or I'm wrong?

sklump (Fri, 08 May 2020 15:42:41 GMT):
@andrew.whitehead ?

kh_touati (Fri, 08 May 2020 15:47:38 GMT):
Thank you for your help Now it is working

andrew.whitehead (Fri, 08 May 2020 15:48:05 GMT):
Yes, for compatibility with Streetcred or eSatus for example, you would need to add a ~service decorator to provide the endpoint and key(s)

andrew.whitehead (Fri, 08 May 2020 15:48:17 GMT):
In future it should use the out-of-band protocol

sklump (Fri, 08 May 2020 15:48:52 GMT):
Awesome! Still a few tweaks to go here, I suggest you keep up with the next master merge (#497). It should be in place in an hour or so.

DucaDellaForcoletta (Fri, 08 May 2020 15:56:52 GMT):
Thank you!

amanji (Sat, 09 May 2020 02:44:48 GMT):
Hi @ultimo2020 I have issued a PR to fix the issue with running the demo on a VPS/cloud service. The initial fix I had pushed was missing a semi-colon, which likely caused the issues you were observing on the `aws` branch. I have tested the the patch on web demo's both locally and on an AWS Ubuntu 18.04 EC2 instance (it should, however work for any cloud service of your choosing) The PR is here https://github.com/hyperledger/aries-acapy-controllers/pull/20 In the meantime feel free to checkout the `aws` branch and see if that works for you. If not, I'd be happy to help out.

ultimo2020 (Sat, 09 May 2020 05:51:27 GMT):
Thanks. Will try it out

haniavis (Mon, 11 May 2020 23:11:46 GMT):
Hi, I am using the von-network as the ledger when running the aca-py agent, and I am having issues with it, nodes cannot find each other. I use the default docker procedure. Is this the right place for troubleshooting of the von-network?

swcurran (Mon, 11 May 2020 23:46:16 GMT):
Reply in this thread and we'll figure it out.

haniavis (Mon, 11 May 2020 23:52:22 GMT):
So it seems from the logs that the nodes cannot connect with each other and the web server doesn't find any pool. But I can see the genesis file from the url:9000/genesis

haniavis (Mon, 11 May 2020 23:52:40 GMT):
I suspect some network issue with the docket containers

haniavis (Mon, 11 May 2020 23:52:40 GMT):
I suspect some network issue with the docker containers

swcurran (Mon, 11 May 2020 23:53:20 GMT):
What is your environment and how are you starting up von-network? What version of docker and docker-compose?

haniavis (Mon, 11 May 2020 23:55:11 GMT):
Ubuntu 18.04.4, Docker version 19.03.8, docker-compose version 1.24.0

haniavis (Mon, 11 May 2020 23:55:47 GMT):
I am following this guide https://github.com/bcgov/von-network/blob/master/docs/UsingVONNetwork.md

swcurran (Mon, 11 May 2020 23:58:26 GMT):
Pretty much identical to what I have. Easy stuff out of the way.

haniavis (Mon, 11 May 2020 23:58:51 GMT):
node3_1 | 2020-05-11 23:57:59,161|INFO|cons_proof_service.py|Node3:ConsProofService:0 asking for ledger status of ledger 0

haniavis (Mon, 11 May 2020 23:59:10 GMT):
this is what i get in the logs for all the nodes

swcurran (Tue, 12 May 2020 00:01:22 GMT):
Weird - I just run and got this as that last line of a node: ``` node4_1 | 2020-05-12 00:00:03,467|INFO|cons_proof_service.py|Node4:ConsProofService:1 ignoring LEDGER_STATUS{'ledgerId': 1, 'txnSeqNo': 5, 'viewNo': None, 'ppSeqNo': None, 'merkleRoot': 'DJLzEifT7n9DbiCHqQ5KWrWUPFBiZt349popapDfzo5p', 'protocolVersion': 2} since it is not gathering ledger statuses ```

haniavis (Tue, 12 May 2020 00:01:33 GMT):
it is strange also for me, since i am using the repo in another machine, but it refuses to start correctly in this one

swcurran (Tue, 12 May 2020 00:02:17 GMT):
Any stresses on the docker setup? We've seen problems with out of space for docker containers?

haniavis (Tue, 12 May 2020 00:02:47 GMT):
no

haniavis (Tue, 12 May 2020 00:03:32 GMT):
could it be the docker host variable?

swcurran (Tue, 12 May 2020 00:03:37 GMT):
What do you get from: `docker ps;echo "";docker volume ls;echo "";docker network ls`

swcurran (Tue, 12 May 2020 00:03:47 GMT):
dpse

haniavis (Tue, 12 May 2020 00:05:04 GMT):

haniavis - Mon May 11 2020 20:04:53 GMT-0400 (Eastern Daylight Time).txt

swcurran (Tue, 12 May 2020 00:06:16 GMT):
Are you setting DOCKERHOST specially, or just using what comes from `./manage dockerhost`

swcurran (Tue, 12 May 2020 00:06:33 GMT):
docker stuff looks pretty normal.

haniavis (Tue, 12 May 2020 00:06:41 GMT):
whatever comes from ./manage dockerhost

swcurran (Tue, 12 May 2020 00:08:07 GMT):
Hmm...so just straight: ``` ./manage build ./manage start --logs ```

haniavis (Tue, 12 May 2020 00:08:18 GMT):
yes nothing more

swcurran (Tue, 12 May 2020 00:08:40 GMT):
@WadeBarnes - any ideas here? Wade is on early in the morning here, so probably not around right now.

swcurran (Tue, 12 May 2020 00:09:10 GMT):
So no errors - just the nodes don't reach consensus.

haniavis (Tue, 12 May 2020 00:10:56 GMT):
I see this one in the logs but I guess it is the web server that can not reach the pool, right?

swcurran (Tue, 12 May 2020 00:10:57 GMT):
maybe do a `docker logs von_node4_1` and upload that.

haniavis (Tue, 12 May 2020 00:10:58 GMT):
webserver_1 | 2020-05-11 23:55:09,464|WARNING|libindy.py|_indy_loop_callback: Function returned error webserver_1 | 2020-05-11 23:55:09,467|ERROR|anchor.py|Initialization error: webserver_1 | Traceback (most recent call last): webserver_1 | File "/home/indy/server/anchor.py", line 221, in _open_pool webserver_1 | self._pool = await pool.open_pool_ledger(pool_name, json.dumps(pool_cfg)) webserver_1 | File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/indy/pool.py", line 83, in open_pool_ledger webserver_1 | open_pool_ledger.cb) webserver_1 | indy.error.PoolLedgerTimeout webserver_1 | webserver_1 | The above exception was the direct cause of the following exception: webserver_1 | webserver_1 | Traceback (most recent call last): webserver_1 | File "/home/indy/server/anchor.py", line 314, in open webserver_1 | await self._open_pool() webserver_1 | File "/home/indy/server/anchor.py", line 223, in _open_pool webserver_1 | raise AnchorException("Error opening pool ledger connection") from e webserver_1 | server.anchor.AnchorException: Error opening pool ledger connection webserver_1 | 2020-05-11 23:55:09,467|INFO|server.py|--- Trust anchor initialized ---

swcurran (Tue, 12 May 2020 00:12:30 GMT):
That looks more like a symptom - that's the webserver trying to get status and failing because the nodes are messed up.

haniavis (Tue, 12 May 2020 00:12:39 GMT):
yes

haniavis (Tue, 12 May 2020 00:13:12 GMT):

haniavis - Mon May 11 2020 20:13:01 GMT-0400 (Eastern Daylight Time).txt

swcurran (Tue, 12 May 2020 00:19:39 GMT):
Yup - comparing to valid it's dying as it tries to connect.

swcurran (Tue, 12 May 2020 00:20:36 GMT):
Wondering if it is data hanging around from a previous run. Have done a `./manage rm` and then trying again?

haniavis (Tue, 12 May 2020 00:20:55 GMT):
let me try now

haniavis (Tue, 12 May 2020 00:22:10 GMT):
should I remove also the base docker image? von-network-base

swcurran (Tue, 12 May 2020 00:23:08 GMT):
Usually just using the `./manage rm` should be enough. But it's docker so it won't hurt. Do the build again and then the run.

haniavis (Tue, 12 May 2020 00:25:22 GMT):
nope, same errors

swcurran (Tue, 12 May 2020 00:26:08 GMT):
Dang... sorry. I'm out of ideas at this point. Wade will have other ideas and figure this out.

haniavis (Tue, 12 May 2020 00:26:37 GMT):
ok thanks, I will try to figure it out

swcurran (Tue, 12 May 2020 00:26:42 GMT):
:-(

haniavis (Tue, 12 May 2020 00:26:53 GMT):
no worries :)

priyashankar 1 (Tue, 12 May 2020 04:12:39 GMT):
Has joined the channel.

RicardoPeixoto (Tue, 12 May 2020 07:54:52 GMT):
hi @haniavis don't know if it helps but i started von network at my wifi or ethernet interface: ./manage start 192.168.1.8 When i tried localhost i had the same problem as you but when i set the nodes to run at 192.168.1.8 it all worked just fine. run ifconfig in the terminal and use the ip 192.168.1.x and see if it works. (you will need to change the genesis file aswell).

RicardoPeixoto (Tue, 12 May 2020 08:00:22 GMT):
or get the genesis file from the url of

RicardoPeixoto (Tue, 12 May 2020 08:01:01 GMT):
Or get it from the url of the von network ledger interface (http://localhost:9000/)

shonjs (Tue, 12 May 2020 09:08:53 GMT):
Another workaound that I do (probably produces same result as previous comment) is to hardcode the "IPs" environmental variable as node service names (ie "node1,node2,node3,node4") to get them written to the genesis txn file instead of IPs. Because I saw that my problem was that the webserver couldn't find the dockerhost IP that was going into the genesis file when I went into the container and tried to connect to those IPs (through the gateway).

shonjs (Tue, 12 May 2020 09:08:53 GMT):
Another workaround that I do is to hardcode the "IPs" environmental variable as node service names (ie "node1,node2,node3,node4") to get them written to the genesis txn file instead of IPs. Because I saw that my problem was that the webserver couldn't find the dockerhost IP that was going into the genesis file when I went into the container and tried to connect to those IPs (through the gateway).

shonjs (Tue, 12 May 2020 09:08:53 GMT):
Another workaround that I do, is to hardcode the "IPs" environmental variable as node service names (ie "node1,node2,node3,node4") to get them written to the genesis txn file instead of IPs. Because I saw that my problem was that the webserver couldn't find the dockerhost IP that was going into the genesis file when I went into the container and tried to connect to those IPs (through the gateway).

shonjs (Tue, 12 May 2020 09:11:25 GMT):
I went and tried the repo in "play with docker" and everything worked as expected. So I assumed it probably has something to do with my machine or the fact that there are other docker networks running in my machine. Haven't figured that one out yet.

ultimo2020 (Tue, 12 May 2020 09:31:48 GMT):
Hi everyone. I have started the https://github.com/hyperledger/aries-cloudagent-python demo there with Alice and Faber. My question is, how can one do some customization or some initial development , to change the names of the actors and schema definitions and similar ?

TimoGlastra (Tue, 12 May 2020 09:43:34 GMT):
I had a similar issue a couple of months ago that only occurred on Ubuntu. The `manage` script uses a docker image(`che-ip`) to get the docker host, but in my case it outputted multiple ips where only one was correct. An update to the image (https://github.com/bcgov/von-network/pull/82) fixed this, but it could be possible it broke something as this wasn't happening on all ubuntu machines i think. What is the output of running `./manage dockerhost`? And does running `./manage dockerhost` with the image changed back to `codenvy/che-ip` (https://github.com/bcgov/von-network/pull/82/commits/1f927078384197deb1fc44de2d52f99d252c0167) give any other results?

sklump (Tue, 12 May 2020 10:03:44 GMT):
The agents are in directory `https://github.com/hyperledger/aries-cloudagent-python/tree/master/demo/runners/`. You could build your own code based on these and call them what you like. The startup procedure of Faber sets the schema and cred def - build whatever analogues you like with your choice of names, along the same lines.

sigma67 (Tue, 12 May 2020 10:16:12 GMT):
It seems not, only numeric values <,> and <=, >= are supported

sklump (Tue, 12 May 2020 10:17:09 GMT):
Correct, only 32-bit ints on <, <=, >=, >

ultimo2020 (Tue, 12 May 2020 10:21:12 GMT):
Hi Thanks. You mean the startup procedure of faber.py defines the schema. And to start my own web gui demo I need to build on those three files in the runners folder, acme/alice/faber.py ?

ultimo2020 (Tue, 12 May 2020 10:26:31 GMT):
Or I still need to start the complete ACApy demo ?

sklump (Tue, 12 May 2020 10:27:45 GMT):
You would need to build code along those lines. The order of operations is important: create wallets, anchor issuer DID to the ledger, create schema, then create cred def.

sklump (Tue, 12 May 2020 10:28:19 GMT):
There is nothing special about Alice or Faber as such.

ultimo2020 (Tue, 12 May 2020 10:29:22 GMT):
Ok. Understood , nothing special. But with just stating the demo runners scripts I cannot interract with the ledger, I would need the complete ACApy stack to be started, the docker container also and the ACAPy controller ?

ultimo2020 (Tue, 12 May 2020 10:30:19 GMT):
Or with the help of https://github.com/hyperledger/aries-cloudagent-python/tree/master/demo/runners/support and the libraries there this is solver

ultimo2020 (Tue, 12 May 2020 10:30:19 GMT):
Or with the help of https://github.com/hyperledger/aries-cloudagent-python/tree/master/demo/runners/support and the libraries there this is solved

sklump (Tue, 12 May 2020 10:31:21 GMT):
Yes - the demo is just a thin layer above the aca-py infrastructure.

sklump (Tue, 12 May 2020 10:31:56 GMT):
The support/ content houses functionality common to all demo agents (Faber, Alice, Acme).

ultimo2020 (Tue, 12 May 2020 10:34:35 GMT):
Ok. Great. So I have started the docker container from ACApy

ultimo2020 (Tue, 12 May 2020 10:34:53 GMT):
within the AliceFaberAcmeDemo/with run_demo webstart

ultimo2020 (Tue, 12 May 2020 10:35:25 GMT):
is this enough or should I start the ACApy stack somewhere else to be able to build my analogue runner ?

ultimo2020 (Tue, 12 May 2020 10:35:40 GMT):
Is there maybe some more documentation on ACApy ?

sklump (Tue, 12 May 2020 10:38:14 GMT):
Each agent has its own docker container, with its own admin API host and port, which it displays on startup in the box made of colons (`:`). So if those are the agents you want in your demo, they're already up. I think I don't understand your use case.

ultimo2020 (Tue, 12 May 2020 10:39:29 GMT):
I just want to understand the customizin of ACApy more. Yes I see every agent has his docker like I started:

ultimo2020 (Tue, 12 May 2020 10:39:30 GMT):
facb15883962 docker_faber-controller "dotnet FaberControl…" 4 days ago Up 4 days 0.0.0.0:9021->80/tcp docker_faber-controller_1 25f7aa1d3aba docker_acme-controller "npm start" 4 days ago Up 4 days 0.0.0.0:9041->3000/tcp docker_acme-controller_1 15dffe8f429f docker_alice-controller "nginx -g 'daemon of…" 4 days ago Up 4 days 0.0.0.0:9031->80/tcp docker_alice-controller_1 f98846a0d3b7 docker_acme-agent "/bin/bash -c 'pytho…" 4 days ago Up 4 days 0.0.0.0:8040-8047->8040-8047/tcp docker_acme-agent_1 40436701f147 docker_alice-agent "/bin/bash -c 'pytho…" 4 days ago Up 4 days 0.0.0.0:8030-8037->8030-8037/tcp docker_alice-agent_1 1769fca47fdc docker_faber-agent "/bin/bash -c 'pytho…" 4 days ago Up 4 days 0.0.0.0:8020-8027->8020-8027/tcp docker_faber-agent_1

sklump (Tue, 12 May 2020 10:40:22 GMT):
Every agent is already running aca-py (aries-cloud *AGENT* -python)

ultimo2020 (Tue, 12 May 2020 10:41:08 GMT):
but I just wanted to understand, this I started with ./run_demo webstart

ultimo2020 (Tue, 12 May 2020 10:41:43 GMT):
when I change the runners (for example change of Personas, not alice someone ales) code do I need to rebuild once more and start with ./run_demo webstart

ultimo2020 (Tue, 12 May 2020 10:43:29 GMT):
Imagine a use case without ALICE/ACME/FABER, but other personas

sklump (Tue, 12 May 2020 10:45:15 GMT):
I would take a look at how `run_demo performance` operates to create more than one agent with a single invocation and run some processing with all of them.

ultimo2020 (Tue, 12 May 2020 10:47:41 GMT):
ok. will take a look. did not find any documentation on it.

sklump (Tue, 12 May 2020 10:48:32 GMT):
It gets a mention in passing: https://github.com/hyperledger/aries-cloudagent-python/tree/master/demo#performance-demo

ultimo2020 (Tue, 12 May 2020 10:50:37 GMT):
Nice. Thanks. I see , in the performance.py is how agents are started and can be changed. Will go trough it. Thanks for your link. Is there maybe some WIKI or some sphinx documentation for ACApy ?

sklump (Tue, 12 May 2020 10:51:20 GMT):
https://aries-cloud-agent-python.readthedocs.io/en/latest/

sklump (Tue, 12 May 2020 10:52:33 GMT):
Generated from python comments

ultimo2020 (Tue, 12 May 2020 10:52:37 GMT):
thanks. till now there is no python ACApy for mobile apps ?

sklump (Tue, 12 May 2020 10:53:34 GMT):
I'm not familiar with that world. There are a number of efforts in progress. @swcurran ?

WadeBarnes (Tue, 12 May 2020 12:49:31 GMT):
@haniavis, This was recommended above. Try binding to your machine's IP address. `./manage start `.

WadeBarnes (Tue, 12 May 2020 12:52:35 GMT):
That will remove the automatic DOCKERHOST IP detection done by `eclipse/che-ip` from the equation.

WadeBarnes (Tue, 12 May 2020 12:55:41 GMT):
You'll run into issues if you try to use service names rather than IP addresses as suggested above due to this reason (Indy-Node uses static IP:PORT addressing exclusively); https://github.com/bcgov/von-network/tree/master/openshift#warning

WadeBarnes (Tue, 12 May 2020 12:59:37 GMT):
Are you running any sort of firewall on your machine?

WadeBarnes (Tue, 12 May 2020 13:06:13 GMT):
In my experience `eclipse/che-ip` and `codenvy/che-ip` produce different results. It would be interesting to see the difference in the outputs from `./manage dockerhost` and to know whether one works for you and the other doesn't. But try the explicit IP Address binding first, because if that does not work there is something else going on.

WadeBarnes (Tue, 12 May 2020 13:23:36 GMT):
One other thing to try, which is a bit unintuitive, is to restart Docker. I've found Docker networking is sensitive to switching WiFi networks while it is running. For example if you leave docker running and switch WiFi networks Docker networking breaks and containers are unable to communicate. Restarting the containers does not fix the issue, you need to restart Docker itself.

WadeBarnes (Tue, 12 May 2020 13:25:04 GMT):
The results of those tests should give us a better idea of what's going on.

WadeBarnes (Tue, 12 May 2020 13:37:26 GMT):
Other things to try: - Update the version of `eclipse/che-ip`; `docker pull eclipse/che-ip` - Prune your docker networks; `docker network prune`. A `./manage down` should remove the `von_von` network created by `von-network` but something may have gone wrong somewhere.

WadeBarnes (Tue, 12 May 2020 13:38:28 GMT):
Try things one at a time to see if you can identify the one thing that fixes the issue so we can add the information to the troubleshooting guide.

nileshv (Tue, 12 May 2020 15:55:34 GMT):
Has joined the channel.

DucaDellaForcoletta (Tue, 12 May 2020 16:24:38 GMT):
Hi again, just to understand better: in the case of the service decorator you suggested, after that the other agent receive that message, by means wich admin api it could reply to the presentation request? Or a custom exchange of message is needed?

swcurran (Tue, 12 May 2020 16:29:58 GMT):
We had a brief look at a wrapper that makes it possible to use python for mobile but didn't spend a lot of time on it. https://kivy.org/#home

swcurran (Tue, 12 May 2020 16:36:17 GMT):
I have a course that covers lots of this on edX: https://www.edx.org/course/becoming-a-hyperledger-aries-developer It has a couple of labs that go over the details of a version of the code: - https://github.com/cloudcompass/ToIPLabs/blob/master/docs/LFS173x/agentsConnecting.md - https://github.com/cloudcompass/ToIPLabs/blob/master/docs/LFS173x/AliceGetsCredential.md

haniavis (Tue, 12 May 2020 16:59:07 GMT):
thanks everyone for your replies. So there was indeed a firewall running on the machine (no idea why) and this was causing the issue. I didn't do any of the fixes mentioned in this thread, just running ./manage build and ./manage start was enough after disabling the firewall. and btw I am using the eclipse/che-ip image.

WadeBarnes (Tue, 12 May 2020 17:33:25 GMT):
You can leave the firewall running, you'll just need to open ports 9700 through 9799 to run Indy-Node processes. In the case of `von-network` you can narrow that to 9700 to 9708 since there are only 4 nodes running.

swcurran (Wed, 13 May 2020 00:06:11 GMT):
Join us for the ACA-Py User Group tomorrow at 11AM Pacific (1 hour before the Aries WG Call). We'll be covering the latest on revocation - a tails server that anyone can use, an update on the Aries Agent Test Harness and what we thought was cool at IIW (hint - BBS+ and JSON-LD ZKPs). Zoom link will be: https://zoom.us/j/900111661; Link to meeting agenda page: https://wiki.hyperledger.org/display/ARIES/2020-05-13+Aries+Cloud+Agent+-+Python+Users+Group+Community+Meeting

swcurran (Wed, 13 May 2020 00:11:26 GMT):
BTW - if anyone else wants to demo/present tomorrow on the ACA-Pug call, please let me know.

swcurran (Wed, 13 May 2020 16:57:40 GMT):
ACA-Pug meeting starting now ^^^

swcurran (Wed, 13 May 2020 16:57:40 GMT):
ACA-Pug meeting starting in one hour^^^

lauravuo-techlab (Thu, 14 May 2020 06:35:29 GMT):
sorry about the late response, I had some trouble logging back in to rocket chat. @sklump the fix worked, now the ack is received as expected. thanks for the quick changes :pray: @swcurran yes, we are using the basic message protocol with credential offers and proof requests, we'll have think about a dedicated protocol :thinking:

wip-abramson (Thu, 14 May 2020 13:18:55 GMT):
Hi all, I recently created this tutorial - https://github.com/wip-abramson/aries-acapy-protocol-example which I hope will help others learn something I struggled with for a while :) It's really helped a lot of things click for me. Thanks to @andrew.whitehead for taking the time to walk me through this initially.

shantsum (Sat, 16 May 2020 13:48:13 GMT):
Has joined the channel.

lijiachuan (Sat, 16 May 2020 23:06:52 GMT):
Has joined the channel.

lijiachuan (Sat, 16 May 2020 23:06:53 GMT):
Hi all, I encountered one problem when I tried to use aca-py agent to generate one invitation, there is no "serviceEndpoint" property in the invitation object, I use below command to start the agent, and the Open API I am running is v0.5.1, I am not sure whether I missed anything there, anyone can help? Thanks a lot. ``` PORTS="8080:8080 8000:8000" \ scripts/run_docker start --wallet-type indy \ --seed 000000000000000000000000000Agent \ --wallet-name myWallet \ --genesis-url http://von_ip_address/genesis \ --inbound-transport http 0.0.0.0 8000 \ --outbound-transport http \ --admin 0.0.0.0 8080 \ --admin-insecure-mode ```

swcurran (Sun, 17 May 2020 00:09:39 GMT):
I think this is the option that's needed: ``` -e [ ...], --endpoint [ ...] Specifies the endpoints to put into DIDDocs to inform other agents of where they should send messages destined for this agent. Each endpoint could be one of the specified inbound transports for this agent, or the endpoint could be that of another agent (e.g. 'https://example.com/agent-endpoint') if the routing of messages to this agent by a mediator is configured. The first endpoint specified will be used in invitations. The endpoints are used in the formation of a connection with another agent. ```

omardib (Mon, 18 May 2020 02:01:52 GMT):
Has joined the channel.

omardib (Mon, 18 May 2020 02:01:56 GMT):
Hi all, is it possible to get a schema from the ledger by name? As far as I know, in the current version, the verifier should contact somehow the issuer to get the schema definition of data. Any hint on how get the schema definition in order to prepare a proof request?

kukgini (Mon, 18 May 2020 09:51:31 GMT):
Hi all, in my AcaPy v0.5.1, /issue-credential/send-proposal gives me 500 Internal Server Error. Can you help me? Input: ``` { "cred_def_id": "CnfFzUoRznng4maNWSDswB:3:CL:75:default", "schema_issuer_did": "CnfFzUoRznng4maNWSDswB", "trace": true, "issuer_did": "CnfFzUoRznng4maNWSDswB", "comment": "string", "credential_proposal": { "@type": "did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/issue-credential/1.0/credential-preview", "attributes": [ { "name": "scor", "mime-type": "text/plain", "value": "4.5" } ] }, "auto_remove": true, "connection_id": "821a40b8-5eb2-4da1-9aa3-5f3484d81353", "schema_version": "1.0", "schema_id": "CnfFzUoRznng4maNWSDswB:2:prefs:1.0", "schema_name": "prefs" } ``` Agent Logs: ``` 2020-05-18 09:42:39,302 aries_cloudagent.messaging.models.base ERROR TraceDecorator message validation error: Traceback (most recent call last): File "/home/indy/aries_cloudagent/messaging/models/base.py", line 127, in deserialize return schema.loads(obj) if isinstance(obj, str) else schema.load(obj) File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/marshmallow/schema.py", line 684, in load data, many=many, partial=partial, unknown=unknown, postprocess=True File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/marshmallow/schema.py", line 842, in _do_load raise exc marshmallow.exceptions.ValidationError: {'target': ['Missing data for required field.']} 2020-05-18 09:42:39,302 aries_cloudagent.core.dispatcher ERROR Handler error: credential_exchange_send_proposal Traceback (most recent call last): File "/home/indy/aries_cloudagent/messaging/models/base.py", line 127, in deserialize return schema.loads(obj) if isinstance(obj, str) else schema.load(obj) File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/marshmallow/schema.py", line 684, in load data, many=many, partial=partial, unknown=unknown, postprocess=True File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/marshmallow/schema.py", line 842, in _do_load raise exc marshmallow.exceptions.ValidationError: {'target': ['Missing data for required field.']} ```

kukgini (Mon, 18 May 2020 09:51:31 GMT):
Hi all, in my AcaPy v0.5.1, /issue-credential/send-proposal gives me 500 Internal Server Error. Can you help me? Input: ``` { "cred_def_id": "CnfFzUoRznng4maNWSDswB:3:CL:75:default", "schema_issuer_did": "CnfFzUoRznng4maNWSDswB", "trace": true, "issuer_did": "CnfFzUoRznng4maNWSDswB", "comment": "string", "credential_proposal": { "@type": "did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/issue-credential/1.0/credential-preview", "attributes": [ { "name": "score", "mime-type": "text/plain", "value": "4.5" } ] }, "auto_remove": true, "connection_id": "821a40b8-5eb2-4da1-9aa3-5f3484d81353", "schema_version": "1.0", "schema_id": "CnfFzUoRznng4maNWSDswB:2:prefs:1.0", "schema_name": "prefs" } ``` Agent Logs: ``` 2020-05-18 09:42:39,302 aries_cloudagent.messaging.models.base ERROR TraceDecorator message validation error: Traceback (most recent call last): File "/home/indy/aries_cloudagent/messaging/models/base.py", line 127, in deserialize return schema.loads(obj) if isinstance(obj, str) else schema.load(obj) File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/marshmallow/schema.py", line 684, in load data, many=many, partial=partial, unknown=unknown, postprocess=True File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/marshmallow/schema.py", line 842, in _do_load raise exc marshmallow.exceptions.ValidationError: {'target': ['Missing data for required field.']} 2020-05-18 09:42:39,302 aries_cloudagent.core.dispatcher ERROR Handler error: credential_exchange_send_proposal Traceback (most recent call last): File "/home/indy/aries_cloudagent/messaging/models/base.py", line 127, in deserialize return schema.loads(obj) if isinstance(obj, str) else schema.load(obj) File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/marshmallow/schema.py", line 684, in load data, many=many, partial=partial, unknown=unknown, postprocess=True File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/marshmallow/schema.py", line 842, in _do_load raise exc marshmallow.exceptions.ValidationError: {'target': ['Missing data for required field.']} ```

kukgini (Mon, 18 May 2020 09:51:31 GMT):
Hi all, in my AcaPy v0.5.1 /issue-credential/send-proposal gives me 500 Internal Server Error. Can you help me? I can't figure it out what 'target' means. Input: ``` { "cred_def_id": "CnfFzUoRznng4maNWSDswB:3:CL:75:default", "schema_issuer_did": "CnfFzUoRznng4maNWSDswB", "trace": true, "issuer_did": "CnfFzUoRznng4maNWSDswB", "comment": "string", "credential_proposal": { "@type": "did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/issue-credential/1.0/credential-preview", "attributes": [ { "name": "score", "mime-type": "text/plain", "value": "4.5" } ] }, "auto_remove": true, "connection_id": "821a40b8-5eb2-4da1-9aa3-5f3484d81353", "schema_version": "1.0", "schema_id": "CnfFzUoRznng4maNWSDswB:2:prefs:1.0", "schema_name": "prefs" } ``` Agent Logs: ``` 2020-05-18 09:42:39,302 aries_cloudagent.messaging.models.base ERROR TraceDecorator message validation error: Traceback (most recent call last): File "/home/indy/aries_cloudagent/messaging/models/base.py", line 127, in deserialize return schema.loads(obj) if isinstance(obj, str) else schema.load(obj) File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/marshmallow/schema.py", line 684, in load data, many=many, partial=partial, unknown=unknown, postprocess=True File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/marshmallow/schema.py", line 842, in _do_load raise exc marshmallow.exceptions.ValidationError: {'target': ['Missing data for required field.']} 2020-05-18 09:42:39,302 aries_cloudagent.core.dispatcher ERROR Handler error: credential_exchange_send_proposal Traceback (most recent call last): File "/home/indy/aries_cloudagent/messaging/models/base.py", line 127, in deserialize return schema.loads(obj) if isinstance(obj, str) else schema.load(obj) File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/marshmallow/schema.py", line 684, in load data, many=many, partial=partial, unknown=unknown, postprocess=True File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/marshmallow/schema.py", line 842, in _do_load raise exc marshmallow.exceptions.ValidationError: {'target': ['Missing data for required field.']} ```

swcurran (Mon, 18 May 2020 13:24:23 GMT):
It looks like you are not using the trace capability, so you should set "trace" to false.

HLFPOC (Mon, 18 May 2020 13:36:57 GMT):
Is there any way to store and display agent specific logo/icon while establishing a connection in ACA-Py?

kukgini (Tue, 19 May 2020 00:33:21 GMT):
Thank you @swcurran. Can you tell me where to find the resource/document to see what the trace option does? There seems to be no mention of this in `Aries RFC 0036: Issue Credential Protocol 1.0`.

lijiachuan (Tue, 19 May 2020 01:12:53 GMT):
Hi all, I have one question about the agent provision and start process, also one error when I tried to provision an agent, hope I can get your support. Thanks. 1. Whether we should always provision an agent initially, then start it, or there is no dependency between them, we can start an agent directly 2. When I tried to provision a new agent use below command ``` scripts/run_docker provision \ --storage-type indy \ --endpoint http://myAgentVMIP:8000 \ --genesis-url http://myVONVMIP/genesis \ --seed 0000000000000000000000000CorpReg \ --wallet-type 'indy' \ --wallet-storage-type 'indy' \ --replace-public-did ``` There is one error returned as below: ``` aries_cloudagent.wallet.error.WalletError: Wallet default error: Error: Unknown wallet storage type Caused by: Unknown wallet storage type ```

andrew.whitehead (Tue, 19 May 2020 01:23:10 GMT):
You don't need to pass --wallet-storage-type unless you're using the postgres storage plugin

lijiachuan (Tue, 19 May 2020 05:17:31 GMT):
thanks @andrew.whitehead for your reply, so whether indy is the default option for the wallet-storage-type? As I saw the basis is using memory, so not sure whether indy is the default option, that is the same reason why I also specified the wallet-type to indy.

Rishal_ep (Tue, 19 May 2020 10:25:25 GMT):
Has joined the channel.

andrew.whitehead (Tue, 19 May 2020 16:01:03 GMT):
Setting wallet-type to indy is sufficient. --wallet-storage-type tells the indy wallet to use different storage backends

lijiachuan (Tue, 19 May 2020 16:14:56 GMT):
[ ](https://chat.hyperledger.org/channel/aries-cloudagent-python?msg=weEqMRxrFcXpfmENL) Thanks for this.

lijiachuan (Tue, 19 May 2020 16:21:20 GMT):
Hi, I tried to use the Angular aries controller to accept one invitation, this invitation was generated from Faber, and tried to accept in Alice. But after I click accept button in Alice side, from the log, below errors returned, that sender verkey is different from the verkey of Faber's DID, and the recipient verkey is also different from Alice's public DID's verkey. So I am a little confuse about why there is new verkey generated, it's not the same as the verkey I got from VON ledger. Anyone can help? Thanks. ``` 2020-05-19 16:13:30,993 aries_cloudagent.protocols.connections.v1_0.manager WARNING No corresponding DID found for sender verkey: 7gV28bPTHd8VupAaruYdmDACwKaCJWUDe47ao89RdQ8H 2020-05-19 16:13:30,994 aries_cloudagent.protocols.connections.v1_0.manager WARNING No corresponding DID found for recipient verkey: 3rMAFWvzcDdzePapzUjJiEfv89oFnTyugnjWFTRWzB9v ``` For OrgBook: ``` PORTS="8080:8080 8000:8000" \ scripts/run_docker start \ -l OrgBook \ --inbound-transport http 0.0.0.0 8000 \ --outbound-transport http \ --admin 0.0.0.0 8080 \ --admin-insecure-mode \ --endpoint http://OrgBookIP:8000 \ --genesis-url http://VONIP/genesis \ --wallet-type indy \ --seed 000000000000000000000000OrgBook1 \ --auto-accept-invites \ --auto-accept-requests \ --log-level 'info' ``` I created a new invitation from CorpReg, and then tried to accept the invitation in OrgBook, but there are two issues I encountered, one is after accept the invitation, there is one active record on OrgBook side but there is no DID for it, the second issue is I could not see that active record in CorpReg side, there is no special error in the log except that unrecognized DID warning. I am not sure whether any parameters I used in the start command is incorrect, could you please suggest on this? Thanks

swcurran (Tue, 19 May 2020 19:26:39 GMT):
In agent communications, ACA-Py does not use Public DIDs by default, but uses pairwise DIDs. Each agent generates a DID in their wallet, does not send it to the ledger, but just sends it to the other agent during the connection protocol. This prevents correlation between connections. Alice looks different from Bob and Faber - she uses a different DID for each.

swcurran (Tue, 19 May 2020 19:27:24 GMT):
This video explains the concept and raional - https://www.youtube.com/watch?v=EKH7vjp_P9o

lijiachuan (Wed, 20 May 2020 00:49:36 GMT):
thanks @swcurran for your reply, I got the point about the pairwise DIDs. I created one VON test network, and plan to use the Angular controller for both CorpReg and OrgBook, I use below command to start these two agent: For CorpReg : ``` PORTS="8080:8080 8000:8000" \ scripts/run_docker start \ -l CorpReg \ --inbound-transport http 0.0.0.0 8000 \ --outbound-transport http \ --admin 0.0.0.0 8080 \ --admin-insecure-mode \ --endpoint http://agentIP:8000 \ --genesis-url http://VONIP/genesis \ --wallet-type indy \ --seed 000000000000000000000000CorpReg1 \ --auto-accept-invites \ --auto-accept-requests \ --log-level 'info' ``` For OrgBook: ``` PORTS="8080:8080 8000:8000" \ scripts/run_docker start \ -l OrgBook \ --inbound-transport http 0.0.0.0 8000 \ --outbound-transport http \ --admin 0.0.0.0 8080 \ --admin-insecure-mode \ --endpoint http://OrgBookIP:8000 \ --genesis-url http://VONIP/genesis \ --wallet-type indy \ --seed 000000000000000000000000OrgBook1 \ --auto-accept-invites \ --auto-accept-requests \ --log-level 'info' ``` I created a new invitation from CorpReg, and then tried to accept the invitation in OrgBook, but there are two issues I encountered, one is after accept the invitation, there is one active record on OrgBook side but there is no DID for it, the second issue is I could not see that active record in CorpReg side, there is no special error in the log except that unrecognized DID warning. I am not sure whether any parameters I used in the start command is incorrect, could you please suggest on this? Thanks

lijiachuan (Wed, 20 May 2020 00:49:36 GMT):
thanks @swcurran for your reply, I got the point about the pairwise DIDs. I created one VON test network, and plan to use the Angular controller for both CorpReg and OrgBook, I use below command to start these two agent: For CorpReg : ``` PORTS="8080:8080 8000:8000" \ scripts/run_docker start \ -l CorpReg \ --inbound-transport http 0.0.0.0 8000 \ --outbound-transport http \ --admin 0.0.0.0 8080 \ --admin-insecure-mode \ --endpoint http://agentIP:8000 \ --genesis-url http://VONIP/genesis \ --wallet-type indy \ --seed 000000000000000000000000CorpReg1 \ --auto-accept-invites \ --auto-accept-requests \ --log-level 'info' ``` For OrgBook: ``` PORTS="8080:8080 8000:8000" \ scripts/run_docker start \ -l OrgBook \ --inbound-transport http 0.0.0.0 8000 \ --outbound-transport http \ --admin 0.0.0.0 8080 \ --admin-insecure-mode \ --endpoint http://OrgBookIP:8000 \ --genesis-url http://VONIP/genesis \ --wallet-type indy \ --seed 000000000000000000000000OrgBook1 \ --auto-accept-invites \ --auto-accept-requests \ --log-level 'info' ``` I created a new invitation from CorpReg, and then tried to accept the invitation in OrgBook, but there are two issues I encountered, one is after accept the invitation, there is one active record on OrgBook side but there is no DID for it, the second issue is I could not see that active record in CorpReg side, there is no special error in the log except that unrecognized DID warning. From the controller's code, when click accept button, it only invoke the "/connections/receive-invitation" service from the OpenAPI, from the OpenAPI demo document, by default this will not generate one "request" automatically, so I added the --auto-accept-invites start parameter, so I think currently OrgBook generated one request automatically, but this request was not send to the CorpReg successfully. I am not sure whether any parameters I used in the start command is incorrect, could you please suggest on this? Thanks

nacerix (Wed, 20 May 2020 15:32:47 GMT):
Hi all,

nacerix (Wed, 20 May 2020 15:33:42 GMT):
I am trying to configure an acapy agent to use postgresql as backend storage for its wallet. These are the docker command I used:

nacerix (Wed, 20 May 2020 15:34:25 GMT):
`docker run -d --name indy-postgres -e POSTGRES_PASSWORD=walletpass -e POSTGRES_USER=indy -e POSTGRES_DB=wallets -v ${pwd}:/var/lib/postgresql/data --net von_von --ip 172.18.0.100 postgres`

nacerix (Wed, 20 May 2020 15:34:30 GMT):
and agent:

nacerix (Wed, 20 May 2020 15:34:30 GMT):
can someone help me finding what I have done wrong please?

nacerix (Wed, 20 May 2020 15:34:30 GMT):
and agent:

nacerix (Wed, 20 May 2020 15:34:53 GMT):
`docker run --rm -it --name employee -p "8030-8033:8030-8033" --net von_von --ip 172.18.0.102 aries-cloudagent-run start --wallet-type indy --seed 0000000000000000000000Employee01 --wallet-key employeeWalletKey --wallet-name wallets --wallet-storage-type postgres_storage --wallet-storage-config '{ "url" : "172.18.0.100:5432" }' --wallet-storage-creds '{ "account" : "indy", "password" : "walletpass"}' --genesis-url http://172.18.5:9000/genesis --inbound-transport http 0.0.0.0 8030 --outbound-transport http --log-level DEBUG --admin 0.0.0.0 8031 --admin-insecure-mode -e http://172.18.0.102:8030 -l EmployeeAgent`

nacerix (Wed, 20 May 2020 15:35:22 GMT):
I am using the official postgresql docker image

nacerix (Wed, 20 May 2020 15:35:43 GMT):
and I get the following error:

nacerix (Wed, 20 May 2020 15:36:21 GMT):
`2020-05-20 15:27:49,887 asyncio DEBUG Using selector: EpollSelector 2020-05-20 15:27:49,926 aries_cloudagent.wallet.provider INFO Opening wallet type: indy 2020-05-20 15:27:49,947 aries_cloudagent.wallet.plugin INFO Initializing postgres wallet 2020-05-20 15:27:50,013 aries_cloudagent.wallet.plugin INFO Success, loaded postgres wallet storage 2020-05-20 15:27:50,013 indy.wallet DEBUG open_wallet: >>> config: '{"id": "wallets", "freshness_time": false, "storage_type": "postgres_storage", "storage_config": {"url": "172.18.0.100:5432"}}', credentials: '{"key": "employeeWalletKey", "key_derivation_method": "ARGON2I_MOD", "storage_credentials": {"account": "indy", "password": "walletpass"}}' 2020-05-20 15:27:50,013 indy.wallet DEBUG open_wallet: Creating callback 2020-05-20 15:27:50,013 indy.libindy DEBUG create_cb: >>> cb_type: .CFunctionType'> 2020-05-20 15:27:50,015 indy.libindy DEBUG create_cb: <<< res: 2020-05-20 15:27:50,017 indy.libindy DEBUG do_call: >>> name: indy_open_wallet, args: (c_char_p(140084313262672), c_char_p(140084307537600), ) 2020-05-20 15:27:50,019 indy.libindy DEBUG _load_cdll: >>> 2020-05-20 15:27:50,019 indy.libindy DEBUG _load_cdll: Detected OS name: linux 2020-05-20 15:27:50,019 indy.libindy DEBUG _load_cdll: Resolved libindy name is: libindy.so 2020-05-20 15:27:50,020 indy.libindy DEBUG _load_cdll: <<< res: 2020-05-20 15:27:50,023 indy.libindy DEBUG set_logger: >>> 2020-05-20 15:27:50,023 indy.libindy DEBUG do_call_sync: >>> name: indy_set_logger, args: (None, None, , None) 2020-05-20 15:27:50,027 indy.libindy DEBUG do_call_sync: <<< 0 2020-05-20 15:27:50,029 indy.libindy DEBUG set_logger: <<< 2020-05-20 15:27:50,034 indy.libindy DEBUG do_call: Function indy_open_wallet returned err: 0 2020-05-20 15:27:50,034 indy.libindy DEBUG do_call: <<< 2020-05-20 15:27:50,038 indy.libindy.native.indy.commands INFO src/commands/mod.rs:150 | WalletCommand command received 2020-05-20 15:27:50,038 indy.libindy.native.wallet_command_executor DEBUG src/commands/wallet.rs:142 | Open command received thread '' panicked at 'called `Result::unwrap()` on an `Err` value: Error(Db(DbError { severity: "ERROR", parsed_severity: Some(Error), code: SqlState("42P01"), message: "relation \"metadata\" does not exist", detail: None, hint: None, position: Some(Normal(19)), where_: None, schema: None, table: None, column: None, datatype: None, constraint: None, file: Some("parse_relation.c"), line: Some(1194), routine: Some("parserOpenTable") }))', src/libcore/result.rs:999:5 note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace. thread '' panicked at 'called `Result::unwrap()` on an `Err` value: "PoisonError { inner: .. }"', src/libcore/result.rs:999:5 stack backtrace:`

nacerix (Wed, 20 May 2020 15:36:21 GMT):
*`2020-05-20 15:27:49,887 asyncio DEBUG Using selector: EpollSelector 2020-05-20 15:27:49,926 aries_cloudagent.wallet.provider INFO Opening wallet type: indy 2020-05-20 15:27:49,947 aries_cloudagent.wallet.plugin INFO Initializing postgres wallet 2020-05-20 15:27:50,013 aries_cloudagent.wallet.plugin INFO Success, loaded postgres wallet storage 2020-05-20 15:27:50,013 indy.wallet DEBUG open_wallet: >>> config: '{"id": "wallets", "freshness_time": false, "storage_type": "postgres_storage", "storage_config": {"url": "172.18.0.100:5432"}}', credentials: '{"key": "employeeWalletKey", "key_derivation_method": "ARGON2I_MOD", "storage_credentials": {"account": "indy", "password": "walletpass"}}' 2020-05-20 15:27:50,013 indy.wallet DEBUG open_wallet: Creating callback 2020-05-20 15:27:50,013 indy.libindy DEBUG create_cb: >>> cb_type: .CFunctionType'> 2020-05-20 15:27:50,015 indy.libindy DEBUG create_cb: <<< res: 2020-05-20 15:27:50,017 indy.libindy DEBUG do_call: >>> name: indy_open_wallet, args: (c_char_p(140084313262672), c_char_p(140084307537600), ) 2020-05-20 15:27:50,019 indy.libindy DEBUG _load_cdll: >>> 2020-05-20 15:27:50,019 indy.libindy DEBUG _load_cdll: Detected OS name: linux 2020-05-20 15:27:50,019 indy.libindy DEBUG _load_cdll: Resolved libindy name is: libindy.so 2020-05-20 15:27:50,020 indy.libindy DEBUG _load_cdll: <<< res: 2020-05-20 15:27:50,023 indy.libindy DEBUG set_logger: >>> 2020-05-20 15:27:50,023 indy.libindy DEBUG do_call_sync: >>> name: indy_set_logger, args: (None, None, , None) 2020-05-20 15:27:50,027 indy.libindy DEBUG do_call_sync: <<< 0 2020-05-20 15:27:50,029 indy.libindy DEBUG set_logger: <<< 2020-05-20 15:27:50,034 indy.libindy DEBUG do_call: Function indy_open_wallet returned err: 0 2020-05-20 15:27:50,034 indy.libindy DEBUG do_call: <<< 2020-05-20 15:27:50,038 indy.libindy.native.indy.commands INFO src/commands/mod.rs:150 | WalletCommand command received 2020-05-20 15:27:50,038 indy.libindy.native.wallet_command_executor DEBUG src/commands/wallet.rs:142 | Open command received thread '' panicked at 'called `Result::unwrap()` on an `Err` value: Error(Db(DbError { severity: "ERROR", parsed_severity: Some(Error), code: SqlState("42P01"), message: "relation \"metadata\" does not exist", detail: None, hint: None, position: Some(Normal(19)), where_: None, schema: None, table: None, column: None, datatype: None, constraint: None, file: Some("parse_relation.c"), line: Some(1194), routine: Some("parserOpenTable") }))', src/libcore/result.rs:999:5 note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace. thread '' panicked at 'called `Result::unwrap()` on an `Err` value: "PoisonError { inner: .. }"', src/libcore/result.rs:999:5 stack backtrace: `*

nacerix (Wed, 20 May 2020 15:39:05 GMT):
can someone help me finding what I have done wrong please?

esune (Wed, 20 May 2020 20:12:16 GMT):
I don't see anything obvious, what I would suggest though is to use a different name for the agent wallet than the default postgresql database name: this way the agent will create it from scratch, rather than connect to an existing schema, and create all the required objects from scratch. Same user/password, different DB (schema) name.

kukgini (Thu, 21 May 2020 02:44:08 GMT):
Hi all. I'm trying to connect agent with postgres. agent start was failed with `aries_cloudagent.wallet.plugin ERROR Error unable to configure postgres stg: 210`. i couldn't find what `210` error code means. can someone help me?

kukgini (Thu, 21 May 2020 02:44:08 GMT):
Hi all. I'm trying to connect AcaPy with postgres. Agent start was failed with `aries_cloudagent.wallet.plugin ERROR Error unable to configure postgres stg: 210`. i'm not sure but i think `210` error means `WalletStorageError`. `RUST_LOG=debug` and `RUST_BACKTRACE=1` environment variable didn't gives me any further information. i tried this on docker-compose with following command options: ``` agent: image: aries-cloudagent-run ... command: .... - --wallet-storage-type - postgres_storage - --wallet-storage-config - '{"url":"postgres:5432","wallet_scheme":"MultiWalletSingleTable"}' - --wallet-storage-creds - '{"account":"postgres","password":"mysecretpassword","admin_account":"postgres","admin_password":"mysecretpassword"}' ``` logs: ``` 2020-05-21 05:23:07,116 aries_cloudagent.core.plugin_registry DEBUG Loaded module: aries_cloudagent.wallet 2020-05-21 05:23:07,133 aries_cloudagent.wallet.provider INFO Opening wallet type: indy 2020-05-21 05:23:07,148 aries_cloudagent.wallet.plugin INFO Initializing postgres wallet 2020-05-21 05:23:07,169 aries_cloudagent.wallet.plugin ERROR Error unable to configure postgres stg: 210 2020-05-21 05:23:07,189 asyncio ERROR Task exception was never retrieved future: .init() done, defined at /home/indy/aries_cloudagent/commands/start.py:74> exception=SystemExit(1,)> Traceback (most recent call last): File "/home/indy/aries_cloudagent/commands/start.py", line 102, in run_loop loop.run_forever() File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/asyncio/base_events.py", line 438, in run_forever self._run_once() File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/asyncio/base_events.py", line 1451, in _run_once handle._run() File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/asyncio/events.py", line 145, in _run self._callback(*self._args) File "/home/indy/aries_cloudagent/commands/start.py", line 77, in init await startup File "/home/indy/aries_cloudagent/commands/start.py", line 27, in start_app await conductor.start() File "/home/indy/aries_cloudagent/core/conductor.py", line 146, in start public_did = await wallet_config(context) File "/home/indy/aries_cloudagent/config/wallet.py", line 16, in wallet_config wallet: BaseWallet = await context.inject(BaseWallet) File "/home/indy/aries_cloudagent/config/injection_context.py", line 126, in inject return await self.injector.inject(base_cls, settings, required=required) File "/home/indy/aries_cloudagent/config/injector.py", line 77, in inject result = await provider.provide(ext_settings, self) File "/home/indy/aries_cloudagent/config/provider.py", line 83, in provide self._instance = await self._provider.provide(config, injector) File "/home/indy/aries_cloudagent/config/provider.py", line 106, in provide instance = await self._provider.provide(config, injector) File "/home/indy/aries_cloudagent/wallet/provider.py", line 39, in provide wallet = ClassLoader.load_class(wallet_class)(wallet_cfg) File "/home/indy/aries_cloudagent/wallet/indy.py", line 66, in __init__ load_postgres_plugin(self._storage_config, self._storage_creds) File "/home/indy/aries_cloudagent/wallet/plugin.py", line 41, in load_postgres_plugin raise SystemExit(1) SystemExit: 1 ```

kukgini (Thu, 21 May 2020 05:31:03 GMT):
than i removed `wallet_scheme` option in `--wallet-storage-config` like this: ``` agent: image: aries-cloudagent-run ... command: .... - --wallet-storage-type - postgres_storage - --wallet-storage-config - '{"url":"postgres:5432"}' - --wallet-storage-creds - '{"account":"postgres","password":"mysecretpassword","admin_account":"postgres","admin_password":"mysecretpassword"}' ``` then: ``` 2020-05-21 05:01:00,607 indy.libindy.native.indystrgpostgres ERROR src/lib.rs:190 | Create storage failed: IOError("IO error during storage operation: IO error") 2020-05-21 05:01:00,607 indy.libindy DEBUG _get_error_details: >>> 2020-05-21 05:01:00,608 indy.libindy DEBUG _get_error_details: <<< error_details: {'backtrace': 'stack backtrace:\n 0: failure::backtrace::internal::InternalBacktrace::new::ha433fddfa9e7c56c (0x7fcbd0804db9)\n 1: failure::backtrace::Backtrace::new::h2ae0c30e71b49c8a (0x7fcbd080496f)\n 2: >::from::ha35e0cacacbc7400 (0x7fcbd057aa2b)\n 3: ::create_storage::hdaed6c81796fa3c2 (0x7fcbd05076a9)\n 4: indy_wallet::WalletService::_create_wallet::hded74d8870facc06 (0x7fcbd04f4c74)\n 5: indy_wallet::WalletService::create_wallet::he81268feb8543319 (0x7fcbd04f4960)\n 6: indy::commands::wallet::WalletCommandExecutor::execute::hd589416f9ce4a3c8 (0x7fcbd01d110a)\n 7: std::sys_common::backtrace::__rust_begin_short_backtrace::h78cef693d4e097b6 (0x7fcbd03bb9c1)\n 8: __rust_maybe_catch_panic (0x7fcbd0829b99)\n at src/libpanic_unwind/lib.rs:82\n 9: core::ops::function::FnOnce::call_once{{vtable.shim}}::hd8bac0c1291652bf (0x7fcbd0140795)\n 10: as core::ops::function::FnOnce>::call_once::h42806b83647d4c79 (0x7fcbd081a42e)\n at /rustc/eae3437dfe991621e8afdc82734f4a172d7ddf9b/src/liballoc/boxed.rs:746\n 11: as core::ops::function::FnOnce >::call_once::h83c921c8e826dd1d (0x7fcbd0828f9f)\n at /rustc/eae3437dfe991621e8afdc82734f4a172d7ddf9b/src/liballoc/boxed.rs:746\n std::sys_common::thread::start_thread::h2613204ce513782e\n at src/libstd/sys_common/thread.rs:13\n std::sys::unix::thread::Thread::new::thread_start::h4570080769500bcd\n at src/libstd/sys/unix/thread.rs:79\n 12: start_thread (0x7fcbda80a6da)\n 13: __clone (0x7fcbd9d8e88e)\n 14: (0x0)', 'message': 'Error: Wallet storage error occurred\n Caused by: Plugin returned error\n' } 2020-05-21 05:01:00,608 indy.libindy DEBUG _indy_callback: >>> command_handle: 1, err , args: () 2020-05-21 05:01:00,609 indy.libindy DEBUG _indy_callback: <<< 2020-05-21 05:01:00,609 indy.libindy DEBUG _indy_loop_callback: >>> command_handle: 1, err , args: () 2020-05-21 05:01:00,610 indy.libindy WARNING _indy_loop_callback: Function returned error 2020-05-21 05:01:00,612 indy.libindy DEBUG _indy_loop_callback <<< ``` can someone help me?

DucaDellaForcoletta (Thu, 21 May 2020 08:47:58 GMT):
Hi all, I've a server error: "ConnectionManagerError: Cannot use public and multi_use at the same time" during the invocation of the /connection/create-invitation with public=true and multi=false. If I do not provide the multi parameter the public invitation is correctly created. I think that when provided the multi parameter is managed as string and the check always pass as true even when false is contained. The url generated is the following curl -X POST "http://localhost:4000/connections/create-invitation?alias=Test&accept=false&public=true&multi_use=false" -H "accept: application/json" Hope this could help the others.

mmassaad (Thu, 21 May 2020 08:54:19 GMT):
Has joined the channel.

lijiachuan (Thu, 21 May 2020 13:52:12 GMT):
Hi, can anyone help on this? Thanks

lijiachuan (Thu, 21 May 2020 13:53:46 GMT):
thanks swcurran for your reply, I got the point about the pairwise DIDs. I created one VON test network, and plan to use the Angular controller for both CorpReg and OrgBook, I use below command to start these two agent: For CorpReg : PORTS="8080:8080 8000:8000" \ scripts/run_docker start \ -l CorpReg \ --inbound-transport http 0.0.0.0 8000 \ --outbound-transport http \ --admin 0.0.0.0 8080 \ --admin-insecure-mode \ --endpoint http://agentIP:8000 \ --genesis-url http://VONIP/genesis \ --wallet-type indy \ --seed 000000000000000000000000CorpReg1 \ --auto-accept-invites \ --auto-accept-requests \ --log-level 'info' For OrgBook: PORTS="8080:8080 8000:8000" \ scripts/run_docker start \ -l OrgBook \ --inbound-transport http 0.0.0.0 8000 \ --outbound-transport http \ --admin 0.0.0.0 8080 \ --admin-insecure-mode \ --endpoint http://OrgBookIP:8000 \ --genesis-url http://VONIP/genesis \ --wallet-type indy \ --seed 000000000000000000000000OrgBook1 \ --auto-accept-invites \ --auto-accept-requests \ --log-level 'info' I created a new invitation from CorpReg, and then tried to accept the invitation in OrgBook, but there are two issues I encountered, one is after accept the invitation, there is one active record on OrgBook side but there is no DID for it, the second issue is I could not see that active record in CorpReg side, there is no special error in the log except that unrecognized DID warning. From the controller's code, when click accept button, it only invoke the "/connections/receive-invitation" service from the OpenAPI, from the OpenAPI demo document, by default this will not generate one "request" automatically, so I added the --auto-accept-invites start parameter, so I think currently OrgBook generated one request automatically, but this request was not send to the CorpReg successfully. I am not sure whether any parameters I used in the start command is incorrect, could you please suggest on this? Thanks

swcurran (Thu, 21 May 2020 14:19:59 GMT):
Great if you could create an issue to the repo on that. Something sounds broken that needs to be fixed.

DucaDellaForcoletta (Thu, 21 May 2020 14:57:34 GMT):
Done! issue: https://github.com/hyperledger/aries-cloudagent-python/issues/517. Thanks so much.

kukgini (Fri, 22 May 2020 02:35:57 GMT):
Hi all, I'm not an cryptography guy. So it could be stupid question. anyway, can i rotate `wallet-key` which is used when encrypt wallet data or it should be permanent until end of life?

sklump (Fri, 22 May 2020 13:30:18 GMT):
You're right, it's a deficiency. I will take care of it.

sklump (Fri, 22 May 2020 13:30:18 GMT):
You're right; it's a deficiency. I will take care of it.

sklump (Fri, 22 May 2020 13:30:18 GMT):
You're right; it's a deficiency. I will look into it.

swcurran (Fri, 22 May 2020 13:34:15 GMT):
I suspect you have not walked through the OpenAPI demo that is here -- https://github.com/hyperledger/aries-cloudagent-python/blob/master/demo/AriesOpenAPIDemo.md From your description, it sounds like you have done part of the necessary steps but not all.

swcurran (Fri, 22 May 2020 13:38:08 GMT):
Receiving an invitation does not process and send the request to the other party. The controller needs to do both steps.

lijiachuan (Fri, 22 May 2020 13:51:17 GMT):
Hi Swcurran, I went through the OpenAPI demo, and I see that in that process, after invitation, we need to trigger one request, then response to complete the connection process. Then I follow the instruction of the aries controller demo, in this demo, after Alice controller(Angular) accepted the invitation from Faber, there is one active connection on both Faber and Alice, there is no additional step to request or response for the connection, and from the code, it only invoked the receive-invitation service, so I suppose there should one auto request and response for the invitation. As I want to only use Angular API for the controller practice, so I created one test VON network, and setup two aca agents, and use two Angular agents interact with the agents, I just make a copy of the Aries controller angular code, but when I tried to use controller B to accept the invitation generated from controller A, I only can see one active connection in controller B which doesn't have a DID, and there is no active connection in controller A. I am not sure whether the command which I used to start the aries agent has any incorrect parameters.

lijiachuan (Fri, 22 May 2020 14:01:20 GMT):
The controller code I used is the one downloaded from Aries controller's github repository, so I think the code should not have issue, it might due to the agent start command is not correct, but I compared the parameters with the --help, and didn't find any in-proper parameter, so is stuck here...

swcurran (Fri, 22 May 2020 14:06:24 GMT):
@ianco - any suggestions here? Are you running the acapy-controllers code itself or writing your own?

lijiachuan (Fri, 22 May 2020 14:08:08 GMT):
I run the acapy-controllers code, only changed the interceptor.service.ts, change the host name and port to my host name and port

lijiachuan (Fri, 22 May 2020 14:08:08 GMT):
I run the acapy-controllers code, not my own, only changed the interceptor.service.ts, change the host name and port to my host name and the open API's port.

lijiachuan (Fri, 22 May 2020 14:08:23 GMT):
not my own

lijiachuan (Fri, 22 May 2020 14:33:57 GMT):
I use below command to start the agent: ``` PORTS="8080:8080 8000:8000" \ scripts/run_docker start \ -l CorpReg \ --inbound-transport http 0.0.0.0 8000 \ --outbound-transport http \ --admin 0.0.0.0 8080 \ --admin-insecure-mode \ --endpoint http://agentIP:8000 \ --genesis-url http://VONIP/genesis \ --wallet-type indy \ --seed 000000000000000000000000CorpReg1 \ --auto-accept-invites \ --auto-accept-requests \ --log-level 'info' ``` I think the agent's iteself port number is 8000, the openAPI's port is 8080, in the controller's interceptor, I use 8080 as the port there, so the agent should invoke the openAPI's service. But the invitation's service endpoint port I use 8000, just refer to the controller demo's service endpoint approach.

sklump (Fri, 22 May 2020 16:33:08 GMT):
You are right; it's a deficiency: I will take care of it.

jameshiester (Fri, 22 May 2020 21:26:57 GMT):
Has joined the channel.

esune (Fri, 22 May 2020 21:28:31 GMT):
@jameshiester The api key for an aca-py instance is just a secret key you pick to secure the admin rest interface of the agent. You tell the agent to use it by starting it using the flag `--admin-api-key your-very-secret-key-goes-here` and then need to pass it in the `x-api-key` header every time you send a request to the agent's admin rest interface.

jameshiester (Fri, 22 May 2020 21:32:56 GMT):
thanks, I'm not sure if you worked on the email service, I'm not seeing how it's being configured there?

esune (Fri, 22 May 2020 21:34:12 GMT):
The email-verification-service runs in insecure mode in docker: https://github.com/bcgov/indy-email-verification/blob/master/docker/docker-compose.yml#L33 This flag shoul dbe replaced with the above `--admin-api-key your-very-secret-key-goes-here`

esune (Fri, 22 May 2020 21:34:12 GMT):
The email-verification agent runs in insecure mode in docker: https://github.com/bcgov/indy-email-verification/blob/master/docker/docker-compose.yml#L33 This flag shoul dbe replaced with the above `--admin-api-key your-very-secret-key-goes-here`

esune (Fri, 22 May 2020 21:35:15 GMT):
And then you would have to update the service code to pick-up the same key (e.g.: using an environment variable) and add it to every request sent to the agent in the appropriate header

jameshiester (Fri, 22 May 2020 21:37:01 GMT):
aha that's what I was looking for. Thank you

lijiachuan (Sat, 23 May 2020 16:14:25 GMT):
hi, I am not sure on which condition the connection's status will be changed from "response" to "active", I manually executed one connection process from invitation -> request -> response, and the last state is "response", but from the OpenAPI document, after Faber response the connection request, when we check at Alice's agent, the connection state should be "active", but it didn't mention what action conducted to make this state changed from "response" to "active", anyone can help on this? Thanks.

swcurran (Sat, 23 May 2020 17:21:41 GMT):
First, is it Alice or Faber that is still in "response"? I'm guessing it is Faber. But regardless, this is because the connection protocol does not have an "ack" message, so Faber can't know for sure that Alice got the response. The solution is for either side to send a trust ping message. That acts like an ack and triggers the transition to active. That said, you can send any message while in the "response" state, so you can treat it like "active.". There is a risk that the second message will arrive before the "response" message, so you might want to delay a bit before sending the follow up message -- trust ping or other message.

lijiachuan (Sat, 23 May 2020 23:25:04 GMT):
Thanks for your reply, I added the --auto-ping-connection start parameter and it works! After response, the status was changed to active! But this response status is on both two sides, below is one example after I query from the connections, am not sure is this expected: On One Side: ``` { "results": [ { "routing_state": "none", "accept": "manual", "their_did": "UwVzrbToeM1gB7shKhPpbA", "created_at": "2020-05-23 23:12:45.119545Z", "initiator": "self", "invitation_mode": "once", "my_did": "4dgdK4JWppw9qmbsDmnh6o", "state": "response", "connection_id": "ae2e94d9-1cc5-4635-90bb-4505822ed47e", "updated_at": "2020-05-23 23:13:29.663566Z", "invitation_key": "8SC5GZnSjNEW1S8yXHoReBDZ273vGdntbeSkDvw2xsQ9", "their_label": "OrgBook" } ] } ``` On the other side: ``` { "results": [ { "connection_id": "d3df18c6-c9a2-44ee-9a4b-5bc9fefa09a6", "routing_state": "none", "updated_at": "2020-05-23 23:13:29.800755Z", "their_label": "CorpReg", "request_id": "9c325dea-1524-4f09-9fec-2239e23a879f", "invitation_mode": "once", "initiator": "external", "state": "response", "created_at": "2020-05-23 23:12:53.930803Z", "my_did": "UwVzrbToeM1gB7shKhPpbA", "accept": "manual", "invitation_key": "8SC5GZnSjNEW1S8yXHoReBDZ273vGdntbeSkDvw2xsQ9", "their_did": "4dgdK4JWppw9qmbsDmnh6o" } ] } ```

lijiachuan (Sat, 23 May 2020 23:37:17 GMT):
hi @swcurran , am not sure whether there is one guideline or instruction about if we start a new agent, what should be the "necessary" parameters we should add, I just see some simple version of the start command in below URL, but there seems more than that. This caused lots of time to figure out the issues encountered, or maybe I missed some instruction documents. So would like to have your thoughts, Thanks. https://github.com/hyperledger/aries-cloudagent-python/blob/master/DevReadMe.md#Running

kukgini (Mon, 25 May 2020 00:00:32 GMT):
Thanks for your reply. I'll wait for it.

swcurran (Mon, 25 May 2020 15:08:43 GMT):
It's difficult because what options to use depends on what you want to do. Open to suggestions on what to do and it helps to get feedback like this and we can think through the different contexts. The `--auto-ping-connections` is because of a deficiency in the `connections` protocol -- the lack of an ack after the `response`. Another thing that will help is a full starter kit controller, with the startup already taken into account. We'll think about what we can add to the docs for getting started.

sheru (Tue, 26 May 2020 03:20:48 GMT):
https://chat.hyperledger.org/channel/aries?msg=cBRSgjPKxeMr9fmfE Please help me if possible on this. this is about mediator and the mobile edge agent.

lijiachuan (Tue, 26 May 2020 12:17:17 GMT):
Thanks for reply, and I have another question that, for each time I used the `scripts/run_docker start`, previously created data was lost, may I know if the server rebooted, how can I bring back previously initialized agent, so it will run with previous configuration and also the data is still there. Kindly advise. Thanks.

lijiachuan (Tue, 26 May 2020 13:27:07 GMT):
I have below two questions which I think is the design related questions, hope someone can help to answer this. Thanks in advance. 1. In the credential definition details information, the only schema related property is the "schemaId" which value like "17", it is the "seqNo" of the schema, but this is not the same as the passed in parameter for the OpenAPI service "/schemas/{schema_id}" which schema id like "44G6Wo8q3nLBc3JMapsjsG:2:corpReg:1.0", it means we could not based on one credential definition to quickly retrieve or get to know what is related schema it is used. I am not sure is this for a special reason, or whether we should have another schema query service which can be based on the seqNo? 2. When I tried to format one credential object for the service "/issue-credential/send", both credential definition id and related schema property values need to be specified, so: Firstly, due to the question #1, there is not a quick way to quickly query a definition and related schema's information, I only can query all schemasID firstly, then get each schema details information one by one, then get to know what is the related schema properties for the selected credential definition, I am not sure whether there is any other better way to do this, or shall I store this mapping information in my own database. Secondly, there is one "schema_issuer_did" property needs to be specified, but there is no such property in the schema details which retried from "/schemas/{schema_id}", so whether we need to query from ledger instead of from wallet?

lijiachuan (Tue, 26 May 2020 13:27:07 GMT):
I have below two questions which I think is the design related questions, hope someone can help to answer this. Thanks in advance. 1. In the credential definition details information which I retrieved from "/credential-definitions/{cred_def_id}", the only schema related property is the "schemaId" which value like "17", it is the "seqNo" of the schema, but this is not the same as the passed in parameter for the OpenAPI service "/schemas/{schema_id}" which schema id like "44G6Wo8q3nLBc3JMapsjsG:2:corpReg:1.0", it means we could not based on one credential definition to quickly retrieve or get to know what is related schema it is used. I am not sure is this for a special reason, or whether we should have another schema query service which can be based on the seqNo? 2. When I tried to format one credential object for the service "/issue-credential/send", both credential definition id and related schema property values need to be specified, so: Firstly, due to the question #1, there is not a quick way to quickly query a definition and related schema's information, I only can query all schemasID firstly, then get each schema details information one by one, then get to know what is the related schema properties for the selected credential definition, I am not sure whether there is any other better way to do this, or shall I store this mapping information in my own database. Secondly, there is one "schema_issuer_did" property needs to be specified, but there is no such property in the schema details which retried from "/schemas/{schema_id}", so whether we need to query from ledger instead of from wallet?

sklump (Tue, 26 May 2020 13:46:39 GMT):
1. This taxonomy goes back to indy-sdk and the design of the indy ledger. Property `schemaId` should always look like `:2::`: if you have found one that doesn't it's a deficiency and you should raise an issue. It is for this reason that under *schema*, you can find schemas created (`GET /schemas/created`) by schema id, issuer DID, schema name, schema version. 2. You don't have to specify everything, just enough so that the issuer can locate a single cred def that it issued. In this case you can specify cred def id if you know it.

lijiachuan (Tue, 26 May 2020 13:56:59 GMT):
Thanks @sklump for your reply, let's discuss for #1 item firstly. Below is the returned value after I invoke the "/credential-definitions/{cred_def_id}": ``` { "credential_definition": { "id": "WgWxqztrNooG92RXvxSTWv:3:CL:20:tag", "schemaId": "20", "ver": "1.0", "tag": "tag", "value": {}, "type": "CL" } } ``` From there we can see that the schemaID is not the one we expected to see. Is this one issue or that is correct?

sklump (Tue, 26 May 2020 14:02:36 GMT):
Oh, yes, that's right; this is how it appears in the cred def. We have no control over that as that's how it stands on the ledger. We don't want to start straying into vendor-specific re-interpretations, so in this case the consumer must understand it as a transaction number.

lijiachuan (Tue, 26 May 2020 14:06:56 GMT):
So if we want to know what is the schema that one credential definition is based on, what would be the suggested approach to do that?

sklump (Tue, 26 May 2020 14:20:02 GMT):
The most direct route would be to query the ledger by transaction number. Otherwise, using purely aca-py, (1) query the schemas created to retrieve schema ids (2) iterate `GET /schemas/{schema_id}` per schema id until you find the one on the `seqNo` matching the `schemaId` in the cred def. This _is_ awkward, now that you mention it. But this is the disconnect that the specification for the cred def id introduces. The alternative (specifying by schema id rather than seqNo) spawns problems of its own. Alternatively, probably faster but a bit hackish, (1) retrieve the cred def by its identifier and peel off `response["credential_definition"]["value"]["primary"]["r"]`, minus `master_secret`.

lijiachuan (Tue, 26 May 2020 14:28:23 GMT):
ok, I raised this question is due to I practice to create a new schema which I plan to use for the final credential, - when I create a new definition I put one schema drop down list to select a specific schema. - when I create a new credential, I need to put a drop down for definition, then another drop down for schema, but there is not a simple way to quick map the selected definition with its based schema. So what I thought is the same as you mentioned, retrieve all schema IDs firstly, then loop them one by one to find the matched schema, it's not good, so I asked this question. But for now I have a general idea how to handle this.

lijiachuan (Tue, 26 May 2020 14:31:18 GMT):
Then, for the second item, I still want to ask, what are the required properties I need to put in the credential properties when I submit a new request. I followed the OpenAPI guideline: https://github.com/hyperledger/aries-cloudagent-python/blob/master/demo/AriesOpenAPIDemo.md#issuing-a-credential And it says "For the following fields, scroll on Faber's Swagger page to the listed endpoint, execute (if necessary), copy the response value and paste as the values of the following JSON items:" and "For these items set the values as follows:", so I thought I need to provide these values, but seems not all of them are required. May I know where can I know what are the required properties I need to provide there? Thanks.

sklump (Tue, 26 May 2020 14:33:34 GMT):
It depends: you must specify enough for the issuer to identify exactly one cred def that matches. Example: If the issuer has created multiple cred defs on the same schema id, a schema id becomes insufficient. Example: If the issuer has issued exactly one cred def id throughout its life, the issuer DID alone will do. OK?

sklump (Tue, 26 May 2020 14:34:17 GMT):
We should tweak the documentation, but this level of understanding risks alienating the target audience for a README.

sklump (Tue, 26 May 2020 14:34:17 GMT):
We should tweak the documentation, but this level of understanding risks alienating the target audience for a README. I don't want to create a wall of text for 10% more precision.

lijiachuan (Tue, 26 May 2020 14:39:59 GMT):
ok, understood. One more question for the version property of schema, there are two related properties: ver and version, may I know what is the reason for this? ``` { "schema": { "ver": "1.0", "id": "44G6Wo8q3nLBc3JMapsjsG:2:corpReg:1.0", "name": "corpReg", "version": "1.0", "attrNames": [ "legalName", "POCEmail" ], "seqNo": 13 } } ```

lijiachuan (Tue, 26 May 2020 14:39:59 GMT):
ok, understood. One more question for the version property of schema, there are two related properties: ver and version, may I know what is the reason for this and whether these two properties always have the same value? ``` { "schema": { "ver": "1.0", "id": "44G6Wo8q3nLBc3JMapsjsG:2:corpReg:1.0", "name": "corpReg", "version": "1.0", "attrNames": [ "legalName", "POCEmail" ], "seqNo": 13 } } ```

sklump (Tue, 26 May 2020 14:45:03 GMT):
Oh you ask the most devilish questions. Item `version` refers to the format of the data structure itself, and `ver` refers to whether identifiers are qualified or not (`"did:sov:abc..."` vs. `"abc..."`). Indy has been around a long time for this space and much of its design predates (indeed, informed) standardization efforts, so the `ver` attribute is a shim to allow compatibility over the years.

sklump (Tue, 26 May 2020 14:45:03 GMT):
Oh you ask the most devilish questions. Item `version` refers to the format of the data structure itself, and `ver` refers to whether identifiers are qualified or not (`"did:sov:abc..."` vs. `"abc..."`). Indy has been around a long time for this space and much of its design predates (indeed, it informed) standardization efforts, so the `ver` attribute is a shim to allow compatibility over the years.

lijiachuan (Tue, 26 May 2020 14:46:28 GMT):
ok, so actually they have the same meaning and always with the same value, correct?

sklump (Tue, 26 May 2020 14:47:00 GMT):
No: it is possible to use qualified attributes (directly with indy-sdk), and so for (bad) example consider ``` { ```

sklump (Tue, 26 May 2020 14:47:00 GMT):
No: it is possible to use qualified attributes (directly with indy-sdk), and so for (bad) example consider ``` { "ver": "1.0", "id": "did:sov:44G6Wo8q3nLBc3JMapsjsG:2:corpReg:1.0", "name": "corpReg", "version": "1.0", "attrNames": [ "legalName", "POCEmail" ], "seqNo": 13 } } ``` This data structure will cause indy-sdk to raise an exception (probably `CommonInvalidFormat`) because its `ver` is `1.0`. Instead it should be `2.0` to note that its identifier is qualified.

sklump (Tue, 26 May 2020 14:49:19 GMT):
In general you can expect both to be `1.0` for aca-py at the moment.

lijiachuan (Tue, 26 May 2020 15:01:15 GMT):
ok, thanks so much for your patient, and it's really helpful.

sklump (Tue, 26 May 2020 15:22:58 GMT):
@kukgini kindly follow https://github.com/hyperledger/aries-cloudagent-python/pull/525; once it's in master, key rotations are.

swcurran (Tue, 26 May 2020 15:35:01 GMT):
That is about how you persist your data. You will have to look at the docker is storing data. If it is just in the running container it will be lost. Putting it into volumes will persist it across executions.

lijiachuan (Tue, 26 May 2020 15:36:13 GMT):
got it, thanks for this.

swcurran (Wed, 27 May 2020 00:19:37 GMT):
Join us for the ACA-Py User Group tomorrow at 11AM Pacific (1 hour before the Aries WG Call). We'll have the core maintainers on the call to answer any questions and we'll be talking about the complications in implementing the Out of Band and DID Exchange Protocols in ACA-Py. We might also talk about recent work on key rotations. Zoom link will be: https://zoom.us/j/900111661; Link to meeting agenda page: https://wiki.hyperledger.org/display/ARIES/2020-05-27+Aries+Cloud+Agent+-+Python+Users+Group+Community+Meeting

ker13530018 (Wed, 27 May 2020 09:53:31 GMT):
Has joined the channel.

lijiachuan (Wed, 27 May 2020 14:45:56 GMT):
Hi all, I encountered one error when I tried to store the new issued credential into the wallet via /issue-credential/records/{cred_ex_id}/store, below is the error in log, did anyone encountered this error? ``` 2020-05-27 14:25:01,336 aiohttp.access INFO 175.167.154.193 [27/May/2020:14:25:01 +0000] "OPTIONS /issue-credential/records/92a447b6-ad80-44b2-a5b1-8b0071ea4c21/store HTTP/1.1" 200 335 "http://localhost:4200/credentials/offers" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36" 2020-05-27 14:25:01,817 aries_cloudagent.core.dispatcher ERROR Handler error: credential_exchange_store Traceback (most recent call last): File "/home/indy/aries_cloudagent/protocols/issue_credential/v1_0/routes.py", line 762, in credential_exchange_store V10CredentialExchange.STATE_CREDENTIAL_RECEIVED AssertionError 2020-05-27 14:25:01,818 aiohttp.server ERROR Error handling request Traceback (most recent call last): File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aiohttp/web_protocol.py", line 418, in start resp = await task File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aiohttp/web_app.py", line 458, in _handle resp = await handler(request) File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aiohttp/web_middlewares.py", line 119, in impl return await handler(request) File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aiohttp_apispec/middlewares.py", line 45, in validation_middleware return await handler(request) File "/home/indy/aries_cloudagent/admin/server.py", line 192, in apply_limiter return await task File "/home/indy/aries_cloudagent/protocols/issue_credential/v1_0/routes.py", line 762, in credential_exchange_store V10CredentialExchange.STATE_CREDENTIAL_RECEIVED AssertionError 2020-05-27 14:25:01,818 aiohttp.access INFO 175.167.154.193 [27/May/2020:14:25:01 +0000] "POST /issue-credential/records/92a447b6-ad80-44b2-a5b1-8b0071ea4c21/store HTTP/1.1" 500 369 "http://localhost:4200/credentials/offers" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36" ```

lijiachuan (Wed, 27 May 2020 14:45:56 GMT):
Hi all, I encountered one error when I tried to store the new issued credential(generated via /issue-credential/send) into the wallet via /issue-credential/records/{cred_ex_id}/store, below is the error in log, did anyone encountered this error? ``` 2020-05-27 14:25:01,336 aiohttp.access INFO 175.167.154.193 [27/May/2020:14:25:01 +0000] "OPTIONS /issue-credential/records/92a447b6-ad80-44b2-a5b1-8b0071ea4c21/store HTTP/1.1" 200 335 "http://localhost:4200/credentials/offers" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36" 2020-05-27 14:25:01,817 aries_cloudagent.core.dispatcher ERROR Handler error: credential_exchange_store Traceback (most recent call last): File "/home/indy/aries_cloudagent/protocols/issue_credential/v1_0/routes.py", line 762, in credential_exchange_store V10CredentialExchange.STATE_CREDENTIAL_RECEIVED AssertionError 2020-05-27 14:25:01,818 aiohttp.server ERROR Error handling request Traceback (most recent call last): File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aiohttp/web_protocol.py", line 418, in start resp = await task File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aiohttp/web_app.py", line 458, in _handle resp = await handler(request) File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aiohttp/web_middlewares.py", line 119, in impl return await handler(request) File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aiohttp_apispec/middlewares.py", line 45, in validation_middleware return await handler(request) File "/home/indy/aries_cloudagent/admin/server.py", line 192, in apply_limiter return await task File "/home/indy/aries_cloudagent/protocols/issue_credential/v1_0/routes.py", line 762, in credential_exchange_store V10CredentialExchange.STATE_CREDENTIAL_RECEIVED AssertionError 2020-05-27 14:25:01,818 aiohttp.access INFO 175.167.154.193 [27/May/2020:14:25:01 +0000] "POST /issue-credential/records/92a447b6-ad80-44b2-a5b1-8b0071ea4c21/store HTTP/1.1" 500 369 "http://localhost:4200/credentials/offers" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36" ```

andrew.whitehead (Wed, 27 May 2020 18:04:09 GMT):
Looks like a bug, it should be returning an HTTP error response. Can you please file an issue in the Github repo

andrew.whitehead (Wed, 27 May 2020 18:04:47 GMT):
ACA-Py user group meeting is on now: https://zoom.us/j/900111661

sklump (Wed, 27 May 2020 18:15:36 GMT):
... git knows they're links.

lijiachuan (Wed, 27 May 2020 18:20:43 GMT):
New issue raised. https://github.com/hyperledger/aries-cloudagent-python/issues/530

RimAbdallah (Thu, 28 May 2020 13:49:47 GMT):
Has joined the channel.

RimAbdallah (Thu, 28 May 2020 13:49:48 GMT):
When a holder receive an issued credential than can be later revoked, To present a prrof it must construct the revocation state and access the tail file, as a result when i attempt to present a proof i get "Error when constructing revocation state -Invalid len of bytes representation for PoingG2"

sklump (Thu, 28 May 2020 14:56:41 GMT):
`GET /revocation/registry/{rev_reg_id}/tails-file` from the issuer to download the tails file. Also, your proof request needs a `non_revoked` non-revocation interval as per https://github.com/hyperledger/indy-sdk/blob/6ecf3dded79fde74206ec0939d2dda179784768c/wrappers/python/indy/anoncreds.py#L1127.

sklump (Thu, 28 May 2020 14:56:41 GMT):
Send `GET /revocation/registry/{rev_reg_id}/tails-file` to the issuer to download the tails file. Also, your proof request needs a `non_revoked` non-revocation interval as per https://github.com/hyperledger/indy-sdk/blob/6ecf3dded79fde74206ec0939d2dda179784768c/wrappers/python/indy/anoncreds.py#L1127.

swcurran (Thu, 28 May 2020 21:34:06 GMT):
In the ACA-Py Admin API endpoint - /issue-credential/send-offer, what is the "credential_id" in the body of the message? @sklump

sklump (Fri, 29 May 2020 10:18:28 GMT):

send-offer.png

sklump (Fri, 29 May 2020 10:23:33 GMT):
In the request, there is no `credential_id`: `connection_id` identifies the connection; `cred_def_id` identifies the cred def so that the holder can vet it against the ledger's copy. The response is a cred def exchange record, which tracks the whole interaction. There won't be any content in its `credential_id` at this stage.

swcurran (Fri, 29 May 2020 15:57:49 GMT):
Arrgghh...sorry - /store endpoint

lsm (Fri, 29 May 2020 18:22:12 GMT):
[ ](https://chat.hyperledger.org/channel/aries-cloudagent-python?msg=onjXwndyxAaG4AXyD) Hi, has there gone any ideas/work into the direction of a multi wallet or custodial agent? We would be interested in that feature and currently testing what would be the best approach for that. But I saw this thread so if there are already some concepts around it would be great to know or at least it would be nice to discuss our current approach.

swcurran (Fri, 29 May 2020 18:34:42 GMT):
@TelegramSam - this is a popular topic. How about a conversation on the Aries WG call about this? @lsm -- would you be able to make a call like that? We have them US Wednesday morning (7AM Pacific) and US Wednesday afternoon (12 Noon Pacific).

lsm (Fri, 29 May 2020 18:44:58 GMT):
hi thanks for the reply! That should both work. Does this mean there has already gone work into it?

swcurran (Fri, 29 May 2020 18:46:56 GMT):
I'm not sure. I'm not aware of any support in the repos of which I'm aware, but others could be doing things on their own.

swcurran (Fri, 29 May 2020 18:47:28 GMT):
It is a common topic, so we can likely get some ideas from the community about the best approach.

rileyphughes (Fri, 29 May 2020 18:51:14 GMT):
If I'm understanding the question correctly, this is basically what we've built at Streetcred. It's the core of our product. We have 2 APIs that do this, the Agency API (for issuer/verifiers) and the Custodian API (for holders)

rileyphughes (Fri, 29 May 2020 18:51:19 GMT):
https://app.swaggerhub.com/apis-docs/Streetcred/agency/v1#/

rileyphughes (Fri, 29 May 2020 18:51:29 GMT):
https://app.swaggerhub.com/apis-docs/Streetcred/custodian/v1

rileyphughes (Fri, 29 May 2020 18:51:52 GMT):
Feel free to check them out for implementation ideas.

swcurran (Fri, 29 May 2020 18:52:14 GMT):
Is that part of aries-framework-dotnet or built on top of that framework?

rileyphughes (Fri, 29 May 2020 18:56:32 GMT):
Built on top. But I thought it could be useful to see how we've architected it logically to someone else wanting to implement something similar

swcurran (Fri, 29 May 2020 18:57:30 GMT):
Definitely. It would be awesome to have a presentation on that.

swcurran (Fri, 29 May 2020 18:57:40 GMT):
Would you be willing to present on that?

rileyphughes (Fri, 29 May 2020 18:58:49 GMT):
Yes definitely

lsm (Fri, 29 May 2020 18:59:30 GMT):
Thanks @rileyphughes looks interesting, and depending on my authentication token I specify my wallet?

swcurran (Fri, 29 May 2020 18:59:42 GMT):
k - we'll see how that can fit.

lsm (Fri, 29 May 2020 19:00:10 GMT):
perfect 👌 are the agendas of the wg published in advance somewhere?

swcurran (Fri, 29 May 2020 19:01:09 GMT):
Yes - here is a list of all the meetings - https://wiki.hyperledger.org/display/ARIES/Aries+Working+Group Dial in info included.

lsm (Fri, 29 May 2020 19:04:48 GMT):
thanks, will the agenda for the next meetings be added? I'll try to participate from now on but to make sure I don't miss the one about the relevant topic

swcurran (Fri, 29 May 2020 19:12:46 GMT):
I'll write a note to remind me to ping you when that goes on the agenda, but no promises. :-) Glad to have you participate every week - lots of good stuff happening :-)

lsm (Fri, 29 May 2020 19:13:51 GMT):
Haha thanks I'll keep watch. Looking forward to participate!

ianco (Fri, 29 May 2020 21:32:37 GMT):
FYI this is a django controller/wrapper around multiple aca-py instances: https://github.com/AnonSolutions/django-aries-community ... suitable for demo's but not production use

ianco (Fri, 29 May 2020 21:33:10 GMT):
(The UI supports English, Portugese and I think Spanish as well)

sklump (Mon, 01 Jun 2020 10:07:13 GMT):
For posterity, the holder can specify a `credential_id` in the request to override the default (random UUID4) identifier under which aca-py stores the credential in the wallet.

StevenTCramer (Tue, 02 Jun 2020 14:50:43 GMT):
Has joined the channel.

StevenTCramer (Tue, 02 Jun 2020 16:02:24 GMT):
Hell all, I am trying to get ACA-py running locally using docker. ``` scripts/run_docker start --inbound-transport http 0.0.0.0 8000 --outbound-transport http --admin-insecure-mode --admin 0.0.0.0 8080 ``` It claims it is listening... ``` :::::::::::::::::::::::::::::::::::::::::::::: :: Aries Cloud Agent :: :: :: :: :: :: Inbound Transports: :: :: :: :: - http://0.0.0.0:8000 :: :: :: :: Outbound Transports: :: :: :: :: - http :: :: - https :: :: :: :: Administration API: :: :: :: :: - http://0.0.0.0:8080 :: :: :: :: ver: 0.5.1 :: :::::::::::::::::::::::::::::::::::::::::::::: Listening... ``` yet when I go to http://localhost:8080/api/docs/swagger.json I get connection refused. and docker doesn't show ports in use. ``` ➜ aries-cloudagent-python git:(master) ✗ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES e0f33eefc8b1 aries-cloudagent-run "/bin/bash -c 'aca-p…" 7 seconds ago Up 6 seconds aries-cloudagent-runner_y6YZH9yHtZmeEdfy ``` Any ideas what I am doing wrong?

StevenTCramer (Tue, 02 Jun 2020 16:02:24 GMT):
Hello all, I am trying to get ACA-py running locally using docker. ``` scripts/run_docker start --inbound-transport http 0.0.0.0 8000 --outbound-transport http --admin-insecure-mode --admin 0.0.0.0 8080 ``` It claims it is listening... ``` :::::::::::::::::::::::::::::::::::::::::::::: :: Aries Cloud Agent :: :: :: :: :: :: Inbound Transports: :: :: :: :: - http://0.0.0.0:8000 :: :: :: :: Outbound Transports: :: :: :: :: - http :: :: - https :: :: :: :: Administration API: :: :: :: :: - http://0.0.0.0:8080 :: :: :: :: ver: 0.5.1 :: :::::::::::::::::::::::::::::::::::::::::::::: Listening... ``` yet when I go to http://localhost:8080/api/docs/swagger.json I get connection refused. and docker doesn't show ports in use. ``` ➜ aries-cloudagent-python git:(master) ✗ docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES e0f33eefc8b1 aries-cloudagent-run "/bin/bash -c 'aca-p…" 7 seconds ago Up 6 seconds aries-cloudagent-runner_y6YZH9yHtZmeEdfy ``` Any ideas what I am doing wrong?

sklump (Tue, 02 Jun 2020 16:19:40 GMT):
``` PORTS="8000:8000 8080:8080" scripts/run_docker start --inbound-transport http 0.0.0.0 8000 --outbound-transport http --admin-insecure-mode --admin 0.0.0.0 8080 ``` Need the `PORTS` variable to map ports

StevenTCramer (Tue, 02 Jun 2020 18:54:23 GMT):
@sklump Yep Thank you! Did the trick

swcurran (Tue, 02 Jun 2020 18:59:15 GMT):
Nice!

HLFPOC (Wed, 03 Jun 2020 08:18:39 GMT):
Hi Team, I am trying to run Revocation Demo using `indy-tails-server` but facing some issues with it. Here are the logs of Faber agent:

HLFPOC (Wed, 03 Jun 2020 08:18:39 GMT):
@ianco, @swcurran : Can you please suggest what can be the issue here?

HLFPOC (Wed, 03 Jun 2020 08:18:39 GMT):
@ianco, @swcurran : I am trying to run Revocation Demo using `indy-tails-server` but facing some issues with it. Can you please suggest what can be the issue here?

HLFPOC (Wed, 03 Jun 2020 08:18:50 GMT):
``` EVENT: Controller POST /revocation/registry/RyZmAX4Adu1F1jiGiMn2N6:4:RyZmAX4Adu1F1jiGiMn2N6:3:CL:22372:default:CL_ACCUM:6c65b5f6-473f-4951-9bf8-ab13e0c106b0/publish request to Agent EVENT: Response from POST /revocation/registry/RyZmAX4Adu1F1jiGiMn2N6:4:RyZmAX4Adu1F1jiGiMn2N6:3:CL:22372:default:CL_ACCUM:6c65b5f6-473f-4951-9bf8-ab13e0c106b0/publish received: { "result": { "revoc_reg_entry": { "ver": "1.0", "value": { "accum": "21 11F28DB0990E46B046731C32894D63342486F3AA830E148FCFD45CE2171D0A7C4 21 1175A350899DDF2B4522E1F697989A13B62D40C7835B6229D96594C1629D054BE 6 8C3B6B404CAE34A7112FFAFD4535A2B7BEC54A4BFCE7E36D974B91878046EE42 4 324AA9FE7391299ABDE16ED103C662B7227DB1D1B8DEEA725D49AD7D0FEC220B 6 6E7D4B38FB48AEF1A512ABAFCA6707A05FA355B68D7A154E76D1E57342156867 4 37CE5840AB00DFCC4C690354BD63E60B1ADAF1D969E261DD6FD44FC2B06F1414" } }, "pending_pub": [], "revoc_reg_id": "RyZmAX4Adu1F1jiGiMn2N6:4:RyZmAX4Adu1F1jiGiMn2N6:3:CL:22372:default:CL_ACCUM:6c65b5f6-473f-4951-9bf8-ab13e0c106b0", "issuance_type": "ISSUANCE_BY_DEFAULT", "revoc_def_type": "CL_ACCUM", "tails_hash": "7JuwzVSUeas14nhyUhhXgx1SQFv6YcDvWSBNNaCu4YzM", "issuer_did": "RyZmAX4Adu1F1jiGiMn2N6", "tag": "6c65b5f6-473f-4951-9bf8-ab13e0c106b0", "tails_public_uri": "https://0dc526ea01e0.ngrok.io/RyZmAX4Adu1F1jiGiMn2N6:4:RyZmAX4Adu1F1jiGiMn2N6:3:CL:22372:default:CL_ACCUM:6c65b5f6-473f-4951-9bf8-ab13e0c106b0", "tails_local_path": "/tmp/tmpmatynii4revoc/7JuwzVSUeas14nhyUhhXgx1SQFv6YcDvWSBNNaCu4YzM", "max_cred_num": 20, "revoc_reg_def": { "ver": "1.0", "id": "RyZmAX4Adu1F1jiGiMn2N6:4:RyZmAX4Adu1F1jiGiMn2N6:3:CL:22372:default:CL_ACCUM:6c65b5f6-473f-4951-9bf8-ab13e0c106b0", "revocDefType": "CL_ACCUM", "tag": "6c65b5f6-473f-4951-9bf8-ab13e0c106b0", "credDefId": "RyZmAX4Adu1F1jiGiMn2N6:3:CL:22372:default", "value": { "issuanceType": "ISSUANCE_BY_DEFAULT", "maxCredNum": 20, "publicKeys": { "accumKey": { "z": "1 076AE0840407C6FEF2F6DC30C1FB5C50B1B26FE885F81B1019D788DF7BD9FB1A 1 169F358740C7B190E0618E748FEC49312890CE0E03C7A99042FD882DEBBCD62C 1 155B29E854D205BA9546ED3A96FF1C119384994B2165CC1FB3222A6957E4E9DD 1 2484310F575D1DBEAC8F299382C04CEC53D452D9CDB909D43696CEC74D590BEF 1 0159458AA6441A5BB994D5C8F1A9F5C7061204244FBF0A12778BF75C5EDE02DD 1 1D580657B255D63B80843018F94D541247B7DF80C0A38895A1B834A863FD49A5 1 0EDF71FD3D63A83502895A93FB63C9AC46CE1D1F133BAAAAFE2CA483C382E26E 1 0FA173D829550ACB771558C7F7DA509D2444DFFA4307293FC93A84492D2559AB 1 0ED41F1B46F592D702E1FE8CDE85B67B2ADB2449E14F59B424E0FA4E2BCC5F3D 1 0AB35254FA4363D388D3AB06068214163F723CCFE1B3293A3C1829FEC0319C5B 1 14022FEDCF714E54769F9B1F5BC1F44BD56A62AB9FBBE7539C02D3F2441C44A1 1 21B05D74AE1A96E193D968990B4AA6DE2B37E6EAC4F81AA2F0255E7BC516DA15" } }, "tailsHash": "7JuwzVSUeas14nhyUhhXgx1SQFv6YcDvWSBNNaCu4YzM", "tailsLocation": "https://0dc526ea01e0.ngrok.io/RyZmAX4Adu1F1jiGiMn2N6:4:RyZmAX4Adu1F1jiGiMn2N6:3:CL:22372:default:CL_ACCUM:6c65b5f6-473f-4951-9bf8-ab13e0c106b0" } }, "cred_def_id": "RyZmAX4Adu1F1jiGiMn2N6:3:CL:22372:default", "updated_at": "2020-06-03 07:52:52.381061Z", "created_at": "2020-06-03 07:52:46.607344Z", "state": "active", "record_id": "6c65b5f6-473f-4951-9bf8-ab13e0c106b0" } } ```

HLFPOC (Wed, 03 Jun 2020 08:19:07 GMT):
``` Faber | Error during PUT FILE https://0dc526ea01e0.ngrok.io/RyZmAX4Adu1F1jiGiMn2N6:4:RyZmAX4Adu1F1jiGiMn2N6:3:CL:22372:default:CL_ACCUM:6c65b5f6-473f-4951-9bf8-ab13e0c106b0: 500, message='Internal Server Error', url=URL('https://0dc526ea01e0.ngrok.io/RyZmAX4Adu1F1jiGiMn2N6:4:RyZmAX4Adu1F1jiGiMn2N6:3:CL:22372:default:CL_ACCUM:6c65b5f6-473f-4951-9bf8-ab13e0c106b0') Faber | Faber | Shutting down Faber | Exited with return code 0 Traceback (most recent call last): File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/runpy.py", line 193, in _run_module_as_main "__main__", mod_spec) File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/runpy.py", line 85, in _run_code exec(code, run_globals) File "/home/indy/demo/runners/faber.py", line 447, in main(args.port, args.no_auto, args.revocation, args.timing) File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/asyncio/base_events.py", line 484, in run_until_complete return future.result() File "/home/indy/demo/runners/faber.py", line 195, in main credential_definition_id, TAILS_FILE_COUNT File "/home/indy/demo/runners/support/agent.py", line 260, in create_and_publish_revocation_registry params=None, File "/home/indy/demo/runners/support/agent.py", line 553, in admin_PUT_FILE resp.raise_for_status() File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aiohttp/client_reqrep.py", line 946, in raise_for_status headers=self.headers) aiohttp.client_exceptions.ClientResponseError: 500, message='Internal Server Error', url=URL('https://0dc526ea01e0.ngrok.io/RyZmAX4Adu1F1jiGiMn2N6:4:RyZmAX4Adu1F1jiGiMn2N6:3:CL:22372:default:CL_ACCUM:6c65b5f6-473f-4951-9bf8-ab13e0c106b0')` ```

HLFPOC (Wed, 03 Jun 2020 08:19:14 GMT):
And here are the `tails-server` logs:

HLFPOC (Wed, 03 Jun 2020 08:19:29 GMT):
``` ======== Running on http://0.0.0.0:6543 ======== (Press CTRL+C to quit) 2020-06-03 07:52:53,836 indy_vdr.bindings WARNING Library not loaded from python package 2020-06-03 07:52:56,631 aiohttp.server ERROR Error handling request Traceback (most recent call last): File "/home/indy/.local/lib/python3.7/site-packages/aiohttp/web_protocol.py", line 418, in start resp = await task File "/home/indy/.local/lib/python3.7/site-packages/aiohttp/web_app.py", line 458, in _handle resp = await handler(request) File "/home/indy/tails_server/web.py", line 72, in put_file genesis_txn_bytes, revocation_reg_id, storage_path File "/home/indy/tails_server/ledger.py", line 38, in get_rev_reg_def req = indy_vdr.ledger.build_get_revoc_reg_def_request( AttributeError: module 'indy_vdr.ledger' has no attribute 'build_get_revoc_reg_def_request' ```

swcurran (Wed, 03 Jun 2020 13:39:48 GMT):
@nbrempel ^^^^

nbrempel (Wed, 03 Jun 2020 13:39:48 GMT):
Has joined the channel.

Jintolus (Wed, 03 Jun 2020 13:49:29 GMT):
Has joined the channel.

nbrempel (Wed, 03 Jun 2020 16:07:22 GMT):
It looks like the indy_vdr module possibly isn't being loaded correctly. I'm not sure why that might be. I think @ianco saw this error message once. We thought it was a one-off environment issue but maybe not

nbrempel (Wed, 03 Jun 2020 16:07:33 GMT):
Ian, did you fix this by rebuilding the environment?

ianco (Wed, 03 Jun 2020 16:08:31 GMT):
Right, I didn't do anything specific. Just shut everything down, `./manage rm` all the containers, and then rebuild and restart

nbrempel (Wed, 03 Jun 2020 16:11:02 GMT):
Can you try rebuilding @HLFPOC? We will open a ticket and try to reproduce this and fix the issue

HLFPOC (Wed, 03 Jun 2020 16:32:53 GMT):
Hi @nbrempel , i tried executing the faber demo in a new instance and got the same error there also. Can you please try running the demo by pulling the latest versions of `aries-cloudagent-python` and `indy-tails-server` in your environment to reproduce it ?

HLFPOC (Wed, 03 Jun 2020 16:32:53 GMT):
Hi @nbrempel , i tried executing the faber demo in a new instance (ubuntu vm) and got the same error there also. Can you please try running the demo by pulling the latest versions of `aries-cloudagent-python` and `indy-tails-server` in your environment to reproduce it ?

swcurran (Wed, 03 Jun 2020 16:33:07 GMT):
@HLFPOC --- we're from Microsoft Windows support, as you can clearly tell :-)

nbrempel (Wed, 03 Jun 2020 17:54:55 GMT):
I've run it recently and didn't see the issue. But we will try to reproduce this and see what's up. I've opened a ticket: https://github.com/bcgov/indy-tails-server/issues/6

nbrempel (Wed, 03 Jun 2020 17:56:55 GMT):
One error that I'm noticing is: `2020-06-03 07:52:53,836 indy_vdr.bindings WARNING Library not loaded from python package` @andrew.whitehead is the library being imported correctly? Are there extra steps required due to the Rust bindings? https://github.com/bcgov/indy-tails-server/blob/master/tails_server/ledger.py#L6

andrew.whitehead (Wed, 03 Jun 2020 18:35:34 GMT):
Seems like that next-1 image is built with the wrong python wrapper version, looking into it

andrew.whitehead (Wed, 03 Jun 2020 20:02:08 GMT):
Updated the image, use `docker pull bcgovimages/von-image:next-1`. It was updated with a fix for openshift and seems like it built the wrong library version

HLFPOC (Wed, 03 Jun 2020 20:17:43 GMT):
After pulling the latest image, it is working fine now. Thanks :thumbsup:

kukgini (Thu, 04 Jun 2020 00:24:39 GMT):
Hi all. I wonder when connection can be 'INACTIVE' status?

sklump (Thu, 04 Jun 2020 09:37:08 GMT):
At present, it looks like never. It could be an artifact, or possibly reserved for future use.

HLFPOC (Thu, 04 Jun 2020 12:57:58 GMT):
Hi team, I am facing some issues while trying the revocation feature in ACA-Py: Below are the steps I tried to execute between 2 agents (both on ACA-Py) 1. Started `indy-tails-server` and exposed it using ngrok. 2. Created schema and cred_def with `revocation_support=true` from Agent1. 3. Created revocation registry of the cred_def 4. Updated the revocation registry with the `tails_public_uri` (ngrok url of the tails-server) 5. Published the revocation registry (was able to see 2 entries (`REVOC_REG_DEF` & `REVOC_REG_ENTRY`) in indy ledger) 6. Issued the credential to the Agent2 (using the same revocable cred_def) 7. Sent the proof request of same creds to Agent2. 8. When Agent2 tried to send the proof-presentation, got the below error : ``` 020-06-04 12:00:00,362 aiohttp.server ERROR Error handling request Traceback (most recent call last): File "/home/indy/aries_cloudagent/holder/indy.py", line 376, in create_revocation_state timestamp=timestamp, File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/indy/anoncreds.py", line 1814, in create_revocation_state create_revocation_state.cb) indy.error.CommonInvalidStructure The above exception was the direct cause of the following exception: Traceback (most recent call last): File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aiohttp/web_protocol.py", line 418, in start resp = await task File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aiohttp/web_app.py", line 458, in _handle resp = await handler(request) File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aiohttp/web_middlewares.py", line 119, in impl return await handler(request) File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aiohttp_apispec/middlewares.py", line 45, in validation_middleware return await handler(request) File "/home/indy/aries_cloudagent/admin/server.py", line 192, in apply_limiter return await task File "/home/indy/aries_cloudagent/protocols/present_proof/v1_0/routes.py", line 779, in presentation_exchange_send_presentation comment=body.get("comment"), File "/home/indy/aries_cloudagent/protocols/present_proof/v1_0/manager.py", line 394, in create_presentation raise e File "/home/indy/aries_cloudagent/protocols/present_proof/v1_0/manager.py", line 387, in create_presentation tails_local_path, File "/home/indy/aries_cloudagent/holder/indy.py", line 376, in create_revocation_state timestamp=timestamp, File "/home/indy/aries_cloudagent/indy/error.py", line 27, in exit ) from err_value aries_cloudagent.holder.base.HolderError: Error when constructing revocation state: Error: Invalid structure Caused by: UrsaCryptoError: Invalid len of bytes representation for PoingG2 ``` Not able to figure out the issue. Also, I tried to download the file from the tails server (using https://ngrok-url-of-tails-server/revocation/registry/{id}/tails-file) but got 404. I think it should download the tails file. Not sure if I am missing something here ?

kukgini (Fri, 05 Jun 2020 01:07:10 GMT):
i see. thank you for telling me.

lsm (Fri, 05 Jun 2020 07:12:32 GMT):
Hi all, I get the following error when trying to set a new public did with `/wallet/did/public`:

Shyam_Pratap_Singh (Fri, 05 Jun 2020 14:14:34 GMT):
Has joined the channel.

Shyam_Pratap_Singh (Fri, 05 Jun 2020 14:18:03 GMT):
Hi Team, i am curious about the fact that, how Verifier is verifying the authenticity of credential sent by holder, in case holder has tampered the credential.

Shyam_Pratap_Singh (Fri, 05 Jun 2020 14:19:55 GMT):
Since there is no single source of truth, Holder may blame to issuer about issuing tampered documents that he has sent to Verifier? How this issue would be resolved

swcurran (Fri, 05 Jun 2020 14:31:52 GMT):
Tampering is evident because the claims are signed by the Issuer using keys that the verifier gets from the blockchain. The holder cannot change the data undetected. This guarantees that what the issuer wrote was received by the verifier, leaving the verifier with the question -- do I trust the issuer?

Shyam_Pratap_Singh (Fri, 05 Jun 2020 19:05:49 GMT):
thanks Stephen for clarification

Moshe7 (Sat, 06 Jun 2020 22:51:48 GMT):
Has joined the channel.

domwoe (Mon, 08 Jun 2020 12:49:48 GMT):
Just saw the recent merged pull request concerning JSON-LD Signatures. This is exciting ;) Is there a written or recorded discussion on the reason/goal/next steps for that?

HLFPOC (Mon, 08 Jun 2020 13:08:44 GMT):
In the `connection/create-invitation` API, there is a field present in the sample model: `imageUrl` which I believe can be used to show logo/icon of the agent but how to set the value of this parameter while creating the connection invitation as there is no option to set the value of this field in Swagger under this API.

sheru (Mon, 08 Jun 2020 14:57:54 GMT):
I am trying to issue a credential to the mobile agent I have build the mobile app from https://github.com/hyperledger/aries-mobileagent-xamarin I have successfully setup the mediator for the mobile agent. Also connect with the cloud agent by scanning the QR code. And send a credential offer to the mobile agent using the connection id from the cloud agent python. The mobile agent reflects that there is an offer received. But while trying to request the offered credential from mobile app I am getting following error message. ```Hyperledger.Indy.PoolApi.PoolConfigNotCreatedException Message=The requested pool cannot be opened because it does not have an existing configuration.```

sheru (Mon, 08 Jun 2020 14:57:54 GMT):
Hey team hope everyone is doing fine. I am trying to issue a credential to the mobile agent I have build the mobile app from https://github.com/hyperledger/aries-mobileagent-xamarin I have successfully setup the mediator for the mobile agent. Also connect with the cloud agent by scanning the QR code. And send a credential offer to the mobile agent using the connection id from the cloud agent python. The mobile agent reflects that there is an offer received. But while trying to request the offered credential from mobile app I am getting following error message. ```Hyperledger.Indy.PoolApi.PoolConfigNotCreatedException Message=The requested pool cannot be opened because it does not have an existing configuration.``` Also checked the mediator logs and found the following error message. ```fail: Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware[1] An unhandled exception has occurred while executing the request. Hyperledger.Aries.AriesFrameworkException: Couldn't locate a message handler for type did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/discover-features/1.0/query at Hyperledger.Aries.Agents.AgentBase.ProcessMessage(IAgentContext agentContext, MessageContext messageContext) at Hyperledger.Aries.Agents.AgentBase.ProcessAsync(IAgentContext context, MessageContext messageContext) at Hyperledger.Aries.AspNetCore.AgentMiddleware.Invoke(HttpContext httpContext, IAgentProvider agentProvider) at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)``` I am not able to understand why this is not working. Please help guys to solve this. Thank You in advance.

swcurran (Mon, 08 Jun 2020 16:35:00 GMT):
The goal is that this is the first step to the use of BBS+ ZKPs based on JSON-LD. Next up is to integrate what is there today in to the Issue Credential/Present Proof protocols. Right now, it's up to the controller to do all the work. Are you familiar with those intiatives?

SethiSaab (Mon, 08 Jun 2020 22:15:33 GMT):
Has joined the channel.

domwoe (Mon, 08 Jun 2020 22:17:21 GMT):
Thanks Stephen. I know about the BBS+ ZKPs and its application for JSON-LD VCs. This is definitely cool, but from my perspective it would already be a great step to support simple JSON-LD VCs with more common signature types like EdDSA.

SethiSaab (Mon, 08 Jun 2020 22:17:39 GMT):
Hi Team , I am currently working on Hyperledger Aries python agent

SethiSaab (Mon, 08 Jun 2020 22:17:54 GMT):
i am getting error while calling localhost:5000/credential-definitions api

SethiSaab (Mon, 08 Jun 2020 22:18:18 GMT):
RROR Handler error: credential_definitions_send_credential_definition doorman-issuer-agent_1 | concurrent.futures._base.CancelledError: Task was cancelled

SethiSaab (Mon, 08 Jun 2020 22:18:26 GMT):
this is the error i am getting in agent logs

SethiSaab (Mon, 08 Jun 2020 22:18:40 GMT):
but when i am calling the same api from postman it is working for me

SethiSaab (Mon, 08 Jun 2020 22:18:50 GMT):
could someone please help me out

swcurran (Mon, 08 Jun 2020 22:21:44 GMT):
Understood and the work that has been started gets us part way there. We're pretty strong in the belief that ZKPs, selective disclosure and ZKP-based revocation are fundamental. So the BC Gov contributions will be focused on getting to that. But would love contributions, and the team will support anyone that wants to support JSON-LD VCs. We'd like to use the the Aries Issue/Presentation protocols (likely v2 of each), and align with what has been done by the AF-Go team's work.

swcurran (Mon, 08 Jun 2020 22:26:20 GMT):
We probably need more info than that, but we'll see what the devs say. You might want to add more about what you are doing, and more of a log. @andrew.whitehead @ianco FYI

SethiSaab (Mon, 08 Jun 2020 22:27:26 GMT):

Screenshot from 2020-06-08 02-47-21.png

SethiSaab (Mon, 08 Jun 2020 22:27:28 GMT):

Screenshot from 2020-06-08 02-42-57.png

SethiSaab (Mon, 08 Jun 2020 22:27:28 GMT):

Screenshot from 2020-06-08 02-39-08.png

SethiSaab (Mon, 08 Jun 2020 22:27:37 GMT):
I am able to get response from postman

SethiSaab (Mon, 08 Jun 2020 22:28:47 GMT):
but when i am hitting via my code at line num 84 i am getting nothing and the task automatically stops there and rest of the code doesn't get executed

SethiSaab (Mon, 08 Jun 2020 22:29:20 GMT):
and i am not able to see logs by using console.log but able to get a small snippet in agent's logs

SethiSaab (Mon, 08 Jun 2020 22:30:21 GMT):
these are my logs

SethiSaab (Mon, 08 Jun 2020 22:30:26 GMT):
=================================

SethiSaab (Mon, 08 Jun 2020 22:30:29 GMT):
2020-06-08 22:29:51,351 indy.libindy.native.indy.services.ledger INFO src/services/ledger/mod.rs:260 | parse_get_schema_response() => Ok(("WoR2JYs1YDjWRztrYVgJfJ:2:verify-doorman-visitor:1.1.1", "{\"ver\":\"1.0\",\"id\":\"WoR2JYs1YDjWRztrYVgJfJ:2:verify-doorman-visitor:1.1.1\",\"name\":\"verify-doorman-visitor\",\"version\":\"1.1.1\",\"attrNames\":[\"lastName\",\"contactNumber\",\"firstName\"],\"seqNo\":22968}")) doorman-issuer-agent_1 | 2020-06-08 22:29:51,352 aries_cloudagent.ledger.indy WARNING Schema already exists on ledger. Returning ID. doorman-issuer-agent_1 | 2020-06-08 22:29:51,406 aiohttp.access INFO 172.19.0.1 [08/Jun/2020:22:29:49 +0000] "POST /schemas HTTP/1.1" 200 246 "-" "-" doorman-issuer-agent_1 | 2020-06-08 22:29:51,477 aries_cloudagent.core.dispatcher ERROR Handler error: credential_definitions_send_credential_definition doorman-issuer-agent_1 | concurrent.futures._base.CancelledError: Task was cancelled doorman-issuer-agent_1 | 2020-06-08 22:29:56,408 indy.libindy.native.indy.services.pool.pool INFO src/services/pool/pool.rs:749 | Drop started doorman-issuer-agent_1 | 2020-06-08 22:29:56,409 indy.libindy.native.indy.services.pool.pool INFO src/services/pool/pool.rs:757 | Drop wait worker doorman-issuer-agent_1 | 2020-06-08 22:29:56,410 indy.libindy.native.indy.services.pool.pool INFO src/services/pool/pool.rs:760 | Drop f*

ianco (Mon, 08 Jun 2020 22:46:18 GMT):
It looks like some kind of pool timeout

ianco (Mon, 08 Jun 2020 22:46:32 GMT):
(ledger timeout)

ianco (Mon, 08 Jun 2020 22:47:01 GMT):
I don't know why it would work from postman but not from the application's controller code ...

ianco (Mon, 08 Jun 2020 22:47:55 GMT):
... unless you're trying to create the same cred def twice, I'm not sure how that would behave

SethiSaab (Tue, 09 Jun 2020 09:39:57 GMT):
I am not sure if the connection is kept alive of got closed after calling ---create schema api

SethiSaab (Tue, 09 Jun 2020 09:39:57 GMT):
I am not sure if the connection is kept alive and didnt get close after calling ---create schema api

SethiSaab (Tue, 09 Jun 2020 09:40:15 GMT):
https://github.com/hyperledger/aries-cloudagent-python/blob/634ea6c5af4da2dddd3e2cc356526f88aa4c5150/aries_cloudagent/ledger/indy.py

severus-sn4pe (Tue, 09 Jun 2020 11:59:03 GMT):
Has joined the channel.

swcurran (Wed, 10 Jun 2020 03:26:39 GMT):
Join us for the ACA-Py User Group tomorrow (Wednesday) at 11AM Pacific (1 hour before the Aries WG Call). We'll have the core maintainers on the call to answer any questions and we'll be talking about the division of duties in revocation between ACA-Py and the Controller. Zoom link will be: https://zoom.us/j/900111661; Link to meeting agenda page: https://wiki.hyperledger.org/display/ARIES/2020-06-10+Aries+Cloud+Agent+-+Python+Users+Group+Community+Meeting

seriousmountain (Wed, 10 Jun 2020 12:47:24 GMT):
Has joined the channel.

sheru (Thu, 11 Jun 2020 13:48:13 GMT):
Good Morning, Hope everyone doing well. I am trying to play around with aries-mobileagent-xamarin I have setup the mediator and successfully make a connection with cloud agent by scan the qr code. the cloud agent offer a credential to the mobile agent. When I am trying to request for accept the credential from the mobile agent I am getting the following error... ```**Hyperledger.Indy.PoolApi.PoolConfigNotCreatedException:** 'The requested pool cannot be opened because it does not have an existing configuration.'``` Can anyone please help me what I am missing , Thank you...

swcurran (Thu, 11 Jun 2020 13:51:22 GMT):
Where is the ledger you are using? I'm thinking that (a) the genesis file you have on the Aries MAX is wrong or (b) the ledger is not accessible by Aries MAX. @sukalpomitra --- any ideas here?

sukalpomitra (Thu, 11 Jun 2020 13:54:33 GMT):
HI @swcurran - I think I would ask the same questions. Himangshu check the ip address of the genesis file that you have given. Himangshu pm-ed me and I told him to ask Tomislav. I am a little rusty now as I have not worked on this repo for a long time now. I would need some time to come to speed.

sheru (Thu, 11 Jun 2020 13:55:47 GMT):
Thank you I am double checking this.

swcurran (Thu, 11 Jun 2020 16:57:21 GMT):
BC Gov has announced a CDN$25k bounty for help with the Aries Agent Test Harness to build a backchannel (integration) with aries-framework-dotnet. Please look at the work and if you are interested, submit an application. The following is a link to the opportunity, which has details on the work to be done. Questions welcome! https://digital.gov.bc.ca/marketplace/opportunities/code-with-us/d359da07-d8e2-48eb-89bc-35f9f04aa09c

lijiachuan (Fri, 12 Jun 2020 08:19:56 GMT):
Hi all, I encountered one error when invoke the "/present-proof/records" service, it returned 500 error, and from the logs, below is the error, this is one new installed agent, I am not sure why this error happened. Does anyone encounter this issue before? Thanks. ``` 2020-06-12 08:16:35,739 aries_cloudagent.core.dispatcher ERROR Handler error: presentation_exchange_list Traceback (most recent call last): File "/home/indy/aries_cloudagent/protocols/present_proof/v1_0/routes.py", line 353, in presentation_exchange_list for k in ("connection_id", "role", "state") File "/home/indy/aries_cloudagent/protocols/present_proof/v1_0/routes.py", line 354, in if request.query[k] != "" KeyError: 'connection_id' 2020-06-12 08:16:35,739 aiohttp.server ERROR Error handling request Traceback (most recent call last): File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aiohttp/web_protocol.py", line 418, in start resp = await task File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aiohttp/web_app.py", line 458, in _handle resp = await handler(request) File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aiohttp/web_middlewares.py", line 119, in impl return await handler(request) File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aiohttp_apispec/middlewares.py", line 45, in validation_middleware return await handler(request) File "/home/indy/aries_cloudagent/admin/server.py", line 192, in apply_limiter return await task File "/home/indy/aries_cloudagent/protocols/present_proof/v1_0/routes.py", line 353, in presentation_exchange_list for k in ("connection_id", "role", "state") File "/home/indy/aries_cloudagent/protocols/present_proof/v1_0/routes.py", line 354, in if request.query[k] != "" KeyError: 'connection_id' 2020-06-12 08:16:35,740 aiohttp.access INFO 175.167.138.88 [12/Jun/2020:08:16:35 +0000] "GET /present-proof/records HTTP/1.1" 500 244 "http://40.69.157.238:8080/api/doc" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36" ```

sklump (Fri, 12 Jun 2020 10:06:56 GMT):
What is the request you sent? The admin API provides the corresponding `curl`.

sklump (Fri, 12 Jun 2020 10:06:56 GMT):
My mistake. Sorry - I will update it within the hour and it ought to be in master today.

sklump (Fri, 12 Jun 2020 10:14:12 GMT):
If you want to patch it, change ``` if request.query[k] != ""` to ```

sklump (Fri, 12 Jun 2020 10:14:12 GMT):
If you want to patch it, change ``` if request.query[k] != "" ```to ```

sklump (Fri, 12 Jun 2020 10:14:12 GMT):
If you want to patch it and move on for the meantime, change ``` if request.query[k] != "" ``` to ``` if request.query.get(k, "") != "" ```

lijiachuan (Fri, 12 Jun 2020 10:32:24 GMT):
never mind, will wait for your update :)

sklump (Fri, 12 Jun 2020 13:14:12 GMT):
It's part of pull request 555, when it's merged into master you should be fine

sklump (Fri, 12 Jun 2020 13:14:12 GMT):
It's part of pull request 555, when it's merged into master you should be fine _update_: it's in

shonjs (Sat, 13 Jun 2020 07:09:48 GMT):
If I remember correctly, I had to create a pool config myself on initialization, when I encountered the error. Although from the .net framework tests, it seemed like it should do it auto by just giving the genesis file path. Was able to use the ledger service after that. Not sure if I had to do things differently. Would be good to know.

shonjs (Sat, 13 Jun 2020 07:09:48 GMT):
If I remember correctly, I had to create a pool config myself on initialization, when I encountered the error. Although from the .net framework tests, it seemed like it should do it auto by just giving the genesis file path on register. Was able to use the ledger service after that. Not sure if I had to do things differently. Would be good to know.

shonjs (Sat, 13 Jun 2020 07:09:48 GMT):
If I remember correctly, I had to create a pool config myself on initialization, when I encountered the error. Although from the .net framework tests, it seemed like it should do it auto by just giving the genesis file path on register. Was able to use the ledger service after that. Not sure if I had to do things differently. Would be good to know your update.

HichamTAHIRI (Sun, 14 Jun 2020 15:45:33 GMT):
Has joined the channel.

kukgini (Mon, 15 Jun 2020 00:18:27 GMT):
Hi all, It seems hard to assign agent per user in large volume of users. Is there a way to solve this with a cloud agent instead of a mobile agent at this stage? I understand that multi-tenancy support is not yet in the plan.

swcurran (Mon, 15 Jun 2020 00:34:02 GMT):
Do you mean having a cloud-based mediator for many mobile agents? If not, what is the use case you are thinking about?

kukgini (Mon, 15 Jun 2020 00:58:16 GMT):
@swcurran I'm trying to provide agent custody service for indivisual who has holder role of issuer - holder - verifier scenarion.

kukgini (Mon, 15 Jun 2020 00:58:16 GMT):
@swcurran I'm trying to provide agent custody service for indivisual who has holder role of issuer - holder - verifier scenario.

DiAnh (Mon, 15 Jun 2020 07:00:29 GMT):
Has joined the channel.

DiAnh (Mon, 15 Jun 2020 07:00:29 GMT):
Hi all, i am starting aries cloudagent python with von-network but i got this error:``` `Traceback (most recent call last): File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/runpy.py", line 193, in _run_module_as_main "__main__", mod_spec) File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/runpy.py", line 85, in _run_code exec(code, run_globals) File "/home/indy/demo/runners/faber.py", line 449, in main(args.port, args.no_auto, args.revocation, args.timing) File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/asyncio/base_events.py", line 484, in run_until_complete return future.result() File "/home/indy/demo/runners/faber.py", line 168, in main raise Exception(f"Error registering DID, response code {resp.status}") Exception: Error registering DID, response code 503 ` ``` any suggest for this ? thank for your help.

sklump (Mon, 15 Jun 2020 10:19:27 GMT):
503 is an HTTP response meaning "server unavailable". The request here is to the VON network - it appears to have gone down, but only after the agent got the genesis transactions. In VON network, you can run `manage logs` and see if anything suspicious has occurred there.

swcurran (Mon, 15 Jun 2020 13:24:42 GMT):
So the holder does not have a mobile agent. If that is the case, you really want to go to multi-tenant. There are a number of people interested in that, but it is not yet implemented. Andrew on the team is working on a new storage layer in Aries that ACA-Py will start to use and that will make building multi-tenant much easier. So some progress....

kukgini (Mon, 15 Jun 2020 23:21:58 GMT):
@swcurran That is right. Contrary to my expectations, there are scenarios for those who don't have a mobile device yet. I need to wait for Andrew's work to be completed. thank you for telling me.

kukgini (Mon, 15 Jun 2020 23:21:58 GMT):
@swcurran That is great news. I'll try to join the call. :thumbsup:

swcurran (Mon, 15 Jun 2020 23:24:11 GMT):
FYI - Andrew's progress will be presented on this Wednesday's Aries WG Call B - US Afternoon. Hope you can make it, and it will be recorded.

kukgini (Mon, 15 Jun 2020 23:26:47 GMT):
@swcurran That is great news. I'll try to join the call. :thumbsup:

DucaDellaForcoletta (Tue, 16 Jun 2020 13:23:32 GMT):
Hi all, I'm using the admin api /present-proof/send-request with a comment provided. The comment is not stored in the record and is not received by the holder. I'm missing something?

DucaDellaForcoletta (Tue, 16 Jun 2020 13:23:32 GMT):
Hi All, I'm using the admin api /present-proof/send-request with a comment provided. The comment is not stored in the record and is not received by the holder. I'm missing something?

philippede (Wed, 17 Jun 2020 11:27:12 GMT):
Hi, is there any possibility to change the image_url in the swagger UI or is there an argument for it when starting the aca-py? Thanks!

MikeRichardson (Wed, 17 Jun 2020 11:53:30 GMT):
I would like to have a go at firing up Faber and Alice using the Sovrin Staging Net; I have registered a payment address, set up DIDs and wallets etc but I can't find any documentation on using the network. I understand I need to use https://raw.githubusercontent.com/sovrin-foundation/sovrin/master/sovrin/pool_transactions_sandbox_genesis as the URL for the genesis. Is that correct? I know Aries aca-py agents do not support the Sovrin network: how much work is required to make this so? I would have a go at it if it is not too much.

sklump (Wed, 17 Jun 2020 12:53:50 GMT):
Where? In any case, I don't think so.

sklump (Wed, 17 Jun 2020 12:53:50 GMT):
Where? The API comes out 4500+ lines of json, in which image_url does not appear. In any case, I don't think so.

swcurran (Wed, 17 Jun 2020 13:06:31 GMT):
ACA-Py works fine on the network, and in fact we're moving all of our non-production public apps over to it. Just use the correct genesis file and you are good to go. You have the right one above.

swcurran (Wed, 17 Jun 2020 13:06:31 GMT):
ACA-Py works fine on the Sovrin Staging network, and in fact we're moving all of our non-production public apps over to it. Just use the correct genesis file and you are good to go. You have the right one above.

swcurran (Wed, 17 Jun 2020 13:07:53 GMT):
You do have to handle the TAA which I think is active on the network. There is an endpoint to it.

swcurran (Wed, 17 Jun 2020 13:07:53 GMT):
You do have to handle the TAA which I think is active on the network. There is an endpoint to do that.

swcurran (Wed, 17 Jun 2020 13:07:53 GMT):
You do have to handle the TAA which I think is active on the network. There is an Admin endpoint to do that.

HLFPOC (Wed, 17 Jun 2020 17:00:44 GMT):
I think @philippede is referring to `image_url` attribute present in `ConnectionInvitationSchema` : https://github.com/hyperledger/aries-cloudagent-python/blob/8513eea93824464118da15554d7a19552f289126/aries_cloudagent/protocols/connections/v1_0/messages/connection_invitation.py#L125

HLFPOC (Wed, 17 Jun 2020 17:01:40 GMT):
I am also not able to figure out how and where to set the value for this attribute.

sklump (Wed, 17 Jun 2020 17:03:31 GMT):
This is code, not configuration. You would have to fork your own repo if you want to change variable names.

swcurran (Wed, 17 Jun 2020 17:09:18 GMT):
I think the question is who to use that variable. Where/how is it set?

swcurran (Wed, 17 Jun 2020 17:09:18 GMT):
I think the question is how to use that variable. Where/how is it set?

swcurran (Wed, 17 Jun 2020 17:09:35 GMT):
Could be wrong, but I think that's the issue.

MikeRichardson (Wed, 17 Jun 2020 17:16:54 GMT):
Thank you Stephen

swcurran (Wed, 17 Jun 2020 17:18:00 GMT):
We have experience with this, so ask away.

HLFPOC (Wed, 17 Jun 2020 17:19:56 GMT):
Yes correct, how can one set the value (custom url) of `image_url` for the agent.

swcurran (Wed, 17 Jun 2020 17:22:45 GMT):
How about raising an issue on that? If it is not there, we can add it. Not sure if it should be a config/CLI param, a param on the Admin API or both. How do people want to use it?

SuperSeiyan (Wed, 17 Jun 2020 17:54:43 GMT):
Hi, Is there any way to prevent ACA-py send an empty file after putting an URL follow with inbound transport port into a browser? For example, when ACA-py starts with port 4000 - 4001 and puts an URL like "localhost:4000" to a browser. It will download a file every time. Thank you in advance.

domwoe (Thu, 18 Jun 2020 06:04:54 GMT):
@andrew.whitehead Indy-vdr seems to be pretty far. Is anybody working on the Aries side of that? It'd be great to have a functionality like in Aries Go that lets you configure http resolver bindings for different did methods.

andrew.whitehead (Thu, 18 Jun 2020 16:35:18 GMT):
Hiya, we had a request out for integration with the universal resolver (java) but I don't think anybody's working on that yet: https://github.com/decentralized-identity/universal-resolver

andrew.whitehead (Thu, 18 Jun 2020 16:37:45 GMT):
Wow, just realized that it runs a docker container per resolver

domwoe (Thu, 18 Jun 2020 16:43:56 GMT):
The "REST Agent" bundle of Aries Go has a nice feature to plugin http resolvers for different methods by providing a flag like this: --http-resolver-url sov@https://uniresolver.io/1.0/identifiers

domwoe (Thu, 18 Jun 2020 16:47:21 GMT):
S.th. like this would be helpful in combination with the JSON-LD VC work that has started in order to verify VCs which where issued by different DID methods

andrew.whitehead (Thu, 18 Jun 2020 16:52:04 GMT):
I was partly waiting to add any DID Document resolution because the spec for that was under active development, but it's at 1.0 now. The indy-vdr-proxy could probably be adapted fairly quickly to make a simple resolver

domwoe (Thu, 18 Jun 2020 17:22:37 GMT):
Not sure if I understand correctly. I was more interested in the Aries side of things to support multiple DID methods to resolve public keys and agent endpoints. That's why I was interested in the status of the Aries interface to indy-vdr-(proxy).

andrew.whitehead (Thu, 18 Jun 2020 18:19:23 GMT):
There isn't a standard Aries interface for a resolver. It looks like the go framework is currently using the same method as the universal resolver. indy-vdr is just a component for connecting to an indy ledger and performing transactions, so you could wrap it in different kinds of resolver interfaces

domwoe (Thu, 18 Jun 2020 19:27:23 GMT):
I thought the idea was to eventually define an aries interface such that you could plug in indy-vdr or a different -vdr or we could write a "universal-resolver-vdr".

swcurran (Thu, 18 Jun 2020 19:35:46 GMT):
That's the plan. It hasn't been done, but that is the plan.

MikeRichardson (Fri, 19 Jun 2020 07:11:03 GMT):
Ok so this URL gets the genesis file and that works fine but do I not need to set LEDGER_URL to something to connect to Sovrin? If so, what is that URL?

MikeRichardson (Fri, 19 Jun 2020 07:11:03 GMT):
Ok so this URL gets the genesis file and that works fine but it is failing to register a DID as the ledger_url points to my localhost. So do I not need to set LEDGER_URL to something to connect to Sovrin? If so, what is that URL?

MikeRichardson (Fri, 19 Jun 2020 07:11:03 GMT):
Ok so this [Sovrin] URL gets the genesis file and that works fine but it is failing to register a DID as the ledger_url points to my localhost. So do I not need to set LEDGER_URL to something to connect to Sovrin? If so, what is that URL?

MikeRichardson (Fri, 19 Jun 2020 09:33:29 GMT):
I can get the genesis file from Sovrin but it fails at register_did. Do I need to set the LEDGER_URL to point at the Sovrin Staging Net, and if so what is that URL?

MikeRichardson (Fri, 19 Jun 2020 09:33:29 GMT):
I can get the genesis file from Sovrin but it (Faber demo) fails at register_did. Do I need to set the LEDGER_URL to point at the Sovrin Staging Net, and if so what is that URL?

swcurran (Fri, 19 Jun 2020 12:40:00 GMT):
Not sure about the rules for creating DIDs on Staging net. It might be there is more complexity, such as requiring an Endorser. You definitely can't use the sandbox DID Seed, as that DID doesn't exist. There is a self-service DID creator UI that you can use to bootstrap the process.

HLFPOC (Fri, 19 Jun 2020 12:45:45 GMT):
@swcurran : What would be the approach to issue the same credential again to the holder once it is revoked by the issuer ? Are there any specific APIs to be used which can reverse the revocation of a credential ?

sklump (Fri, 19 Jun 2020 13:01:27 GMT):
Revocation is a one-way trip. Indy revocation does not support suspension.

andrew.whitehead (Fri, 19 Jun 2020 16:25:13 GMT):
The registry does technically support it. I think some the API calls for recovering a credential were disabled though

andrew.whitehead (Fri, 19 Jun 2020 16:25:13 GMT):
The registry does technically support it. I think some the API calls for recovering a credential were disabled though (in indy-sdk)

sklump (Fri, 19 Jun 2020 16:26:46 GMT):
Commented out in 2018, never got back to it AFAIK (no demand) https://github.com/hyperledger/indy-sdk/blob/f5aca7b5699a7366b74cefa23bc4ab4d6b29dcdc/wrappers/python/indy/anoncreds.py#L551

MikeRichardson (Fri, 19 Jun 2020 16:40:39 GMT):
I have registered a DID and payment address at SelfServe.sovrin.org. It seems fine. I think that's what you're referring to. But how does the Faber demo connect to the Sovrin Ledger? Doesn't it need a LEDGER URL?

andrew.whitehead (Fri, 19 Jun 2020 17:06:32 GMT):
LEDGER_URL is to let the agent auto-register on a von-network instance, so you shouldn’t need it

MikeRichardson (Fri, 19 Jun 2020 18:30:39 GMT):
ok. Not sure why I am getting this then: Cannot connect to host 192.168.99.100:9000 ssl:default [Connect call failed ('192.168.99.100', 9000)]

MikeRichardson (Fri, 19 Jun 2020 18:30:50 GMT):
(in regisgter_did)

MikeRichardson (Fri, 19 Jun 2020 18:30:50 GMT):
(in register_did)

andrew.whitehead (Fri, 19 Jun 2020 18:51:00 GMT):
register_did is only for the demo agents, you don't need that

MikeRichardson (Fri, 19 Jun 2020 18:54:12 GMT):
ok so the demo agent code needs significant changes to work with Sovrin which was my original question

MikeRichardson (Fri, 19 Jun 2020 18:56:24 GMT):
I am trying to get the Faber demo working with Sovrin just to understand how to do that so we can then use Sovrin in our own agents

andrew.whitehead (Fri, 19 Jun 2020 18:59:35 GMT):
You can probably just comment out the register_did call to get it working, but the way it's architected running the agent as a subprocess isn't how you'd normally set up a controller

MikeRichardson (Fri, 19 Jun 2020 19:00:15 GMT):
ok I'll try that. Thanks Andrew.

swcurran (Fri, 19 Jun 2020 21:56:10 GMT):
Pretty sure the Revocation 2.0 will allow support for "unrevoking" a credential.

swcurran (Fri, 19 Jun 2020 21:56:33 GMT):
And I'm pretty sure it is technically possible in Revocation 1.0.

swcurran (Fri, 19 Jun 2020 21:58:09 GMT):
That said, a replacement credential can always be issued to a holder, and @TelegramSam introduced a PR last week on the Aries WG call to have a "replacement ID" field in the v2 Issue Credential protocol message to indicate to a holder that the incoming credential replaces one already issued to them (and likely in their wallet).

swcurran (Fri, 19 Jun 2020 22:03:24 GMT):
I might have missed the subtly in your question. *ACA-Py* does not require changes to support the Sovrin ledgers. However, the demo agent (or other controllers) using ACA-Py might need some changes. FYI - we just moved all of our apps over to Sovrin Staging without any changes to ACA-Py, and (maybe) minor controller changes. That said, we generally separate out provisioning from operation, and writing objects is usually a provisioning operation.

MikeRichardson (Sat, 20 Jun 2020 07:35:12 GMT):
Yes sorry Stephen I think my question was not worded very well. I will see if I can get it working as we would like our Faber agent to be able to talk to other holder wallets (eg Streetcred)

jameshiester (Mon, 22 Jun 2020 12:51:50 GMT):
are there any open source edge agents available, specifically for mobile wallet apps?

MikeRichardson (Mon, 22 Jun 2020 13:05:02 GMT):
I got the faber demo agent connected to Sovrin and it displays the QR Code. What I would now like to do is connect to Streetcred; so my question is, needs to be encoded in the QR Code? And also I presume I will need a tunneling service like ngrok to receive the webhooks??

MikeRichardson (Mon, 22 Jun 2020 13:05:02 GMT):
I got the faber demo agent connected to Sovrin and it displays the QR Code. What I would now like to do is connect to the Streetcred mobile agent; so my question is, needs to be encoded in the QR Code? And also I presume I will need a tunneling service like ngrok to receive the webhooks??

MikeRichardson (Mon, 22 Jun 2020 13:05:02 GMT):
I got the faber demo agent connected to Sovrin and it displays the QR Code. What I would now like to do is connect to the Streetcred (Trinsic) mobile agent; so my question is, what needs to be encoded in the QR Code? (When I scan the code the mobile app detects it but hangs when trying to accept the invite) And also I presume I will need a tunneling service like ngrok to receive the webhooks??

MikeRichardson (Mon, 22 Jun 2020 13:05:02 GMT):
I got the faber demo agent connected to Sovrin and it displays the QR Code. What I would now like to do is connect to the Streetcred (Trinsic) mobile agent; so my question is, what needs to be encoded in the QR Code? (Currently when I scan the code the mobile app detects it but hangs when trying to accept the invite) And also I presume I will need a tunneling service like ngrok to receive the webhooks??

MikeRichardson (Mon, 22 Jun 2020 13:05:02 GMT):
I got the faber demo agent connected to Sovrin and it displays the QR Code. What I would now like to do is connect to the Streetcred (Trinsic) mobile agent; so my question is, what needs to be encoded in the QR Code? (Currently when I scan the code the mobile app detects it but hangs when trying to accept the invite) And also would I need a tunneling service like ngrok to receive the webhooks, or is that just from the agent to the local faber demo?

MikeRichardson (Mon, 22 Jun 2020 13:05:02 GMT):
I got the faber demo agent connected to Sovrin and it displays the QR Code. What I would now like to do is connect to the Streetcred (Trinsic) mobile agent; so my question is, what needs to be encoded in the QR Code? (Currently when I scan the code the mobile app detects it but hangs when trying to accept the invite) And also would I need a tunneling service like ngrok to receive the webhooks, or is that just from the agent to the local faber demo controller?

swcurran (Mon, 22 Jun 2020 13:27:40 GMT):
There is Aries-MAX - aries-mobileagent-xamarin https://github.com/hyperledger/aries-mobileagent-xamarin

WadeBarnes (Mon, 22 Jun 2020 17:36:21 GMT):
We have a new channel for anyone working with Aries in the embedded space; #aries-embedded

eorituz (Tue, 23 Jun 2020 15:11:35 GMT):
Has joined the channel.

wip-abramson (Tue, 23 Jun 2020 18:13:40 GMT):
Hey, does anyone have an example of using the attach decorator with basic messaging?

wip-abramson (Tue, 23 Jun 2020 18:15:31 GMT):
Can I just pass in the attach as part of the JSON e.g.: { "content": msg, "~attach": [ { "@id": "test1", "mime-type": "txt", "filename": "mlexchange", "data": { "base64": str(base64file) } } ] }

swcurran (Tue, 23 Jun 2020 18:35:23 GMT):
In theory, yes. In practice, not so sure. What would basic message do with an attachment? Since that is not the least obvious, I would guess that it would not work for most (all?) implementations. I think the attach decorator is of the class that it is has a common definition, but cannot be arbitrarily added to other protocols without the RFC for the protocol defining exactly what should happen with it.

wip-abramson (Tue, 23 Jun 2020 19:25:31 GMT):
Ah okay, so what is the approach to use decorators in aca-py? I need to create a protocol that knows how to handle it?

swcurran (Tue, 23 Jun 2020 21:15:09 GMT):
@andrew.whitehead is best to answer that. I think some decorators are cross-cutting and handled at a higher level (e.g. tracing). Others are only used when specifically defined in the protocol. E.g. `attach` is used in the Credential Exchange protocols 0036/0037.

swcurran (Tue, 23 Jun 2020 21:31:22 GMT):
Join us for the ACA-Py User Group tomorrow (Wednesday) at 11AM Pacific (18:00 UTC) -- the hour before the Aries WG Call. We'll have the core maintainers on the call to answer any questions and we'll have @TelegramSam joining to talk about the recent addition he/SICPA contributed to ACA-Py to handle JSON-LD credential exchange. Cool stuff! Zoom link will be: https://zoom.us/j/900111661; Link to meeting agenda page: https://wiki.hyperledger.org/display/ARIES/2020-06-24+Aries+Cloud+Agent+-+Python+Users+Group+Community+Meeting Join us!

swcurran (Tue, 23 Jun 2020 22:32:49 GMT):
One more thing for tomorrow's ACA-Pug meeting. We're also going to have a brief discussion about multi-tenant wallets in ACA-Pug and how the Aries Storage work being done can help with that.

jcourt (Wed, 24 Jun 2020 01:18:04 GMT):
So RFC0095 explicitly places Attachments out of scope, however I had assumed that attachments would be very useful in messages to handle concepts like MMS ? I also assumed that the attachment handling would be based on the Mime Type specified ? In terms of handling it, from a Relay or Mediator point of view they would only see it as part of a single encrypted package and only have to deal with it in terms of possible Large size implications (i.e. they don't know there is an attachment). From an Edge Agent point of view the best approach would be to signify an attachment exists even if they don't support rendering it ? It does raise the case that maybe another RFC would help define richer basic messaging.

jcourt (Wed, 24 Jun 2020 01:50:34 GMT):
Am I correct in assuming that ACA-py currently has no "discovery" capability in terms of searching the Ledger for matching Schemas or Credentials ? I note that you can fetch these by exact Id, and the Issuer Wallet can fetch all the ones that they have created. Is the intention that any Potential Holder must obtain an Id out of band to initiate the "Propose Credential" message in RFC0036 ? Thanks.

jcourt (Wed, 24 Jun 2020 01:52:53 GMT):
One other question, sorry for being a pain, the "action-menu" concept in ACA-py, I am trying to get my head around how that would be used ? Is there an example anywhere that might explain its purpose ? Thanks again.

swcurran (Wed, 24 Jun 2020 15:25:24 GMT):
It's not so much ACA-Py as Indy Node that does not support that. We are talking about ways to support that in indy-vdr in the future. For now, you can create your own or use a service like indyscan.io or https://sovrin-mainnet-browser.vonx.io/ to query the ledger. Each of those read all the transactions, put them in a database and allow you to search them in a browser or using an API. Once you have the transactions of interest, you should still check them on the ledger -- especially if you get them from a service you don't operate. Having said that, there is little to be gained from anyone putting up fake info...

swcurran (Wed, 24 Jun 2020 15:27:35 GMT):
The idea of it is that it works like an interactive voice response (IVR) system. Your mobile wallet app connects with a service. The service sends you an Action Menu of the services offered. The mobile wallet displays the list and you pick the one you want. That goes back to the service, which kicks off the process associated with that action. At the end of the process, repeat.

jcourt (Wed, 24 Jun 2020 21:35:28 GMT):
Thanks you so much for the detailed response !

jcourt (Wed, 24 Jun 2020 21:35:28 GMT):
Thank you so much for the detailed response !

jcourt (Wed, 24 Jun 2020 21:39:14 GMT):
Ok I think I understand. I will have a play with it to make sure I am not missing something.

jcourt (Wed, 24 Jun 2020 21:39:18 GMT):
Thanks

andrew.whitehead (Wed, 24 Jun 2020 21:45:44 GMT):
https://hackmd.io/jrWg2kw7QuWx9XS0R3_XPQ?view

jcourt (Wed, 24 Jun 2020 21:48:10 GMT):
Thanks Andrew that is a wealth of info on this !

jcourt (Wed, 24 Jun 2020 21:53:34 GMT):
So this was all about a Thin Mobile Agent using a Cloud Agent Service where the wallet is kept on the Cloud ?

andrew.whitehead (Wed, 24 Jun 2020 22:27:44 GMT):
No, it's mainly about letting some agent that you've connected to advertise what services it provides

andrew.whitehead (Wed, 24 Jun 2020 22:27:44 GMT):
No, it's mainly about letting some agent that you've connected to advertise what services it provides (in a human friendly way)

jcourt (Wed, 24 Jun 2020 22:35:12 GMT):
Ahh ok, thanks

jcourt (Wed, 24 Jun 2020 22:57:04 GMT):
Now I get how to use it !

swcurran (Wed, 24 Jun 2020 22:57:55 GMT):
Hey we need to make it into an RFC. Want to do that? It should have been done months ago...

jcourt (Wed, 24 Jun 2020 23:41:21 GMT):
Don't think I can claim to have anywhere near enough knowledge to write an RFC on it from my 5 min perusal. Especially since I got what it was for wrong on my first attempt at understanding :grimacing:

swcurran (Thu, 25 Jun 2020 00:14:38 GMT):
Fair enough. At least you pushed me to add it to my list.

jcourt (Thu, 25 Jun 2020 04:00:34 GMT):
@swcurran I have found the RFC templates, played with the action menu and can have a go at a draft RFC for this. Let me try and put it together over the next week and then you and Andrew can fix all my mistakes.

swcurran (Thu, 25 Jun 2020 04:09:35 GMT):
Awesome! Thanks.

kukgini (Thu, 25 Jun 2020 07:08:57 GMT):
Hi all, In my case, establishing a connection with invitation takes 3 to 4 times longer than presentation proof. Is this normal? establishing a connection takes 5~6 seconds. presentation proof takes 1~2 seconds.

martinezg (Thu, 25 Jun 2020 07:58:56 GMT):
Has joined the channel.

jcourt (Fri, 26 Jun 2020 03:39:05 GMT):
Walking through the credential issuance steps with ACA-py, I can't see that it implements any ability to negotiate in the proposal -> offer credential phase of RFC0036 ? I say that because there is no ability in the POST /issue-credential/records/{cred_ex_id}/send-offer to enter anything other than the Credential Exchange Identifier. Is this an accurate interpretation or is there something I am missing and maybe the negotiation part is done using POST /issue-credential/send-offer ?

jcourt (Fri, 26 Jun 2020 05:28:58 GMT):
Hmm looking at this in closer detail, ACA-py isn't listed as a conferment implementation of either RFC0036 or RFC0037, is this still a work in progress ?

jcourt (Fri, 26 Jun 2020 05:28:58 GMT):
Hmm looking at this in closer detail, ACA-py isn't listed as a conforment implementation of either RFC0036 or RFC0037, is this still a work in progress ?

sklump (Fri, 26 Jun 2020 09:44:10 GMT):
aca-py is always converging asymptotically toward perfection, but it supports RFC36 and RFC37 insofar as indy can (99%).

sklump (Fri, 26 Jun 2020 09:44:10 GMT):
aca-py is always converging asymptotically toward perfection, but it supports RFC36 and RFC37 insofar as indy can (99%). The only part not in scope is non-revealed requested attributes in proofs for RFC37 IIRC.

Primordium (Fri, 26 Jun 2020 13:24:11 GMT):
Has joined the channel.

Primordium (Fri, 26 Jun 2020 13:24:11 GMT):
If anyone avaible, I would like some help on setting up a machine to work with aca-py. It can be done privatly so it doesn't disturb the main channel. I have just a few questions anyway

WadeBarnes (Fri, 26 Jun 2020 13:52:07 GMT):
@Primordium, have you reviewed these resources? https://github.com/hyperledger/aries-cloudagent-python#resources

shonjs (Sat, 27 Jun 2020 07:14:45 GMT):
One confusion I have. Is this alternative or complementary to the discover feature in aries rfc https://github.com/hyperledger/aries-rfcs/tree/master/features/0031-discover-features

andrew.whitehead (Sat, 27 Jun 2020 07:23:32 GMT):
It’s complementary, most agents will likely support discover-features for the machine-readable list of supported protocols but action menu can help tell users more about what’s available and what purpose it serves

MikeRichardson (Sat, 27 Jun 2020 08:33:52 GMT):
We have successfully modified the Faber demo to a) connect to Sovrin Staging Net, and b) connect and issue credentials to the Trinsic mobile wallet. Bit of a struggle but we got there in the end :-) Note for anyone running linux on Windows using Docker Toolbox: You need to start up ngrok using the Docker Toolbox IP:- ./ngrok http http://192.168.99.100:8020

swcurran (Sat, 27 Jun 2020 16:30:58 GMT):
Noted - PR for that into the repo would be great. We'll get it in when we get a chance. Let us know where we could have made this easier. Nice to have a section on this in the guide.

MikeRichardson (Sun, 28 Jun 2020 05:48:28 GMT):
Will do...

MikeRichardson (Sun, 28 Jun 2020 05:48:38 GMT):
Will do...

swcurran (Sun, 28 Jun 2020 14:05:06 GMT):
FYI: Aries Cloud Agent - Python Release 0.5.2 has been tagged and posted to PyPi. Release notes can be found here - https://github.com/hyperledger/aries-cloudagent-python/releases/tag/0.5.2. Lots to go over here: - Lots of new error handling to make it easier to understand what happened when errors occur. - New DID operations for local DIDs, and DID rotation - Updates and improvements to the credential exchange protocols, including improvements to revocation - Support for the new Out of Band protocol to support community migration away from the existing connection and ephemeral challenge methods. - Endpoints for signing and verifying JSON-LD credentials Code reference documentation has been generated to ReadTheDocs - https://aries-cloud-agent-python.readthedocs.io/en/latest/

swcurran (Mon, 29 Jun 2020 16:51:30 GMT):
Hey folks, FYI that BC Gov maintains Docker images for VON-Network (indy-node) and Aries Cloud Agent (with the latest Indy SDK). These are maintained, updated with each release and are used as the basis for our deployments. Both have been updated recently for the latest Indy Node release (1.15) and ACA-Py (0.5.2). You can look at the tags to see the latest and the history of the images. If you want to use them, check out: - VON Image -- https://hub.docker.com/r/bcgovimages/von-image - Aries Cloud Agent -- https://hub.docker.com/r/bcgovimages/aries-cloudagent

jcourt (Tue, 30 Jun 2020 00:51:44 GMT):
Well, I have to say its a downer when you manually walk through all the steps using Aca-py Swagger to define a schema, create a credential, issue a credential, request a proof, then fail on the proof presentation with an internal error ! Does anyone know an issue creating a proof from a credential definition that doesn't have a revocation registry ? Indy seems to be upset about their being no revocation registry even though the credential was defined without one ? ```File "/home/indy/aries_cloudagent/protocols/present_proof/v1_0/manager.py", line 413, in create_presentation revocation_states, File "/home/indy/aries_cloudagent/holder/indy.py", line 342, in create_presentation json.dumps(rev_states) if rev_states else "{}", File "/home/indy/aries_cloudagent/indy/error.py", line 27, in __exit__ ) from err_value aries_cloudagent.holder.base.HolderError: Error when constructing proof: Error: Invalid structure Caused by: Revocation Registry Id not found```

andrew.whitehead (Tue, 30 Jun 2020 01:16:20 GMT):
Is that with the latest version?

jcourt (Tue, 30 Jun 2020 01:19:47 GMT):
Hi Andrew, no its still with v0.5.1, haven't pulled v0.5.2 yet as was working through some use cases and it took a bit of setup

jcourt (Tue, 30 Jun 2020 01:22:15 GMT):
I am wondering is its relates to the fact that the /present-proof/send-request didn't include a "non_revoked" attribute because I assumed it wasn't necessary and didn't get an error ?

jcourt (Tue, 30 Jun 2020 01:26:53 GMT):
I will give it a go adding that back into the send-request and see if it makes a difference

jcourt (Tue, 30 Jun 2020 01:32:34 GMT):
Nope that made no difference. I will create a credential that has a revocation registry and see if that will work. Can't see what I am doing that differently to the Alice Faber demos though

jcourt (Tue, 30 Jun 2020 01:40:16 GMT):
Sorry responded inline, its V0.5.1 I haven't been able to update to V0.5.2 yet as I have a running test env that took a bit to setup.

swcurran (Tue, 30 Jun 2020 04:11:35 GMT):
Bummer. The reason Andrew asked about 0.5.2 is that it has a bunch of new error handling and surfacing that we think will make debugging stuff like this a bit (lot??) easier.

swcurran (Tue, 30 Jun 2020 04:12:07 GMT):
It definitely looks like it is trying to do revocation handling when it shouldn't be.

jcourt (Tue, 30 Jun 2020 04:12:42 GMT):
Thats ok I gave up keeping my environment up when I saw what was going to take to set up the revocation register by hand :-) So I can upgrade to 0.5.2 now

jcourt (Tue, 30 Jun 2020 04:28:36 GMT):
Well that's new, 0.5.2 advertises the RFCs for each section :-)

jcourt (Tue, 30 Jun 2020 05:54:03 GMT):
So reproduced on 0.5.2 and it outputs the following error : 400: Error when constructing proof: Error: Invalid structure. Caused by: Revocation Registry Id not found. CommonInvalidStructure.

jcourt (Tue, 30 Jun 2020 05:55:44 GMT):
This was the proof request record : ```{ "results": [ { "presentation_request": { "version": "1.0", "requested_predicates": {}, "requested_attributes": { "email": { "name": "email", "restrictions": [ { "schema_issuer_did": "ETFhxZkAkPaCxM9ptku9gF", "schema_id": "ETFhxZkAkPaCxM9ptku9gF:2:EmailVerification:1.0", "schema_version": "1.0", "issuer_did": "ETFhxZkAkPaCxM9ptku9gF", "cred_def_id": "ETFhxZkAkPaCxM9ptku9gF:3:CL:11:New Email", "schema_name": "EmailVerification" } ] }, "startDate": { "name": "startDate", "restrictions": [ { "schema_issuer_did": "ETFhxZkAkPaCxM9ptku9gF", "schema_id": "ETFhxZkAkPaCxM9ptku9gF:2:EmailVerification:1.0", "schema_version": "1.0", "issuer_did": "ETFhxZkAkPaCxM9ptku9gF", "cred_def_id": "ETFhxZkAkPaCxM9ptku9gF:3:CL:11:New Email", "schema_name": "EmailVerification" } ] } }, "nonce": "1234567890", "name": "Proof request" }, "created_at": "2020-06-30 05:46:16.588049Z", "state": "request_received", "presentation_exchange_id": "fc3e4801-b96a-496a-a1fc-3d39020c41ab", "thread_id": "5998905f-5f92-4bd2-b93e-1b33c2a5c5f9", "connection_id": "758addf4-23fb-4fe4-bc83-8e944d0bd82f", "updated_at": "2020-06-30 05:46:16.588049Z", "trace": false, "initiator": "external", "role": "prover" } ] }```

jcourt (Tue, 30 Jun 2020 05:58:38 GMT):
The Credential Definition didn't have a revocation register defined : ```{ "credential_definition": { "ver": "1.0", "id": "ETFhxZkAkPaCxM9ptku9gF:3:CL:11:New Email", "schemaId": "11", "type": "CL", "tag": "New Email", "value": { "primary": { "n": "82299405606298459199943714456886383634468689940725719010918016854113301346794860201179270080921466590665372709330028518539210924448902779121913140811189755682322251651453582392511053979040982948697248343754613352769995463549550567908258950244718841069297581189080455864587983336887254142128862962096122963310221569437411863855730705738961727961548682029316268453762611626165126947981946667702871695928375155436291881402601714045991386400352051075032446456246786831628639219400938764095223015537161226078011515880035037530073891184877022984717745297394192231055009754515182801560649759584967874536991738882871810213733", "s": "55949976780605955456606831447274016359140723743504948928518139316134662127514235761248820647353395890417869329179639530166022233871104834125971856362451033429995574401845323433735298513090119645945009274029551975855206478482440606663865254621341532815299442828171764186679316966674431917549291999566243392189888653042366468130129054469470660381544633227721719152553660964833688266903762412722597026259690619266747983847121886761849270198880485858072414918212508753610452090210249292484521504565180050774829526284857698028979785170367322435993718742346088856232551175535897872383460502731163313468939441379262446427894", "r": { "email": "241832317333405652710231417645949337767109658589111969264506718968478318303324579952737111505808767988121517792362540943571924858617306094238853369089738809658232690704759891017281111824580557220062964041643184143208546576574231756321077362710481480062956510706219354622241770211679127490481707495883466071162917470856471151252548514120517643454333410451675186006270922228002089051020114458466356291269373455537316897994137788358512542700978816531143411656385816580483768776619544072455086761766208898372990566524239567693718249082448104796581653705846693300063036803953658075341918729673920532527907292355422384788", "master_secret": "47667261942092916560698748606008355910054521014976895424565140034062764866262065812033936251363686915925342358130114890351246513772470057340393227884129496456996441324006738438821692530581049769085825362881923690595298683355574214403260314136726639008169168372811111458868001801017377109984481927669065850730674943703063297760130807252411918929337431725047530625524151747058935938500345237496010064378554933133885436033016518394526222425068478891768025890957782937284073726250423164707325841039566591542168166069665303053752734468122171074177696823683724400771949324252431259720560472481250905846129303736010710894010", "startdate": "22248027831203295330868667453718377895616460458910966955390156100776901560084659745279315467772073409441255488404125999443257739861622640976813237988274833632295033560974356957928617120017957332357574229980851436647689027021647175642354799438224365780264715701231046263440133983143038637871685148352021257415213747239628191193072189676508523850085372475003276770742995718080595216029068970376600419829414908892434867765140355724860966076081042920379027277293293942519813301804246567300123913958906261334539348952603998407534874560263675691620734380873154379120766125012433780908358689901483434480882430317618970315678" }, "rctxt": "20691676159424697757785179520102945832589093455706091186581341620639013459969540852532262343366047169446413577041820457769513019409842169221593371959261894119560557349388872118357132566187027771508575458758882415793172389251339803155100452040759648072782326310202907346394272055776439859386982687489638681557336912096155304649121194573673045230967940312012333015208754951950407280744070483060780228592094468614801332982904809963369698042827700310743038224770108441789301570343471843379441471733773488883384973313079434267634642729566417552129673486498209143032172926737359400957400052082167520011243221973793118076558", "z": "43481822533425867061820943909878848310600825807060879182212950002101888014154044579992367792570394023817848721969402641698632549902188131902632188429164123825005993008565361382877789418830900957206530008598756470487430179668298419199836381271622615670207012173791862819395193638890489179793377443235135163311096391823644815160658290956303076702279314423086325244481057759367199284238850000307160892878254720702307647078517923780867719289935245680827130239839861882064863903933360978678397014063335413652382249247050447242465690341981110503084793489623788366549732418447666612592143870653963051970901671824765510176557" } } } }```

jcourt (Tue, 30 Jun 2020 06:07:25 GMT):
And this is the input to /present-proof/records/{pres_ex_id}/send-presentation : ```{ "requested_predicates": { }, "self_attested_attributes": { }, "requested_attributes": { "email": { "revealed": true, "cred_id": "Mail Verification", "timestamp": 1593496322 }, "startDate": { "revealed": true, "cred_id": "Mail Verification", "timestamp": 1593496322 } }, "trace": false }```

jcourt (Tue, 30 Jun 2020 06:13:11 GMT):
It gets a long way into the indy credential definition parsing before it errors out

jcourt (Tue, 30 Jun 2020 06:14:19 GMT):

jcourt - Tue Jun 30 2020 16:13:53 GMT+1000 (AEST).txt

jcourt (Tue, 30 Jun 2020 06:55:53 GMT):
I have evoked different behaviour but not nailed the issue yet. I think I have to include the non_revoked attributes even if there is no revocation defined for the credential.

andrew.whitehead (Tue, 30 Jun 2020 07:04:28 GMT):
The timestamp only applies to revocable credentials, I think you want to leave that out

c2bo (Tue, 30 Jun 2020 09:00:58 GMT):
Has joined the channel.

jcourt (Tue, 30 Jun 2020 21:32:04 GMT):
I got all the way through yesterday on 0.5.2 but coming at it from the reverse direction where the Prover sent the Proposal and automatically responded to a presentation_request from the Verifier. When it was failing I was starting from the Verifier sending a unsolicited presentation-request. I will try leaving the timestamp out on the presentation, thanks.

jcourt (Tue, 30 Jun 2020 22:07:36 GMT):
Removing that timestamp on the presentation worked for the reverse direction initiation. A little odd that causes a problem but all good ! Thanks Andrew

swcurran (Tue, 30 Jun 2020 23:09:12 GMT):
Are there docs that we could improve to prevent others from falling into this issue?

jcourt (Tue, 30 Jun 2020 23:13:36 GMT):
I don't know, to be honest I have been reading through the RFCs and then working out what steps and inputs to use in ACA-py as a process of writing UseCases for a prototype. Once I start writing the code I might be able to give some better feedback as I expect I will hit a lot more corner cases then.

jcourt (Tue, 30 Jun 2020 23:17:15 GMT):
Maybe the "Example Value" sections in the Swagger input could be made a little more specific. Some of the JSON presented is hard to reconcile to a valid Credentials scenario

jcourt (Tue, 30 Jun 2020 23:24:56 GMT):
The Actual problem I just hit with timestamp though had a pretty good example value. I just had no inkling that "timestamp" was not valid in non-revocable attributes. Since you can't put comments in the example JSON I am not sure how you make that clear. Maybe in the Model->V10PresentationRequest->requested_attributes->IndyRequestedCredsRequestedAttr->timestamp description it might add "Only for revocable credentials" ?

jcourt (Tue, 30 Jun 2020 23:24:56 GMT):
The problem I just hit with timestamp had a pretty good example value. I just had no inkling that "timestamp" was not valid in non-revocable attributes. Since you can't put comments in the example JSON I am not sure how you make that clear. Maybe in the Model->V10PresentationRequest->requested_attributes->IndyRequestedCredsRequestedAttr->timestamp description it might add "Only for revocable credentials" ?

discoverer (Wed, 01 Jul 2020 00:56:25 GMT):
Has joined the channel.

MrWoodyz (Thu, 02 Jul 2020 03:35:47 GMT):
Has joined the channel.

jcourt (Thu, 02 Jul 2020 07:16:51 GMT):
@swcurran and @andrew.whitehead I have created a draft of the action-menu RFC for you in my fork here : https://github.com/jcourt562/aries-rfcs/tree/action-menu/features/action-menu I haven't felt comfortable filling in the Drawbacks, Rationale and alternatives, or Unresolved questions sections, I thought you may want to add something there. Let me know how you both would like to proceed, Thanks.

jcourt (Thu, 02 Jul 2020 07:47:37 GMT):
@swcurran and @andrew.whitehead I also just realised that I went mainly off the action-menu information from here : https://hackmd.io/jrWg2kw7QuWx9XS0R3_XPQ?view I think there will need to be changes to the RFC that relate to the /action-menu/{conn_id}/close and /action-menu/{conn_id}/fetch methods that ACA-py exposes. I will have a play with that, but I would be interested in initial feedback on the draft.

HLFPOC (Thu, 02 Jul 2020 11:39:28 GMT):
@andrew.whitehead @sklump : I am currently using v0.5.1 of ACA-Py and noticed a bug while verification of proof presentation. Whenever `revealed` flag is set to false for any of `requested_attributes` while sending the proof presentation by the holder, verifiaction fails for the received presentation at Verifier's end (gets `verified: false`) Proof Request: ``` { "connection_id": "830dbd6a-3b01-44f7-9dba-ee22042e19f9", "comment": "string", "proof_request": { "version": "1.0", "requested_attributes": { "Name": { "name": "name", "restrictions": [ { "cred_def_id": "8n8MrakPWPsza49U66MZJH:3:CL:12:default" } ] }, "DOB": { "name": "dob", "restrictions": [ { "cred_def_id": "8n8MrakPWPsza49U66MZJH:3:CL:12:default" } ] } }, "name": "Proof request", "requested_predicates": {} }, "trace": false } ``` Proof Preentation: ``` { "trace": false, "requested_predicates": { }, "requested_attributes": { "Name": { "revealed": true, "cred_id": "8f212272-3ed9-45c0-921e-40f486e95196" }, "DOB": { "revealed": false, "cred_id": "8f212272-3ed9-45c0-921e-40f486e95196" } }, "self_attested_attributes": { } } ``` Currently I am not using revocation functionality on the cred-def for which the proof request was sent to holder so i have not set `timestamp` and `non_revoked` attributes while sending proof request and presentation.

HLFPOC (Thu, 02 Jul 2020 11:39:28 GMT):
@andrew.whitehead @sklump : I am currently using v0.5.1 of ACA-Py and noticed a bug while verification of proof presentation. Whenever `revealed` flag is set to `false` for any of `requested_attributes` while sending the proof presentation by the holder, verifiaction fails for the received presentation at Verifier's end (gets `verified: false`) Proof Request: ``` { "connection_id": "830dbd6a-3b01-44f7-9dba-ee22042e19f9", "comment": "string", "proof_request": { "version": "1.0", "requested_attributes": { "Name": { "name": "name", "restrictions": [ { "cred_def_id": "8n8MrakPWPsza49U66MZJH:3:CL:12:default" } ] }, "DOB": { "name": "dob", "restrictions": [ { "cred_def_id": "8n8MrakPWPsza49U66MZJH:3:CL:12:default" } ] } }, "name": "Proof request", "requested_predicates": {} }, "trace": false } ``` Proof Preentation: ``` { "trace": false, "requested_predicates": { }, "requested_attributes": { "Name": { "revealed": true, "cred_id": "8f212272-3ed9-45c0-921e-40f486e95196" }, "DOB": { "revealed": false, "cred_id": "8f212272-3ed9-45c0-921e-40f486e95196" } }, "self_attested_attributes": { } } ``` Currently I am not using revocation functionality on the cred-def for which the proof request was sent to holder so i have not set `timestamp` and `non_revoked` attributes while sending proof request and presentation.

swcurran (Thu, 02 Jul 2020 13:47:58 GMT):
Great stuff - thanks. Will take a look today.

andrew.whitehead (Thu, 02 Jul 2020 16:19:25 GMT):
Yes, I believe that's by design. The presentation request doesn't have a way to say that attributes are optional, aca-py requires that they are revealed. For non-revealed attributes a predicate might be used instead

Primordium (Thu, 02 Jul 2020 17:44:11 GMT):
I have been trying to use aca-py, I installed in my system ubuntu 16.04 with pip3, but when I run it, I get an error.

Primordium (Thu, 02 Jul 2020 17:44:11 GMT):
I have been trying to use aca-py, I installed in my system ubuntu 16.04 with pip3, but when I run it, I get an error. ``` aca-py --version File "/usr/local/bin/aca-py", line 33 print(f"aca-py remote debugging to {PYDEVD_PYCHARM_HOST}:{PYDEVD_PYCHARM_AGENT_PORT}") ^ SyntaxError: invalid syntax ```

ianco (Thu, 02 Jul 2020 17:58:40 GMT):
What version of python are you running?

Primordium (Thu, 02 Jul 2020 18:01:24 GMT):
$ python --version Python 2.7.12 $ python3 --version Python 3.5.2

ianco (Thu, 02 Jul 2020 18:21:10 GMT):
You should be using python3, I'm not sure offhand what minor version is required

Primordium (Thu, 02 Jul 2020 18:34:03 GMT):
if I do pip3 list, aca-py is listed, so it should be using python 3.

ianco (Thu, 02 Jul 2020 18:37:46 GMT):
I'm guessing it's picking up the wrong python version

ianco (Thu, 02 Jul 2020 18:38:08 GMT):
``` $ python --version Python 2.7.15 $ python ./bin/aca-py File "./bin/aca-py", line 33 print(f"aca-py remote debugging to {PYDEVD_PYCHARM_HOST}:{PYDEVD_PYCHARM_AGENT_PORT}") ^ SyntaxError: invalid syntax ```

ianco (Thu, 02 Jul 2020 18:39:25 GMT):
``` $ python --version Python 3.7.7 $ python ./bin/aca-py Traceback (most recent call last): File "./bin/aca-py", line 40, in from aries_cloudagent.commands import run_command # noqa ModuleNotFoundError: No module named 'aries_cloudagent' ```

ianco (Thu, 02 Jul 2020 18:39:53 GMT):
Note the different error message (expected because I don't have the dependencies installed locally)

andrew.whitehead (Thu, 02 Jul 2020 18:40:40 GMT):
Python must be at least 3.6

Primordium (Thu, 02 Jul 2020 18:42:43 GMT):
But I'm running indy-node on this system directly (no docker) and there are a few dependencies that will only run if python3 version is < 3.6

andrew.whitehead (Thu, 02 Jul 2020 18:44:24 GMT):
Current indy-node is compatible with 3.6

Primordium (Thu, 02 Jul 2020 18:44:42 GMT):
maybe I can try with altinstall

andrew.whitehead (Thu, 02 Jul 2020 18:46:02 GMT):
I have these dependencies in von-image currently: ```base58~=1.0.0 cchardet~=2.1.0 rlp~=0.6.0 indy-node==1.12.3 git+https://github.com/hyperledger/indy-plenum.git@a5941cb9d9faea4601ba2ad4e8c5fc070d5075df#egg=indy-plenum```

Primordium (Thu, 02 Jul 2020 18:49:08 GMT):
maybe I will try to install python 3.6, I was saying that because yesterday while trying to do an instalation on ubuntu 18.06 wich comes already with 3.6 it was complaining. But I will give it a go.

jcourt (Thu, 02 Jul 2020 21:52:31 GMT):
I played with these two endpoints and verified they actually don't relate in any protocol messages being exchanged. Therefore I will just update some sections where the concept of Close and Requesting the current menu are discussed. These are clearly only local requests to the agent and don't affect the wire protocol. I think there does need to be something around timeouts on the target/responder agent as otherwise these menus could become a DOS surface.

jcourt (Thu, 02 Jul 2020 21:52:31 GMT):
I played with these two endpoints and verified they actually don't result in any protocol messages being exchanged. Therefore I will just update some sections where the concept of Close and Requesting the current menu are discussed. These are clearly only local requests to the agent and don't affect the wire protocol. I think there does need to be something around timeouts on the target/responder agent as otherwise these menus could become a DOS surface.

jcourt (Thu, 02 Jul 2020 22:40:24 GMT):
I think maybe the protocol should include the error report message so that there is a way to terminate other than through the "send perform" message ? That would allow the requester to terminate when no "menu" is forthcoming and the responder when an internal timeout occurs waiting for "perform".

Primordium (Thu, 02 Jul 2020 23:29:00 GMT):
@andrew.whitehead just a question, what version of indy-node did you use? I have instaled in my machine the one from deb https://repo.sovrin.org/deb xenial stable maybe version is different, looking the the repo, it shouldn't be. Tomorrow I will test it.

andrew.whitehead (Thu, 02 Jul 2020 23:33:50 GMT):
I think that includes a different version of plenum

jcourt (Thu, 02 Jul 2020 23:47:32 GMT):
I have uploaded a revised version to my fork that addresses the confusion around Close and Fetch being local only operations. I think I am done until feedback then I will submit a PR.

Primordium (Fri, 03 Jul 2020 00:04:52 GMT):
I don't have the logs with me, but I think it was plenum that required python < 3.6

andrew.whitehead (Fri, 03 Jul 2020 00:06:18 GMT):
I have it installing the version from git in the requirements above

kukgini (Fri, 03 Jul 2020 00:56:20 GMT):
Hello everyone. I am wondering if the recently released 0.5.2 version can function as a mediator or relay suggested by RFC-0046.

kukgini (Fri, 03 Jul 2020 00:56:20 GMT):
Hello everyone. I am wondering if the recently released 0.5.2 version can function as a mediator or relay suggested by RFC0046.

thomas_kim (Fri, 03 Jul 2020 02:28:06 GMT):
Has joined the channel.

jcourt (Fri, 03 Jul 2020 03:07:00 GMT):
A Question around the concept of "Endorsers" with regards to ACA-py. Usually when I am using ACA-py I will set up a VON network, create a DID through the VON Web UI giving it "Endorser" role, then start ACA-py with the --seed corresponding to that endorser DID. The question however is how would a third party endorser be utilised with ACA-py ? I don't see any methods that would allow me to create a schema or credential definition then send it to an endorser to write to the ledger. Can someone give a rundown on how that process would work using ACA-py ?

MikeRichardson (Fri, 03 Jul 2020 08:34:16 GMT):
run_docker

MikeRichardson (Fri, 03 Jul 2020 12:00:15 GMT):
We have a new controller which is trying to receive webhooks from aca-py: Our express server is listening on port 3002 (using https) but I am seeing a lot of these kind of messages: aries_cloudagent.transport.outbound.manager ERROR >>> Posting error: https://192.168.99.100:3002/webhooks/topic/connections/; Re-queue failed message ... is there any reason why using a https express server would cause a problem (as opposed to http) ?

MikeRichardson (Fri, 03 Jul 2020 12:01:51 GMT):
We have a new controller which is trying to receive webhooks from aca-py: Our express server is listening on port 3002 (using https) but I am seeing a lot of these kind of messages: aries_cloudagent.transport.outbound.manager ERROR >>> Posting error: https://192.168.99.100:3002/webhooks/topic/connections/; Re-queue failed message ... is there any reason why using a https express server would cause a problem (as opposed to http) ?

TelegramSam (Fri, 03 Jul 2020 12:24:05 GMT):
I suspect it might have an issue validating your SSL cert.

HLFPOC (Fri, 03 Jul 2020 12:44:15 GMT):
Thanks for your inputs @andrew.whitehead . I have few doubts regarding this : *1.* As per your inputs, does that mean that all attributes mentioned under `requested_attributes` in a proof request will have to be revealed to the verifier? If yes, then what is the significance of `revealed` flag while sending the presentation ? *2.* If we (holder) don't want to reveal the credential attribute, then as per your inputs, it should be present under `requested_predicate`. But for that, there is also a validation to have `p_type` & `p_value` while sending the proof request. What if the attribute is in string format (like: Address) and holder does not want to disclose the exact address to the verifier, then how to handle `p_type` and `p_value` conditions ? *3.* Also want to understand that which entity (verifier or holder) has control to decide whether to reveal or not reveal the credential attribute from a holder's wallet? I think it should be in control of holder, but this condition is set by the verifier while sending the proof request , right ? Or am I missing something here ? What I want to implement is, verifier can ask for certain set of credential attributes from a holder (with/without restrictions like cred_def_id, schema_id, schema_issuer_did etc.) and holder should have control to either reveal or do not reveal these attributes to the verifier but at the same time, proof presentation should be verified successfully if it meets the restriction criteria. @swcurran

andrew.whitehead (Fri, 03 Jul 2020 16:10:35 GMT):
The presentation format supports unrevealed attributes, aca-py currently does not (as far as I know). It's also not possible for the holder to decide to send a predicate when the verifier asked for an attribute. I believe the present-proof protocol could theoretically be used to send an alternative proposal instead of a proof but I'm not sure that's been demonstrated yet

swcurran (Fri, 03 Jul 2020 18:14:25 GMT):
Generally, we have done this by doing the necessary work outside of ACA-Py in setting things up, and then to use ACA-Py with the authorized DID. For example, create a DID locally with the CLI, pass the transaction for it with signature and TAA material (not certain of those details...) to an endorser who signs and executes the transaction. Or, just pass the DID and VerKey to the endorser and have them create and execute the transaction. Once that is done, use the wallet with ACA-Py, pass the seed to the DID and then do all the rest of the transactions for setup -- create schema, cred-def, etc. Does that make sense? In general, we separate provisioning operations from the operation of the Agent.

gaila (Sat, 04 Jul 2020 08:36:51 GMT):
Hello, I am interested in uses cases that use Aries. I see that most of them are individuals using mobile app and storing their credentials there, but is there any ideas to use aries as a service on web where everyone can login and see the credentials and verify them? For example, a website of some university, where everyone can login and see the people who are enrolled there and verify their enrollment using aries. Instead of requesting every single student to prove their enrollment and ask for the details of their enrollment. Or is it completely wrong use of aries?

gaila (Sat, 04 Jul 2020 08:36:51 GMT):

swcurran (Sat, 04 Jul 2020 17:20:57 GMT):
It depends on some factors whether you are right or wrong about aries. In general, the idea is that the entity (person, organization, thing) that is the subject of the credentials is the holder, hence the model you are seeing. A student is issued a credential from a university, they hold it in their wallet and present it (prove it) when requested. That puts the subject in control of their wallet, credentials and those seeing the data embedded in the credentials. That said, if the information is intended to be public (or open to authorized entities), there is the concept of a "Verifiable Credential Registry" (VCR) that works as you outline. However, the "persons enrolled" is generally not public information, so that may not be a good use case. If such a VCR is only open to authorized individuals, it might be a valid use. We have a VCR that is about Registered Organizations (e.g. companies) and the government permits and licenses they hold. That is all public info, and is a valuable resource. Hope that helps...

discoverer (Sun, 05 Jul 2020 12:03:15 GMT):
@gaila I am not expert but based on my understanding I can't see why Wallet can't be Web based wallet - where individual login to a website to manage their wallet. @swcurran - pls correct if I am wrong here.

swcurran (Sun, 05 Jul 2020 18:06:23 GMT):
It could be, but there are caveats. If the wallet is provided by a service and stored on their servers, it means that your keys are on their server or accessible by them. That means that you are trusting them with your credentials and they have full access to using them. If there is a way to do that safely -- for example, they hold only encrypted data and no keys to decrypt or sign things, then that would be OK, but that puts a lot of restrictions on the wallet. There is a lot of focus in some areas of having the wallet stored in a browser rather than a phone, but that has challenges as well. Better than someone else's server, but probably not as safe as a phone.

jcourt (Sun, 05 Jul 2020 21:37:25 GMT):
Makes sense, just wanted to check I hadn't missed some functionality. The standards have a lot of flexibility. Learning where which parts are implemented however has a lot to do with real world experience :-)

discoverer (Mon, 06 Jul 2020 02:06:53 GMT):
sure, noted your both points that master key is unencrypted & is accessible to service provider, and focus on wallet in browser. that raises 2 questions:- question 1 - Faber personna in demo examples - is expected to be using web based wallet. Isn't it? if so, how is master key secured for Faber? question 2 - if we make Alice & Faber Login with their own user name & password, and then their password is used as master key for wallet (to make it more secure password can also be 2 factor authentication). curious to know what are challenges / restrictions with this design?

sklump (Mon, 06 Jul 2020 10:45:22 GMT):
It looks like the operator may have erroneously specified `support_revocation` as `true` on creation. Find the cred def and check its content.

sklump (Mon, 06 Jul 2020 10:51:17 GMT):
It already states "Epoch timestamp of interest for non-revocation proof" though

sklump (Mon, 06 Jul 2020 10:55:21 GMT):
Correct: aca-py supports as much as indy-sdk supports. The redundant and misleading "revealed" flag is beyond our control - consider it part of the rich and complext indy-sdk culture.

HLFPOC (Mon, 06 Jul 2020 11:03:20 GMT):
okay, got it. Are there any plans to support unrevealed attributes in proof presentations?

sklump (Mon, 06 Jul 2020 11:18:57 GMT):
If they make it into indy, aca-py will adopt them. But personally I doubt it. For the moment, predicates are the closest substitute.

sklump (Mon, 06 Jul 2020 11:18:57 GMT):
If they make it into indy, aca-py will adopt them. But personally I doubt it. For the moment, predicates are the closest substitute. And these are restricted to attributes with (stringified) 32-bit integer values, as you have noted.

jameshiester (Mon, 06 Jul 2020 12:58:12 GMT):
does the public did need to be registered prior to starting aca-py, or can registration be done while initializing the business controller?

sklump (Mon, 06 Jul 2020 13:07:54 GMT):
The issuer's public DID must be on the ledger beforehand. Issuers must have public DIDs. Note that non-issuer agents can get by with local-only DIDs given command line argument `--wallet-local-did`

MikeRichardson (Mon, 06 Jul 2020 13:21:36 GMT):
Is there a standard way to encode a Proof Request URL in a DIDComm message for a mobile wallet to understand, much as we can encode an invitation request? We are trying to get the Trinsic wallet to accept a proof request in a QR Code with no joy so far. As I understand it this is a connectionless proof request.

jameshiester (Mon, 06 Jul 2020 21:57:51 GMT):
is the traffic to the public did endpoint all over http currently? (i.e. if I support http is that "sufficient" or do I have to support ws as well). Is the usage the same as the webhooks url (where the path is appended with the request type)?

andrew.whitehead (Mon, 06 Jul 2020 22:05:32 GMT):
There's a version compatible with their app here: https://github.com/hyperledger/aries-cloudagent-python/blob/master/aries_cloudagent/utils/outofband.py

swcurran (Mon, 06 Jul 2020 22:09:56 GMT):
Generally yes. If you use ACA-Py as a mediator you might use web-sockets, but if you are connecting to arbitrary agents such as wallets, you will likely use HTTP. I'm not certain of the answer to the second question. The "front door" interface (messaging to and from other agents) is handled entirely by ACA-Py, so it doesn't impact a controller. If you are building your own DIDComm handler then it might manner.

jcourt (Mon, 06 Jul 2020 22:40:06 GMT):
Right it just doesn't call out it will barf if used on a credential that is NOT revocable. Silently ignoring it would have been a reasonable expectation from the documentation as it stands ? A simple suggestion would be to say "Epoch timestamp only valid for revocable credentials" ?

jameshiester (Mon, 06 Jul 2020 22:53:31 GMT):
Can the cloud agent only really support 1 public DID/agent then?

swcurran (Mon, 06 Jul 2020 22:56:47 GMT):
@andrew.whitehead -- want to weigh in here? Check me on this :-) I'm pretty sure that multiple public DIDs can be used and supported, with the Controller providing the business rules/logic to define how those DIDs are managed and used. We have 1 example of this that I'm aware of, but there is no reason that use cases with many more can be defined. Note that ACA-Py supports many did:peer DIDs, using one per connection.

jameshiester (Mon, 06 Jul 2020 23:07:06 GMT):
Do you know which example might have it? I'm looking at the openAPI demo and it's a bit unclear how the agent DID is getting passed when creating the connection. Maybe that's just because that demo is using out of band messaging?

swcurran (Mon, 06 Jul 2020 23:09:55 GMT):
Getting into the details that Andrew needs to provide. In general -- all agent-to-agent communications use did:peer DIDs, not public DIDs. I'm not certain public DIDs can be used for that, and if they can, it's the rare case. Public DIDs are used in (Aries generally, and) ACA-Py only by VC issuers. They aren't used for connections, just when an entity issues credentials that many others need to verify.

swcurran (Mon, 06 Jul 2020 23:10:20 GMT):
Are you familiar with did:peer?

jameshiester (Mon, 06 Jul 2020 23:11:43 GMT):
I think so, is there a specific RFC or just the concept of the pairwise DID per connection?

swcurran (Mon, 06 Jul 2020 23:14:38 GMT):
The concept of the pairwise DID connection. I did a youtube video of it a while ago.

jameshiester (Mon, 06 Jul 2020 23:18:44 GMT):
yup, just trying to figure out in the openAPI how the recipient did is defined. It's looking like in the receive request { "@id": "3fa85f64-5717-4562-b3fc-2c963f66afa6", "routingKeys": [ "H3C2AVvLMv6gmMNam3uVAjZpfkcJCwDwnZn6z3wXmqPV" ], "label": "Bob", "recipientKeys": [ "H3C2AVvLMv6gmMNam3uVAjZpfkcJCwDwnZn6z3wXmqPV" ], "imageUrl": "http://192.168.56.101/img/logo.jpg", "did": "WgWxqztrNooG92RXvxSTWv", "serviceEndpoint": "http://192.168.56.101:8020" } the "did" in this case is the did for which I want to receive the invitation? And the sender will just use the invitation when they do the acceptance on the other side?

swcurran (Mon, 06 Jul 2020 23:24:10 GMT):
The flow is this: - Inviter: create a "temp" did in the invitation and send it (plaintext) - Invitee: create a did for the connection and send it using the temp DID (encrypted) - Inviter: create a did for the connection and send it use the inviter's DID (encrypted) Note - the "temp" DID in the invitation CAN be a public DID in ACA-Py, but the rest of the flow is as above -- e.g. we don't keep using the public DID for the connection. That make sense?

swcurran (Mon, 06 Jul 2020 23:24:10 GMT):
The flow is this: - Inviter: create a "temp" did, put in the invitation and send it (plaintext) - Invitee: create a did for the connection and send it using the temp DID (encrypted) - Inviter: create a did for the connection and send it use the inviter's DID (encrypted) Note - the "temp" DID in the invitation CAN be a public DID in ACA-Py, but the rest of the flow is as above -- e.g. we don't keep using the public DID for the connection. That make sense?

jameshiester (Tue, 07 Jul 2020 00:47:13 GMT):
yeah, so I guess if I wanted multiple identities using the same agent I would have to build a second layer that maps the identity to the connections established for that identity. I see now the issuer did is passes when issuing the credential, the rest is just did:peer as you suggested

swcurran (Tue, 07 Jul 2020 01:47:41 GMT):
Yes. If you are looking for a multi-tenant agent, where there are (logically) separate wallets per tenant -- that is a popular use case that several folks are talking about.

andrew.whitehead (Tue, 07 Jul 2020 04:48:16 GMT):
Multi-tenancy is pretty limited at the moment, for example there's a global default endpoint which new connections will use if a custom one isn't specified, and DIDs don't yet have their own configured. This will be something to look at as we substitute the storage backend and move toward 1.0

omardib (Tue, 07 Jul 2020 13:16:48 GMT):
Hello everyone, Is it possible to transform the result of /present-proof/create-request to a url as it is done with the invitation_url in the connection invitation? I suppose it should look like endpointurl:8020?d_m..... . Any help please

jameshiester (Tue, 07 Jul 2020 18:24:15 GMT):
Will substituting the storage backend still require rust implementation?

swcurran (Tue, 07 Jul 2020 20:50:58 GMT):
Yes -- this is done in what's called the "ephmeral challenge" or the connection-less proof. It uses the service decorator to do the proof. If you look at this page, you will see an example: https://confbook.vonx.io/get-invite

swcurran (Tue, 07 Jul 2020 20:52:54 GMT):
The storage backend is planned to be in rust, and will need FFI or alternate wrappers. Is that what you are asking? The idea will be to support pluggable persistence - e.g. sqllite and postgres, etc. as well as possibly different persistence options for different types of storage (keys vs. credentials, etc.).

jameshiester (Tue, 07 Jul 2020 21:06:29 GMT):
Yes that's what I meant, a while ago I was looking into creating a dynamodb implementation (maybe document based db is a terrible idea), but I'm not so familiar with rust so between that and the learning curve for the storage api I did not pursue it. Aside: does that aries agent implement the service_url endpoint in the connection_invitation response, or is it on the business controller to provide the logic to response. I.e. if someone makes a request to example.com?c_i={invitation_details}, goes the admin agent reply or (what I'm guessing) we create the logic for our business api to proxy the request to the admin controller and return the response?

jameshiester (Tue, 07 Jul 2020 21:06:29 GMT):
Yes that's what I meant, a while ago I was looking into creating a dynamodb implementation (maybe document based db is a terrible idea), but I'm not so familiar with rust so between that and the learning curve for the storage api I did not pursue it. Aside: does the aries agent implement the service_url endpoint in the connection_invitation response, or is it on the business controller to provide the logic to response. I.e. if someone makes a request to example.com?c_i={invitation_details}, does the admin agent reply or (what I'm guessing) we create the logic for our business api to proxy the request to the admin controller and return the response?

swcurran (Tue, 07 Jul 2020 21:14:13 GMT):
First -- a document db is not a bad idea. Part of the "enabling options" is to allow for that. We're experimenting with it as well. On the latter -- the answer is a nice "both". In theory, the idea is that every event that happens in the framework is sent to the controller to provide the business logic and direction on what to do next. However, we have add settings (mostly through command line options) to automatically handle some routine things - auto-accept-invitation, an endpoint called "/send" for handling all the back and forth for issuing a credential, auto-respond-proof to automatically respond to a proof request. As such, there is some automation. That help

kukgini (Wed, 08 Jul 2020 03:45:51 GMT):
Hello everyone. If I want to use AcaPy as a cloud-based endpoint mediator to many agents. is it possible? some people says it needs double envelop functionality described in RFC 0046, but not implemented in AcaPy yet.

swcurran (Wed, 08 Jul 2020 13:07:42 GMT):
It is possible and some folks have done work on that. I'm not certain of the status. I believe @dgunseli had something going in that area. We need to get a place that documents the list of mediator solutions. @ianco was recently looking for the same.

swcurran (Wed, 08 Jul 2020 17:56:06 GMT):
The bi-weekly ACA-Pug Community Meeting starts in 5 minutes. Meeting schedule and past meetings: https://wiki.hyperledger.org/display/ARIES/ACA-Pug+Meetings Join Zoom Meeting https://zoom.us/j/900111661

discoverer (Fri, 10 Jul 2020 00:34:45 GMT):
@swcurran - you mentioned -- for wallet provided by a service and stored on their servers -- puts a lot of restrictions on the wallet. pls can you advise (or point to doc) what are the restrictions? if we make Alice & Faber Login with their own user name & password, and then their password is used as master key for wallet (to make it more secure password can also be 2 factor authentication). keen to know what are challenges / restrictions with this design?

nc-crtr_linx (Fri, 10 Jul 2020 01:25:07 GMT):
Has joined the channel.

naagii (Fri, 10 Jul 2020 07:40:04 GMT):
Has joined the channel.

airskipper (Fri, 10 Jul 2020 08:14:06 GMT):
Has joined the channel.

severus-sn4pe (Fri, 10 Jul 2020 11:51:23 GMT):
Hi all. I have a problem with issuing credentials to myself (I have a connection to myself and use that to send it to myself). I use the endpoint `issue_credential/send`, and proceed through the different states (offer_sent, offer_received, request_sent, request_received, credential_issued, credential_received), but after that, the agent fails to proceed to store the credential and send a credential_acked. Every subsequent API-call to the agent fails and the agent becomes unresponsive. When I send the credential to another agent, the storing and acknowledge of the credential is automatically sent (I use the flag `--auto-store-credential`), but when the receiver is the same agent, it doesn't appear to work the same.

sklump (Fri, 10 Jul 2020 11:53:01 GMT):
Best write this one up as an issue here: https://github.com/hyperledger/aries-cloudagent-python/issues

severus-sn4pe (Fri, 10 Jul 2020 11:54:52 GMT):
I tried to extend the method `handle_issue_credential`, so that once the credential is in state `credential_received`, it should be stored by calling `self.admin_POST(f"/issue-credential/records/{credential_exchange_id}/store"` but it appear that the method doesn't even get to this point, it gets stuck before.

severus-sn4pe (Fri, 10 Jul 2020 11:55:21 GMT):
ok, will do, thanks

swcurran (Fri, 10 Jul 2020 12:49:24 GMT):
That's interesting. We have done the use case of requesting a proof from myself by creating a connection to myself, so in theory we've traveled some of this path (but it did take some changes). Stephen is right -- please enter an issue and we can likely help.

swcurran (Fri, 10 Jul 2020 12:56:02 GMT):
Not restrictions, but you are putting a lot of trust in that service -- it takes away from some of the self-sovereign" elements, since they could (a) take your access away, of (b) use your key. It is a classic convenience vs. security tradeoff, and for many in the SSI community, it fundamentally compromises the concepts. In theory (and even practice) the service could try to take steps to prevent their ability to use your key -- e.g. only decrypt with a key you provide and not ever store it -- but you are trusting their word about that.

swcurran (Fri, 10 Jul 2020 12:56:02 GMT):
Not restrictions, but you are putting a lot of trust in that service -- it takes away some of the "self-sovereign" elements, since they could (a) take your access away, or (b) use your key. It is a classic convenience vs. security tradeoff, and for many in the SSI community, it fundamentally compromises the concepts. In theory (and even practice) the service could try to take steps to prevent their ability to use your key -- e.g. only decrypt with a key you provide and not ever store it -- but you are trusting their word about that.

severus-sn4pe (Fri, 10 Jul 2020 13:04:15 GMT):
just created it

nc-crtr_linx (Sat, 11 Jul 2020 14:02:41 GMT):
Hi Folks, I have been reading the aries git documentation for a couple of months now. Especially the Aries cloud agent. I'm still trying to understand how a controller code can be created/ modified for a specified use-case. Do any of you experts have any suggestions or tips for a non-developer?

etschelp (Mon, 13 Jul 2020 08:18:58 GMT):
Has joined the channel.

etschelp (Mon, 13 Jul 2020 08:18:58 GMT):
Hey, as we work a lot with aca-py, but most of our projects are written in Java we created a small library that lets you interact with aca-py directly from Java e.g. `acaPy. connectionsReceiveInvitation(invitation, alias);` As we want to open source this library in any case, we thought it best to ask if it would make even more sense to contribute this directly to the Hyperledger foundation instead of doing this on our own. What do you think?

swcurran (Mon, 13 Jul 2020 13:42:12 GMT):
What about putting it into the https://github.com/hyperledger/aries-acapy-controllers repo? The idea of that repo is to provide either examples or full starter kits of controllers that people can use.

domwoe (Mon, 13 Jul 2020 14:39:59 GMT):
I worry that the structure is a bit misleading. We would at least need something like https://github.com/hyperledger/indy-sdk/tree/master/wrappers in that repo

swcurran (Mon, 13 Jul 2020 14:53:28 GMT):
That's what we expected. The current

swcurran (Mon, 13 Jul 2020 14:53:28 GMT):
That's what we expected. The current structure of the "AliceFaberDemo" folder was done very deliberately so it could stand alone, but leave open other controllers that were full implementations. But that is just one option - happy to discuss other structures in other repos -- a separate one or within ACA-Py.

domwoe (Mon, 13 Jul 2020 15:01:45 GMT):
That's a great start

etschelp (Mon, 13 Jul 2020 15:49:45 GMT):
Having a structure similar to the indy-sdk wrappers within aca-py would make sense, as clients are tightly coupled to aca-py and hence could follow its release schedule and versioning scheme.

jacobsaur (Mon, 13 Jul 2020 16:06:27 GMT):
Has joined the channel.

jacobsaur (Mon, 13 Jul 2020 16:33:47 GMT):
Hi, is there any update this? I'm also interested in using AcaPy as a cloud-based mediator for a mobile agent (Xamarin), and it would be great to see some documentation on how to set it up.

choeppler (Mon, 13 Jul 2020 20:20:54 GMT):
Has joined the channel.

nc-crtr_linx (Mon, 13 Jul 2020 22:17:32 GMT):
Hi Folks, I’m trying to build a controller for an enterprise use case using the Aca-py cloud agent. I’m still not sure about how I can build a controller and connect it with the Aca-py agent. I tried to learn from the Alice/ Faber.py use case to recreate but finding it tough. Is there any documentation or an example code that shows how a controller is calling or communicating with an agent? Not theoretical but more like an use case diagram or something practical.

jameshiester (Tue, 14 Jul 2020 01:09:28 GMT):
does didcomm include get requests or is it all post?

jameshiester (Tue, 14 Jul 2020 01:10:52 GMT):
My connections seem to be getting stuck in the response state, is there something that needs to happen after accept-request?

discoverer (Tue, 14 Jul 2020 01:13:51 GMT):
aries-staticagent-python vs aries-cloudagent-python Is anyone aware what's the difference between these two agents? which one should be used for which use case?

swcurran (Tue, 14 Jul 2020 01:34:48 GMT):
You can send follow up messages from the that state and when you receive a response, it will be transformed into "active". There is no explicit "complete" message in "0160-connections", so the agent doesn't know when to change the state to active other than on receipt of another message.

swcurran (Tue, 14 Jul 2020 01:37:02 GMT):
Static agent does not have a wallet, but just a configuration that is activated on startup. So for example, it has a DID that it can recreate from a seed on startup. It's use for some specific use cases. For example, I think it can be setup as a pre-configured device agent. ACA-Py is a general purpose agent that runs on a server (not mobile) --- issuer, holder, verifier or any combination thereof.

jcourt (Tue, 14 Jul 2020 06:38:09 GMT):
You can also turn on the auto ping on the accept which sends it directly to active.

MichaelSchaefer (Tue, 14 Jul 2020 06:49:10 GMT):
Has joined the channel.

jameshiester (Tue, 14 Jul 2020 20:04:52 GMT):
is there a webook for when the admin server has finished initalizing? Would be a nice feature

swcurran (Tue, 14 Jul 2020 20:14:39 GMT):
In the works. We're going to have a liveliness and readiness endpoint that can integrate with k8s. What you are asking for us the readiness endpoint. There is a ticket for it in the system, but the dev on it is out this week.

jameshiester (Tue, 14 Jul 2020 20:50:30 GMT):
would it send a webhook, or it's the business controller responsibility to poll the admin controller?

swcurran (Tue, 14 Jul 2020 22:44:30 GMT):
Interesting...a webhook might be easy enough. We have to have it as a request as that's what a kubernetes instance requires, but I'm sure it would be easy enough to add sending a webhook. Ah...wait. In a cloud-native world/k8s, there could be multiple instance of ACA-Py running, and they will startup, terminate as needed. The overall service would be running and the admin endpoint would be for a specific instance. Not sure how a webhook would be used in that environment -- every instance would send a webhook when they started up. It would not be that helpful if you have multiple instances of your controller. The webhook would only come to one instance -- the rest would not receive it. I think for startup, polling is the right way to go.

swcurran (Tue, 14 Jul 2020 22:44:30 GMT):
Interesting...a webhook might be easy enough. We have to have it as a request as that's what a kubernetes instance requires, but I'm sure it would be easy enough to add sending a webhook. Ah...wait. In a cloud-native world/k8s, there could be multiple instance of ACA-Py running, and they will startup, terminate as needed. The overall service would be running and the admin endpoint would be for the service. Not sure how a webhook would be used in that environment -- every instance would send a webhook when they started up. It would not be that helpful if you have multiple instances of your controller. The webhook would only come to one instance -- the rest would not receive it. I think for startup, polling is the right way to go.

swcurran (Tue, 14 Jul 2020 22:44:30 GMT):
Interesting...a webhook might be easy enough. We have to have it as a request as that's what a kubernetes instance requires, but I'm sure it would be easy enough to add sending a webhook. Ah...wait. In a cloud-native world/k8s, there could be multiple instance of ACA-Py running, and they will startup, terminate as needed. The overall service would be running and the admin endpoint would be for the service. Not sure how a webhook would be used in that environment -- every instance would send a webhook when they started up. It also would not be that helpful if you have multiple instances of your controller. The webhook would only come to one instance -- the rest would not receive it. I think for startup, polling is the right way to go.

swcurran (Tue, 14 Jul 2020 22:50:04 GMT):
Sure.

jcourt (Wed, 15 Jul 2020 06:51:45 GMT):
So an interesting quirk of using the OpenAPI code generator against ACA-py is that the order of things like parameters in the paths section and properties in the components section in the spec file changes between runs. I think it only happens when ACA-py is restarted but it makes comparing changes in the API between versions more difficult than it should be. Is there any way that this could be made deterministic, like sorting them when they are pulled out of arrays or objects ?

jcourt (Wed, 15 Jul 2020 07:30:06 GMT):
This could actually be a bigger problem as it results in parameter order changing in function declarations. The following is from two identical runs of OpenAPI code generator against different Aca-py instances : Run 1 ```/** * Create a new connection invitation */ async connectionsCreateInvitationPost( alias?: string, _public?: boolean, multiUse?: boolean, autoAccept?: boolean, ): Promise { const response = await this.connectionsCreateInvitationPostRaw({ alias: alias, _public: _public, multiUse: multiUse, autoAccept: autoAccept, }); return await response.value(); } ``` Run 2 ``` /** * Create a new connection invitation */ async connectionsCreateInvitationPost( alias?: string, multiUse?: boolean, _public?: boolean, autoAccept?: boolean, ): Promise { const response = await this.connectionsCreateInvitationPostRaw({ alias: alias, multiUse: multiUse, _public: _public, autoAccept: autoAccept, }); return await response.value(); } ``` Notice the order of _public and multiUse have changed. This is reflected in the openapi.json pulled directly from ACA-py

sklump (Wed, 15 Jul 2020 10:17:50 GMT):
I can take a look. It will be ugly and rude since marshmallow-aiohttpspec doesn't offer much via the front door, but this is definitely worthwhile if possible.

sklump (Wed, 15 Jul 2020 10:17:50 GMT):
I can put this in today.

domwoe (Wed, 15 Jul 2020 13:20:16 GMT):
I'm at a loss about handling the endpoint of a public DID right now. When I start the agent with the endpoint flag it's getting written to the ledger but not to do the local wallet metadata. i.e. when I do /wallet/get-did-endpoint for that public did I get "endpoint": null. Is this expected?

domwoe (Wed, 15 Jul 2020 13:20:16 GMT):
I'm at a loss about handling the endpoint of a public DID right now. When I start the agent with the endpoint flag it's getting written to the ledger but not to the local wallet metadata. i.e. when I do /wallet/get-did-endpoint for that public did I get "endpoint": null. Is this expected?

sklump (Wed, 15 Jul 2020 13:31:43 GMT):
That sounds like a deficiency. I'll look into this today.

sklump (Wed, 15 Jul 2020 13:31:43 GMT):
That sounds like a deficiency. I'll look into this today. _update:_ found it - this will involve a bit of refactoring, likely a few hours total

sklump (Wed, 15 Jul 2020 13:31:43 GMT):
That sounds like a deficiency. I'll look into this today. _update:_ found it - this will involve a bit of refactoring, likely I can get it in today

mattatkiva (Wed, 15 Jul 2020 13:46:06 GMT):
Has joined the channel.

mattatkiva (Wed, 15 Jul 2020 13:46:06 GMT):
I have cloned acapy from github. I have indysdk cloned, building. Im trying to run acapy from the commandline. I get the same error no matter what I do: ```mattraffel@kiva-mattr:~/src/acapy$ bin/aca-py File "bin/aca-py", line 33 print(f"aca-py remote debugging to {PYDEVD_PYCHARM_HOST}:{PYDEVD_PYCHARM_AGENT_PORT}") ^ SyntaxError: invalid syntax``` ```mattraffel@kiva-mattr:~/src/acapy$ bin/aca-py start --inbound-transport http 0.0.0.0 8000 \ > --outbound-transport http \ > --webhook-url "http://localhost:31890/v1/controller" File "bin/aca-py", line 33 print(f"aca-py remote debugging to {PYDEVD_PYCHARM_HOST}:{PYDEVD_PYCHARM_AGENT_PORT}") ^ SyntaxError: invalid syntax``` what am I doing wrong or missing?

swcurran (Wed, 15 Jul 2020 14:34:04 GMT):
Any chance you are using Python 2.x instead of 3.x+? Just a guess...

mattatkiva (Wed, 15 Jul 2020 14:43:01 GMT):
thank you. I forgot to change my env to python3

mattatkiva (Wed, 15 Jul 2020 14:59:31 GMT):
I running this command ```PORTS="5000:5000 8000:8000 8123:8123" ./scripts/run_docker start --inbound-transport http 0.0.0.0 8123 \ --outbound-transport http \ --webhook-url "http://localhost:31890/v1/controller"``` and I get a 404 when trying to list connections ```curl http://localhost:8123/connections 404: Not Found``` when I run the same curl command against faber demo (aka run_demo faber) I get the expected reply. what am I doing wrong?

mattatkiva (Wed, 15 Jul 2020 15:09:49 GMT):
I'm trying to explore the webhooks supported in acapy. I would be happy if I could get that working the faber/alice demo. I have spent a day digging into the scripts and docker files and haven't seen how that is possible. So I thought I would just run acapy locally or in docker. none of that seems to be working despite following the directions. anyone have some thoughts?

swcurran (Wed, 15 Jul 2020 15:29:28 GMT):
@esune @andrew.whitehead ^^^ Can you help here?

esune (Wed, 15 Jul 2020 15:39:27 GMT):
In the startup splash when the agent is initiated you should see a recap of the ports and whether the admin interface is enabled: I bet it isn't, a cmd parameter is missing (one sec and I'll check which one)

esune (Wed, 15 Jul 2020 15:40:31 GMT):
You need to add `--admin '0.0.0.0' 8123` for the admin interface to be enabled on that port

mattatkiva (Wed, 15 Jul 2020 15:46:00 GMT):
Im not exactly following. do you mean this: ```PORTS="5000:5000 8000:8000 8123:8123" ./scripts/run_docker start --inbound-transport http --admin 127.0.0.1 8123 \ --outbound-transport http \ --webhook-url "http://localhost:31890/v1/controller" ```

mattatkiva (Wed, 15 Jul 2020 15:46:00 GMT):
Im not exactly following. do you mean this: ```PORTS="5000:5000 8000:8000 8123:8123" ./scripts/run_docker start --inbound-transport http --admin 0.0.0.0 8123 \ --outbound-transport http \ --webhook-url "http://localhost:31890/v1/controller" ```

mattatkiva (Wed, 15 Jul 2020 15:46:00 GMT):
Im not exactly following. do you mean this: ```PORTS="5000:5000 8000:8000 8123:8123" ./scripts/run_docker start --inbound-transport http --admin 0.0.0.0 8123 --outbound-transport http --webhook-url "http://localhost:31890/v1/controller" ```

esune (Wed, 15 Jul 2020 15:47:08 GMT):
Correct

mattatkiva (Wed, 15 Jul 2020 15:47:12 GMT):
ok thnx

esune (Wed, 15 Jul 2020 15:47:36 GMT):
If you start the agent this way, the boot splash screen should show you that the admin endpoint is enabled on port 8123

mattatkiva (Wed, 15 Jul 2020 15:47:49 GMT):
that doest work. I get an argument error

esune (Wed, 15 Jul 2020 15:48:43 GMT):
What error?

esune (Wed, 15 Jul 2020 15:50:45 GMT):
You may be missing `--admin-insecure-mode` as well: when enabling the admin interface I think you may need to specify wether to run in unprotected mode or with an api key

mattatkiva (Wed, 15 Jul 2020 15:51:07 GMT):
once I got that point, acapy runs but throws errors

mattatkiva (Wed, 15 Jul 2020 15:51:50 GMT):
```Listening... 2020-07-15 15:51:24,638 aries_cloudagent.utils.task_queue ERROR Error running task InboundTransportManager.start_transport Traceback (most recent call last): File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/asyncio/base_events.py", line 1062, in create_server sock.bind(sa) OSError: [Errno 98] Address already in use During handling of the above exception, another exception occurred:`` Im guessing one of the ports need to be different ```

mattatkiva (Wed, 15 Jul 2020 15:54:30 GMT):
here's what I used: ```PORTS="5000:5000 8000:8000 8123:8123" ./scripts/run_docker start --inbound-transport http 127.0.0.1 8123 --admin 127.0.0.1 8124 --admin-insecure-mode --outbound-transport http --webhook-url "http://localhost:31890/v1/controller"````

mattatkiva (Wed, 15 Jul 2020 15:54:47 GMT):
and the results: ```mattraffel@kiva-mattr:~/src/temp/connect.meditor$ curl http://localhost:8123/connections curl: (52) Empty reply from server mattraffel@kiva-mattr:~/src/temp/connect.meditor$ curl http://localhost:8124/connections curl: (7) Failed to connect to localhost port 8124: Connection refused mattraffel@kiva-mattr:~/src/temp/connect.meditor$ curl http://127.0.0.1:8123/connections curl: (52) Empty reply from server mattraffel@kiva-mattr:~/src/temp/connect.meditor$ curl http://127.0.0.1:8124/connections curl: (7) Failed to connect to 127.0.0.1 port 8124: Connection refused```

esune (Wed, 15 Jul 2020 15:54:51 GMT):
If you are running other gents the ports need to be different between them: ports exposed by the docker service to the host machine cannot be the same

esune (Wed, 15 Jul 2020 15:55:37 GMT):
Wait, if you use run_docker you need to use `0.0.0.0` rather than `127.0.0.1`

esune (Wed, 15 Jul 2020 15:55:51 GMT):
otherwise the address will not be exposed to the host machine

mattatkiva (Wed, 15 Jul 2020 15:55:53 GMT):
that doesnt work either. Im on macos if that makes a different

esune (Wed, 15 Jul 2020 15:56:01 GMT):
but just inside the docker container

esune (Wed, 15 Jul 2020 15:57:25 GMT):
No, it is the same. You must use `0.0.0.0`, the ther way is wrong. For the `Address already in use` error my guess is that there is another agent (either one you started, or a container that is hanging) that is already using that port and therefore your new agent won't be able to bind to it

esune (Wed, 15 Jul 2020 15:57:34 GMT):
What's the output of `docker ps`?

mattatkiva (Wed, 15 Jul 2020 15:58:56 GMT):
I got it fixed. thank you. you helped me get it fixed. I needed to adjust the ports env```PORTS="5000:5000 8000:8000 8123:8123 8124:8124" ./scripts/run_docker start --inbound-transport http 0.0.0.0 8123 --admin 0.0.0.0 8124 --admin-insecure-mode --outbound-transport http --webhook-url "http://localhost:31890/v1/controller" ```

esune (Wed, 15 Jul 2020 15:59:33 GMT):
Great! :)

esune (Wed, 15 Jul 2020 15:59:52 GMT):
It looks like you were missing port 8124 this time right?

mattatkiva (Wed, 15 Jul 2020 16:00:05 GMT):
I also needed the admin stuff. but yes the ports was missing the admin ports

swcurran (Wed, 15 Jul 2020 17:32:22 GMT):
Nice

swcurran (Wed, 15 Jul 2020 17:35:36 GMT):
I'm not sure from the messages it's clear to Matt what happened, but the inboud-transport is for the DIDComm messages (talking to other Agents) and admin interface is for the controller to talk to this instance of ACA-Py. Those have to be different ports, so when the "already in use" message came up it was because they were sharing the same port. That might have been obvious, but I wanted to be very explicit.

mattatkiva (Wed, 15 Jul 2020 17:38:36 GMT):
thx for reiterating that. it wasn't obvious to me, probably because didn't fully understand the meaning admin interface command line options

mattatkiva (Wed, 15 Jul 2020 17:40:02 GMT):
when I run acapy from the command line I get this error during accept invitation call: ```2020-07-15 11:35:37,437 aries_cloudagent.core.dispatcher ERROR Handler error: connections_accept_invitation Traceback (most recent call last): File "/Users/mattraffel/Library/Python/3.7/lib/python/site-packages/aries_cloudagent/protocols/connections/v1_0/routes.py", line 362, in connections_accept_invitation request = await connection_mgr.create_request(connection, my_label, my_endpoint) File "/Users/mattraffel/Library/Python/3.7/lib/python/site-packages/aries_cloudagent/protocols/connections/v1_0/manager.py", line 281, in create_request my_endpoints.extend(self.context.settings.get("additional_endpoints")) TypeError: 'NoneType' object is not iterable``` Oddly I do not get this error when I make the same call to Alice (the demo apacy instance). I assume theres some additional configuration Im missing when running acapy locally. any thoughts on what that might be?

swcurran (Wed, 15 Jul 2020 17:41:08 GMT):
Here is a picture of the architecture - you'll see the two HTTP ports into the ACA-Py Instance:

swcurran (Wed, 15 Jul 2020 17:41:09 GMT):
https://docs.google.com/presentation/d/1K7qiQkVi4n-lpJ3nUZY27OniUEM0c8HAIk4imCWCx5Q/edit#slide=id.g5d43fe05cc_0_87

swcurran (Wed, 15 Jul 2020 17:43:13 GMT):
Dang -- I suspect that it's tied to configuration - sufficient command line parameters. I'm not deep on that but @esune will be back to you. He's at an appointment right now.

esune (Wed, 15 Jul 2020 20:08:14 GMT):
Check the script that starts Alice/Faber. I think you are missing `--endpoint ${AGENT_ENDPOINT}` in the startup command line parameters. `AGENT_ENDPOINT` needs to be an address that is reachable by the other agent(s) you plan on talking to, and is going to hit the public endpoint for the agent (not the admin one)

esune (Wed, 15 Jul 2020 20:23:15 GMT):
(basically your agent is not reachable by other agents since it does not have an endpoint registered on the ledger)

swcurran (Wed, 15 Jul 2020 20:50:47 GMT):
To be a little more precise -- it's not that the the endpoint is published on the ledger, but what gets put into the peer DID that is exchanged with the other party. The "inbound HTTP" is the address for the agent, but that may not be the endpoint that your agent tells other agents about. For example, you may have a mediator that receives all your messages (and has the public endpoint) and is the only one that knows the physical endpoint of your agent. In the peer:DID -- you put the mediator's endpoint. Hence you have to have two parameters on your command line. The way that @esune is suggest it, they both are the same -- `--endpoint` (what goes in the DIDs to other agents) is the same as the `--inbound-transport` That relies on an environment variable that is usually set in the script that invokes ACA-Py.

swcurran (Wed, 15 Jul 2020 20:50:47 GMT):
To be a little more precise -- it's not that the endpoint is published on the ledger, but what gets put into the peer DID that is exchanged with the other party. The "inbound HTTP" is the address for the agent, but that may not be the endpoint that your agent tells other agents about. For example, you may have a mediator that receives all your messages (and has the public endpoint) and is the only one that knows the physical endpoint of your agent. In the peer:DID -- you put the mediator's endpoint. Hence you have to have two parameters on your command line. The way that @esune is suggest it, they both are the same -- `--endpoint` (what goes in the DIDs to other agents) is the same as the `--inbound-transport` That relies on an environment variable that is usually set in the script that invokes ACA-Py.

mattatkiva (Wed, 15 Jul 2020 20:56:41 GMT):
Im confused by the response. When I use Alice/faber, my code to create/receive/accept invitation works. When I use faber + mine instance of acapy, I get the error. I start my instance of acapy with this command: ```python3 ./aca-py start --inbound-transport http 0.0.0.0 8123 --admin 0.0.0.0 8124 --admin-insecure-mode --outbound-transport http```

mattatkiva (Wed, 15 Jul 2020 20:56:41 GMT):
Im confused by the response. When I use Alice/faber, my code to create/receive/accept invitation works. When I use faber + mine instance of acapy, I get the error above. I start my instance of acapy with this command: ```python3 ./aca-py start --inbound-transport http 0.0.0.0 8123 --admin 0.0.0.0 8124 --admin-insecure-mode --outbound-transport http```

mattatkiva (Wed, 15 Jul 2020 20:56:41 GMT):
Im confused by the response. When I use Alice/faber, my code to create/receive/accept invitation works. When I use faber + mine instance of acapy, I get the error above. I start my instance of acapy with this command: ```python3 ./aca-py start --inbound-transport http 0.0.0.0 8123 --admin 0.0.0.0 8124 --admin-insecure-mode --outbound-transport http --webhook-url "http://127.0.0.1:31890/v1/controller"```

swcurran (Wed, 15 Jul 2020 20:58:31 GMT):
What you need to add for the problem you have is (I think) `--endpoint http://0.0.0.0:8123`

swcurran (Wed, 15 Jul 2020 20:59:03 GMT):
When you connect with another party, that endpoint will be put into the peer did that you send them.

swcurran (Wed, 15 Jul 2020 21:00:27 GMT):
It is a separate option on startup because the endpoint in the DID that goes to another party (agent) may be a different endpoint.

swcurran (Wed, 15 Jul 2020 21:00:27 GMT):
It is a separate option on startup because the endpoint in the DID that goes to another party (agent) may be a different endpoint to your agent.

mattatkiva (Wed, 15 Jul 2020 21:02:54 GMT):
I see. That makes sense now and adding that to the start fixed that problem. Thank you.

swcurran (Wed, 15 Jul 2020 21:44:36 GMT):
Gives a good list of the necessary parameters (minimum set) and why they are needed. Something to add to the docs.

jcourt (Wed, 15 Jul 2020 21:47:58 GMT):
That would be really great as some languages code gen supports don't have parameter name tagging.

pxt_uit (Thu, 16 Jul 2020 02:46:34 GMT):
why we need mediator agent for mobile agent?. As I know, a reason that mobile agent is always online. There is any reason else? Why don't we call APIs directly from mobile?

jcourt (Thu, 16 Jul 2020 04:00:53 GMT):
I think to get a complete answer you need to read this RFC http://github.com/hyperledger/aries-rfcs/tree/master/concepts/0046-mediators-and-relays

jcourt (Thu, 16 Jul 2020 04:03:13 GMT):
The short answer is : 1) Mobile devices are NOT directly addressable vi IP so you need a store and forward solution. A relay provides that. 2) The Mediator approach allows for a higher level of traffic analysis protection, so even non-mobile agents may choose to use them.

jcourt (Thu, 16 Jul 2020 04:03:13 GMT):
The short answer is : 1) Mobile devices are NOT directly addressable via IP so you need a store and forward solution. A Relay provides that. 2) The Mediator approach allows for a higher level of traffic analysis protection, so even non-mobile agents may choose to use them.

sklump (Thu, 16 Jul 2020 09:53:05 GMT):
Track https://github.com/hyperledger/aries-cloudagent-python/pull/610 for this fix

sklump (Thu, 16 Jul 2020 09:53:43 GMT):
Track https://github.com/hyperledger/aries-cloudagent-python/pull/608 for this fix

seriousmountain (Thu, 16 Jul 2020 16:01:10 GMT):
Hello, I have a conceptual question concerning the communication between the ledger and an ACA-Py agent: Let's say an agent want to get a Schema from the ledger based on its Schema ID, does the agent then verify the signature of the Schema (the Schema Issuers signature) or is this be unnecessary? Could you please share the steps that are involved into the verification of the communication between the ledger and an agent? Thanks a lot!

swcurran (Thu, 16 Jul 2020 17:06:24 GMT):
Good question. I think I know but better that @andrew.whitehead answer this one.

Primordium (Thu, 16 Jul 2020 17:08:40 GMT):
Hello guys, I have been doing some tests on a ledger while following the demos, and I hit a dead end, I'm running an Alice agent with the following args ``` sudo aca-py start \ --inbound-transport http 0.0.0.0 8030 \ --outbound-transport http \ --endpoint http://localhost:8030 \ --label AliceAgent \ --seed ABCDEF0123456789ABCDEF0123456789 \ --admin 0.0.0.0 8031 \ --admin-insecure-mode \ --public-invites \ --auto-accept-invites \ --auto-accept-requests \ --auto-ping-connection \ --auto-respond-messages \ --auto-respond-credential-offer \ --auto-respond-credential-request \ --auto-respond-credential-proposal \ --auto-respond-presentation-request \ --auto-store-credential \ --auto-verify-presentation \ --wallet-key bbbbb \ --wallet-name aaaaa \ --wallet-type indy \ --genesis-url https://myurl/genesis ``` The problem I'm facing is, in order to have an endpoint, the seed needs to be registered in the ledger. This shouldn't be needed. I noticed the demos are using ngrok, is there a way to adapt this for my setup? If I don't have an endpoint, I can create a connection, accept it in Alice Swagger API, but I don't have any output on my faber agent as stated here `https://github.com/hyperledger/aries-cloudagent-python/blob/master/demo/AriesOpenAPIDemo.md#the-faber-agent-gets-the-request` the problem is that I don't seem to able to setup a webhook to check the events. Any documentation on how to setup the webhook?

Primordium (Thu, 16 Jul 2020 17:11:23 GMT):
The errors I'm getting are `ConnectionManagerError("No services defined by DIDDoc")` and `"No invitation found for pairwise connection"`

andrew.whitehead (Thu, 16 Jul 2020 18:02:04 GMT):
No, the agent doesn't manually check the signature on the schema transaction, although it must include a signature from the owner of the DID in order to be written

seriousmountain (Thu, 16 Jul 2020 18:17:36 GMT):
Ok thank you! @andrew.whitehead Is there any particular reason why this verification process is not implemented?

sklump (Thu, 16 Jul 2020 19:26:33 GMT):
See if https://github.com/hyperledger/aries-cloudagent-python/pull/610 fixes?

sklump (Thu, 16 Jul 2020 19:26:33 GMT):
See if https://github.com/hyperledger/aries-cloudagent-python/pull/610 fixes? It allows local-only DIDs to have endpoints.

sklump (Thu, 16 Jul 2020 19:26:33 GMT):
See if https://github.com/hyperledger/aries-cloudagent-python/pull/610 fixes? It allows aca-py to provision endpoints for local-only DIDs (in the wallet) on startup.

andrew.whitehead (Thu, 16 Jul 2020 19:30:22 GMT):
It hasn't been a priority, and we generally trust the results from the ledger

jcourt (Thu, 16 Jul 2020 23:33:35 GMT):
Thanks I will pull master in the next day or two and run multiple gens to check the behaviour with the fix

severus-sn4pe (Fri, 17 Jul 2020 12:09:50 GMT):
Hi. I get an `422` error when I try to send a credential from my controller to the agent. how can I find out, what the problem of the request was? the agent logs don't show more information about the call and the error code doesn't help me either

sklump (Fri, 17 Jul 2020 12:51:18 GMT):
What is the text of the error message? What is the payload? 422 means it doesn't meet the request schema or query-string schema.

severus-sn4pe (Fri, 17 Jul 2020 13:22:21 GMT):
the error message of the response is just `Unprocessable Entity`. when I use the payload in the swagger interface, it works correctly.

severus-sn4pe (Fri, 17 Jul 2020 13:22:43 GMT):
this is the payload: `{"schema_issuer_did":"J8U3cf9ehcXaEkhDhG5zdq","schema_version":"1.1.1","schema_id":"J8U3cf9ehcXaEkhDhG5zdq:2:person schema:1.1.1","schema_name":"person schema","issuer_did":"J8U3cf9ehcXaEkhDhG5zdq","cred_def_id":"J8U3cf9ehcXaEkhDhG5zdq:3:CL:8:default","connection_id":"25ac27ac-2648-4509-aae7-4d9258e8ca3d","credential_proposal":{"@type":"did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/issue-credential/1.0/credential-preview","attributes":[{"name":"name","value":"john"},{"name":"age","value":"30"}]}}`

sklump (Fri, 17 Jul 2020 13:29:26 GMT):
Sorry, this is an ongoing investigation. It's a monster.

sklump (Fri, 17 Jul 2020 13:29:26 GMT):
Sorry, this is an ongoing investigation. It's a monster. I'm at a loss at the moment.

sklump (Fri, 17 Jul 2020 13:29:26 GMT):
Sorry, this is an ongoing investigation. It's a monster. I'm at a loss at the moment and there are others with me.

severus-sn4pe (Fri, 17 Jul 2020 13:34:33 GMT):
ok. I'll keep investigating

andrew.whitehead (Fri, 17 Jul 2020 17:17:34 GMT):
How is the controller sending the message? What's it written in?

andrew.whitehead (Fri, 17 Jul 2020 17:19:58 GMT):
And what version of aca-py are you using?

discoverer (Mon, 20 Jul 2020 02:35:06 GMT):
Questions on one-to-one relationship between Agent and Controller: in Aca py demo video @swcurran mentioned that there is one-to-one relationship between Agent and Controller. need help in understanding - why is that needed? 2nd Related questions - for Alice Student persona in demos, let's say if there are 100 of Students - would each Student have their own Controller api? i.e. for 100 student - would we need to spin-up 100 instances of controller apis and hence 100 instances of aca-py apis? sorry if this is silly question - have been trying to find docs to understand this but wasn't able to find any.

lsm (Mon, 20 Jul 2020 08:11:11 GMT):
Multi Tenancy

severus-sn4pe (Mon, 20 Jul 2020 09:01:49 GMT):
I figured it out in the meantime. The problem was on the controller itself. The payload object got by mistake stringified before sending to the agent. :man_facepalming:

jacobsaur (Mon, 20 Jul 2020 10:55:37 GMT):
Hi I was wondering if anyone had information/docs on setting up a cloud aca-py agent as a mediator/relay for a mobile agent?Specifically we are planning to use the xamarin mobile agent but would like to use aca-py for our cloud agent similar to how the mediator is set up with .NET here (https://github.com/hyperledger/aries-mobileagent-xamarin/tree/master/mediator). I see that there is a rfc (https://github.com/hyperledger/aries-rfcs/tree/master/concepts/0046-mediators-and-relays) so I'm curious if this functionality is already built in aca-py. Thanks.

swcurran (Mon, 20 Jul 2020 13:52:18 GMT):
There have been some efforts on that, but not exactly sure where they are. We'll do some checking internally with team members to see what we can find.

swcurran (Mon, 20 Jul 2020 13:56:56 GMT):
Terminology is fun here. An agent consists of a framework+controller - e.g. ACA-Py+Controller or aries-framework-dotnet+Controller. The framework handles the protocol, and the controller supplies the business logic. So my use of the term "agent" is suspect in that video. Many call a framework an "agent", and it's stuck, but it's not accurate IMHO. If each student has there own agent, then yes, there will be 100 instances of a framework+controller, plus one instance of a framework+controller for Faber College. Recall that most students will have a mobile wallet and that is their "framework+controller" instance.

swcurran (Mon, 20 Jul 2020 13:59:05 GMT):
If you were to use ACA-Py for each student such that they each had a server-based wallet, you would probably implement multi-tenancy in ACA-Py, which is being worked on by some. That is -- one instance of ACA-Py, but separate wallets for each agent/each student (in this case). Server-based wallets for people have security risks though -- the people are not in control of their private keys.

jameshiester (Mon, 20 Jul 2020 17:56:50 GMT):
In the oidc model, how would roles/permissions be implemented? Would there be a layer added at the OP, or would the RP issue additional credentials to the IW?

swcurran (Mon, 20 Jul 2020 18:26:56 GMT):
Not quite sure of the context of this -- but here is the general idea. The VC OP has some number of pre-configured Proof Requests (PRs). The RP does a normal OIDC request of the OP, specifying which PR to to use. Note that the RP could have been the one pre-configuring the OP. The OP does the wallet interaction to do the PR/Proof. The OP converts the Proof claims into and the claims of an OIDC JWT. The RP does what it wants with those from an authn/authz perspective. Note that the RP and OP must be in the same trust domain. E.g. the RP has to trust the OP not to mess with the claims during the transfer.

swcurran (Mon, 20 Jul 2020 18:27:29 GMT):
What the PRs request is totally up to the RP -- could be issued by them, or by others. Or a combination.

swcurran (Mon, 20 Jul 2020 18:27:41 GMT):
Does that answer the questions?

swcurran (Mon, 20 Jul 2020 18:27:41 GMT):
Does that answer the question?

discoverer (Tue, 21 Jul 2020 02:58:50 GMT):
thanks @swcurran - this is very helpful, appreciate! just summarizing my understanding below to check if i am missing anything further. For such implementation of 100s of students, there are two choices a) use Aca-py multi tenancy - which as suggested is currently work in progress. this approach will be unsecure as well as wallet key is in cloud b) use mobile based framework to have Agent (=Framework+Controller) in Mobile device itself. this approach is secure as wallet (and wallet key) is in student's mobile. though currently only available framework to implement this approach is c# (i.e. aries-mobileagent-xamarin). all other mobile based framework (such as in react native) are work in progress

swcurran (Tue, 21 Jul 2020 18:32:55 GMT):
True, but the option of having the students just use a wallet provided by a third-party -- e.g. Trinsic or esatus. That is the current route BC Gov is taking. We don't want to be in the wallet business, and we want wallets to work for all VC use cases.

swcurran (Tue, 21 Jul 2020 18:32:55 GMT):
True -- those are the two DIY choices available today. But there is also the option of having the students just use a wallet provided by a third-party -- e.g. Trinsic or esatus. That is the current route BC Gov is taking. We don't want to be in the wallet business, and we want wallets to work for all VC use cases.

swcurran (Wed, 22 Jul 2020 00:03:02 GMT):
Join us for the ACA-Py User Group tomorrow (Wednesday) at 11AM Pacific (18:00 UTC) -- the hour before the Aries WG Call. We'll have the core maintainers on the call to answer any questions. We might have a discussion on multi-tenant wallets (I asked way to late for that...) and we'll definitely be talking about some recent updates in ACA-Py --- readiness/liveliness checks, adventures in bug hunting (1 in 100000 transactions), and more. Zoom link will be: https://zoom.us/j/900111661; Link to meeting agenda page: https://wiki.hyperledger.org/display/ARIES/2020-07-22+Aries+Cloud+Agent+-+Python+Users+Group+Community+Meeting Everyone is welcome!

matteo (Wed, 22 Jul 2020 11:57:54 GMT):
Has joined the channel.

jameshiester (Wed, 22 Jul 2020 15:53:53 GMT):
I'm looking for documentation on the out of band messaging features?

swcurran (Wed, 22 Jul 2020 16:35:45 GMT):
It's covered in RFC 434 - https://github.com/hyperledger/aries-rfcs/tree/master/features/0434-outofband

swcurran (Wed, 22 Jul 2020 17:40:03 GMT):
ACA-Pug Meeting in 20 minutes and we will be talking about multi-tenant wallets (yay!) as well as some other topics mentioned above. Zoom link will be: https://zoom.us/j/900111661; Link to meeting agenda page: https://wiki.hyperledger.org/display/ARIES/2020-07-22+Aries+Cloud+Agent+-+Python+Users+Group+Community+Meeting

mattatkiva (Wed, 22 Jul 2020 18:56:59 GMT):
shoot, I meant to attend that today. I wanted to hear about that

mattatkiva (Wed, 22 Jul 2020 18:57:05 GMT):
is the meeting recorded?

swcurran (Wed, 22 Jul 2020 19:01:07 GMT):
Yes....I'll post it and let you know. It was a good meeting -- good presentation!

mattatkiva (Wed, 22 Jul 2020 19:01:16 GMT):
thnx

mattatkiva (Wed, 22 Jul 2020 19:02:30 GMT):
I wanted to test creating a credential between instances of acapy (not using the demo environments). I have the two instances exchanging connection invites using the admin API. Im strugging to find some documentation on issuing credentials. What's the next steps?

matteo (Wed, 22 Jul 2020 19:10:33 GMT):
Hi @SuperSeiyan did you get any update on this?

swcurran (Wed, 22 Jul 2020 19:31:30 GMT):
We still hear about multiple people doing and wanting to do this, but no central implementation or document about this. :-(

jameshiester (Wed, 22 Jul 2020 20:30:01 GMT):
is there additional documentation on using the oob with aca-py? It's unclear what I should use for attachments, and what should be included/modified in the receive-invitation request. Also, is the output of the receive invitation equivalent to the create-invitation response as indicated in the openAPI docs?

esune (Wed, 22 Jul 2020 20:35:21 GMT):
Generally your issuer will need to: - publish a schema - publish a credential definition It will then be able to send a credential offer to the holder by specifying the connection_id that will be used to issue the credential and talk to the holder agent

swcurran (Wed, 22 Jul 2020 20:35:28 GMT):
@nbrempel ^^^

swcurran (Wed, 22 Jul 2020 20:35:49 GMT):
Nick - as you answer, put it into markdown :-)

esune (Wed, 22 Jul 2020 20:37:29 GMT):
Depending on which startup flags you are using you may or may not need to programatically call the appropriate endpoint to issue the credential after you send the offer - this is up to your use-case and controller implementation to handle.

mattatkiva (Wed, 22 Jul 2020 20:38:09 GMT):
thnx. I have turned off all of the auto-accept flags (intentionally) because I want to handle it

esune (Wed, 22 Jul 2020 20:38:14 GMT):
To monitor the current state of the credential exchange your controller will receive webhooks, and you can query the agent by using the credential_exchange_id of the current transation

mattatkiva (Wed, 22 Jul 2020 20:38:49 GMT):
to create the schema, however, I will need to manually create one as there is no admin api for that, correct?

esune (Wed, 22 Jul 2020 20:39:02 GMT):
Okay, then you will need to work with the payload from webhooks to determine when to trigger each specific action

esune (Wed, 22 Jul 2020 20:39:24 GMT):
There is an admin endpoint to publish a schema, I think it is under the `/schemas` namespace

esune (Wed, 22 Jul 2020 20:39:42 GMT):
All of the above taskas can be completed using the agent's admin API

esune (Wed, 22 Jul 2020 20:39:42 GMT):
All of the above tasks can be completed using the agent's admin API

mattatkiva (Wed, 22 Jul 2020 20:39:50 GMT):
yes, that is exactly that I want to do: use the webhook responses. is publish a schema the same as create schema?

esune (Wed, 22 Jul 2020 20:40:08 GMT):
Yup.

esune (Wed, 22 Jul 2020 20:40:25 GMT):
Publishing a schema to the ledger means you are creating a schema with those attributes and binding it to your public did

esune (Wed, 22 Jul 2020 20:40:25 GMT):
Publishing a schema to the ledger means you are creating a schema with those attributes and binding it to your public did as issuer

mattatkiva (Wed, 22 Jul 2020 20:40:32 GMT):
ah...nice. thank you for that. I think I understand...for now ;)

esune (Wed, 22 Jul 2020 20:40:43 GMT):
:thumbsup_tone1:

esune (Wed, 22 Jul 2020 20:41:06 GMT):
Remember the cred_def needs to be published as well in order to be able to issue a credential

mattatkiva (Wed, 22 Jul 2020 20:42:15 GMT):
ah. Thats right. thnx for the reminder

nbrempel (Wed, 22 Jul 2020 20:49:22 GMT):
Hi @jameshiester, documentation is currently lacking for that feature. As we are transitioning between protocols, we are currently roughyl on stage 1 of this RFC: https://github.com/hyperledger/aries-rfcs/blob/4afa0a941d1943f67116c9aa1529d0e073a0c426/features/0496-transition-to-oob/README.md

nbrempel (Wed, 22 Jul 2020 20:49:22 GMT):
Hi @jameshiester, documentation is currently lacking for that feature, as we are transitioning between protocols. We are currently roughly on stage 1 of this RFC: https://github.com/hyperledger/aries-rfcs/blob/4afa0a941d1943f67116c9aa1529d0e073a0c426/features/0496-transition-to-oob/README.md

nbrempel (Wed, 22 Jul 2020 20:55:22 GMT):
I'll write up some words on what's currently there.

mattatkiva (Wed, 22 Jul 2020 21:01:50 GMT):
I don't see admin api for issueing and verifying credentials I found the steps for publish schema and cred definition ``` // publish schema // http://localhost:8224/schemas // publish credential definition // http://localhost:8224/credential-definitions```

mattatkiva (Wed, 22 Jul 2020 21:01:50 GMT):
I don't see admin api for issueing and verifying credentials I found the steps for publish schema and cred definition ```// publish schema // http://localhost:8224/schemas // publish credential definition // http://localhost:8224/credential-definitions```

esune (Wed, 22 Jul 2020 21:03:08 GMT):
To issue credential you use the methods in the `/issue-credential` API namespace

esune (Wed, 22 Jul 2020 21:03:28 GMT):
To verify I think it's `/presentation-exchange`

esune (Wed, 22 Jul 2020 21:03:28 GMT):
To verify I think it's in the `/presentation-exchange` API namespace

mattatkiva (Wed, 22 Jul 2020 21:03:55 GMT):
why I am not seeing that in swagger doc endpoint (http://localhost:8224/api/doc#/)

mattatkiva (Wed, 22 Jul 2020 21:04:31 GMT):
could I be missing a configuration?

esune (Wed, 22 Jul 2020 21:06:13 GMT):
I am not sure. Do you have a wallet? It may be hiding the endpoints that require wallet operations if you don't have one.

mattatkiva (Wed, 22 Jul 2020 21:06:41 GMT):
I havent created any wallets yet

mattatkiva (Wed, 22 Jul 2020 21:06:41 GMT):
I havent created/defined any wallets yet

esune (Wed, 22 Jul 2020 21:07:20 GMT):
My guess is that if you are not starting the agent with the options to use a wallet those APIs will be unavailable - but I am not 100% sure

mattatkiva (Wed, 22 Jul 2020 21:07:42 GMT):
that makes sense. I will do that now as its something I need anyways

jameshiester (Wed, 22 Jul 2020 21:12:53 GMT):
is there json examples of requests you used to validate the behavior? or are the endpoints in aca-py not ready yet?

swcurran (Wed, 22 Jul 2020 21:40:13 GMT):
Hey folks -- the recording from today's ACA-Pug (User Group) Meeting is now posted. We had a good demo and discussion about a multi-tenant wallet that is in a PR against ACA-Py. We are going to merge the PR to a feature branch so that multiple people can review and submit PRs to the implementation, and then merge the result into the main branch of ACA-Py. https://wiki.hyperledger.org/display/ARIES/2020-07-22+Aries+Cloud+Agent+-+Python+Users+Group+Community+Meeting

mattatkiva (Wed, 22 Jul 2020 21:46:42 GMT):
I think this is why I am not seeing those routes in swagger: ```2020-07-22 15:46:05,831 aries_cloudagent.core.plugin_registry ERROR Error loading admin routes: Unable to import module aries_cloudagent.protocols.present_proof.v1_0.routes: No module named 'indy' 2020-07-22 15:46:05,846 aries_cloudagent.core.plugin_registry ERROR Error loading admin routes: Unable to import module aries_cloudagent.protocols.issue_credential.v1_0.routes: No module named 'indy'```

mattatkiva (Wed, 22 Jul 2020 22:00:58 GMT):
so I installed python wrapper for indy-sdk (`sudo pip3 install python3-indy`) and I got rid of that error and got endpoints for issue-credential listing in swagger

esune (Wed, 22 Jul 2020 22:04:08 GMT):
oh, you're not using the dockerized agent I guess

mattatkiva (Wed, 22 Jul 2020 22:05:00 GMT):
no. I want to use webhooks and I cannot get it to call out to my local env (alternatively I could move my app into a docker but I havent wanted to do that yet)

mattatkiva (Wed, 22 Jul 2020 22:06:23 GMT):
```mattraffel@kiva-mattr:~/src/acapy/bin$ ./start_acapy_faber.sh 2020-07-22 16:03:45,798 indy.libindy ERROR _load_cdll: Can't load libindy: dlopen(libindy.dylib, 6): image not found 2020-07-22 16:03:45,798 aries_cloudagent.commands.start ERROR Exception during startup: Traceback (most recent call last):``` ```declare -x DYLD_LIBRARY_PATH="/Users/mattraffel/src/indy-sdk/libindy/target/debug" LD_LIBRARY_PATH="/Users/mattraffel/src/indy-sdk/libindy/target/debug" declare -x LIBRARY_PATH="/Users/mattraffel/src/indy-sdk/libindy/target/debug"``` ```mattraffel@kiva-mattr:~/src/acapy/bin$ ls -l $LIBRARY_PATH total 640024 drwxr-xr-x 70 mattraffel staff 2.2K Jun 16 12:37 build/ drwxr-xr-x 480 mattraffel staff 15K Jun 16 12:39 deps/ drwxr-xr-x 2 mattraffel staff 64B Jun 16 12:37 examples/ drwxr-xr-x 7 mattraffel staff 224B Jun 16 12:38 incremental/ -rw-r--r-- 2 mattraffel staff 156M Jun 16 12:39 libindy.a -rw-r--r-- 1 mattraffel staff 10K Jun 16 12:39 libindy.d -rwxr-xr-x 2 mattraffel staff 38M Jun 16 12:39 libindy.dylib* -rw-r--r-- 2 mattraffel staff 119M Jun 16 12:39 libindy.rlib```

mattatkiva (Wed, 22 Jul 2020 22:06:40 GMT):
any ideas why I am getting that load library error ?

esune (Wed, 22 Jul 2020 22:09:06 GMT):
it looks like it is not finding libindy. I usually don't run the agent on bare metal, so I am not sure I would know off the top of my head what the different paths need to look like.

esune (Wed, 22 Jul 2020 22:09:42 GMT):
maybe @andrew.whitehead or @nbrempel have better recommendations than just checking all the paths :sweat_smile:

mattatkiva (Wed, 22 Jul 2020 22:13:21 GMT):
as I posted above, the paths are good

jameshiester (Wed, 22 Jul 2020 22:29:54 GMT):
does the notion of the service endpoint postfix cause concern about correlation with the multi-tenant wallet?

esune (Wed, 22 Jul 2020 22:33:59 GMT):
Yeah, what I meant is I am not sure what else to look at since I only use docker versions of aca-py

jameshiester (Wed, 22 Jul 2020 22:37:43 GMT):
also when will readiness checks be released? I'm assuming there will be an endpoint associated?

ItsOmerShafiq (Thu, 23 Jul 2020 11:11:56 GMT):
Hi, can some help me a little with the aca-py present-proof request. I need to send a request that can filter out credential based on attribute value, for example something request body below. Anoncreds seems to have something like that https://github.com/ianco/indy-sdk/blob/predicate_attr_restrictions/libindy/tests/anoncreds_demos.rs#L662 { "connection_id": "{{VERIFIER_CONNECTION_ID}}", "proof_request": { "name": "Proof of COVID Vaccination", "version": "1.0", "requested_attributes": { "attr1_referent": { "name": "doc_id", "restrictions": [ { "value": "453525_id" } ] } }, "requested_predicates": { } } }

ItsOmerShafiq (Thu, 23 Jul 2020 11:11:56 GMT):
Hi, can some help me a little with the aca-py present-proof request. I need to send a request that can filter out credential based on attribute value, for example something request body below. Anoncreds seems to have something like that https://github.com/ianco/indy-sdk/blob/predicate_attr_restrictions/libindy/tests/anoncreds_demos.rs#L662 ``` { "connection_id": "{{VERIFIER_CONNECTION_ID}}", "proof_request": { "name": "Proof of COVID Vaccination", "version": "1.0", "requested_attributes": { "attr1_referent": { "name": "doc_id", "restrictions": [ { "value": "453525_id" } ] } }, "requested_predicates": { } } } ```

ItsOmerShafiq (Thu, 23 Jul 2020 11:11:56 GMT):
Hi, can some help me a little with the aca-py present-proof request. I need to send a request that can filter out credential based on attribute value, for example something request body below. Anoncreds seems to have something like that https://github.com/ianco/indy-sdk/blob/predicate_attr_restrictions/libindy/tests/anoncreds_demos.rs#L662 ``` { "connection_id": "ad48f4a7-e1c9-436f-8753-241ac7269fd0", "proof_request": { "name": "Proof of COVID Vaccination", "version": "1.0", "requested_attributes": { "attr1_referent": { "name": "doc_id", "restrictions": [ { "value": "453525_id" } ] } }, "requested_predicates": { } } } ```

ItsOmerShafiq (Thu, 23 Jul 2020 11:11:56 GMT):
Hi, can some help me a little with the aca-py present-proof request. I need to send a request that can filter out credential based on attribute value, for example something request body below. Anoncreds seems to have something like that https://github.com/ianco/indy-sdk/blob/predicate_attr_restrictions/libindy/tests/anoncreds_demos.rs#L662 ``` { "connection_id": "ad48f4a7-e1c9-436f-8753-241ac7269fd0", "proof_request": { "name": "Proof of Doc", "version": "1.0", "requested_attributes": { "attr1_referent": { "name": "doc_id", "restrictions": [ { "value": "453525_id" } ] } }, "requested_predicates": { } } } ```

ItsOmerShafiq (Thu, 23 Jul 2020 11:11:56 GMT):
Hi, can some help me a little with the aca-py present-proof request. I need to send a request that can filter out credential based on attribute value, for example something like request body below. Anoncreds seems to have something like that https://github.com/ianco/indy-sdk/blob/predicate_attr_restrictions/libindy/tests/anoncreds_demos.rs#L662 ``` { "connection_id": "ad48f4a7-e1c9-436f-8753-241ac7269fd0", "proof_request": { "name": "Proof of Doc", "version": "1.0", "requested_attributes": { "attr1_referent": { "name": "doc_id", "restrictions": [ { "value": "453525_id" } ] } }, "requested_predicates": { } } } ```

ItsOmerShafiq (Thu, 23 Jul 2020 11:11:56 GMT):
Hi, can some help me a little with the aca-py present-proof request. I need to send a request that can identify the credential based on attribute value instead of cred_def_id, for example something like request body below. Not sure but Anoncreds seems to have something like that https://github.com/ianco/indy-sdk/blob/predicate_attr_restrictions/libindy/tests/anoncreds_demos.rs#L662 ``` { "connection_id": "ad48f4a7-e1c9-436f-8753-241ac7269fd0", "proof_request": { "name": "Proof of Doc", "version": "1.0", "requested_attributes": { "attr1_referent": { "name": "doc_id", "restrictions": [ { "value": "453525_id" } ] } }, "requested_predicates": { } } } ```

wip-abramson (Thu, 23 Jul 2020 11:28:47 GMT):
I think it's like this - "attr::doc_id::value": "453525_id"

wip-abramson (Thu, 23 Jul 2020 11:29:06 GMT):
If you checkout the faber.py demo of aca-py line 324

ItsOmerShafiq (Thu, 23 Jul 2020 11:37:52 GMT):
maybe i am making a mistake coz i am getting this: ``` { "proof_request": { "requested_attributes": { "attr1_referent": { "value": { "restrictions": { "0": { "attr::doc_id::value": [ "Unknown field." ] } } } } } } } ``` with this req ``` ```

ItsOmerShafiq (Thu, 23 Jul 2020 11:47:16 GMT):
With this request ACA_PY_AGENY_URL/present-proof/send-request ``` { "connection_id": "{{CONNECTION_ID}}", "proof_request": { "name": "Proof of DOC", "version": "1.0", "requested_attributes": { "n_group_attrs": { "names": ["doc_id", "dob"], "restrictions": [ { "issuer_did": "4kfmXB6jB2jB5Knt7uskb6", "attr::doc_id::value": "3520247618071" } ] } } } } ``` i get this response ``` { "proof_request": { "requested_attributes": { "n_group_attrs": { "value": { "name": [ "Missing data for required field." ], "restrictions": { "0": { "attr::doc_id::value": [ "Unknown field." ] } }, "names": [ "Unknown field." ] } } }, "requested_predicates": [ "Missing data for required field." ] } } ```

ItsOmerShafiq (Thu, 23 Jul 2020 11:47:16 GMT):
With this request ACA_PY_AGENT_URL/present-proof/send-request ``` { "connection_id": "{{CONNECTION_ID}}", "proof_request": { "name": "Proof of DOC", "version": "1.0", "requested_attributes": { "n_group_attrs": { "names": ["doc_id", "dob"], "restrictions": [ { "issuer_did": "4kfmXB6jB2jB5Knt7uskb6", "attr::doc_id::value": "3520247618071" } ] } } } } ``` i get this response ``` { "proof_request": { "requested_attributes": { "n_group_attrs": { "value": { "name": [ "Missing data for required field." ], "restrictions": { "0": { "attr::doc_id::value": [ "Unknown field." ] } }, "names": [ "Unknown field." ] } } }, "requested_predicates": [ "Missing data for required field." ] } } ```

rangeshsripathi (Thu, 23 Jul 2020 12:03:15 GMT):
Has joined the channel.

rangeshsripathi (Thu, 23 Jul 2020 12:03:16 GMT):
Hello All I am following the aca-python tutorial by running Indy-pool locally via docker -https://github.com/hyperledger/aries-cloudagent-python/tree/master/demo#running-locally . Faber Agent are not able to connect to ledger , but indy-pool and postgres are up and running.. Any clue where I am going wrong ?

rangeshsripathi (Thu, 23 Jul 2020 12:04:29 GMT):

Clipboard - July 23, 2020 5:34 PM

ItsOmerShafiq (Thu, 23 Jul 2020 12:05:53 GMT):
Is you VON network running at 9000?

rangeshsripathi (Thu, 23 Jul 2020 12:07:05 GMT):
Nope, I assumed running VON network is optional per document.. - https://github.com/hyperledger/aries-cloudagent-python/tree/master/demo#running-locally

ItsOmerShafiq (Thu, 23 Jul 2020 12:08:21 GMT):
Yea its optional but you need to connect your agent to some ledger. Can you paste your agent provisioning details here?

ItsOmerShafiq (Thu, 23 Jul 2020 12:11:56 GMT):
try this LEDGER_URL=http://dev.greenlight.bcovrin.vonx.io DEFAULT_POSTGRES=true python3 -m runners.faber --port 8020

rangeshsripathi (Thu, 23 Jul 2020 12:12:36 GMT):
GENESIS_FILE=/vagrant/indy-sdk/genesis-pool-config.txt DEFAULT_POSTGRES=true python3 - m runners.faber --port 8020

ItsOmerShafiq (Thu, 23 Jul 2020 12:13:25 GMT):
your agent is trying to find ledger on localhost:9000 so either you can run a von network locally to fix that or change the ledger

rangeshsripathi (Thu, 23 Jul 2020 12:16:07 GMT):
LEDGER_URL=http://dev.greenlight.bcovrin.vonx.io , But the above one would connect to Public ledger correct ? I am trying to connect to a ledger locally, Can i please know how to run the same locally ?

ItsOmerShafiq (Thu, 23 Jul 2020 12:16:58 GMT):
Here you go https://github.com/bcgov/greenlight/blob/master/docker/VONQuickStartGuide.md

ItsOmerShafiq (Thu, 23 Jul 2020 12:17:21 GMT):
https://github.com/bcgov/von-network

ItsOmerShafiq (Thu, 23 Jul 2020 12:18:43 GMT):
pretty simple actually git clone https://github.com/bcgov/von-network.git cd von-network ./manage build ./manage start

ItsOmerShafiq (Thu, 23 Jul 2020 12:19:07 GMT):
pretty simple actually ``` git clone https://github.com/bcgov/von-network.git cd von-network ./manage build ./manage start ```

rangeshsripathi (Thu, 23 Jul 2020 12:24:39 GMT):
Thanks and when i run the VON Network locally "GENESIS_FILE=/tmp/some-genesis.txt PORT=9000 python -m server.server"

rangeshsripathi (Thu, 23 Jul 2020 12:24:39 GMT):
Thanks and when i run the VON Network locally "GENESIS_FILE=/tmp/some-genesis.txt PORT=9000 python -m server.server" . I ran into issues again !

rangeshsripathi (Thu, 23 Jul 2020 12:24:47 GMT):

Clipboard - July 23, 2020 5:54 PM

rangeshsripathi (Thu, 23 Jul 2020 12:25:40 GMT):
I did run the requirements and packages ... pip3 install -r server/requirements.txt

ItsOmerShafiq (Thu, 23 Jul 2020 12:49:10 GMT):
ohh i have seen those... firstly instead of using a hardcoded genesis file you can still use LEDGER_URL="http://localhost:9000/genesis". For these errors you need to install whatever module it says is missing from pypi.org

swcurran (Thu, 23 Jul 2020 13:42:04 GMT):
Not sure about the endpoint question - maybe ask again in the main channel.

swcurran (Thu, 23 Jul 2020 13:42:45 GMT):
The readiness checks are merged and may be 0.5.3 -- I think they've been tested. Yes, there is an endpoint. https://github.com/hyperledger/aries-cloudagent-python/pull/614

mattatkiva (Thu, 23 Jul 2020 13:51:38 GMT):
any thoughts on what is missing in my configuration to get acapy to run locally (macos) with indysdk. I have indy sdk installed (built from source), the indy sdk python wrapper installed, env variables pointing to the build directory. but acapy still reports error trying to load indy: ```2020-07-22 15:46:05,831 aries_cloudagent.core.plugin_registry ERROR Error loading admin routes: Unable to import module aries_cloudagent.protocols.present_proof.v1_0.routes: No module named 'indy' 2020-07-22 15:46:05,846 aries_cloudagent.core.plugin_registry ERROR Error loading admin routes: Unable to import module aries_cloudagent.protocols.issue_credential.v1_0.routes: No module named 'indy'```

mattatkiva (Thu, 23 Jul 2020 13:51:38 GMT):
any thoughts on what is missing in my configuration to get acapy to run locally (macos) with indysdk. I have indy sdk installed (built from source), the indy sdk python wrapper installed, env variables pointing to the build directory. but acapy still reports error trying to load indy: ```mattraffel@kiva-mattr:~/src/acapy/bin$ ./start_acapy_faber.sh 2020-07-22 16:03:45,798 indy.libindy ERROR _load_cdll: Can't load libindy: dlopen(libindy.dylib, 6): image not found 2020-07-22 16:03:45,798 aries_cloudagent.commands.start ERROR Exception during startup:'```

ItsOmerShafiq (Thu, 23 Jul 2020 14:39:50 GMT):
which env variables are you using?

ItsOmerShafiq (Thu, 23 Jul 2020 14:40:58 GMT):
this works for me > export LD_LIBRARY_PATH=PATH_TO_INDY-SDK/libindy/target/debug

mattatkiva (Thu, 23 Jul 2020 14:41:36 GMT):
```declare -x DYLD_LIBRARY_PATH="/Users/mattraffel/src/indy-sdk/libindy/target/debug" declare -x LD_LIBRARY_PATH="/Users/mattraffel/src/indy-sdk/libindy/target/debug" declare -x LIBRARY_PATH="/Users/mattraffel/src/indy-sdk/libindy/target/debug"```

ItsOmerShafiq (Thu, 23 Jul 2020 14:44:59 GMT):
Maybe try to symlink to libindy in usr/local/lib ln -s /path/to/libindy.dylib /usr/local/lib/libindy.dylib

mattatkiva (Thu, 23 Jul 2020 14:47:13 GMT):
my apologizes, I just realized what the problem was.....at the very bottom of the error stack trace ( which I didn't include before) I found this: ```OSError: dlopen(libindy.dylib, 6): Library not loaded: /usr/local/opt/openssl/lib/libssl.1.0.0.dylib Referenced from: /Users/mattraffel/src/indy-sdk/libindy/target/debug/libindy.dylib Reason: image not found```

mattatkiva (Thu, 23 Jul 2020 15:01:59 GMT):
Im getting somewhere :D I fixed it

mattatkiva (Thu, 23 Jul 2020 15:02:20 GMT):
thnx for your help. I really not sure I would have noticed that if you didnt ask those questions

nbrempel (Thu, 23 Jul 2020 17:49:49 GMT):
No, the OOB endpoints are not ready yet as they are still subject to change as we work to transition from the old connection protocol. RFC 160 is implemented under the `/connections` suite of endpoints which are what I would recommend using currently.

nbrempel (Thu, 23 Jul 2020 17:49:50 GMT):
https://github.com/hyperledger/aries-rfcs/blob/master/features/0160-connection-protocol/README.md

nbrempel (Thu, 23 Jul 2020 17:51:15 GMT):
Hello, this looks like a known issue that has been resolved and will be released with 0.5.3 soon.

nbrempel (Thu, 23 Jul 2020 17:51:33 GMT):
Can you try running a build off master and see if it resolves the issue for you?

ajayjadhav (Thu, 23 Jul 2020 18:07:57 GMT):
Exactly, @mattatkiva did you setup the environment variables as described in: https://github.com/hyperledger/indy-sdk/blob/master/docs/build-guides/mac-build.md ?

ajayjadhav (Thu, 23 Jul 2020 18:09:21 GMT):
I faced the same issue on macOS, but with `aries-framework-dotnet`

ajayjadhav (Thu, 23 Jul 2020 18:10:00 GMT):
Here is how my `.bash_profile` look like.. `export PATH="$HOME/.cargo/bin:$PATH" export PKG_CONFIG_ALLOW_CROSS=1 export CARGO_INCREMENTAL=1 export RUST_LOG=indy=trace export RUST_TEST_THREADS=1 export DYLB_PRINT_LIBRARIES=1 export LIBRARY_PATH=/Users/ajay/github/hyperledger/indy-sdk/libindy/target/debug export DYLD_LIBRARY_PATH=/Users/ajay/github/hyperledger/indy-sdk/libindy/target/debug export LD_LIBRARY_PATH=/Users/ajay/github/hyperledger/indy-sdk/libindy/target/debug`

ajayjadhav (Thu, 23 Jul 2020 18:10:35 GMT):
This is working for me..

mattatkiva (Thu, 23 Jul 2020 18:36:38 GMT):
I sure did. I dont have this one: `export DYLB_PRINT_LIBRARIES=1` . What does it do?

ajayjadhav (Thu, 23 Jul 2020 18:37:13 GMT):
I think it just prints the libs that are being used..

ajayjadhav (Thu, 23 Jul 2020 18:37:19 GMT):
not sure though

jameshiester (Thu, 23 Jul 2020 18:42:19 GMT):
general timeline for 5.3 release?

nbrempel (Thu, 23 Jul 2020 18:44:16 GMT):
^ @andrew.whitehead @swcurran

swcurran (Fri, 24 Jul 2020 13:35:22 GMT):
I think it will be Monday. There were some blips yesterday in the final testing (now resolved) but due to team members out today, it will be Monday.

jameshiester (Fri, 24 Jul 2020 17:11:14 GMT):
what's the difference between issue-credential/create and issue-credential/send?

sownak (Fri, 24 Jul 2020 17:30:00 GMT):
Has joined the channel.

sownak (Fri, 24 Jul 2020 17:32:24 GMT):
hey Guys.. need some help to run the demo on a kubernetes cluster. Is there a parameter to make the external URL point to a custom IP rather than 0.0.0.0 My faber Agent is fine, but Alice Agent still encodes Inbound Transports as 0.0.0.0:15001 and Faber fails to accept invitation: "aries_cloudagent.transport.outbound.manager ERROR >>> Posting error: http://0.0.0.0:15001; Re-queue failed message ..."

swcurran (Fri, 24 Jul 2020 18:33:08 GMT):
Send is the automated version. It lets the controller say to the framework "send this credential, handle all the back and forth, and tell me when you are done." Create is where the framework sends a webhook to the controller on each event in the protocol and waits for further instruction.

ItsOmerShafiq (Sun, 26 Jul 2020 20:06:14 GMT):
@nbrempel Just checked it with 0.5.3 it works fine. Thanks

DiAnh (Mon, 27 Jul 2020 08:45:40 GMT):

Clipboard - July 27, 2020 3:45 PM

DiAnh (Mon, 27 Jul 2020 08:45:43 GMT):
Hi everyone, i have a proplem when send presentation in version 0.5.2. I have created the revocation registry and updated the tails file via the issuer and my non_revoked in proof request has interval but it's got error

DiAnh (Mon, 27 Jul 2020 08:46:11 GMT):

Clipboard - July 27, 2020 3:46 PM

sownak (Mon, 27 Jul 2020 09:29:38 GMT):
never mind, seems I was not setting the external address correctly

swcurran (Mon, 27 Jul 2020 14:02:32 GMT):
FYI: Aries Cloud Agent - Python Release 0.5.3 has been tagged and posted to PyPi. Release notes can be found here - https://github.com/hyperledger/aries-cloudagent-python/releases/tag/0.5.3. This release is largely about cleanups and improvements on existing features: - Improvements in multi-instance handling for Kubernetes/OpenShift - Cleanups to the Admin API Swagger - Tracing improvements, documentation and fixes to bugs found via tracing - Improvements to present-proof Code reference documentation has been generated to ReadTheDocs - https://aries-cloud-agent-python.readthedocs.io/en/latest/ Next up - simplifying controller logic in dealing with revocation.

zickau (Mon, 27 Jul 2020 14:34:32 GMT):
Has joined the channel.

jameshiester (Mon, 27 Jul 2020 15:32:28 GMT):
were status/freshness endpoints included in 0.5.3?

swcurran (Mon, 27 Jul 2020 16:10:03 GMT):
Yes - those are the k8s/OpenShift pieces.

rangeshsripathi (Mon, 27 Jul 2020 16:21:49 GMT):
Hello , I am trying to connect aries agent to local indy pool (running as docker) , but it fails to create ledger pool and times out saying `"indy.error.PoolLedgerTimeout" ".. Any pointers / clue would be helpful. Attaching logs of same.. `"INFO:server.anchor:Genesis file already exists: /gen/genesis-pool-config-local DEBUG:indy.pool:create_pool_ledger_config: >>> config_name: 'local-new-pool-ver2', config: '{"genesis_txn": "/gen/genesis-pool-config-local"}' DEBUG:indy.pool:create_pool_ledger_config: Creating callback DEBUG:indy.pool:create_pool_ledger_config: <<< res: None {} DEBUG:indy.pool:open_pool_ledger: >>> config_name: 'local-new-pool-ver2', config: '{}' DEBUG:indy.pool:open_pool_ledger: Creating callback WARNING:indy.libindy:_indy_loop_callback: Function returned error ERROR:server.anchor:Initialization error: Traceback (most recent call last): File "/home/indy/server/anchor.py", line 216, in _open_pool self._pool = await pool.open_pool_ledger(pool_name, json.dumps(pool_cfg)) File "/home/indy/.pyenv/versions/3.5.7/lib/python3.5/site-packages/indy/pool.py", line 83, in open_pool_ledger open_pool_ledger.cb) File "/home/indy/.pyenv/versions/3.5.7/lib/python3.5/asyncio/futures.py", line 381, in __iter__ yield self # This tells Task to wait for completion. File "/home/indy/.pyenv/versions/3.5.7/lib/python3.5/asyncio/tasks.py", line 310, in _wakeup future.result() File "/home/indy/.pyenv/versions/3.5.7/lib/python3.5/asyncio/futures.py", line 294, in result raise self._exception indy.error.PoolLedgerTimeout The above exception was the direct cause of the following exception: Traceback (most recent call last): File "/home/indy/server/anchor.py", line 373, in open await self._open_pool() File "/home/indy/server/anchor.py", line 218, in _open_pool raise AnchorException("Error opening pool ledger connection") from e server.anchor.AnchorException: Error opening pool ledger connection"``

rangeshsripathi (Mon, 27 Jul 2020 16:21:49 GMT):
Hello , I am trying to connect aries agent to local indy pool (running as docker) , but it fails to create ledger pool and times out saying ``` `"indy.error.PoolLedgerTimeout" ".. Any pointers / clue would be helpful. Attaching logs of same.. `"INFO:server.anchor:Genesis file already exists: /gen/genesis-pool-config-local DEBUG:indy.pool:create_pool_ledger_config: >>> config_name: 'local-new-pool-ver2', config: '{"genesis_txn": "/gen/genesis-pool-config-local"}' DEBUG:indy.pool:create_pool_ledger_config: Creating callback DEBUG:indy.pool:create_pool_ledger_config: <<< res: None {} DEBUG:indy.pool:open_pool_ledger: >>> config_name: 'local-new-pool-ver2', config: '{}' DEBUG:indy.pool:open_pool_ledger: Creating callback WARNING:indy.libindy:_indy_loop_callback: Function returned error ERROR:server.anchor:Initialization error: Traceback (most recent call last): File "/home/indy/server/anchor.py", line 216, in _open_pool self._pool = await pool.open_pool_ledger(pool_name, json.dumps(pool_cfg)) File "/home/indy/.pyenv/versions/3.5.7/lib/python3.5/site-packages/indy/pool.py", line 83, in open_pool_ledger open_pool_ledger.cb) File "/home/indy/.pyenv/versions/3.5.7/lib/python3.5/asyncio/futures.py", line 381, in __iter__ yield self # This tells Task to wait for completion. File "/home/indy/.pyenv/versions/3.5.7/lib/python3.5/asyncio/tasks.py", line 310, in _wakeup future.result() File "/home/indy/.pyenv/versions/3.5.7/lib/python3.5/asyncio/futures.py", line 294, in result raise self._exception indy.error.PoolLedgerTimeout The above exception was the direct cause of the following exception: Traceback (most recent call last): File "/home/indy/server/anchor.py", line 373, in open await self._open_pool() File "/home/indy/server/anchor.py", line 218, in _open_pool raise AnchorException("Error opening pool ledger connection") from e server.anchor.AnchorException: Error opening pool ledger connection"`` ```

rangeshsripathi (Mon, 27 Jul 2020 16:21:49 GMT):
Hello , I am trying to connect aries agent to local indy pool (running as docker) , but it fails to create ledger pool and times out saying ``` `"indy.error.PoolLedgerTimeout" ".. Any pointers / clue would be helpful. Attaching logs of same..``` `"INFO:server.anchor:Genesis file already exists: /gen/genesis-pool-config-local DEBUG:indy.pool:create_pool_ledger_config: >>> config_name: 'local-new-pool-ver2', config: '{"genesis_txn": "/gen/genesis-pool-config-local"}' DEBUG:indy.pool:create_pool_ledger_config: Creating callback DEBUG:indy.pool:create_pool_ledger_config: <<< res: None {} DEBUG:indy.pool:open_pool_ledger: >>> config_name: 'local-new-pool-ver2', config: '{}' DEBUG:indy.pool:open_pool_ledger: Creating callback WARNING:indy.libindy:_indy_loop_callback: Function returned error ERROR:server.anchor:Initialization error: Traceback (most recent call last): File "/home/indy/server/anchor.py", line 216, in _open_pool self._pool = await pool.open_pool_ledger(pool_name, json.dumps(pool_cfg)) File "/home/indy/.pyenv/versions/3.5.7/lib/python3.5/site-packages/indy/pool.py", line 83, in open_pool_ledger open_pool_ledger.cb) File "/home/indy/.pyenv/versions/3.5.7/lib/python3.5/asyncio/futures.py", line 381, in __iter__ yield self # This tells Task to wait for completion. File "/home/indy/.pyenv/versions/3.5.7/lib/python3.5/asyncio/tasks.py", line 310, in _wakeup future.result() File "/home/indy/.pyenv/versions/3.5.7/lib/python3.5/asyncio/futures.py", line 294, in result raise self._exception indy.error.PoolLedgerTimeout The above exception was the direct cause of the following exception: Traceback (most recent call last): File "/home/indy/server/anchor.py", line 373, in open await self._open_pool() File "/home/indy/server/anchor.py", line 218, in _open_pool raise AnchorException("Error opening pool ledger connection") from e server.anchor.AnchorException: Error opening pool ledger connection"`` ``` ```

rangeshsripathi (Mon, 27 Jul 2020 16:21:49 GMT):
Hello , I am trying to connect aries agent to local indy pool (running as docker) , but it fails to create ledger pool and times out saying ``` "indy.error.PoolLedgerTimeout". Any pointers / clue would be helpful. Attaching logs of same.. ``` `"INFO:server.anchor:Genesis file already exists: /gen/genesis-pool-config-local DEBUG:indy.pool:create_pool_ledger_config: >>> config_name: 'local-new-pool-ver2', config: '{"genesis_txn": "/gen/genesis-pool-config-local"}' DEBUG:indy.pool:create_pool_ledger_config: Creating callback DEBUG:indy.pool:create_pool_ledger_config: <<< res: None {} DEBUG:indy.pool:open_pool_ledger: >>> config_name: 'local-new-pool-ver2', config: '{}' DEBUG:indy.pool:open_pool_ledger: Creating callback WARNING:indy.libindy:_indy_loop_callback: Function returned error ERROR:server.anchor:Initialization error: Traceback (most recent call last): File "/home/indy/server/anchor.py", line 216, in _open_pool self._pool = await pool.open_pool_ledger(pool_name, json.dumps(pool_cfg)) File "/home/indy/.pyenv/versions/3.5.7/lib/python3.5/site-packages/indy/pool.py", line 83, in open_pool_ledger open_pool_ledger.cb) File "/home/indy/.pyenv/versions/3.5.7/lib/python3.5/asyncio/futures.py", line 381, in __iter__ yield self # This tells Task to wait for completion. File "/home/indy/.pyenv/versions/3.5.7/lib/python3.5/asyncio/tasks.py", line 310, in _wakeup future.result() File "/home/indy/.pyenv/versions/3.5.7/lib/python3.5/asyncio/futures.py", line 294, in result raise self._exception indy.error.PoolLedgerTimeout ``` The above exception was the direct cause of the following exception: Traceback (most recent call last): File "/home/indy/server/anchor.py", line 373, in open await self._open_pool() File "/home/indy/server/anchor.py", line 218, in _open_pool raise AnchorException("Error opening pool ledger connection") from e server.anchor.AnchorException: Error opening pool ledger connection"`` ``` ```

swcurran (Mon, 27 Jul 2020 16:28:33 GMT):
FYI - a docker image has been posted to Docker Hub by BC Gov for ACA-Py - https://hub.docker.com/r/bcgovimages/aries-cloudagent

swcurran (Mon, 27 Jul 2020 16:28:33 GMT):
FYI - a docker image has been posted to Docker Hub by BC Gov for ACA-Py - https://hub.docker.com/layers/bcgovimages/aries-cloudagent/py36-1.15-0_0.5.3/images/sha256-c0f1485c166253edb71255d7f75f37f66c86df49cd2b1047719163c51d12ec6f?context=explore

rangeshsripathi (Mon, 27 Jul 2020 16:55:45 GMT):
Can i please know if there are any documentation or samples which connects aries agents and Indy-pool locally (localhost).. It would be quite helpful..

zickau (Tue, 28 Jul 2020 07:29:03 GMT):
Hi all, is there a best practice for the ACA-Py to handle revocation registries? E.g., how many entries to be used, when to create one, how to keep track of the number of entries, etc.?

Primordium (Tue, 28 Jul 2020 11:51:29 GMT):
Hello, guys I'm trying to setup a webhook to listen to events/new messages between two agents. I have `https://github.com/karimStekelenburg/aries-cloudagent-webhook-receiver` running with `docker run -p 8080:8080 webhook-receiver --host 127.0.0.1` and on my the agent I started with` --webhook-url http://127.0.0.1:8080/new-messages` but when I send I message to the agent I get the following: ``` aries_cloudagent.transport.outbound.manager ERROR >>> Er ror when posting to: http://127.0.0.1:8080/new-messages/topic/connections/; Erro r: (, ClientConnectorErr or(ConnectionKey(host='127.0.0.1', port=8080, is_ssl=False, ssl=None, proxy=None , proxy_auth=None, proxy_headers_hash=None), ConnectionRefusedError(111, "Connec t call failed ('127.0.0.1', 8080)")), ); Re- queue failed message ... ``` What I'm doing wrong here

Primordium (Tue, 28 Jul 2020 11:51:29 GMT):
Hello, guys I'm trying to setup a webhook to listen to events/new messages between two agents. I have `https://github.com/karimStekelenburg/aries-cloudagent-webhook-receiver` running with `docker run -p 8080:8080 webhook-receiver --host 127.0.0.1` and on my the agent I started with` --webhook-url http://127.0.0.1:8080` but when I send I message to the agent I get the following: ``` aries_cloudagent.transport.outbound.manager ERROR >>> Er ror when posting to: http://127.0.0.1:8080/topic/connections/; Erro r: (, ClientConnectorErr or(ConnectionKey(host='127.0.0.1', port=8080, is_ssl=False, ssl=None, proxy=None , proxy_auth=None, proxy_headers_hash=None), ConnectionRefusedError(111, "Connec t call failed ('127.0.0.1', 8080)")), ); Re- queue failed message ... ``` What I'm doing wrong here

Primordium (Tue, 28 Jul 2020 11:54:15 GMT):
Also there's a Note by the end of webhook documentation stating `Please note that both methods require the Authorization request header to be set to the webhook-receivers API key` , how can I register the api-key?

sklump (Tue, 28 Jul 2020 13:01:23 GMT):
A substantial re-tool of revocation is coming soon (i.e., weeks not months) where most of this gets automated away. The issuer returns a credential revocation identifier with each new credential, and this

sklump (Tue, 28 Jul 2020 13:01:23 GMT):
A substantial re-tool of revocation is coming soon (i.e., weeks not months) where most of this gets automated away. The time to generate a tails file for a revocation registry depends linearly on its size; in practice, I think we were imagining 10000-20000 in the final form but until it's completely asynchronous I believe 1000-2000 will work better. The issuer returns a credential revocation identifier with each new credential, and this is a stringified ordinal. At present, when the last one is issued, the operation changes the corresponding issuer record state to FULL and cannot use it again. In the upcoming changes, the first issue on a revocation registry will trigger the creation of the next one, so there will always be one waiting.

TimoGlastra (Tue, 28 Jul 2020 13:24:59 GMT):
Hi @Primordium , the repo you mention is not related to ACA-Py, but something we created separately. https://github.com/ula-aca/aries-cloudagent-webhook-relay contains a more updated version. Could you try it with that one?

TimoGlastra (Tue, 28 Jul 2020 13:26:02 GMT):
And how are you running ACA-Py? If you also run ACA-Py in a docker container it won't be abe to reach the webhook at localhost unless you start it with passing --network "host" to the docker args

nc-crtr_linx (Tue, 28 Jul 2020 14:37:06 GMT):
Hello, I'm going through the OpenAPI demo. For some reason the swagger API is not loading up. Is anyone aware of the issue? I am using this link to run the demo: https://github.com/hyperledger/aries-cloudagent-python/blob/master/demo/AriesOpenAPIDemo.md#start-the-faber-agent

mattatkiva (Tue, 28 Jul 2020 14:47:26 GMT):

Screen Shot 2020-07-28 at 8.47.09 AM.png

mattatkiva (Tue, 28 Jul 2020 14:47:27 GMT):
I found an interesting error when I am calling issue-credential/send. if I include `"trace": true` in the message body, I get schema validation errors. This trace member appears in the swagger documentation. If do not include trace at all, the issue-credential succeeds. Is that a known bug?

mattatkiva (Tue, 28 Jul 2020 14:47:27 GMT):
I found an interesting error when I am calling issue-credential/send. if I include `"trace": true` in the message body, I get schema validation errors in acapy. This trace member appears in the swagger documentation. If do not include trace at all, the issue-credential succeeds. Is that a known bug?

mattatkiva (Tue, 28 Jul 2020 14:47:27 GMT):
I found an interesting error when I am calling issue-credential/send. if I include `"trace": true` in the message body, I get schema validation errors in acapy. This trace member appears in the swagger documentation (screen shot above). If do not include trace at all, the issue-credential succeeds. Is that a known bug?

sklump (Tue, 28 Jul 2020 14:52:53 GMT):
I will look into it.

sklump (Tue, 28 Jul 2020 15:26:48 GMT):
What version are you using? I can't reproduce it with current master.

mattatkiva (Tue, 28 Jul 2020 15:27:40 GMT):
Im pretty close to head on master. maybe a few days old. how can I tell the version?

sklump (Tue, 28 Jul 2020 15:28:40 GMT):
It shows up in the banner like this: ``` :::::::::::::::::::::::::::::::::::::::::::::: :: Test Unit :: :: :: :: :: :: Inbound Transports: :: :: :: :: - http://0.0.0.0:8000 :: :: :: :: Outbound Transports: :: :: :: :: - http :: :: - https :: :: :: :: Administration API: :: :: :: :: - http://0.0.0.0:5000 :: :: :: :: ver: 0.5.3 :: :::::::::::::::::::::::::::::::::::::::::::::: Listening... ```

mattatkiva (Tue, 28 Jul 2020 15:29:08 GMT):
`:: ver: 0.5.1 ::`

mattatkiva (Tue, 28 Jul 2020 15:29:19 GMT):
Im a little bit behind. I can update and see what happens

sklump (Tue, 28 Jul 2020 15:29:55 GMT):
OK - is the highlighting of the DID in the .png significant?

jacobsaur (Tue, 28 Jul 2020 15:32:32 GMT):
Have you gotten a chance to look into this? (much appreciated)

mattatkiva (Tue, 28 Jul 2020 15:38:19 GMT):
no. not sure why I had that highlighed

mattatkiva (Tue, 28 Jul 2020 15:38:19 GMT):
no. not sure why I had that highlighted

ianco (Tue, 28 Jul 2020 15:46:07 GMT):
Should be fixed in the latest `0.5.3` release

swcurran (Tue, 28 Jul 2020 16:46:38 GMT):
We're just heading into a Team meeting and I'll ask.

swcurran (Tue, 28 Jul 2020 20:04:28 GMT):
Please talk to @TelegramSam --- he is doing some work on that right now. Not something to point to yet, but Real Soon Now.

mattatkiva (Tue, 28 Jul 2020 20:10:01 GMT):
why does GET issue-credential/records return 404. Not much in acapy logs to help: ```2020-07-28 20:08:09,719 aiohttp.access INFO 10.0.0.1 [28/Jul/2020:20:08:09 +0000] "GET /issue-credential/records/ HTTP/1.1" 404 172 "-" "PostmanRuntime/7.26.1"```

swcurran (Tue, 28 Jul 2020 20:15:47 GMT):
Likely because the protocol has completed and the cred-ex-record has been deleted. The default behaviour is that the record is deleted upon completion of the protocol. You can set a flag on start up to not do that, but it's not recommended. It's up to the controller on the issuer side to keep track of the issuance.

mattatkiva (Tue, 28 Jul 2020 21:53:51 GMT):
this is the auto flags I have on: ``` '--auto-accept-invites', '--auto-accept-requests', '--auto-respond-messages',``` I wanted connections to complete automatically (for now), anything else can go for now.

jameshiester (Tue, 28 Jul 2020 22:47:31 GMT):
does aries encrypt the credential exchange records in progress?

swcurran (Tue, 28 Jul 2020 22:48:17 GMT):
Yes - they are stored in the wallet, which is encrypted.

zickau (Wed, 29 Jul 2020 06:57:17 GMT):
Thx for your detailed reply

zickau (Wed, 29 Jul 2020 06:58:12 GMT):
Do you know if ZKP set membership testing is on the roadmap?

MuhzinVS (Wed, 29 Jul 2020 11:44:11 GMT):
Has joined the channel.

sklump (Wed, 29 Jul 2020 13:44:48 GMT):
`----preserve-exchange-records` to retain cred ex records post-ack

sklump (Wed, 29 Jul 2020 13:44:48 GMT):
`--preserve-exchange-records` to retain cred ex records post-ack

sklump (Wed, 29 Jul 2020 13:46:25 GMT):
No idea, maybe try the aries channel

airskipper (Wed, 29 Jul 2020 15:42:03 GMT):
Hello, I'm hacking around with the aries-cloudagent-python's demo, where do I find the possible events/topics that will be sent to the controller? https://github.com/hyperledger/aries-cloudagent-python/blob/1cc782a88fc7b17a04db4700ff6184d2775768b5/demo/runners/support/agent.py#L450

airskipper (Wed, 29 Jul 2020 15:42:45 GMT):
Also how can I unravel the aries-cloudagent-python/aries_cloudagent module(s)?

kukgini (Fri, 31 Jul 2020 04:10:45 GMT):
Hello everyone. i saw that execution of parallel provision command througn multiple containers in kubernetes can be bottle neck. it it normal? all delayed points are libindy's following line: commands/wallet.rs ``` WalletCommand::DeriveKey(key_data, cb) => { debug!(target: "wallet_command_executor", "DeriveKey command received"); self._derive_key(key_data, cb); <-- here !!!! } ```

Mahadevan 3 (Fri, 31 Jul 2020 14:05:03 GMT):
Has joined the channel.

andrew.whitehead (Fri, 31 Jul 2020 14:59:58 GMT):
You might be able to use a raw wallet key and skip the argon2 key derivation

cam-parra (Fri, 31 Jul 2020 15:13:39 GMT):
Has joined the channel.

cam-parra (Fri, 31 Jul 2020 15:13:40 GMT):
```alice-agent_1 | 2020-07-31 15:04:09,369 aries_cloudagent.messaging.base_handler ERROR Error receiving connection request alice-agent_1 | Traceback (most recent call last): alice-agent_1 | File "/home/indy/aries_cloudagent/protocols/connections/v1_0/manager.py", line 352, in receive_request alice-agent_1 | self.context, connection_key, ConnectionRecord.INITIATOR_SELF alice-agent_1 | File "/home/indy/aries_cloudagent/connections/models/connection_record.py", line 163, in retrieve_by_invitation_key alice-agent_1 | return await cls.retrieve_by_tag_filter(context, tag_filter, post_filter) alice-agent_1 | File "/home/indy/aries_cloudagent/messaging/models/base_record.py", line 255, in retrieve_by_tag_filter alice-agent_1 | cls.__name__, tag_filter, f", {post_filter}" if post_filter else "" alice-agent_1 | aries_cloudagent.storage.error.StorageNotFoundError: ConnectionRecord record not found for {'invitation_key': '776xSHifZb6DKD7tcGmkDYasiS7q5TnevsWASU5cPrPD'}, {'state': 'invitation', 'initiator': 'self'} alice-agent_1 | alice-agent_1 | During handling of the above exception, another exception occurred: alice-agent_1 | alice-agent_1 | Traceback (most recent call last): alice-agent_1 | File "/home/indy/aries_cloudagent/protocols/connections/v1_0/handlers/connection_request_handler.py", line 31, in handle alice-agent_1 | await mgr.receive_request(context.message, context.message_receipt) alice-agent_1 | File "/home/indy/aries_cloudagent/protocols/connections/v1_0/manager.py", line 356, in receive_request alice-agent_1 | "No invitation found for pairwise connection" alice-agent_1 | aries_cloudagent.protocols.connections.v1_0.manager.ConnectionManagerError: No invitation found for pairwise connection alice-agent_1 | 2020-07-31 15:04:09,373 aiohttp.access INFO 172.22.0.100 [31/Jul/2020:15:04:09 +0000] "POST / HTTP/1.1" 200 149 "-" "Python/3.6 aiohttp/3.6.2"```

cam-parra (Fri, 31 Jul 2020 15:13:54 GMT):
Has anyone seen this kind of error before?

AlexanderHoughton (Sat, 01 Aug 2020 22:33:37 GMT):
Has joined the channel.

kukgini (Sun, 02 Aug 2020 05:42:36 GMT):
is it passable to use raw key in aca-py? i can’t see any option related with it.

andrew.whitehead (Sun, 02 Aug 2020 15:40:17 GMT):
There's some internal support but no command line option at the moment

kukgini (Mon, 03 Aug 2020 01:25:27 GMT):
I tried simply replace wallets/indy.py:27 DEFAULT_KEY_DERIVIATION = "ARGON2I_MOD" into "RAW". but it returns 'indy.error.CommonInvalidStructure'.

kukgini (Mon, 03 Aug 2020 01:25:27 GMT):
Thank you @andrew.whitehead Please could you give me some tips to use internal support? I tried simply replace wallets/indy.py:27 DEFAULT_KEY_DERIVIATION = "ARGON2I_MOD" into "RAW". but it returns 'indy.error.CommonInvalidStructure'.

andrew.whitehead (Mon, 03 Aug 2020 02:04:58 GMT):
It has to be a properly formatted key, there’s a generate_walley_key method that will provide a random one

kukgini (Mon, 03 Aug 2020 06:45:57 GMT):
Thank you @andrew.whitehead I finally found out that the wallet key only needs to be a base58 encoded 32byte binary.

sheru (Mon, 03 Aug 2020 15:20:01 GMT):
How can I add an image for the connection invitation. So when the mobile scan the QR code they will get label along with an image. Thanks

YukiB (Mon, 03 Aug 2020 16:10:08 GMT):
Has joined the channel.

YukiB (Mon, 03 Aug 2020 16:10:08 GMT):
Hello has anybody successfully configured the vc-authn-oidc? If so how did you add redirect URI?

YukiB (Mon, 03 Aug 2020 17:02:07 GMT):
When running the Django OIDC Demo, I click the "authenticate" button, then I am displayed an error message that says "{'error': 'invalid_redirect_uri'}

YukiB (Mon, 03 Aug 2020 17:04:26 GMT):
Upon inspection of the url, I see that the redirect url is "http://0.0.0.0xxxxxxxxx" when it should be "http://my-app-url"

YukiB (Mon, 03 Aug 2020 17:06:05 GMT):
Per the demo instructions, I am supposed to configure the "ClientRedirectUris", however it is not clear from the instructions how to configure this value

YukiB (Mon, 03 Aug 2020 17:08:21 GMT):
[Link to the demo instructions](https://github.com/bcgov/vc-authn-oidc/tree/master/demo#running-the-apps)

athulramesh (Mon, 03 Aug 2020 17:39:22 GMT):
Hello guys, I am trying to add a DID to the ledger using test-tokens in sovrin builder Net, using this command `pool(buildernet):my_wallet:did(6bD...P8b):indy> ledger nym did=23eQLCcUcHV9LwGjdbEexQ verkey=~XnyZh9py98hxqxPXAPe87s role=ENDORSER source_payment_address=pay:sosEpNH6CLk3ywB9WLLkEkkTBXcM fee=500000000` after executing this i got an error message like this ` Transaction has been rejected: Rule for this action is: 1 TRUSTEE signature is required OR 1 STEWARD signature is required\nFailed checks:\nConstraint: 1 TRUSTEE signature is required, Error: Not enough TRUSTEE signatures\nConstraint: 1 STEWARD signature is required, Error: Not enough STEWARD signatures`

athulramesh (Mon, 03 Aug 2020 17:39:22 GMT):
Hello guys, I am trying to add a DID to the ledger using test-tokens in sovrin builder Net, using this command `pool(buildernet):my_wallet:did(6bD...P8b):indy> ledger nym did=23eQLCcUcHV9LwGjdbEexQ verkey=~XnyZh9py98hxqxPXAPe87s role=ENDORSER source_payment_address=pay:sosEpNH6CLk3ywB9WLLkEkkTBXcM fee=500000000` after executing this i got an error message like this ``` Transaction has been rejected: Rule for this action is: 1 TRUSTEE signature is required OR 1 STEWARD signature is required\nFailed checks:\nConstraint: 1 TRUSTEE signature is required, Error: Not enough TRUSTEE signatures\nConstraint: 1 STEWARD signature is required, Error: Not enough STEWARD signatures ```

athulramesh (Mon, 03 Aug 2020 17:42:47 GMT):
what am i doing wrong or anything missed?

swcurran (Mon, 03 Aug 2020 18:53:18 GMT):
Hi @YukiB -- it's a holiday in Canada today, but @esune will be online tomorrow and be able to help you.

YukiB (Mon, 03 Aug 2020 18:56:31 GMT):
@swcurran Thanks for your response. Happy holiday.

nage (Mon, 03 Aug 2020 19:24:38 GMT):
Has joined the channel.

kukgini (Tue, 04 Aug 2020 00:06:46 GMT):
Hello everyone. I am wondering if the current AcaPy 0.5.3 is compatible with Evernym's Mobile SDK.

swcurran (Tue, 04 Aug 2020 02:08:48 GMT):
That's a question for the Evernym team. We have not been able to test the Mobile ADK with ACA-Py. It'

swcurran (Tue, 04 Aug 2020 02:08:48 GMT):
That's a question for the Evernym team. We have not been able to successfully use the Evernym mobile apps with ACA-Py.

swcurran (Tue, 04 Aug 2020 02:08:48 GMT):
That's a question for the Evernym team. We have not been able to successfully use the Evernym mobile apps with ACA-Py. but we

swcurran (Tue, 04 Aug 2020 02:08:48 GMT):
That's a question for the Evernym team. We have not been able to successfully use the Evernym mobile apps with ACA-Py. but we've not tried in a while.

kukgini (Tue, 04 Aug 2020 03:16:50 GMT):
Thank you @swcurran Are you saying that includes Connect.Me? May I ask the main reason for the incompatibility at that time?

swcurran (Tue, 04 Aug 2020 03:18:43 GMT):
Last time we checked, Connect.Me was not using all of the Aries Protocols. It was quite some time ago, so it is possible that it is now Aries-compatible. As noted -- you should check with the folks at Evernym.

kukgini (Tue, 04 Aug 2020 03:30:09 GMT):
@swcurran In my understanding, Evernym says AcaPy is unable to talk to MobileSDK because Evernym's MobileSDK needs Mediator which has "envelop inside envelop" ability. It may be misunderstood because I am not familiar with English and Aries Protocol.

swcurran (Tue, 04 Aug 2020 03:40:44 GMT):
I think I understand that, but not certain. I think they are saying, in order to use a mobile agent, you need to have a mediator agent which serves as a relay for messages between the mobile agent and any other Aries agent (ACA-Py or others). This is needed by all mobile agents ("wallets"). A single mediator agent can be a relay for all mobile agents.

WadeBarnes (Tue, 04 Aug 2020 12:51:53 GMT):
The DID you are using to write this transaction, what `role` does it have on the ledger?

WadeBarnes (Tue, 04 Aug 2020 12:54:24 GMT):
The message is telling you that to write the did to the ledger, the transaction must be signed by a DID that either has a `TRUSTEE` or `STEWARD` role.

sheru (Tue, 04 Aug 2020 12:57:15 GMT):
Good Morning all, hope everyone is doing well. I am able to make connection from the mobile app with the aca-py cloud agent. I am very sure that we can show an image along with the connection accept or reject screen on the mobile app. I am missing the `imageUrl`. can anyone please help me out to how can I set the `imageUrl` value with the connection invitation. Thanks in Advance

WadeBarnes (Tue, 04 Aug 2020 12:57:45 GMT):
To determine a DID's role(s) run `ledger get-nym did=`

esune (Tue, 04 Aug 2020 15:24:50 GMT):
I am not sure there is a standard for that yet, I have never used this functionality myself so far to be honest. I believe it's a url to an image file, however how it is interpreted is left to the receiving agents so the experience may vary.

esune (Tue, 04 Aug 2020 15:33:48 GMT):
How are you running the demo? Usually the `invalid_redirect_uri` means something is not configured properly. If you're running the demo without modifications try executing `./manage rm` for the main vc-authn-oidc shell and then starting it up again with `./manage start-demo`. If you're trying to connect your own app to vc-authn-oidc please take a look at the configurations in `appSettings.json` and refer to the IdentityServer4 docs for further standard configurations, if necessary.

AlexanderHoughton (Tue, 04 Aug 2020 19:54:53 GMT):
Hi all, I'm writing a Android Java Aries Agent client and I am at the point where I am sending a Connection Request message (RFC 0160: Connection Protocol) in response to the BC issuer kit. As far as I can tell, I am sending all the right DIDDoc data, but when it is received by the aries cloud agent at the other end it throws an exception in indy.py: File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/indy/crypto.py", line 498, in unpack_message agent_1 | unpack_message.cb) agent_1 | indy.error.CommonInvalidParam3 Upon looking at the rust code in api/crypto.rs from the indy sdk, it appears that CommonInvalidParam3 might be being returned from indy_unpack_message where it might well be failing the call to serde_json::from_slice(jwe_data.as_slice()), but I'm not a Rust coder, so I'm not sure. The data I send gets packed by the wallet and contains the 4 fields (protected, iv, ciphertext and tag) as described in Aries RFC 0019: Encryption Envelope, so that appears to be correct at least. Could anyone help shed some light on this please? I can happily supply much more information but I don't want to spam the chat with lots of debug log stuff. Many thanks in advance, apologies if this is the wrong board to ask this question.

swcurran (Tue, 04 Aug 2020 20:00:35 GMT):
@andrew.whitehead @esune ^^^

esune (Tue, 04 Aug 2020 20:01:57 GMT):
That sounds like an @andrew.whitehead question, I am not *that* familiar with the lower level protocol stuff

AlexanderHoughton (Tue, 04 Aug 2020 20:07:01 GMT):
My current hunch is that the message gets decrypted but then something gets upset trying to create the jwe_struct.

andrew.whitehead (Tue, 04 Aug 2020 20:07:38 GMT):
Yeah that seems to suggest that the data being passed in is either zero length or not parseable as JSON

AlexanderHoughton (Tue, 04 Aug 2020 20:11:32 GMT):
Yup, as you say, it looks like zero length data, or a nul lptr or something like that.

AlexanderHoughton (Tue, 04 Aug 2020 20:11:32 GMT):
Yup, as you say, it looks like zero length data, or a null ptr or something like that.

AlexanderHoughton (Tue, 04 Aug 2020 20:11:56 GMT):
The Android Studio network profiler has been most unhelpful, so I'm not convinced the POST data is even making it there

andrew.whitehead (Tue, 04 Aug 2020 20:12:36 GMT):
Starting up aca-py with a basic (non-indy) wallet would use a python native unpack so might produce a different error

swcurran (Tue, 04 Aug 2020 20:13:52 GMT):
Join us for the ACA-Py User Group tomorrow (Wednesday) at 11AM Pacific (18:00 UTC) -- the hour before the Aries WG Call. We'll have the core maintainers on the call to answer any questions. We'll be talking about the upcoming ACA-Py 0.5.4 Release, where to put the Java Admin API code, and testing Aries Mobile Wallets for Interop. Zoom link will be: https://zoom.us/j/900111661; Link to meeting agenda page: https://wiki.hyperledger.org/display/ARIES/2020-08-05+Aries+Cloud+Agent+-+Python+Users+Group+Community+Meeting Everyone is welcome!

AlexanderHoughton (Tue, 04 Aug 2020 20:16:36 GMT):
@andrew.whitehead Not to be dense (I'm a little sleepless right now) Do you mean that I should start up a local aca-py agent and send a similar connection request and see if it throws a different error?

andrew.whitehead (Tue, 04 Aug 2020 20:19:39 GMT):
You would start one up with --wallet-type basic (or just leave off --wallet-type indy). Although it wouldn't be able to connect to the ledger it can still make connections

AlexanderHoughton (Tue, 04 Aug 2020 20:20:29 GMT):
Ok, thanks.

AlexanderHoughton (Tue, 04 Aug 2020 20:27:28 GMT):
I just had a thought, I can also trry lobbing the same data from a quick C++ app via a CURL request, might be illuminating.

AlexanderHoughton (Tue, 04 Aug 2020 20:27:28 GMT):
I just had a thought, I can also try lobbing the same data from a quick C++ app via a CURL request, might be illuminating.

AlexanderHoughton (Tue, 04 Aug 2020 23:19:37 GMT):
Ok, so I put together a quick C++ app and sent a POST with the same data, using a curl request. I know the curl code is working properly as I already have it running in a production app, handling merchant transaction data. I got exactly the same error messages back.

AlexanderHoughton (Tue, 04 Aug 2020 23:20:03 GMT):
I've also been over the DidDoc format at again and I'm not seeing anything wrong, as far as I can tell.

andrew.whitehead (Tue, 04 Aug 2020 23:20:52 GMT):
Do you have a sample payload?

AlexanderHoughton (Tue, 04 Aug 2020 23:22:20 GMT):
Yes, was about to ask if I could post it here, hold on

AlexanderHoughton (Tue, 04 Aug 2020 23:22:49 GMT):
I'm sending the results of the indy wallet pack as JSON:

AlexanderHoughton (Tue, 04 Aug 2020 23:22:50 GMT):
{ "protected":"eyJlbmMiOiJ4Y2hhY2hhMjBwb2x5MTMwNV9pZXRmIiwidHlwIjoiSldNLzEuMCIsImFsZyI6IkF1dGhjcnlwdCIsInJlY2lwaWVudHMiOlt7ImVuY3J5cHRlZF9rZXkiOiJXVVhESzU0Tld1TXZUaGFqLWljNTRPcGRSWjlJUV9aODNpQ2VDNGg1ZDYxVi1lRE5kYmxhcTFlTkVIVGMwVnNlIiwiaGVhZGVyIjp7ImtpZCI6IkI1Ynh3NnZTMVYzVzJYU1NHVXZRb1E5VFY4ZnJudXpqTGVVeVNYNjVZOURZIiwiaXYiOiJWOXVSZ2VkZmpzcWZOejdWZ1NHbXdwRFdIVTdSSktvWCIsInNlbmRlciI6Ik4wUHZaUnpFeVp3RXdDdTBBVlBacW95c1JSRFZRbDN3Ry1mbkIxSElTUXk2Tm9mMlVScWxEa3VwSGRsd3YyaXdVeTZ0VU85M3VzWTUtaU12ZjRZd2JsUTQxb3NFZl9xY01lVEZVR0syVW1zSmdyOTNFOWRmQXhsU0RnPT0ifX1dfQ==", "iv":"B5dUjJDGXI3t9vNE", "ciphertext":"kUa08rRrvsZAhBg3oxg=", "tag":"2UkEzYSyDmUTh49wojYylA==" }

AlexanderHoughton (Tue, 04 Aug 2020 23:23:18 GMT):
This is the DidDoc: { "@type":"did:sov:BzCbsNYhMrjHiqZDTUASHg;spec\/connections\/1.0\/request", "@id":"e3dc5032-20fc-4816-a5ad-89de2a473157", "label":"android-aries-testbed", "connection": { "DID":"34mVrqnpEWEyNfqa7JpBrw", "DIDDoc": { "id":"34mVrqnpEWEyNfqa7JpBrw", "publicKey": { "id":"did:sov:34mVrqnpEWEyNfqa7JpBrw#1", "type":"publicKeyBase58", "controller":"did:sov:34mVrqnpEWEyNfqa7JpBrw", "publicKeyBase58":"28H5UzMjAWHhzhfndBuY2QznKmiv5Mu8H6nmzZ9DAGWA" }, "authentication": { "type":"publicKeyBase58", "publicKey":"did:sov:34mVrqnpEWEyNfqa7JpBrw#1"}, "service": { "id":"did:sov:34mVrqnpEWEyNfqa7JpBrw;indy", "type":"IndyAgent", "priority":0, "serviceEndpoint":"https:\/\/4e7d6e11b7d8.ngrok.io", "recipientKeys":["28H5UzMjAWHhzhfndBuY2QznKmiv5Mu8H6nmzZ9DAGWA"]}, "@context":"https:\/\/w3id.org\/did\/v1" } } }

AlexanderHoughton (Tue, 04 Aug 2020 23:23:45 GMT):
I think I had some of the publicKey wrong, but changing it it hasn't made any difference.

AlexanderHoughton (Tue, 04 Aug 2020 23:23:45 GMT):
I think I had some of the publicKey data wrong, but changing it it hasn't made any difference.

AlexanderHoughton (Tue, 04 Aug 2020 23:24:41 GMT):
I seems almost as if I'm supposed to wrap the json data (protected, ciphertext, etc.) inside another json object before sending.

AlexanderHoughton (Tue, 04 Aug 2020 23:25:08 GMT):
...because one of the exceptions thrown is: 2020-08-04 23:16:25,529 aries_cloudagent.core.dispatcher ERROR Message parsing failed: Message does not contain '@type' parameter, sending problem report

AlexanderHoughton (Tue, 04 Aug 2020 23:25:33 GMT):
....which is obviously in the DidDoc I sent. I feel quite dumb, but I'm not seeing what the problem is

andrew.whitehead (Tue, 04 Aug 2020 23:26:07 GMT):
That error means that it gave up trying to unpack it and tried interpreting it as an unpacked message just in case

AlexanderHoughton (Tue, 04 Aug 2020 23:26:17 GMT):
right, that makes sense

AlexanderHoughton (Tue, 04 Aug 2020 23:26:31 GMT):
I just don't understand why it's failing to unpack it

andrew.whitehead (Tue, 04 Aug 2020 23:27:26 GMT):
You’re packing it with indy-sdk?

AlexanderHoughton (Tue, 04 Aug 2020 23:27:34 GMT):
Oh, one thing that sprang to mind (clutching at straws here), I'm linking against the libindy 1.15.0-1563, should I be linking against an earlier version, or does it not matter.

esune (Tue, 04 Aug 2020 23:28:03 GMT):
Could it be wrong keys being used, for some reason, resulting in the unpack action failing?

AlexanderHoughton (Tue, 04 Aug 2020 23:28:38 GMT):
Good point, I'm using the recipientKey sent int the invitation that came from the QR code: { "@type":"did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/connections/1.0/invitation", "@id":"e3dc5032-20fc-4816-a5ad-89de2a473157", "serviceEndpoint":"https://4e7d6e11b7d8.ngrok.io", "recipientKeys":["B5bxw6vS1V3W2XSSGUvQoQ9TV8frnuzjLeUySX65Y9DY"], "label":"issuer-kit-demo" }

AlexanderHoughton (Tue, 04 Aug 2020 23:28:38 GMT):
Good point, I'm using the recipientKey sent in the invitation that came from the QR code: { "@type":"did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/connections/1.0/invitation", "@id":"e3dc5032-20fc-4816-a5ad-89de2a473157", "serviceEndpoint":"https://4e7d6e11b7d8.ngrok.io", "recipientKeys":["B5bxw6vS1V3W2XSSGUvQoQ9TV8frnuzjLeUySX65Y9DY"], "label":"issuer-kit-demo" }

AlexanderHoughton (Tue, 04 Aug 2020 23:29:09 GMT):
...sent to the pack function as an recipientKey array of size 1, of course.

andrew.whitehead (Tue, 04 Aug 2020 23:30:02 GMT):
That sdk version should be fine. Ciphertext seems oddly short to me

AlexanderHoughton (Tue, 04 Aug 2020 23:31:35 GMT):
I'll give the android app another run now, see what the cipher text is like

AlexanderHoughton (Tue, 04 Aug 2020 23:34:22 GMT):
Ok, different invitation data, ,with a longer cipher text but the same response from the server.

AlexanderHoughton (Tue, 04 Aug 2020 23:34:25 GMT):
Data sent was:

AlexanderHoughton (Tue, 04 Aug 2020 23:34:26 GMT):
{ "protected":"eyJlbmMiOiJ4Y2hhY2hhMjBwb2x5MTMwNV9pZXRmIiwidHlwIjoiSldNLzEuMCIsImFsZyI6IkF1dGhjcnlwdCIsInJlY2lwaWVudHMiOlt7ImVuY3J5cHRlZF9rZXkiOiJPRUxNalhBS3VlMHhDdm9zSkVzWkhEUjd2dDRRSDJHemw1RkxoTldPVEg0djhmU1ExWlM3eFRNWWl3alBfX2c2IiwiaGVhZGVyIjp7ImtpZCI6IkhBUzRvVmtZRVZGTWVwWVM5eEVkckQ0cWttU1FxQ1AzbUdXNXcxc0E2Sjh2IiwiaXYiOiJGcFgtY2RoX1YyX194TjhPLUhSb24tdzBYY0xLNnJyMyIsInNlbmRlciI6InF4Q1JrcmhXN2M5eXNHSHVTY05lNlpUN1NNMnpqNWVkeUZNSkR6ay1hVFhZYzVnZWdCdWcyUDNBNmF5VUNzdENNdjhrVk8yY2U5OXo1Z3daZ0JGWUJzNWJ6eGlBLXVnemhOTDNsMHI1dTNmM3NsZ1ljVWoxelB4RXNZTT0ifX1dfQ==", "iv":"2a1TrXm_ntcU_yig", "ciphertext":"DRxQaZkz5X59DYCrPdgTJ-Yv4F40uVQSUile27xACYvnrhHHD0fWiLWpTN6KQPK0TFFl3bK50TC7xNwL2kbm5mxjq5nrityZUqiM_XdCkJXxVnWrNr5540qSp4y9l2lMtCEwRkee6E1rzKVfI_O0lPs3bAPrVz-47_7E00Pgdo2PquBqtBPuNoawOz0_lEvtiXlJ5vBuFf-1y3KdWzoYW5ZqDnPWqZCgcP5G88uzkzOB4N03l5uYdL2YoflK9jNiraOBOVb4W_I6MkeL6KRaHRqe2iTjmnVsnP_lkZOCBzFzHKjZ6IWQx2jMqF4upyevIDoW2x0vUtXXXRAkXofWOiIxsOQGYDrj_WZpivi8sjTkYNEvbuAuD7--9WNjPuwhIavy20tR1nwsZ35CaBrr2hC_xefJdNA-7ynQrBayqShMdfi4K-deQUF8dmaQXXQeObEq51mbJ_iqG4nrzAOayqUVYu1Tz35k8bjnfwaqidnfUQIjfdoFBJzSyEEpi2h-GUC9KbnnPDp4mezEaigOzWN3k1Etow1rwPTCyX4EGOrZTMTcCcRl9q7CLsbTq6vvKT-0fz8ai3yuE1YPzPtGCiYu3R_iP3cB7NSTjGHIeiSXkxKzLLcI3VQenCNsZS3UkeGJZSICT7YMvXzWtdjLiDj-3J5c8I9YjvWH1YE6pwUURLFYUfHon3xkEKbUkyHqR7G4GEcK7F6W1h4nDF4fbOlY50l9SKU3WaZPlcim26f26g8iO0G7Dmu1lLAauaL6RetLI3vzaJfIP-mxG9btkZEo8bJ5ymXVNU5IELP5O7tcUu8QrKsqUzHiVKkDkyf6oDarVr3VFFCsbLRcQNxpG1I0236TV32QzwZ0nxh0tbAMzwZwDXfrv2kKEm0oZ_ZJsTL0zOSAaLMpRb2265_ICZVafw5jSozDsw8LdRwCu-sISoSORaJGs6y6u-0r615JgduSGmj07nfq473uWlpzzRRRRDxvfRSvHcmvnKlE_MdJu79IKQ_rdd4BxgPybckYj9Bm4fUHGgLkVlIdQq11fN4Pns052hfqmrKmQn6xhfWRhryJAY_y3t6UyHFdWzQKI5zj11tcIw==", "tag":"cM15ssQP9J-pbtbpp_2L3Q==" }

AlexanderHoughton (Tue, 04 Aug 2020 23:35:01 GMT):
This is the error that appears most relevant: 2020-08-04 23:33:29,664 aries_cloudagent.core.dispatcher ERROR Handler error: PackWireFormat.unpack agent_1 | Traceback (most recent call last): agent_1 | File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aries_cloudagent/wallet/indy.py", line 665, in unpack_message agent_1 | unpacked_json = await indy.crypto.unpack_message(self.handle, enc_message) agent_1 | File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/indy/crypto.py", line 498, in unpack_message agent_1 | unpack_message.cb) agent_1 | indy.error.CommonInvalidParam3

AlexanderHoughton (Tue, 04 Aug 2020 23:37:48 GMT):
Ooo, I think I may have spotted something.

AlexanderHoughton (Tue, 04 Aug 2020 23:39:48 GMT):
The packMessage function in Crypto.java (from org.hyperledger:indy:1.14.0) that calls the Rust function LibIndy.api.indy_pack_message (I think) has the following comment: *Note to use DID keys with this function you can call Did.keyForDid to get key id (verkey) for specific DID.*

AlexanderHoughton (Tue, 04 Aug 2020 23:40:25 GMT):
Do I need to transform the recipientKey(s) in some way before adding them to the pack function args?

esune (Tue, 04 Aug 2020 23:40:56 GMT):
Andrew can correct me, but I think you need to use the sender public key to unpack the message.

esune (Tue, 04 Aug 2020 23:41:23 GMT):
But I may be wrong as it is later in the day :sweat_smile:

esune (Tue, 04 Aug 2020 23:42:10 GMT):
It makes sense to me that if I send you a message encrypted, I would not send the keys alongside with it. It would be for me to know who sent it and us.e the public key to decrypt

esune (Tue, 04 Aug 2020 23:42:10 GMT):
It makes sense to me that if I send you a message encrypted, I would not send the keys alongside with it. It would be for you to know who sent it and use the public key to decrypt

AlexanderHoughton (Tue, 04 Aug 2020 23:42:11 GMT):
No, you may well have a good point there, I've probably got recipientKey and senderVerLey swapped or something dumb like that.

AlexanderHoughton (Tue, 04 Aug 2020 23:42:39 GMT):
I'll swap them around and see if it explodes in a different way

esune (Tue, 04 Aug 2020 23:43:04 GMT):
I always get a bit confused by this stuff so hopefully I am not sending you off in the wrong direction :D

AlexanderHoughton (Tue, 04 Aug 2020 23:44:11 GMT):
Not all, I'm very confused right now and at the point of 'hit it with random hammers until it works'

AlexanderHoughton (Tue, 04 Aug 2020 23:44:11 GMT):
Not at all, I'm very confused right now and at the point of 'hit it with random hammers until it works'

AlexanderHoughton (Tue, 04 Aug 2020 23:52:08 GMT):
Ok, it was worth double checking, but the wallet threw a wobbly when I swapped the recipient and sender keys around: org.hyperledger.indy.sdk.wallet.WalletItemNotFoundException: No value with the specified key exists in the wallet from which it was requested.

AlexanderHoughton (Tue, 04 Aug 2020 23:52:08 GMT):
Ok, it was worth double checking, but on packing the message the wallet threw a wobbly when I swapped the recipient and sender keys around: org.hyperledger.indy.sdk.wallet.WalletItemNotFoundException: No value with the specified key exists in the wallet from which it was requested.

andrew.whitehead (Tue, 04 Aug 2020 23:53:16 GMT):
I think it’s more likely something to do with how the request is posted

AlexanderHoughton (Tue, 04 Aug 2020 23:54:26 GMT):
Yes, that was my guess, but I've tried 2 different Android libraries/code (HttpConnecion and Volley) and curllib via C++ (used in production, so I know that) works and I ge the same error from the server

AlexanderHoughton (Tue, 04 Aug 2020 23:54:26 GMT):
Yes, that was my guess, but I've tried 2 different Android libraries/code (HttpConnecrion and Volley) and curllib via C++ (used in production, so I know that) works and I get the same error from the server

AlexanderHoughton (Tue, 04 Aug 2020 23:54:26 GMT):
Yes, that was my guess, but I've tried 2 different Android libraries/code (HttpConnection and Volley) and curllib via C++ (used in production, so I know that) works and I get the same error from the server

AlexanderHoughton (Tue, 04 Aug 2020 23:54:26 GMT):
Yes, that was my guess, but I've tried 2 different Android libraries/code (HttpUrlConnection and Volley) and curllib via C++ (used in production, so I know that works) and I get the same error from the issuer kit agent

AlexanderHoughton (Tue, 04 Aug 2020 23:55:54 GMT):
I noticed earlier that the aries .NET framework appears to use a mime type of application/ssi-agent-wire, whereas I've been using a mime type of application/json. Could that make a difference?

andrew.whitehead (Tue, 04 Aug 2020 23:56:42 GMT):
You should use the first one for now

AlexanderHoughton (Tue, 04 Aug 2020 23:57:36 GMT):
Ok, I don't think Volley will let me set that for a json request, but I can use the regular Android HttpURLConnection and set the mime type in the header myself.

AlexanderHoughton (Tue, 04 Aug 2020 23:57:41 GMT):
Will try it now

AlexanderHoughton (Wed, 05 Aug 2020 00:02:20 GMT):
Hey! I think it got passed the message unpack, but now something else appears to really hate the DidDoc data I sent.

AlexanderHoughton (Wed, 05 Aug 2020 00:02:26 GMT):
Sorry for the following spam: 2020-08-05 00:00:33,373 aries_cloudagent.core.conductor ERROR Exception in message handler: agent_1 | Traceback (most recent call last): agent_1 | File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aries_cloudagent/core/dispatcher.py", line 140, in handle_message agent_1 | message = await self.make_message(inbound_message.payload) agent_1 | File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aries_cloudagent/core/dispatcher.py", line 222, in make_message agent_1 | instance = message_cls.deserialize(parsed_msg) agent_1 | File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aries_cloudagent/messaging/models/base.py", line 127, in deserialize agent_1 | return schema.loads(obj) if isinstance(obj, str) else schema.load(obj) agent_1 | File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/marshmallow/schema.py", line 723, in load agent_1 | data, many=many, partial=partial, unknown=unknown, postprocess=True agent_1 | File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/marshmallow/schema.py", line 861, in _do_load agent_1 | unknown=unknown, agent_1 | File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/marshmallow/schema.py", line 669, in _deserialize agent_1 | index=index, agent_1 | File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/marshmallow/schema.py", line 493, in _call_and_store agent_1 | value = getter_func(data) agent_1 | File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/marshmallow/schema.py", line 662, in agent_1 | val, field_name, data, **d_kwargs agent_1 | File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/marshmallow/fields.py", line 342, in deserialize agent_1 | output = self._deserialize(value, attr, data, **kwargs) agent_1 | File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/marshmallow/fields.py", line 597, in _deserialize agent_1 | return self._load(value, data, partial=partial) agent_1 | File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/marshmallow/fields.py", line 580, in _load agent_1 | valid_data = self.schema.load(value, unknown=self.unknown, partial=partial) agent_1 | File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/marshmallow/schema.py", line 723, in load agent_1 | data, many=many, partial=partial, unknown=unknown, postprocess=True agent_1 | File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/marshmallow/schema.py", line 861, in _do_load agent_1 | unknown=unknown, agent_1 | File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/marshmallow/schema.py", line 669, in _deserialize agent_1 | index=index, agent_1 | File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/marshmallow/schema.py", line 493, in _call_and_store agent_1 | value = getter_func(data) agent_1 | File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/marshmallow/schema.py", line 662, in agent_1 | val, field_name, data, **d_kwargs agent_1 | File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/marshmallow/fields.py", line 342, in deserialize agent_1 | output = self._deserialize(value, attr, data, **kwargs) agent_1 | File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aries_cloudagent/protocols/connections/v1_0/models/connection_detail.py", line 37, in _deserialize agent_1 | return DIDDoc.deserialize(value) agent_1 | File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aries_cloudagent/connections/models/diddoc/diddoc.py", line 255, in deserialize agent_1 | pubkey_type = PublicKeyType.get(pubkey["type"])

AlexanderHoughton (Wed, 05 Aug 2020 00:02:51 GMT):
I've clearly messed up some of the data I sent, will fix and get back to you guys.

AlexanderHoughton (Wed, 05 Aug 2020 00:03:05 GMT):
Thank you to all for being so helpful, I should be able to get it fixed up.

AlexanderHoughton (Wed, 05 Aug 2020 00:04:45 GMT):
Looks like I'm sending a string when I should be sending a an enum (enums in Java are not fun)

AlexanderHoughton (Wed, 05 Aug 2020 00:04:45 GMT):
Looks like I'm sending a string when I should be sending an enum integer (enums in Java are not fun)

andrew.whitehead (Wed, 05 Aug 2020 00:11:04 GMT):
That seems to show the trace but not the actual error. Not sure what you mean about an enum integer

AlexanderHoughton (Wed, 05 Aug 2020 00:13:12 GMT):
sorry, I tihink I missed part of the error message

AlexanderHoughton (Wed, 05 Aug 2020 00:13:12 GMT):
sorry, I think I missed part of the error message

AlexanderHoughton (Wed, 05 Aug 2020 00:13:23 GMT):
| File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aries_cloudagent/connections/models/diddoc/diddoc.py", line 255, in deserialize agent_1 | pubkey_type = PublicKeyType.get(pubkey["type"]) agent_1 | TypeError: string indices must be integers

andrew.whitehead (Wed, 05 Aug 2020 00:15:40 GMT):
Hm. I think maybe publicKey is meant to be an array

AlexanderHoughton (Wed, 05 Aug 2020 00:19:27 GMT):
yes, I think you're probably right

AlexanderHoughton (Wed, 05 Aug 2020 00:28:04 GMT):
I have to stop for the day. Thanks again to everyone for all their help. I'll get back to this in the morning.

andrew.whitehead (Wed, 05 Aug 2020 00:29:15 GMT):
Okay, good luck

jcourt (Wed, 05 Aug 2020 06:37:43 GMT):
I am having a

jcourt (Wed, 05 Aug 2020 06:37:43 GMT):
I am having a CORS problem with ACA-py is there any way to configure its Access-Control-Allow-Origin: response header ? I have looked through all the help but can't find the answer. Is this something usually left to the reverse proxy with ACA-py ?

jcourt (Wed, 05 Aug 2020 08:12:02 GMT):
So I can manually force it by changing the transport/inbound/http.py HttpTransport::inbound_message_handler() function to change the response headers, this clearly isn't the right approach :-)

AlexanderHoughton (Wed, 05 Aug 2020 12:09:09 GMT):
@andrew.whitehead you were right, I had to change the publicKey field in the DidDoc to an array. The Connection Request works now! Thanks to everyone for their help.

andrew.whitehead (Wed, 05 Aug 2020 15:47:40 GMT):
I don't think it's ever come up. You're trying to post a message from a browser I assume?

jameshiester (Wed, 05 Aug 2020 17:27:04 GMT):
in proof request is the key of the requested value flexible? (e.g. can 0_name_uuid be replaced with other things? The docs mentioned a referent, is that what's being done here? I'm assuming uuid could be any value, does the middle field have to equal the name of the attribute?) "requested_attributes": { "0_name_uuid": { "name": "name", "restrictions": [ { "cred_def_id": "WgWxqztrNooG92RXvxSTWv:3:CL:20:tag" } ] },

esune (Wed, 05 Aug 2020 17:36:59 GMT):
Yes, as long as it is a unique key within that proof-request the referent can be set to whatever value you want it to be

jameshiester (Wed, 05 Aug 2020 17:42:21 GMT):
so is the whole key the referent then? So I could use Property1: { name: name, ...}, Property2: {name: date,...}

jameshiester (Wed, 05 Aug 2020 17:43:27 GMT):
is there such a thing as an attribute level comment?

esune (Wed, 05 Aug 2020 17:44:09 GMT):
What do you mean exactly? What are you looking to achieve?

jameshiester (Wed, 05 Aug 2020 17:45:51 GMT):
Possibly something where if I'm asking for the user's name, I could add a comment of why I'm asking for their name. I guess I could do that in the general comment. Also, is there a way to accept one from several cred_def_ids? So I could accept a driver's license from different states, or would I have to iterate through the proof requests for each cred_def?

esune (Wed, 05 Aug 2020 17:48:04 GMT):
About the comment: I don't think there is something like that, I can see the use-case, bowever that would complicate the UX for mobile wallets by a lot since in theory there could be anything (or nothing) in the attribute-specific comment. I think, at least for the time being, that kind of extra information is delegated to the app presenting the proof (e.g.: the page where the QR code is displayed could have info about the request itself).

esune (Wed, 05 Aug 2020 17:49:32 GMT):
About accepting attributes from multiple credentials: yes, that is definitely possible. A you can see, the `restrictions` property is an array: you can add multiple items to the array, that will be processed in an *OR* clause for that restriction

esune (Wed, 05 Aug 2020 17:51:13 GMT):
Additionally, if you want to request more than one attribute from the same credential (using the same restriction), rather than requesting multiple fields with multiple restrictions using the `"name": "Name"` property, you can instead declare something like `"names": ["Name", "Surname"]`

esune (Wed, 05 Aug 2020 17:51:43 GMT):
The latter will ask that both Name and Surname come from the *same credential*

jameshiester (Wed, 05 Aug 2020 17:52:28 GMT):
How would I configure the OR clause?

jameshiester (Wed, 05 Aug 2020 17:52:50 GMT):
or is that the default for the array

esune (Wed, 05 Aug 2020 17:53:08 GMT):
that's how the array is interpreted. each item in the arry is part of the OR

esune (Wed, 05 Aug 2020 17:53:08 GMT):
that's how the array is interpreted. each item in the array is joined in the OR

esune (Wed, 05 Aug 2020 17:53:56 GMT):
``` "restrictions": [ { "cred_def_id": "WgWxqztrNooG92RXvxSTWv:3:CL:20:tag" }, { "cred_def_id": "abc:3:CL:20:tag" } ```

esune (Wed, 05 Aug 2020 17:53:56 GMT):
``` "restrictions": [ { "cred_def_id": "WgWxqztrNooG92RXvxSTWv:3:CL:20:tag" }, { "cred_def_id": "abc:3:CL:20:tag" } ``` means an attribute from either the first cred_def OR the second

jameshiester (Wed, 05 Aug 2020 17:55:07 GMT):
got it. sorry, is there a doc on this so I don't keep bothering you with questions? I was looking at the RFC and tutorial but neither went into much detail. What else can be included in a restriction?

esune (Wed, 05 Aug 2020 17:55:54 GMT):
I would like a document as well :P

esune (Wed, 05 Aug 2020 17:56:20 GMT):
C.C.: @swcurran

esune (Wed, 05 Aug 2020 17:58:28 GMT):
In general, restrictions can declare: - `issuer_did` - `schema_issuer_did` - `schema_name` - `schema_version` - `schema_id` - `cred_def_id` - other restrictions defined using WQL (such as `"attr::name::value": "esune"`)

esune (Wed, 05 Aug 2020 17:59:11 GMT):
The last item is the blurriest to me to be honest, as well as how to correctly handle predicates

esune (Wed, 05 Aug 2020 17:59:57 GMT):
Some details on WQL here: https://github.com/hyperledger/indy-sdk/tree/master/docs/design/011-wallet-query-language

jameshiester (Wed, 05 Aug 2020 18:00:27 GMT):
do mobile wallets today autogenerate forms around the mime/types and selfAttestedAttributes or how are those typically populated?

esune (Wed, 05 Aug 2020 18:01:12 GMT):
However the docs, as you have found out, are a bit scattered and not very friendly for onboarding/quick walkthrough so hoping to get something together that explains restrictions better in the near future

esune (Wed, 05 Aug 2020 18:01:34 GMT):
I am not sure I understand what you mean

jameshiester (Wed, 05 Aug 2020 18:01:55 GMT):
"0_self_attested_thing_uuid": { "name": "self_attested_thing" }

jameshiester (Wed, 05 Aug 2020 18:03:32 GMT):
I'm assuming that could be something like {name: how are you feeling today"} and the user could populate it in the proof with their own value?

esune (Wed, 05 Aug 2020 18:03:46 GMT):
Oh, I see. I am not sure how that works, I have only ever encountered self-attested text attributes AND I know mobile wallets are currently working on improving the UX for self-attested attributes altogether

esune (Wed, 05 Aug 2020 18:04:06 GMT):
Yes, if there are no restrictions it will assume the user can fill it with anything

esune (Wed, 05 Aug 2020 18:04:48 GMT):
But again, I am not 100% sure this is working as expected in all wallets

jameshiester (Wed, 05 Aug 2020 18:10:05 GMT):
The self attested component seems like a cool feature, but yeah, especially with disparate agents probably super hard to implement/handle exceptions

esune (Wed, 05 Aug 2020 18:11:04 GMT):
@ianco has been working a bit on self-attested attributes so he may have more to add on that based on his experience.

fhmarino (Wed, 05 Aug 2020 18:42:46 GMT):
Has joined the channel.

jcourt (Wed, 05 Aug 2020 20:02:09 GMT):
I would have thought someone would have generated an API using OpenAPI and written a Controller before me ? Yes it is from a browser, I have everything running on Docker on localhost but of course the different port numbers is upsetting CORS in Chrome

andrew.whitehead (Wed, 05 Aug 2020 20:06:35 GMT):
A controller shouldn't need to use that endpoint though, the admin endpoint does have CORS headers set

jcourt (Wed, 05 Aug 2020 20:08:10 GMT):
Thats interesting it is the Admin endpoint that I am hitting ? Where is the header set I couldn't find it, admittedly I am still running 0.5.2 will go directly to 0.5.4 when released.

andrew.whitehead (Wed, 05 Aug 2020 20:09:49 GMT):
You should be hitting the admin endpoint if you're using the openAPI interface

andrew.whitehead (Wed, 05 Aug 2020 20:10:20 GMT):
The headers are added using the aiohttp_cors plugin

jcourt (Wed, 05 Aug 2020 20:11:05 GMT):
Ok I will try and hunt down why that isn't happening, wonder if that plugin isn't loading

andrew.whitehead (Wed, 05 Aug 2020 20:11:36 GMT):
It sounds like you're addressing the wrong port

jcourt (Wed, 05 Aug 2020 20:11:41 GMT):
BTW is the PUG still on this morning ? It says its still waiting for the meeting to start

andrew.whitehead (Wed, 05 Aug 2020 20:12:07 GMT):
It was on at 11 PST, the meeting was recorded though

jcourt (Wed, 05 Aug 2020 20:12:19 GMT):
If it is the wrong port it is still reponding correctly to admin requests :-)

jcourt (Wed, 05 Aug 2020 20:13:37 GMT):
Well once again good old Daylight savings has caught me out !

jcourt (Wed, 05 Aug 2020 20:14:26 GMT):
Here I was thinking 6am was early enough :-)

jcourt (Wed, 05 Aug 2020 20:24:07 GMT):
I don't think it is hitting the wrong port. I wouldn't expect the admin interface to respond on the wrong port and I can do admin actions like getting wallet did.

jcourt (Wed, 05 Aug 2020 20:24:45 GMT):
Also I am using the X-API-key header for auth and that is being checked and fails if I don't include it

jcourt (Wed, 05 Aug 2020 20:29:36 GMT):
A search through the code doesn't find reference to aiohttp_cors where should it get loaded ?

andrew.whitehead (Wed, 05 Aug 2020 20:35:55 GMT):
It seems to be working fine for the protocol routes, but not for the index page or the swagger.json. I get these headers after submitting a form with the swagger UI: ```Access-Control-Allow-Credentials: true Access-Control-Allow-Origin: http://localhost:8031 Access-Control-Expose-Headers```

jcourt (Wed, 05 Aug 2020 20:35:55 GMT):
server.py loads it .... hmm something funny going on with my searches

andrew.whitehead (Wed, 05 Aug 2020 20:37:28 GMT):
I think the HEAD request was disabled not that long ago, I'm not sure why but that might affect the CORS check

jcourt (Wed, 05 Aug 2020 20:38:07 GMT):
Likely the browser will send a HEAD before attempting a URL fetch to test the CORs possibly

jcourt (Wed, 05 Aug 2020 20:39:02 GMT):
Was there a change set I could look at for the HEAD disabling ?

jcourt (Wed, 05 Aug 2020 20:39:16 GMT):
I could try re-enabling and see if that solves the problem

andrew.whitehead (Wed, 05 Aug 2020 20:40:04 GMT):
I think it affected all the different protocol modules, setting allow_head=False

andrew.whitehead (Wed, 05 Aug 2020 20:44:04 GMT):
@sklump was working on that one

jcourt (Wed, 05 Aug 2020 20:46:19 GMT):
Ok I found the cors setup

ianco (Wed, 05 Aug 2020 20:46:26 GMT):
Self-attested is working in the latest version of esatus (1.8), I'm not sure about other wallets

ianco (Wed, 05 Aug 2020 20:47:04 GMT):
(in fact I'm pretty sure it's not yet working in other mobile wallets)

jcourt (Wed, 05 Aug 2020 21:07:34 GMT):
I stepped though all the cors.add(route) and its not adding index or swagger.json just the routes under /

jcourt (Wed, 05 Aug 2020 21:08:48 GMT):
Though / should pick up index.html

swcurran (Wed, 05 Aug 2020 23:29:57 GMT):
@jameshiester -- where you are the Aries WG call when we were talking about the DIF Presentation Definition/Submission process. I think some of the things you are talking about here are covered there -- the why's.

swcurran (Wed, 05 Aug 2020 23:30:19 GMT):
https://github.com/decentralized-identity/presentation-exchange

jameshiester (Wed, 05 Aug 2020 23:31:57 GMT):
@swcurran had to drop off after the user group call. Thanks for the info. That's some great documentation right there!

jameshiester (Wed, 05 Aug 2020 23:33:15 GMT):
this is the json format there's been discussion around supporting?

swcurran (Wed, 05 Aug 2020 23:40:09 GMT):
Yes -- I did a bit of presentation on it. The heavy lifting will be doing the wallet querying to find the credentials that match. Non-trivial. The Indy team did a great job with the same functionality based on the Indy Presentation Request format.

jameshiester (Wed, 05 Aug 2020 23:45:20 GMT):
aca-py will support both formats then?

swcurran (Thu, 06 Aug 2020 16:46:49 GMT):
Eventually, but it will take some collaboration. I would expect it tied to the work being done on an Aries Wallet.

juliamourac (Thu, 06 Aug 2020 17:48:56 GMT):
Has joined the channel.

HLFPOC (Fri, 07 Aug 2020 17:35:02 GMT):
Hi Team, I am currently working with v0.5.1 of ACA-Py and creating cred-defs using Admin APIs( swagger interface) is taking around 40-50 secs. Earlier it used to take around 10 seconds so not able to figure out what could be the issue here. CPU utilization of the instance is around 20% on an average and agent process consumes upto 97% cpu while creating cred-def. Can you please recommend if there is something can be done to speed up the cred-def process apart from scaling the instance configuration ?

andrew.whitehead (Fri, 07 Aug 2020 18:25:25 GMT):
Sounds like it's creating a revocation registry?

sklump (Fri, 07 Aug 2020 18:26:33 GMT):
not at release 0.5.1 it's not

HLFPOC (Fri, 07 Aug 2020 18:28:01 GMT):
yes, for creating revocation registry, i use different API

nc-crtr_linx (Fri, 07 Aug 2020 18:54:34 GMT):
@swcurran @sklump Do you know if there is any Data flow diagrams that shows how data flows between aries <> indy <> Agents <> Controllers?

sklump (Fri, 07 Aug 2020 19:08:05 GMT):
Not that I know of at present - what an excellent opportunity for the community to help out

swcurran (Fri, 07 Aug 2020 19:40:33 GMT):
In the ACA-Py repo, there is an architectural deep-dive presentation and webinar that covers the ACA-Py <--> Controller flow. There are some flows in the Indy-SDK about Agent <-> Indy flows for various interactions -- e.g. issuing a credential, presenting a proof.

jameshiester (Fri, 07 Aug 2020 20:30:36 GMT):
is the presentation request created in the authn-OIDC project created without an existing connection?

esune (Fri, 07 Aug 2020 20:37:33 GMT):
Yes, it is connection-less. The way it works is: - create a new proof request not bound to an existing/active connection - use a service decorator to provide routing information to the holder agent - thread_id is used to figure out which request the holder is responding to, I believe

jameshiester (Fri, 07 Aug 2020 20:46:46 GMT):
thanks. I wonder if it would be a good/bad idea to use nonce from a security standpoint to correlate the request

esune (Fri, 07 Aug 2020 20:52:39 GMT):
the thread_id is known to both agents (holder and verifier) and allows a thread of messages to be linked together. The nonce is embedded in the encoded payload of the proof-request, not sure if/how it is being used. From a security standpoint, there should not be an easy way of intercepting the message once it is sent from the holder to the verifier, since communication happens on an agent-to-agent protocolthat is protected by their encryption keys. The "weak" point here is if someone who isn't the recipient of the authorization request intercepts the proof-request and sends a response acting in place of the holder, but even there they would need to have credentials that satisfy the restrictions in order to be let in and therefore they would be authorized to access the resource anyway

nc-crtr_linx (Fri, 07 Aug 2020 21:29:17 GMT):
Thanks! I'm specifically looking to see if there are any diagrams that shows how data flows between the 4 layers of the ToIP stack, including agents, when the user interacts with Aries.

rileyphughes (Sat, 08 Aug 2020 02:26:53 GMT):
you can think of connectionless issuance and verification not as "connectionless" per se but as ephemeral. so the DIDComm connection is not persistent, but disappears after the interaction takes place. you can read more about it here: https://docs.trinsic.id/docs/connectionless-exchanges

jcourt (Sun, 09 Aug 2020 22:26:31 GMT):
Is there any way to determine from ACA-py, which DIDs have been written to the public ledger vs created and private ? I thought the "public" attribute in the DID details would indicate that but it seems that only indicates which DID is currently being used for ACA-py's public endpoint.

athulramesh (Mon, 10 Aug 2020 08:00:10 GMT):
Hi all, I have a doubt regarding the token and payment address generation in ACA-Py. I connected my ACA-Py agent to the builder network of Indy and create a wallet. 1. How to manage token and payment address in acapy? @swcurran

ankita.p (Tue, 11 Aug 2020 00:08:40 GMT):
Hi all, I got into a situation an hour back where I am calling credential-offer API only once but I am seeing multiple requests responses for the same message type and message object on aca-py agent logs. Due to this multiple certificates are getting generated causing failure of further process. Any help on this is appreciated

swcurran (Tue, 11 Aug 2020 14:00:34 GMT):
There is no payment token support in ACA-Py and at this point it is not planned. Some folks working on the Aries Toolbox did some prototyping with tokens, but I'm not sure whether that was related to ACA-Py or something else.

swcurran (Tue, 11 Aug 2020 14:01:21 GMT):
I would expect the devs will want to see some logs on that issue. Sounds interesting :-).

jameshiester (Tue, 11 Aug 2020 14:37:35 GMT):
can someone help me find the doc on the endpoint format (the ones in the attr transaction)? Looking for the format for how different protocol endpoints would be defined. It looks like the system would assume data: {endpoint: {endpoint: ...}} would default to tcp? Is that a correct assumption or would I want to look at the format of the endpoint address itself?

darkchylde (Tue, 11 Aug 2020 14:41:26 GMT):
Has joined the channel.

darkchylde (Tue, 11 Aug 2020 14:41:26 GMT):
Hi all, I was wondering where the wallet data is stored ? Is there any particular path, that I can check out. Is there any wallet export/import functionality within the cloud agent ? Any help on this is appreciated.

sklump (Tue, 11 Aug 2020 14:48:07 GMT):
Best would be to drop to the indy layer for an indy wallet: https://github.com/hyperledger/indy-sdk/blob/064b15cef7952d11223b87c1e6d542ccd1e25fe5/wrappers/python/indy/wallet.py#L253

athulramesh (Tue, 11 Aug 2020 15:14:57 GMT):
ok thank you @swcurran I had connected my aca-py agent to sovrin builder network. Then how can I do transactions to sovrin network using aca-py agent without using token or are there any other methods?

swcurran (Tue, 11 Aug 2020 15:41:19 GMT):
@andrew.whitehead ^^

swcurran (Tue, 11 Aug 2020 15:42:04 GMT):
I don't think that they are needed, but not certain.

jameshiester (Tue, 11 Aug 2020 17:14:02 GMT):
are there size limits on attribute values? Like if I wanted to include the full content of a file inside a credential?

sklump (Tue, 11 Aug 2020 17:17:24 GMT):
I suggest you ask this in the indy-sdk group. I believe they had proven them out to 300kB, but that was over a year ago and they may have updates since

athulramesh (Tue, 11 Aug 2020 18:52:44 GMT):
I am trying to Send a NYM registration to the ledger then I got an error message like this, ``` 403: Ledger rejected transaction request: client request invalid: InvalidClientTaaAcceptanceError('Incorrect Txn Author Agreement(digest=0d995091b1eebacf364ce848f40a6066638f2031ad493cf973b7b972bb3907d0) in the request',). ``` and any supporting docs for `ledger/taa/accept Accept the transaction author agreement` api

athulramesh (Tue, 11 Aug 2020 18:52:44 GMT):
I am trying to Send a NYM registration to the ledger then I got an error message like this, ``` 403: Ledger rejected transaction request: client request invalid: InvalidClientTaaAcceptanceError('Incorrect Txn Author Agreement(digest=0d995091b1eebacf364ce848f40a6066638f2031ad493cf973b7b972bb3907d0) in the request',). ``` and any supporting docs for ` /ledger/taa/accept Accept the transaction author agreement` api

andrew.whitehead (Tue, 11 Aug 2020 20:33:25 GMT):
The endpoint as published by that method is a URI, generally https or wss (web socket) at the moment. I don’t think there are any other restrictions provided by the standards. Publishing multiple endpoints would require something like @kdenhartog ‘s proposal for publishing a DID doc on the ledger

jameshiester (Tue, 11 Aug 2020 20:39:57 GMT):
I thought I remembered something like {endpoint: '{url}', protocol: '{tcp/ws/etc}'

MeSSeRz (Thu, 13 Aug 2020 10:27:46 GMT):
Has joined the channel.

CyrilLeung (Fri, 14 Aug 2020 09:26:37 GMT):
Hi all, Can anyone answer a quick question? Is aca py able to connect with aries go agent ? Any specific setting need to be setup? Thank you.

swcurran (Fri, 14 Aug 2020 15:45:17 GMT):
Not yet -- although we would love that... ACA-Py has so far focused on implementing AIP 1.0 (found in https://github.com/hyperledger/aries-rfcs/tree/master/concepts/0302-aries-interop-profile). As such, it does not yet support the full Out of Band (RFC 434) and DID Exchange protocols (RFC 0023), and those are what aries-framework-go uses. As such, we don't yet have connectivity. We've started on OOB, but not enough to interact with aries-framework-go

athulramesh (Fri, 14 Aug 2020 18:29:16 GMT):
Hi all, Is there any option in ACA-Py to backup our wallet (type indy)? The Indy-cli had options like export opened wallet to the file and import content from the specified file to the wallet. ACA-Py have an option like this?

andrew.whitehead (Fri, 14 Aug 2020 19:16:46 GMT):
Not currently, but you can still use indy-cli to do that

jameshiester (Sat, 15 Aug 2020 04:14:23 GMT):
is there a js implementation for pack()/unpack() anywhere?

andrew.whitehead (Sat, 15 Aug 2020 04:15:51 GMT):
I think I remember there is one using libsodium compiled for wasm, not really sure where it is though

andrew.whitehead (Sat, 15 Aug 2020 04:53:42 GMT):
@kdenhartog might know where that is?

smithbk (Sat, 15 Aug 2020 11:18:36 GMT):
Has joined the channel.

smithbk (Sat, 15 Aug 2020 11:18:36 GMT):
Hi, this is a performance-related question as I know you guys have done a lot of work there. I am using the node.js wrapper (not python) with the postgres plugin with the MultiWalletSingleTableSharedPool wallet strategy. When under load, I am seeing periodic hangs and am wondering if anyone has seen similar behavior with aries-cloudagent-python. Many of the hangs I'm seeing with the node.js wrapper seem to be when doing concurrent wallet searches, but have also seen hangs when reading from the ledger (sovrin.staging). Does this sound familiar at all? Thanks in advance. @ianco @andrew.whitehead ^^^

TelegramSam (Sat, 15 Aug 2020 17:24:56 GMT):
Yep: https://www.npmjs.com/package/encryption-envelope-js

JamesSchulte (Mon, 17 Aug 2020 18:39:59 GMT):
Has joined the channel.

DiAnh (Tue, 18 Aug 2020 02:05:22 GMT):
i think you can add export-import function with indy-sdk to aca-py. it's work for me

DiAnh (Tue, 18 Aug 2020 02:05:22 GMT):
i think you can add export-import function with indy-sdk to aca-py. it's works for me

DiAnh (Tue, 18 Aug 2020 02:05:22 GMT):
i think you can add export-import function with indy-sdk to aca-py. it works for me

athulramesh (Tue, 18 Aug 2020 09:46:07 GMT):

indy-log.png

athulramesh (Tue, 18 Aug 2020 09:46:11 GMT):
Ok. I am using docker-compose for up my project. I checked the wallet list using an Indy - cli from inside the aca-py agent container bash, that time I got result like "There are no wallet". But I have a wallet in the agent.Is there any specific location for use indy-cli from inside the docker container?.

darkchylde (Tue, 18 Aug 2020 10:57:24 GMT):
Hi all, Is there a documentation for all command line parameters available for aca-py? How to start aca-py with webhook, to capture the webhook events ?

zickau (Tue, 18 Aug 2020 12:50:05 GMT):
Hey all, we want to restrict the attributes in the proof_presentation strictly coming from one credential. We tried to use the names field: "requested_attributes": { "0_name_area": { "name": "name", "names": [ "area", "time" ], "restrictions": [ { "cred_def_id": "DZnorpDyCS4ZKQrhq8Cfqa:3:CL:2281:ticket" } ] But the server throws an error: { "proof_request": { "requested_attributes": { "0_name_area": { "value": { "names": [ "Unknown field." ] } } } } } 422 Undocumented Error: Unprocessable Entity Is this functionality supported?

lauravuo-techlab (Tue, 18 Aug 2020 12:59:19 GMT):
shouldn't you have the attribute name in the "name"-field ie. `{}`

lauravuo-techlab (Tue, 18 Aug 2020 12:59:19 GMT):
shouldn't you have the attribute name in the "name"-field ie. `{"name": "area", "restrictions": [...]}, {"name": "time", "restrictions": [...]}`

TimoGlastra (Tue, 18 Aug 2020 13:03:15 GMT):
From what I heard ACA-Py should support the `names` property to specify several attributes that have to match a single credential. However from the Indy code it mentions: "NOTE: should either be "name" or "names", not both and not none of them." And you have both `names` and `name`.

TimoGlastra (Tue, 18 Aug 2020 13:03:56 GMT):
But I encountered the same issue last week with only `names` present and got the following error: ```json { "proof_request": { "requested_attributes": { "bioindicators_attrs": { "value": { "name": ["Missing data for required field."], "names": ["Unknown field."] } } } } } ``` So it seems like it isn't supported -- or at least not working.

zickau (Tue, 18 Aug 2020 13:10:04 GMT):
Yes, I got the same, with v0.5.2

sklump (Tue, 18 Aug 2020 13:22:08 GMT):
Let me look into it, see if I can reproduce it with current master. 0.5.2 was a long time ago.

sklump (Tue, 18 Aug 2020 13:22:34 GMT):
It ought to work; if it doesn't I will fix it.

zickau (Tue, 18 Aug 2020 13:23:37 GMT):
Thx

ianco (Tue, 18 Aug 2020 13:25:39 GMT):
I think this is a bug in `0.5.2`, try with the latest aca-py

ianco (Tue, 18 Aug 2020 13:25:57 GMT):
`names` works in the latest release

TimoGlastra (Tue, 18 Aug 2020 13:26:02 GMT):
The issue I encountered was in 0.5.3

zickau (Tue, 18 Aug 2020 13:26:40 GMT):
Ok, cheers

ianco (Tue, 18 Aug 2020 13:30:35 GMT):
Do you know specifically what error you are getting? This was fixed about a month ago: https://github.com/hyperledger/aries-cloudagent-python/commit/b11473cb20c521ec928a4188686acea3ae4409e0

TimoGlastra (Tue, 18 Aug 2020 13:32:48 GMT):
Oops sorry my bad, the dependency was cached from PyPi. I just looked at the latest release from PyPi

sklump (Tue, 18 Aug 2020 13:40:23 GMT):
It works for me fine in current master.

zickau (Tue, 18 Aug 2020 14:32:42 GMT):
Could you please provide an example body with names for /create_request

sklump (Tue, 18 Aug 2020 14:33:13 GMT):
10 minutes

ianco (Tue, 18 Aug 2020 14:42:48 GMT):
It's used in the Aries-VCR service to provide proofs, the code starts here: https://github.com/bcgov/aries-vcr/blob/master/server/vcr-server/api/v2/views/rest.py#L379

ianco (Tue, 18 Aug 2020 14:43:09 GMT):
You can see how "names" is used to request the sdesired attributes

ianco (Tue, 18 Aug 2020 14:43:09 GMT):
You can see how "names" is used to request the desired attributes

sklump (Tue, 18 Aug 2020 14:48:12 GMT):
``` { "connection_id": "acb4060d-2491-49b2-a54f-0bbcd0b90c20", "proof_request": { "name": "Proof request", "version": "1.0", "nonce": "1234567890", "requested_attributes": { "0_icon_uuid": { "names": ["icon", "favourite"], "restrictions": [ { "cred_def_id": "4QxzWk3ajdnEA37NdNU5Kt:3:CL:10:default" } ] } }, "requested_predicates": { } } } ```

sklump (Tue, 18 Aug 2020 14:48:12 GMT):
``` { "name": "Proof request", "version": "1.0", "nonce": "1234567890", "requested_attributes": { "0_icon_uuid": { "names": ["icon", "favourite"], "restrictions": [ { "cred_def_id": "4QxzWk3ajdnEA37NdNU5Kt:3:CL:10:default" } ] } }, "requested_predicates": { } } ```

zickau (Tue, 18 Aug 2020 15:22:25 GMT):
works, thx a lot

Koushik (Tue, 18 Aug 2020 18:58:03 GMT):
Has joined the channel.

swcurran (Wed, 19 Aug 2020 00:07:51 GMT):
Join us for the ACA-Py User Group tomorrow (Wednesday) at 11AM Pacific (18:00 UTC) -- the hour before the Aries WG Call. We'll have the core maintainers on the call to answer any questions. We'll be talking about an ACA-Py-based Mediator, discussing approaches to a multi-tenant wallet and perhaps getting into endorsers signing transactions for authors. Zoom link will be: https://zoom.us/j/900111661; Link to meeting agenda page: https://wiki.hyperledger.org/display/ARIES/2020-08-19+Aries+Cloud+Agent+-+Python+Users+Group+Community+Meeting Everyone is welcome!

DiAnh (Wed, 19 Aug 2020 09:53:00 GMT):
i think your indy-cli is not connect to pool where your wallet exists

athulramesh (Wed, 19 Aug 2020 10:02:57 GMT):

error-LOG.png

athulramesh (Wed, 19 Aug 2020 10:03:06 GMT):
same error

jacobsaur (Wed, 19 Aug 2020 12:53:00 GMT):
Hey all, my team has been working on verifiable attachments and we’re interested in getting some feedback. Our use case is for an issuer to issue a credential which has a person’s photo (and some other data), the holder to be able to store that photo, and for a verifier to be able to verify that the photo was indeed issued by the issuer. More generically we want to support verifiable attribute attachments of any kind (image, file, etc). This is similar to the attachments RFC (https://github.com/hyperledger/aries-rfcs/tree/master/concepts/0017-attachments) but applied specifically to attributes. A few approaches that we thought through are: (1) base64 encoding the image and including directly in the credential, however this breaks the underlying indy crypto when the size is too large (2) using an image url, however due to privacy concerns we don’t want the images available publicly (3) a custom implementation which takes a hash of the image and puts that in the attribute field, and the image itself is stored as a wallet record. If there is another simpler approach that we haven’t thought of we are all ears. For now I’ll go into more detail into (3). The way this could work is that a credential would have an attribute name with a ‘~attach’ at the end (eg face_photo~attach). When sending a credential, the issuer controller/user would base64 encode the face photo and set that as the value for face_photo~attach attribute. On the issuer’s agent, it would detect the ~attach key word in the attribute name, take the sha256 hash of the image, replace the attribute value with the hash, and then send the base64 image in the attachments section (credentials~attach). When the holder receives the credential, it would take any values in credentials~attach and save them as wallet records (ie non_secrets.add_wallet_record) where the key of the wallet record is the image hash. So the holder now has a credential which testifies to the image hash value, and the image itself stored in their wallet. Then when the holder goes to make a proof presentation it checks whether any of the requested attributes have the ‘~attach’ suffix, and if so, fetches the wallet records (eg to retrieve the photo) and sends that along in the attachments section for the proof (presentations~attach). The verifiers agent can then verify that the value for the attribute face_photo~attach (which is the image hash) did indeed come from the issuer, and it can take the hash of the photo it received in the attachments section to verify that the two hashes match. Feedback is very welcome, depending on how the implementation goes we may be able to present something at the next meeting.

jacobsaur (Wed, 19 Aug 2020 12:53:00 GMT):
Hey all, my team has been working on verifiable attachments and we’re interested in getting some feedback. Our use case is for an issuer to issue a credential which has a person’s photo (and some other data), the holder to be able to store that photo, and for a verifier to be able to verify that the photo was indeed issued by the issuer. More generically we want to support verifiable attribute attachments of any kind (image, file, etc). This is similar to the attachments RFC (https://github.com/hyperledger/aries-rfcs/tree/master/concepts/0017-attachments) but applied specifically to attributes. A few approaches that we thought through are: (1) base64 encoding the image and including directly in the credential, however this breaks the underlying indy crypto when the size is too large (2) using an image url, however due to privacy concerns we don’t want the images available publicly (3) a custom implementation which takes a hash of the image and puts that in the attribute field, and the image itself is stored as a wallet record. If there is another simpler approach that we haven’t thought of we are all ears. For now I’ll go into more detail into (3). The way this could work is that a credential would have an attribute name with a ‘~attach’ at the end (eg face_photo~attach). When sending a credential, the issuer controller/user would base64 encode the face photo and set that as the value for face_photo~attach attribute. On the issuer’s agent, it would detect the '~attach' key word in the attribute name, take the sha256 hash of the image, replace the attribute value with the hash, and then send the base64 image in the attachments section (credentials~attach). When the holder receives the credential, it would take any values in credentials~attach and save them as wallet records (ie non_secrets.add_wallet_record) where the key of the wallet record is the image hash. So the holder now has a credential which testifies to the image hash value, and the image itself stored in their wallet. Then when the holder goes to make a proof presentation it checks whether any of the requested attributes have the ‘~attach’ suffix, and if so, fetches the wallet records (eg to retrieve the photo) and sends that along in the attachments section for the proof (presentations~attach). The verifiers agent can then verify that the value for the attribute face_photo~attach (which is the image hash) did indeed come from the issuer, and it can take the hash of the photo it received in the attachments section to verify that the two hashes match. Feedback is very welcome, depending on how the implementation goes we may be able to present something at the next meeting.

matteo (Wed, 19 Aug 2020 13:30:24 GMT):
Hey all, my team has been working on verifiable attachments and we’re interested in getting some feedback. Our use case is for an issuer to issue a credential which has a person’s photo (and some other data), the holder to be able to store that photo, and for a verifier to be able to verify that the photo was indeed issued by the issuer. More generically we want to support verifiable attribute attachments of any kind (image, file, etc). This is similar to the attachments RFC (https://github.com/hyperledger/aries-rfcs/tree/master/concepts/0017-attachments) but applied specifically to attributes. A few approaches that we thought through are: (1) base64 encoding the image and including directly in the credential, however this breaks the underlying indy crypto when the size is too large (2) using an image url, however due to privacy concerns we don’t want the images available publicly (3) a custom implementation which takes a hash of the image and puts that in the attribute field, and the image itself is stored as a wallet record. If there is another simpler approach that we haven’t thought of we are all ears. For now I’ll go into more detail into (3). The way this could work is that a credential would have an attribute name with a ‘~attach’ at the end (eg face_photo~attach). When sending a credential, the issuer controller/user would base64 encode the face photo and set that as the value for face_photo~attach attribute. On the issuer’s agent, it would detect the '~attach' key word in the attribute name, take the sha256 hash of the image, replace the attribute value with the hash, and then send the base64 image in the attachments section (credentials~attach). When the holder receives the credential, it would take any values in credentials~attach and save them as wallet records (ie non_secrets.add_wallet_record) where the key of the wallet record is the image hash. So the holder now has a credential which testifies to the image hash value, and the image itself stored in their wallet. Then when the holder goes to make a proof presentation it checks whether any of the requested attributes have the ‘~attach’ suffix, and if so, fetches the wallet records (eg to retrieve the photo) and sends that along in the attachments section for the proof (presentations~attach). The verifiers agent can then verify that the value for the attribute face_photo~attach (which is the image hash) did indeed come from the issuer, and it can take the hash of the photo it received in the attachments section to verify that the two hashes match. Feedback is very welcome, depending on how the implementation goes we may be able to present something at the next meeti

swcurran (Wed, 19 Aug 2020 14:07:58 GMT):
I think this sounds good. We were thinking along the same way for such data -- give it to the holder to share if they want. I think (2) is good in some use cases such as public data - asserting the hash of the content to provide tamper evidence. If a non-discoverable URL is used (say, IPFS), the risk of a verifier that gets the URL shares it is the same as the risk of the verifier sharing the content itself in (3). Of course, it's a lot easier for the verifier to share the content if it is already accessible via a URL. But a verifier could just push the content to IPFS and share the resulting URL.

swcurran (Wed, 19 Aug 2020 14:10:36 GMT):
It feels like what we want is a data type for this ("holder-held-content") that is part of the overall VC spec. I'm thinking that JSON-LD may let us define that, so that all Issuer-Prover-Verifiers can understand it.

AdrienViolet (Wed, 19 Aug 2020 14:18:00 GMT):
Has joined the channel.

AdrienViolet (Wed, 19 Aug 2020 14:45:26 GMT):
Hi all, I am testing the ACA-py, so far I have managed to establish connections and get a credential issued, happy days! now I am trying to prove my email using the Conf Book tool, I have recieved the proof-presentation-exchange in the ACA-Py and now i would like to send the presentation. As far as I can tell I can use the `/present-proof/records/{pres_ex_id}/send-presentation` of the ACA-py Admin but I am not sure how to build the payload required for it, does anyone can help me or point me to some documentation of that endpoint?

AdrienViolet (Wed, 19 Aug 2020 14:45:26 GMT):
Hi all, I am testing the ACA-py, so far I have managed to establish connections and get a credential issued, happy days! now I am trying to prove my email using the Conf Book tool, I have recieved the presentation-exchange in the ACA-Py and now i would like to send the presentation. As far as I can tell I can use the `/present-proof/records/{pres_ex_id}/send-presentation` of the ACA-py Admin but I am not sure how to build the payload required for it, does anyone can help me or point me to some documentation of that endpoint?

sklump (Wed, 19 Aug 2020 14:52:36 GMT):
Take the requested attributes and requested predicates from the proof request. Probably set self-attested attributes to an empty production `{}` and trace to `false`.

AdrienViolet (Wed, 19 Aug 2020 14:58:51 GMT):
I have this in the presentation_request ``` "presentation_request": { "name": "BC Gov Verified Email", "version": "1.0.0", "requested_predicates": {}, "requested_attributes": { "email_referent": { "name": "email", "restrictions": [ { "issuer_did": "MTYqmTBoLT7KLP5RNfgK3b", "schema_name": "verified-email" }, { "issuer_did": "85459GxjNySJ8HwTTQ4vq7", "schema_name": "verified_person" } ] } }, "nonce": "854086104901796639045724" } ```

AdrienViolet (Wed, 19 Aug 2020 14:59:13 GMT):
I am building the request like that ``` { "self_attested_attributes":{}, "requested_predicates": { }, "trace": false, "requested_attributes": { "email_referent": { "cred_id": "a0901438-1fdf-46c6-88ae-f1192cafb153", "timestamp": 1597842785, "revealed": true } } } ```

AdrienViolet (Wed, 19 Aug 2020 14:59:42 GMT):
And apparently I am missing the Revokation Registry Id

AdrienViolet (Wed, 19 Aug 2020 14:59:42 GMT):
And apparently I am missing the Revocation Registry Id

AdrienViolet (Wed, 19 Aug 2020 14:59:43 GMT):
Error: Invalid structure. Caused by: Revocation Registry Id not found. CommonInvalidStructure.

AdrienViolet (Wed, 19 Aug 2020 15:23:45 GMT):
found the issue, removed the timestamp in the email_referent

AdrienViolet (Wed, 19 Aug 2020 15:39:13 GMT):
I am guessing it is used to specify a limit on when the credential has not been revoked or something like that?

sklump (Wed, 19 Aug 2020 15:46:23 GMT):
It is the timestamp against which to verify the non-revocation proof; the ledger hosts timestamped updates per revocation registry.

AdrienViolet (Wed, 19 Aug 2020 15:49:57 GMT):
gotcha, thanks for the explaination

rangeshsripathi (Wed, 19 Aug 2020 21:08:44 GMT):
Hi All,

rangeshsripathi (Wed, 19 Aug 2020 21:08:44 GMT):
Hi All, This might be basic question but wanted to clarify, Let's say we want to on-board 100 users , should we be spinning 100 agents to hold connectionid and did separately or have one agent dedicatedly separately for users services...and how would wallet be separate for them if we just have one agent... Thanks

nbrempel (Wed, 19 Aug 2020 21:34:54 GMT):
Hi @rangeshsripathi there is work currently ongoing to support multiple wallets per agent: https://chat.hyperledger.org/channel/MirQEtycfPYQmjxEX

nbrempel (Wed, 19 Aug 2020 21:34:54 GMT):
Hi @rangeshsripathi there is work currently ongoing to support multiple wallets per agent. We have a discussion here where you can see more information about the progresss: https://chat.hyperledger.org/channel/MirQEtycfPYQmjxEX

swcurran (Wed, 19 Aug 2020 23:24:35 GMT):
What would those users be using? Mobile Agents or server-based agents? What type of users are they -- people or institutions?

rangeshsripathi (Thu, 20 Aug 2020 03:48:21 GMT):
@swcurran : They are people..Users would be using both Mobile and Server based agents

rangeshsripathi (Thu, 20 Aug 2020 12:11:00 GMT):
@nbrempel : Thank you , I am trying to figure out whether I should have 100 web agents pertaining to 100 Users(Considering to be a Web application) , If all of them to qualify to receive Verifiable credentials

darkchylde (Thu, 20 Aug 2020 15:25:39 GMT):
Hi

darkchylde (Thu, 20 Aug 2020 15:25:39 GMT):
Hi I started an aca-py agent with `--webhook-url` pointed to an endpoint. There doesn't seem to be any call to webhook endpoint. Is there anything I am missing for setting up a webhook ? Any help is appreciated.

nbrempel (Thu, 20 Aug 2020 16:00:11 GMT):
In the case of a user that uses a mobile agent, the connection information and credentials are stored directly in the mobile agent itself. So there is likely no need for multiple wallet contexts in aca-y in this case

nbrempel (Thu, 20 Aug 2020 16:02:40 GMT):
What is the purpose of the web application you are building?

nbrempel (Thu, 20 Aug 2020 16:08:24 GMT):
More context could help me explain what kind of model you could follow.

rangeshsripathi (Fri, 21 Aug 2020 04:41:46 GMT):
@nbrempel : Thanks for the input , We are trying to provide Identity Service for our customers , We would like to utilize web application to customers who prefer Web app rather than Mobile app.

dipghosh (Fri, 21 Aug 2020 08:17:48 GMT):
Has joined the channel.

dipghosh (Fri, 21 Aug 2020 08:17:49 GMT):
Hi all, I have set up the vc-authn-oidc on the web and its working fine and we can do log in on the web, Is there any sample app which does the same as with vc-authn-oidc.

WadeBarnes (Fri, 21 Aug 2020 13:50:23 GMT):
@swcurran, @esune ^

jacobsaur (Fri, 21 Aug 2020 15:24:49 GMT):
So... it turns out this was much simpler than we thought. When issuing the credential, if we specify the mime-type as image/png than we no longer see the indy crypto failures. We're using the postgres plugin and we did see an error with the ix_tags_encrypted_value index that the value was too large. We updated that index to just use the md5 of the value and then it looks like everything works (I can submit a PR to the indy-sdk repo). I'm not entirely sure of all the performance implications of having these large attribute values, but at least in our preliminary testing everything looks good.

swcurran (Fri, 21 Aug 2020 16:05:40 GMT):
Not sure what the question means.

dipghosh (Sat, 22 Aug 2020 09:05:27 GMT):
@swcurran I am asking for, is there any sample mobile application which I could use as example for how to use vc-authn-oidc on mobile app.

darkchylde (Sat, 22 Aug 2020 10:44:24 GMT):
Hi Guys, Is it possible to use aca-py as a mediator agent ?

jameshiester (Sun, 23 Aug 2020 17:44:40 GMT):
What would be the best practices for discovering a cred_def from a public did? E.g. Acme getting the right cred_def from faber to create a proof request?

arunprakashpj (Sun, 23 Aug 2020 18:44:57 GMT):
Has joined the channel.

sklump (Mon, 24 Aug 2020 10:30:37 GMT):
If the verifier has access to the issuer's admin API, `GET /credential-definitions/created`; for each, tap the ledger to find schema transactions and read out attributes.

severus-sn4pe (Mon, 24 Aug 2020 12:09:59 GMT):
in the `aries-acapy-controllers` repo with the AliceFaberAcmeDemo, there are 8 ports exposed for each acapy-agent in each container. I know that `...0` is used for agent-to-agent communication and `...1` is used for the admin api. but what are the other ports `...2-...7` used for? are they necessary?

severus-sn4pe (Mon, 24 Aug 2020 12:10:18 GMT):
here highlighted for faber-agent: https://github.com/hyperledger/aries-acapy-controllers/blob/master/AliceFaberAcmeDemo/docker/docker-compose.yml#L11

sklump (Mon, 24 Aug 2020 12:19:54 GMT):
Nodes 1 through 4, two ports each

severus-sn4pe (Mon, 24 Aug 2020 12:22:49 GMT):
you mean indy nodes?

sklump (Mon, 24 Aug 2020 12:23:07 GMT):
Yes - unless I've misunderstood the original question

sklump (Mon, 24 Aug 2020 12:24:20 GMT):
No, hold on, actually I have no idea what those are for

severus-sn4pe (Mon, 24 Aug 2020 12:24:30 GMT):
in the link above there are acapy-instances configured for faber, alice and acme. each of them exposes 8 ports. I don't think those are used for indy

severus-sn4pe (Mon, 24 Aug 2020 12:57:12 GMT):
just found out that port ..2 is for the webhooks. still not sure about 3-7

swcurran (Mon, 24 Aug 2020 13:24:55 GMT):
I'm thinking they are not needed. @amanji ?

amanji (Mon, 24 Aug 2020 13:51:55 GMT):
I haven’t made use of ports 3-7 for the agents, although they are open. I based the docker configs for the agents off of the demo docker configuration in ACA-Py and assumed they are open there for a reason.

swcurran (Mon, 24 Aug 2020 13:53:29 GMT):
They are not :-). I think we just left a gap in case we needed them. Like you, I didn't know -- just assumed the reverse.

amanji (Mon, 24 Aug 2020 13:54:54 GMT):
I can make an update to narrow the port range in the controllers repo if it will help to reduce confusion among developers.

swcurran (Mon, 24 Aug 2020 13:56:19 GMT):
Assuming you are talking about discovery from the ledger, the best current option is to operate or access an Indy Browser, like indyscan.io or the one we have with von-network. A good option in the future would be a protocol at the Aries level where given a DID, an agent could query the agent for that DID to see what credentials they offer.

jameshiester (Mon, 24 Aug 2020 14:04:12 GMT):
Yeah, I think the notion I'm working on is something like a aries/.well-known/issuer_info endpoint following the serviceurl that would include an array of credential definitions (in my version I'm attaching the schema information to each cred_def), that would also have the seqNo such that the consumer could fetch the transaction from the ledger to verify.

severus-sn4pe (Mon, 24 Aug 2020 14:05:20 GMT):
Thanks for the clarification

jameshiester (Mon, 24 Aug 2020 16:01:04 GMT):
Is there a notion of rejecting a proof request? It might be interesting to have multiple modes for rejection: 1. rejected because the user does not want to consent to the verifier having the information. 2. Rejected because the user does not have a matching credential.

jameshiester (Mon, 24 Aug 2020 16:28:46 GMT):
Also is there a simple way of manually approving a proof-request without having to compose the properties? e.g. leverage the function that is used to auto-reply but make it an endpoint that the user can call.

swcurran (Mon, 24 Aug 2020 17:42:54 GMT):
There are several ways to deal with it. One is the user just quietly refuses to respond. That definitely needs to be handled by the verifier, as it is a valid "response" to a request. Otherwise, a holder/prover may send a "problem-report" message back, indicating why a proof is not coming. Finally, there is the "proposal" message, where the holder/prover might go about sending a counter proposal to the request. This might be to say "I don't have credential X but I do have credential Y", or to say "I have that credential, but not in format X, but I have it in format Y".

mattatkiva (Mon, 24 Aug 2020 19:34:02 GMT):
do each of the acapy start up flags correspond to a specific admin api endpoint....meaning if I comment one out, can I make admin api call to complete the process of dealing with a credential? ``` '--auto-respond-credential-proposal', '--auto-respond-credential-offer', '--auto-respond-credential-request', '--auto-respond-presentation-request', '--auto-respond-presentation-proposal',```

mattatkiva (Mon, 24 Aug 2020 19:34:02 GMT):
do each of the acapy start up flags correspond to a specific admin api endpoint....meaning if I comment one out, can I make one or more admin api call to complete the process of dealing with a credential? ``` '--auto-respond-credential-proposal', '--auto-respond-credential-offer', '--auto-respond-credential-request', '--auto-respond-presentation-request', '--auto-respond-presentation-proposal',```

mattatkiva (Mon, 24 Aug 2020 19:34:02 GMT):
do each of the acapy start up flags correspond to a specific admin api endpoint....meaning if I exclude one, can I make one or more admin api call to complete the process of dealing with a credential? ``` '--auto-respond-credential-proposal', '--auto-respond-credential-offer', '--auto-respond-credential-request', '--auto-respond-presentation-request', '--auto-respond-presentation-proposal',```

ItsOmerShafiq (Tue, 25 Aug 2020 14:37:14 GMT):
Hi, can someone help me with a confusion. Is it mandatory to have a middleware between aca-py and your front-end app. As if you try to make api calls directly to admin api via a frontend app let’s say react-app it throws cors error.

sklump (Tue, 25 Aug 2020 15:23:34 GMT):
Yes, exactly. Credential exchanges and presentation exchanges await further processing via the corresponding API calls in issue-credential and present-proof.

mattatkiva (Tue, 25 Aug 2020 16:24:17 GMT):
is this documented any where? I see the apidemo doc (in demo folder) but its does not explicitly list this flag goes with this admin api

sklump (Tue, 25 Aug 2020 16:25:10 GMT):
We always welcome documentation enhancements as PRs from the community

mattatkiva (Tue, 25 Aug 2020 16:25:37 GMT):
for `/present-proof/records/{pres_ex_id}/send-presentation`, what is the body? where do I get that? I called `/present-proof/records/{pres_ex_id}/credentials` but the data returned doesnt look like anything the swagger documentation for send-presentation

mattatkiva (Tue, 25 Aug 2020 16:25:49 GMT):
:D ok thank you

sklump (Tue, 25 Aug 2020 16:26:12 GMT):
We do the best we can but often the best documentation is in the code base

sklump (Tue, 25 Aug 2020 16:28:03 GMT):
The Aries OpenAPI Demo doc is about how to use the demo. If it documented the details of how the demo works, it would turn off much of the audience. It's a delicate balance.

mattatkiva (Tue, 25 Aug 2020 16:29:13 GMT):
thanks . you have answered my question that such documentation is TBD :) . I understand that

sklump (Tue, 25 Aug 2020 16:29:58 GMT):
For exhaustive listings, try `./scripts/run_docker start --help `

sklump (Tue, 25 Aug 2020 16:29:58 GMT):
For exhaustive listings, try `./scripts/run_docker start --help`

mattatkiva (Tue, 25 Aug 2020 16:31:25 GMT):
I feel you've missed the point of question. My question is this: if I remove this start up flag `--auto-respond-presentation-request` which admin api call must I execute to complete presentation of a proof

mattatkiva (Tue, 25 Aug 2020 16:31:53 GMT):
but Im fine with the answer that its not documented

mattatkiva (Tue, 25 Aug 2020 16:31:53 GMT):
but Im fine with the answer that the flags and the admin apil relationships are not documented any where.

swcurran (Tue, 25 Aug 2020 16:33:41 GMT):
Look in this document about the OpenAPI demo -- the demo uses auto-respond, but this table answers the "if you do it manually" https://github.com/hyperledger/aries-cloudagent-python/blob/master/demo/AriesOpenAPIDemo.md#bonus-points-1

sklump (Tue, 25 Aug 2020 16:34:26 GMT):
oh! The holder would check `GET present-proof/records`, find the `pres_ex_id`, then `POST /present-proof/records/{pres_ex_id}/send-presentation` with the requested attributes and predicates from the proof request.

sklump (Tue, 25 Aug 2020 16:34:57 GMT):
Wow, I didn't even realize!

mattatkiva (Tue, 25 Aug 2020 16:36:13 GMT):
I saw that. It doesn't answer some of the more speicifc questions I have

mattatkiva (Tue, 25 Aug 2020 16:36:13 GMT):
I saw that documentation. It doesn't answer some of the more speicifc questions I have

mattatkiva (Tue, 25 Aug 2020 16:47:22 GMT):
for example: GET /present-proof/records/{pres_ex_id}/credentials returned: ```[ { "cred_info":{ "referent":"4b59b873-957c-4005-9a85-5802c285f578", "attrs":{ "score":"750" }, "schema_id":"Th7MpTaRZVRYnPiabds81Y:2:sample_schema:1.0", "cred_def_id":"Th7MpTaRZVRYnPiabds81Y:3:CL:12:issued_1", "rev_reg_id":null, "cred_rev_id":null }, "interval":null, "presentation_referents":[ "score" ] ```

esune (Tue, 25 Aug 2020 16:51:11 GMT):
You likely need to build your payload based on what the wallet returns as possible candidates for the proof. In your case, something like this, I believe: ``` { "requested_attributes": { "score": { "cred_id": "credential-id-goes-here", "revealed": true, "timestamp": 1597351440 // current epoch time } }, "requested_predicates": {}, "trace": false, "self_attested_attributes": {} } ```

esune (Tue, 25 Aug 2020 16:51:43 GMT):
I am not sure where to pull the credential-id from, it *could* be the value held in the referent you posted - I would double check by querying your wallet using the agent API

esune (Tue, 25 Aug 2020 16:52:10 GMT):
(a bit of a naming disconnect there if that's the case, I guess)

esune (Tue, 25 Aug 2020 16:52:42 GMT):
c.c.: @andrew.whitehead in case I am saying something completely wrong :sweat_smile:

esune (Tue, 25 Aug 2020 16:53:51 GMT):
Basically you could have more than one credential that fulfills the presentation, so you need to pick and build.

mattatkiva (Tue, 25 Aug 2020 16:54:06 GMT):
that makes sense though. That answer will at least get me started. I will have to figure out where to get the credential id, as you said

sklump (Tue, 25 Aug 2020 16:54:50 GMT):
Here's how aries does it automatically: https://github.com/hyperledger/aries-cloudagent-python/blob/66b55ac6e285f11d75e424473832843ca4233a23/aries_cloudagent/protocols/present_proof/v1_0/util/indy.py#L9

esune (Tue, 25 Aug 2020 16:55:16 GMT):
I am inclined to say it's the referent returned by the call to the endpoint you posted, easy way to check is by trying it in `/credential/{credential_id}`

sklump (Tue, 25 Aug 2020 16:58:34 GMT):
The `credential_id` identifies the credential in the wallet. It is also known in some places as a (wallet) referent.

esune (Tue, 25 Aug 2020 17:00:02 GMT):
Thanks @sklump, that explains the naming (and confirms my thoughts) ;)

sklump (Tue, 25 Aug 2020 17:01:15 GMT):
Unfortunately the 'referent' term also shows up as the key for requested attributes/predicates in proof requests. This referent was formerly known as a uuid, and the nomenclature still persists in a few dusty places.

jameshiester (Tue, 25 Aug 2020 17:19:51 GMT):
are the good examples of how mobile wallets handle this? Seems like some really complex UI work

jameshiester (Tue, 25 Aug 2020 17:19:51 GMT):
are there good examples of how mobile wallets handle this? Seems like some really complex UI work

jameshiester (Tue, 25 Aug 2020 17:27:29 GMT):
also @mattatkiva if you prefer a js implementation, here's my code. Some of the functions are imported wrappers that handle the calls to the admin api, but you should be able to get the gist: export const buildProof = async (presentation: Presentation) => { const { success, data: credentials, } = await getPresentationExchangeCredentials( presentation.presentation_exchange_id ); if (credentials) { const requested_attributes = Object.keys( presentation.presentation_request.requested_attributes ).reduce((acc, key) => { const credential = credentials.find((cred) => { return cred.presentation_referents.find((ref) => ref === key); }); return credential ? { ...acc, [key]: { revealed: true, cred_id: credential.cred_info.referent, }, } : acc; }, {}); return await sendPresentation(presentation.presentation_exchange_id, { requested_attributes, requested_predicates: {}, self_attested_attributes: {}, trace: false, }); } return { success: false, errror: 'failed to find matching credentials' }; };

jameshiester (Tue, 25 Aug 2020 17:29:18 GMT):
it works but obviously needs some cleanup. Curious to hear the dev team's thoughts if they want to chime in if I'm missing something. Probably need to look at allowing users to manually choose the credential they want to use instead of assuming the first one found is the right one

jameshiester (Tue, 25 Aug 2020 17:54:42 GMT):
can someone fill in the steps for using revocation? 1. create schema, 2. create cred_def with {support_revocation: true}, 3. create revocation registry for cred_def, 4. (is publishing a separate step and do I need to patch the registry first, I was getting errors when I tried to publish right after creating?)

esune (Tue, 25 Aug 2020 18:01:47 GMT):
Starting with aca-py 0.5.4 (I believe) you will only need to: 1. create schema definition 2. create a cred_def with revocation set to true. This will take care of managing your revocation registry, rotating it, etc. 3. when you issue credentials, you will need to track `revocation_id` and `revocation_registry_id` for each credential issued, in order to be able to revoke them

esune (Tue, 25 Aug 2020 18:04:18 GMT):
I just integrated revocation into one of our sample issuers, this is the (soon to be merged) PR with the changes if it helps navigate: https://github.com/bcgov/issuer-kit/pull/219

jameshiester (Tue, 25 Aug 2020 18:07:46 GMT):
awesome, thank you

anchit (Tue, 25 Aug 2020 18:08:30 GMT):
Hi @esune , I believe we still need to upload the tails file to the tails-server after step-2 before issuing the credential. Is my understanding correct ?

jameshiester (Tue, 25 Aug 2020 18:10:09 GMT):
also when is 5.4 being released? tentatively is fine

esune (Tue, 25 Aug 2020 18:13:03 GMT):
@anchit the new revised API does that for you, you only need to provide the appropriate startup parameter to aca-py to tell it where the tails server is

esune (Tue, 25 Aug 2020 18:13:35 GMT):
@jameshiester I flip this question about release to @swcurran and @andrew.whitehead

swcurran (Tue, 25 Aug 2020 18:14:19 GMT):
0.5.4 should be today. We were debating a last PR, but I think we're not going.

esune (Tue, 25 Aug 2020 18:15:31 GMT):
If you want to start poking at it you can build your image from master, that will have the new endpoints

swcurran (Tue, 25 Aug 2020 18:24:01 GMT):
0.5.4 is out...official post is coming Real Soon Now.

esune (Tue, 25 Aug 2020 18:24:41 GMT):
I'll cook the image then

swcurran (Tue, 25 Aug 2020 18:41:14 GMT):
FYI: Aries Cloud Agent - Python Release 0.5.4 has been tagged and posted to PyPi. Release notes can be found here - https://github.com/hyperledger/aries-cloudagent-python/releases/tag/0.5.4. This release is has a lot on revocation -- making it much easier from the Controller's perspective: - Way, way cleaner API for revocation for issuers - Improved handling of revocation intervals for verifiers - Improved `did:key` handling in Out of Band protocol - Allow message forwarding to use existing connections and outbound queue (prep for full mediator support) Code reference documentation has been generated to ReadTheDocs - https://aries-cloud-agent-python.readthedocs.io/en/latest/ A docker image has been posted to Docker Hub: https://hub.docker.com/r/bcgovimages/aries-cloudagent, tag py36-1.15-0_0.5.4

mattatkiva (Tue, 25 Aug 2020 21:04:55 GMT):
thank you. that is ver handle

mattatkiva (Tue, 25 Aug 2020 21:04:55 GMT):
thank you. that is very handy

jcourt (Tue, 25 Aug 2020 21:40:29 GMT):
I hit this a while back and haven't gone back to it. If you turn off the X-API-Key requirement by using the --admin-insecure-mode switch the problem doesn't occur. This isn't a production solution, I just haven't gotten back to investigating why this happens. I think it may be related to the use of the OPTIONS method by the browser prior to the GET/POST. I think this interacts with the web.get() settings in admin/server.py where allow_head is being set to false but I haven't had time to investigate and file a defect.

esune (Tue, 25 Aug 2020 21:54:14 GMT):
The issue with having a frontend interact with the agent directly in a production environment is that the api-key would be public - so not really much benefit in even having one since it will be visible in plain in the frontend code. Having a controller that "proxies" the requests helps mitigate the issue.

jcourt (Tue, 25 Aug 2020 21:58:19 GMT):
I assume that the normal approach would be to use HTTPs with a reverse proxy in front of ACA-py and the front end web server to provide the HTTPs connection. Then the X-API-key is transmitted securely ?

jcourt (Tue, 25 Aug 2020 21:59:50 GMT):
I think you were more pointing out that the api-key would be visib

jcourt (Tue, 25 Aug 2020 21:59:50 GMT):
I think you were more pointing out that the api-key would be visible in the browser to a user. Whilst that is true usually the Web App has to implement some form of front end security anyway like a login

jcourt (Tue, 25 Aug 2020 22:03:08 GMT):
I guess I can still see holes given the API key could be stored and used outside the Web UI ..... hmmm

esune (Tue, 25 Aug 2020 22:03:18 GMT):
If you hit the webapp endpoint - usually - the resources (code) get downloaded to the browser and the execution is stopped if the user is not authorized. However, the browser cache holds the app code, which can be extracted, read and therefore provide the api-key to basically anyone that has access to the app url...

esune (Tue, 25 Aug 2020 22:04:06 GMT):
So having a login/authentication in your frontend only prevents users to use your frontend to issue commands to the agent. But I could just pull the api-key and use postman or my own webapp.

esune (Tue, 25 Aug 2020 22:05:14 GMT):
Using the reverse-proxy mechanism could work, but only if you can also check that the request is coming from an authenticated (trusted) user, if you only proxy the request and add the header I could hit the proxy directly and issue my commands similarly to what I described above.

jcourt (Tue, 25 Aug 2020 22:10:59 GMT):
So the attack vector you are talking about is only valid to someone who has "previously" had valid login access to the Web APP. This is not dissimilar to someone keeping their password and user credentials. The Web App should only download the API key after a valid login. Given the low number of users given access to an Admin UI that is not terrible and you could reset the API key each time a user is removed from access, possibly good security practice anyway though it would require an ACA-py restart to effect.

jcourt (Tue, 25 Aug 2020 22:14:05 GMT):
It certainly is an area that needs more thought and a suggested deployment model vs security benefits would be welcome.

esune (Tue, 25 Aug 2020 22:18:34 GMT):
I'm not sure it is only for someone who has had "valid" login access. If you hit the app URL the JS code for the whole app (I believe) is downloaded to your browser. Whether you gain access to the api-key or the endpoint for the calls to the reverse-proxy that will add the api-key to requests, anyone could figure those out and hit your endpoints freely.

esune (Tue, 25 Aug 2020 22:21:18 GMT):
Usually what happens is: - frontend has authentication (e.g.: OIDC) - an API (controller) receives calls fro the frontend. The frontend needs to send a header with a bearer token obtained at authentication (and renewed in a timely manner) so that the API can check/exchange it with the OIDC provider - if this check is successful, the API will make a request to the agent (using the secret api-key) and send the proper response to the frontend. - if the check is not successful, nothing happens (or error is raised, up to the implementer)

esune (Tue, 25 Aug 2020 22:21:53 GMT):
There may be other ways of achieving this, but I know this pattern is fairly common and established

jcourt (Tue, 25 Aug 2020 22:27:13 GMT):
Actually I don't know that the API key becomes that relevant anyway as if you are using something like AWS with Cognito and API-Gateway the ACA-py urls are all protected from ever being hit by the credentials given at login so you can't even get to the URLs to present the API-key, its really just a belt an braces level of security in the end.

esune (Tue, 25 Aug 2020 22:28:02 GMT):
Yeah, if your admin endpoint is not exposed and only accessible from within your "local" network then that could be omitted.

esune (Tue, 25 Aug 2020 22:28:10 GMT):
As anything, it depends on context and use case ;)

SamB (Wed, 26 Aug 2020 01:49:22 GMT):
Has joined the channel.

severus-sn4pe (Wed, 26 Aug 2020 13:47:49 GMT):
when I call `GET /connections?invitation_key=BqqKMXQKGLhiTg1vRtGX3P2iHr2a7vmynApyLgjJcqrH` on the admin api (with `BqqKMX...` being a valid invitation key), I get a list of all available connections instead of just the one filtered connection. Is that a bug or am I missing something here?

severus-sn4pe (Wed, 26 Aug 2020 13:49:23 GMT):
is that ok if I ask here first in such cases, or should such things go directly into a github issue?

severus-sn4pe (Wed, 26 Aug 2020 13:55:12 GMT):
I'm still on `0.5.3`, didn't had time yet to update to `0.5.4`.

mattatkiva (Wed, 26 Aug 2020 21:57:55 GMT):
For myself, Ive started writing up documentation on acapy-webhooks and started to wonder if the community would like to have that added to the acapy repo. Its an "extension of" the API demo doc including information like which start up parameter applies to which data coming through the webhook, the path used, some details on the data structure itself. If its valuable to others, I will make a PR.

swcurran (Wed, 26 Aug 2020 22:00:32 GMT):
Absolutely!

swcurran (Wed, 26 Aug 2020 22:01:02 GMT):
An early PR would good so that we can see what form and see if there are any ways we can help.

mattatkiva (Wed, 26 Aug 2020 22:01:42 GMT):
thats perfect. I will make one shortly

darkchylde (Thu, 27 Aug 2020 12:09:29 GMT):
@mattatkiva A general overview is present in https://github.com/hyperledger/aries-cloudagent-python/blob/master/AdminAPI.md#administration-api-webhooks

darkchylde (Thu, 27 Aug 2020 12:10:13 GMT):
Although it doesn't cover the payload structures for each event

darkchylde (Thu, 27 Aug 2020 14:30:50 GMT):
What protocol does mediator agent use to forward messages to a mobile agent ? Is it XMPP ?

swcurran (Thu, 27 Aug 2020 15:33:19 GMT):
No -- it uses DIDComm on a transport that is capable. For mobile agents and mediators, the mobile agent does an HTTP request, and the mediator sends the messages in the response to the request. This is described here: https://github.com/hyperledger/aries-rfcs/tree/master/features/0092-transport-return-route

swcurran (Thu, 27 Aug 2020 15:34:14 GMT):
I think (but those more hands on than I would know better) -- web sockets can be used so that messages can be sent immediately vs. polling.

darkchylde (Thu, 27 Aug 2020 16:20:36 GMT):
Yah polling can be bit resource consuming for the user's device.

swcurran (Thu, 27 Aug 2020 16:22:41 GMT):
Or a pain for the user - pull down to refresh

valesken (Thu, 27 Aug 2020 17:03:10 GMT):
Has joined the channel.

Primordium (Fri, 28 Aug 2020 12:07:14 GMT):
When an Agent Issues/sends a Credential to another agent, is there any register being made? So that the issuer on a later stage can check wich credential it has issued? And if so, where can I consult thoose entries.

swcurran (Fri, 28 Aug 2020 14:09:31 GMT):
It is up to the issuer to maintain that based on the business case. If the issuer wants to revoke the credential sometime in the future, they will need to track it.

SamB (Tue, 01 Sep 2020 11:56:40 GMT):
Hi Team, I am ruuning https://github.com/hyperledger/aries-cloudagent-python/demo facing this issues after starting : $ ./run_demo faber Preparing agent image... sha256:b8737cf8ded0c7bb4e4f3e313e3deeaf593805fad1a1ed56a2c85ff558ce7306 Trying to detect ngrok service endpoint jq not found 172.17.0.1 Starting [faber] agent with args [--port 8020] #1 Provision an agent and wallet, get back configuration details Faber | Registering Faber.Agent with seed d_000000000000000000000000749144 Traceback (most recent call last): File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/runpy.py", line 193, in _run_module_as_main "__main__", mod_spec) File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/runpy.py", line 85, in _run_code exec(code, run_globals) File "/home/indy/demo/runners/faber.py", line 465, in args.timing, File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/asyncio/base_events.py", line 484, in run_until_complete return future.result() File "/home/indy/demo/runners/faber.py", line 170, in main await agent.register_did() File "/home/indy/demo/runners/support/agent.py", line 287, in register_did raise Exception(f"Error registering DID, response code {resp.status}") Exception: Error registering DID, response code 500 Can anyone please help?

pixelschnitzel (Tue, 01 Sep 2020 12:07:27 GMT):
Has joined the channel.

zickau (Tue, 01 Sep 2020 12:15:42 GMT):
Does anyone know, if there a link to an comprehensive overview of what all JSON formats needed to do the whole credential life cycle?

zickau (Tue, 01 Sep 2020 12:16:10 GMT):
I mean with all fields, such as restrictions, to/from, predicates, etc.

pixelschnitzel (Tue, 01 Sep 2020 12:48:44 GMT):
Hi. This writeup helped me in understanding the creation of a VC, but it's no spec and not complete: https://medium.com/@kctheservant/demonstration-of-hyperledger-aries-cloud-agent-6e476a5426b0

severus-sn4pe (Tue, 01 Sep 2020 14:33:34 GMT):
Is there a way to resolve who issued a credential I have stored in my wallet? I know the schema_id and cred_def_id, but the public DID used for them is obv. not the same as the DID used for establishing a connection. I'm looking for a mapping from the Public DID registered in the ledger to the Pairwise DID used for the connection between the agents. the only way I can currently think of is to store the information, which connection sent the credential when the webhook issue_credential is called. Is that the way to go? Or could it also be possible, that the agent that sends me a credential just acts as a relay and forwards it to me from the actual issuer?

swcurran (Tue, 01 Sep 2020 18:01:11 GMT):
The credential contains a CredDef for the credential and the CredDef is linked to the issuer. So if you have the CredDef, you have the DID for the issuer, and you can go from there. You might also want to connect it to the connection from which you received the credential.

jcourt (Tue, 01 Sep 2020 21:48:15 GMT):
This is an interesting question around the whole ToIP space though. The Credential is securely tied to the Credential Def and the Credential Def is securely tied to the Issuer DID. The issue of trust between the Verifier and Issuer DID though is the crucial information to make the whole space worthwhile. That trust seems to require out-of-band organisational mechanisms that I can't yet see how it has been achieved. A credential needs to eventually identify the issuers "Authority" to issue and that seems to require identification of the Authority through their DID ? Maybe some protocol over the Issuers DID Endpoint could achieve this in some way by identifying the Issuer through their CA registration, I don't know but it feels like this is a missing piece still. What am I missing that makes this all so obvious to others :-)

swcurran (Tue, 01 Sep 2020 22:20:27 GMT):
No -- you are correct. We wrote a paper that doesn't provide answers yet, but provides a useful description of the issue: -- https://docs.google.com/document/d/1nYq0iakgtyC21oUGWa5hLuJUoKeJFpURtGz6HcLIltY/edit?usp=sharing

swcurran (Tue, 01 Sep 2020 22:23:17 GMT):
It is kind of like following a CA chain, but far more context specific (this chain for education, this chain for business registries, etc.). The use of Verifiable Credential Reqistries in the context of a Governance Framework can provide that shortcut to a set of "authoritative" DIDs. E.g. the BC Gov might have a repository (that you trust for some reason) of all the DIDs of issuers in BC Gov departments. But ultimately, it does come down to human trust. That's why there is a technical and a human trust component in the ToIP stack.

jcourt (Tue, 01 Sep 2020 22:58:50 GMT):
Thanks for the link

sklump (Wed, 02 Sep 2020 10:44:02 GMT):
Looks like you haven't started the node pool (ledger).

SamB (Wed, 02 Sep 2020 10:45:46 GMT):
Thanks for reply.. Yeah I got solution, that was related to some requirements.

larabisch (Wed, 02 Sep 2020 16:22:13 GMT):
Has joined the channel.

swcurran (Wed, 02 Sep 2020 18:13:34 GMT):
Sorry for the late notice, but the ACA-Pug meeting is cancelled today because of the Indy Interop-athon that completed this morning. Back in two weeks.

rashmi3255 (Wed, 02 Sep 2020 19:08:18 GMT):
Has joined the channel.

rashmi3255 (Wed, 02 Sep 2020 19:08:18 GMT):
Hello Team , I am getting bellow error while trying to start the faber agent with below error please advice

rashmi3255 (Wed, 02 Sep 2020 19:08:20 GMT):
(venv) rrsamal@rrsamal-virtual-machine:~/acapy-alice-bob/demo$ ./run_demo faber Preparing agent image... sha256:04ad1fc2c0bc136759408e4c67809e56795e9d58acd1e24354963e560b37c5e7 172.17.0.1 Starting faber... #1 Provision an agent and wallet, get back configuration details Faber | Registering Faber Agent with seed d_000000000000000000000000885288 Traceback (most recent call last): File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/runpy.py", line 193, in _run_module_as_main "__main__", mod_spec) File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/runpy.py", line 85, in _run_code exec(code, run_globals) File "/home/indy/demo/runners/faber.py", line 293, in asyncio.get_event_loop().run_until_complete(main(args.port, args.timing)) File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/asyncio/base_events.py", line 484, in run_until_complete return future.result() File "/home/indy/demo/runners/faber.py", line 132, in main await agent.register_did() File "/home/indy/demo/runners/support/agent.py", line 211, in register_did raise Exception(f"Error registering DID, response code {resp.status}") Exception: Error registering DID, response code 503 (venv) rrsamal@rrsamal-virtual-machine:~/acapy-alice-bob/demo$

rashmi3255 (Wed, 02 Sep 2020 19:10:15 GMT):
Same error please advice

rashmi3255 (Wed, 02 Sep 2020 19:10:16 GMT):
(venv) rrsamal@rrsamal-virtual-machine:~/acapy-alice-bob/demo$ ./run_demo faber Preparing agent image... sha256:04ad1fc2c0bc136759408e4c67809e56795e9d58acd1e24354963e560b37c5e7 172.17.0.1 Starting faber... #1 Provision an agent and wallet, get back configuration details Faber | Registering Faber Agent with seed d_000000000000000000000000885288 Traceback (most recent call last): File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/runpy.py", line 193, in _run_module_as_main "__main__", mod_spec) File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/runpy.py", line 85, in _run_code exec(code, run_globals) File "/home/indy/demo/runners/faber.py", line 293, in asyncio.get_event_loop().run_until_complete(main(args.port, args.timing)) File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/asyncio/base_events.py", line 484, in run_until_complete return future.result() File "/home/indy/demo/runners/faber.py", line 132, in main await agent.register_did() File "/home/indy/demo/runners/support/agent.py", line 211, in register_did raise Exception(f"Error registering DID, response code {resp.status}") Exception: Error registering DID, response code 503 (venv) rrsamal@rrsamal-virtual-machine:~/acapy-alice-bob/demo$

rashmi3255 (Wed, 02 Sep 2020 19:12:22 GMT):

Clipboard - September 3, 2020 12:42 AM

rashmi3255 (Wed, 02 Sep 2020 19:12:28 GMT):

Clipboard - September 3, 2020 12:42 AM

SamB (Thu, 03 Sep 2020 04:52:21 GMT):
Do change ledger URL and Genesis url in code..

sheru (Fri, 04 Sep 2020 06:46:49 GMT):
You have getting this error because of the public did of the cloud agent is not able to register into the ledger. Please try with a different seed. Hope it will help you.

etschelp (Fri, 04 Sep 2020 09:01:07 GMT):
Quick question. In the model of the IndyProofReqAttrSpec (/present-proof/send-request) there is only a description for the restrictions field mentioning the following for attribute name/values: "_and/or attr::::value where represents a credential attribute name_". What is the json representation of this description. Is this an object, an array of strings, or something else?

etschelp (Fri, 04 Sep 2020 09:01:07 GMT):
Quick question. In the model of the IndyProofReqAttrSpec (/present-proof/send-request) there is only a description for the restrictions field mentioning the following for attribute name/values: "...and/or attr::::value where represents a credential attribute name". What is the json representation of this description. Is this an object, an array of strings, or something else?

joanagomesrb (Fri, 04 Sep 2020 10:58:13 GMT):
Has joined the channel.

sklump (Fri, 04 Sep 2020 20:57:02 GMT):
Specify restrictions as a JSON object with each key satisfying regular expression ``` ^schema_id|schema_issuer_did|schema_name|schema_version|issuer_did|cred_def_id|attr::.+::value$ ``` and each value a string. The `.+` in between the pairs of double-colons is attribute name in a name-value pair.

sklump (Fri, 04 Sep 2020 20:59:40 GMT):
See https://github.com/hyperledger/indy-sdk/blob/d8c68d7894be07ef50f5d1c4aa6326a201da030f/wrappers/python/indy/anoncreds.py#L1180 and https://github.com/hyperledger/indy-sdk/blob/d8c68d7894be07ef50f5d1c4aa6326a201da030f/wrappers/python/indy/anoncreds.py#L843

chakshujain (Sun, 06 Sep 2020 14:34:17 GMT):
Has joined the channel.

SamB (Mon, 07 Sep 2020 04:45:44 GMT):
Hi Team, Is it necessory for every new user in the network should have their Aries Agent ? If yes then how we can automate this process of creating new agents in aries-cloudagent or aries-mobileagent?

darkchylde (Mon, 07 Sep 2020 12:53:32 GMT):
You can deploy aries cloudagents programmatically by leveraging feature of kubernetes.

darkchylde (Mon, 07 Sep 2020 12:53:51 GMT):
For mobileagent it can be instantiated when the APP starts

darkchylde (Mon, 07 Sep 2020 12:54:12 GMT):
Mobile agent is something which lives in an edge device.

SamB (Tue, 08 Sep 2020 04:52:51 GMT):
Oh okay, Thanks for the reply @darkchylde.. Do you know any reference code or repository to get more idea about implementation of the cloudagent with kubernetes?

SamB (Tue, 08 Sep 2020 04:52:51 GMT):
Oh okay, Thanks for the reply @darkchylde . Do you know any reference code or repository to get more idea about implementation of the cloudagent with kubernetes?

SamB (Wed, 09 Sep 2020 06:41:53 GMT):
Hi, Facing error Error retrieving ledger genesis transactions while tring to start agents

SamB (Wed, 09 Sep 2020 06:42:12 GMT):
Can anyone please help me

sheru (Wed, 09 Sep 2020 06:58:59 GMT):
which genesis url you are using here?

SamB (Wed, 09 Sep 2020 06:59:46 GMT):
using von network url. http://dev.greenlight.bcovrin.vonx.io/

SamB (Wed, 09 Sep 2020 07:00:23 GMT):

Screenshot from 2020-09-09 11-19-23.png

SamB (Wed, 09 Sep 2020 07:00:41 GMT):
Added this url in ledger path itself

sheru (Wed, 09 Sep 2020 07:06:20 GMT):
can you also share the error logs. That will be more helpful.

SamB (Wed, 09 Sep 2020 07:06:55 GMT):
./run_demo mow Preparing agent image... sha256:050dd51c146cb6d3e5535d22d1888786cad2cff035e46766e358457870f45989 Trying to detect ngrok service endpoint jq not found 172.17.0.1 Starting [mow] agent with args [--port 8020] Error retrieving ledger genesis transactions

sheru (Wed, 09 Sep 2020 07:09:52 GMT):
jq not found you should install this first

SamB (Wed, 09 Sep 2020 07:10:21 GMT):
How to do that? can you please help

sheru (Wed, 09 Sep 2020 07:10:37 GMT):
https://stedolan.github.io/jq/download/

severus-sn4pe (Wed, 09 Sep 2020 11:33:58 GMT):
Is there a way to find out, why a Proof Verification failed? It would be nice to know, if it failed because the Holder built a proof that didn't match the predicates or if the proof of non-revocation failed. when I call the `/verify-presentation` endpoint of a proof, I get the right result (state=verified and verified=false) for both cases, but I can't find any distinction between those two states. In the result of the verification I found the `primary_proof` and `non_revoc_proof` in `presentation.proof.proofs[0]`, but the content of those fields are very cryptic for me. Is there a simpler way to do that? (is it even possible to do that distinction?)

sklump (Wed, 09 Sep 2020 14:02:59 GMT):
hard no, blame indy, it's a feature

severus-sn4pe (Wed, 09 Sep 2020 14:10:48 GMT):
ok . thanks

severus-sn4pe (Wed, 09 Sep 2020 14:10:48 GMT):
ok. thanks

briced (Wed, 09 Sep 2020 14:12:34 GMT):
Has joined the channel.

briced (Wed, 09 Sep 2020 14:39:48 GMT):
Hi all. I'm very new here and may have some dumb questions, so apologies in advance. My first question is what is the right way to lookup a credential definition that was created by someone else? Or can an agent only issue credentials using a credential definition that they created themselves?

briced (Wed, 09 Sep 2020 15:01:34 GMT):
Even if I provide the cred def id as a known value, I get an error like "aries_cloudagent.admin.server ERROR Handler error with exception: Issuer has no operable cred def for proposal spec {'cred_def_id': '0123456789abcdef0123456:3:CL:78:default'}."

swcurran (Wed, 09 Sep 2020 15:11:58 GMT):
Credentials can only be created by the entity that created the credential definition.

swcurran (Wed, 09 Sep 2020 15:14:04 GMT):
Credential definitions include public keys (one per claim in the credential schema) and so an issuer must have the associated private keys -- hence only the entity that created the cred def.

briced (Wed, 09 Sep 2020 16:14:02 GMT):
Ok, thanks. So how would you standardize a credential that many issuers should produce? Can the schema be shared?

swcurran (Wed, 09 Sep 2020 16:19:02 GMT):
Yes - the schema is shared. Any issuer can use a schema on the ledger. The cred def points to the schema.

briced (Wed, 09 Sep 2020 16:19:19 GMT):
Ok, got it. Thanks!

jcourt (Wed, 09 Sep 2020 23:53:26 GMT):
Has there been any thought of replacing or enhancing the web_hooks approach in ACA-py with a web-socket ? Potentially incorporating the aries-cloud-agent-webhook-relay into ACA-py proper ? I am particularly struggling with how you can use the basicmessage functionality between two ACA-py Agents without extra web servers to deal with the web_hooks since there is no way to retrieve messages outside of the web_hooks ?

chakshujain (Thu, 10 Sep 2020 08:27:31 GMT):
Hi everyone, How can I use non-secret api endpoints? I m trying Alice demo and execute the following command: `LEDGER_URL=http://dev.greenlight.bcovrin.vonx.io ./run_demo webstart` to start agents. I am unable to see non-secret api related endpoints on the swagger UI.

chakshujain (Thu, 10 Sep 2020 08:27:31 GMT):
Hi everyone, How can I use the non-secrets API code in the wallet? I m trying Alice demo and execute the following command: `LEDGER_URL=http://dev.greenlight.bcovrin.vonx.io ./run_demo webstart` to start agents. Now I am not able to figure how can I use non-secrets API code provided in the ACA-Py repo: https://github.com/hyperledger/aries-cloudagent-python/tree/master/aries_cloudagent

chakshujain (Thu, 10 Sep 2020 08:27:31 GMT):
Hi everyone, How can I use the non-secrets API code in the wallet? I m trying Alice-Faber demo and execute the following command: `LEDGER_URL=http://dev.greenlight.bcovrin.vonx.io ./run_demo webstart` to start agents. Now I am not able to figure how can I use non-secrets API code provided in the ACA-Py repo: https://github.com/hyperledger/aries-cloudagent-python/tree/master/aries_cloudagent

dipghosh (Thu, 10 Sep 2020 13:15:13 GMT):
Hi everyone, I had just the aries-vcr with a pre setup von-network with the genesis file url and ledger url and that is workout great, and now I want to fetch verifiable credentials from there so how I can fetch the data fetch and store verifiable credential from the ledger. Thanks in advance.

ianco (Thu, 10 Sep 2020 14:22:58 GMT):
There is a test issuer here: https://github.com/bcgov/aries-vcr-issuer-controller

chakshujain (Fri, 11 Sep 2020 05:38:30 GMT):
Just a little help needed: I want to call functions in this file https://github.com/hyperledger/aries-cloudagent-python/blob/master/aries_cloudagent/storage/basic.py from my agents code like inside this file https://github.com/hyperledger/aries-cloudagent-python/blob/master/demo/runners/faber.py. How can I achieve this?

chakshujain (Fri, 11 Sep 2020 05:38:30 GMT):
Just a little help needed: I want to call functions in this file https://github.com/hyperledger/aries-cloudagent-python/blob/master/aries_cloudagent/storage/basic.py from my agent's code like inside this file https://github.com/hyperledger/aries-cloudagent-python/blob/master/demo/runners/faber.py. How can I achieve this? I am quiet new to python and Aries therefore facing so much difficulty.

chakshujain (Fri, 11 Sep 2020 05:38:30 GMT):
Just a little help needed: I want to call functions in this file https://github.com/hyperledger/aries-cloudagent-python/blob/master/aries_cloudagent/storage/basic.py from my agent's code like inside this file https://github.com/hyperledger/aries-cloudagent-python/blob/master/demo/runners/faber.py. How can I achieve this? I am quite new to python and Aries therefore facing so much difficulty.

pchainho (Fri, 11 Sep 2020 11:00:42 GMT):
Has joined the channel.

dipghosh (Fri, 11 Sep 2020 18:10:51 GMT):
Thank you @ianco

sklump (Fri, 11 Sep 2020 18:15:48 GMT):
It doesn't work like that: call the admin API `wallet/` methods via the service endpoint as it displays on startup (e.g., 192.168.56.133:8031)

sklump (Fri, 11 Sep 2020 18:15:48 GMT):
It doesn't work like that: call the admin API `wallet/` methods via the service endpoint as it displays on startup (e.g., 192.168.56.133:8031), implemented here: https://github.com/hyperledger/aries-cloudagent-python/blob/9398c2dbdb9e7208ca19723b8669dc6e71cb465d/aries_cloudagent/wallet/routes.py#L423

HeMBaD (Fri, 11 Sep 2020 18:53:54 GMT):
Has joined the channel.

YukiB (Fri, 11 Sep 2020 21:34:16 GMT):
Hello all, can someone assist me with the following error: `indy.libindy.native.indystrgpostgres ERROR \tsrc/lib.rs:190 | Create storage failed: IOError(\"IO error during storage operation: database error`

YukiB (Fri, 11 Sep 2020 21:37:48 GMT):
This error is generated during `acapy start` and it comes up right after the postgres wallet storage loads successfully

YukiB (Fri, 11 Sep 2020 22:35:41 GMT):
I resolved my issue by assigning appropriate roles to the database user to. Specifically I added the `CREATEDB` role to the admin user

YukiB (Fri, 11 Sep 2020 22:35:41 GMT):
I resolved my issue by assigning appropriate roles to the postgreSQL database user to. Specifically I added the `CREATEDB` role to the admin user

esune (Fri, 11 Sep 2020 23:07:21 GMT):
Which version of postgresql were you using - out of curiosity?

YukiB (Sat, 12 Sep 2020 00:08:49 GMT):
10

YukiB (Sat, 12 Sep 2020 00:09:05 GMT):
Version 10

chakshujain (Sat, 12 Sep 2020 14:38:12 GMT):
Thanks @sklump for giving some direction but I wanted to store non-secret data in my wallet and it seems admin API `wallet/` does not provide any methods for non-secret APIs. I think ACA-Py needs to add a file called `routes.py` inside this folder: https://github.com/hyperledger/aries-cloudagent-python/tree/master/aries_cloudagent/storage. Please help what I am doing wrong.

jcourt (Mon, 14 Sep 2020 06:40:37 GMT):
It shouldn't be possible to get a successful trustping if one of the wallets has deleted the connection should it ? The receiving side where the connection has been removed from the wallet is reporting the following in its log : ``` 2020-09-14 06:30:21,388 aiohttp.access INFO 172.17.0.1 [14/Sep/2020:06:30:21 +0000] "POST / HTTP/1.1" 200 149 "-" "Python/3.6 aiohttp/3.6.2" 2020-09-14 06:30:21,388 indy.libindy WARNING _indy_loop_callback: Function returned error 2020-09-14 06:30:21,389 aries_cloudagent.core.conductor ERROR Exception in message handler: Traceback (most recent call last): File "/home/indy/aries_cloudagent/storage/indy.py", line 106, in get_record self._wallet.handle, record_type, record_id, options_json File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/indy/non_secrets.py", line 319, in get_wallet_record get_wallet_record.cb) indy.error.WalletItemNotFound The above exception was the direct cause of the following exception: Traceback (most recent call last): File "/home/indy/aries_cloudagent/core/dispatcher.py", line 133, in handle_message inbound_message.receipt File "/home/indy/aries_cloudagent/protocols/connections/v1_0/manager.py", line 737, in find_inbound_connection self.context, cached["id"] File "/home/indy/aries_cloudagent/messaging/models/base_record.py", line 213, in retrieve_by_id cls.RECORD_TYPE, record_id, {"retrieveTags": False} File "/home/indy/aries_cloudagent/storage/indy.py", line 112, in get_record ) from x_indy aries_cloudagent.storage.error.StorageNotFoundError: connection record not found: d8f851e1-7c82-47d3-9720-0966d81f5e6d 2020-09-14 06:30:21,389 aries_cloudagent.core.conductor ERROR DON'T shutdown on StorageNotFoundError connection record not found: d8f851e1-7c82-47d3-9720-0966d81f5e6d 2020-09-14 06:30:21,390 aries_cloudagent.core.dispatcher ERROR Handler error: Dispatcher.handle_message Traceback (most recent call last): File "/home/indy/aries_cloudagent/storage/indy.py", line 106, in get_record self._wallet.handle, record_type, record_id, options_json File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/indy/non_secrets.py", line 319, in get_wallet_record get_wallet_record.cb) indy.error.WalletItemNotFound The above exception was the direct cause of the following exception: Traceback (most recent call last): File "/home/indy/aries_cloudagent/core/dispatcher.py", line 133, in handle_message inbound_message.receipt File "/home/indy/aries_cloudagent/protocols/connections/v1_0/manager.py", line 737, in find_inbound_connection self.context, cached["id"] File "/home/indy/aries_cloudagent/messaging/models/base_record.py", line 213, in retrieve_by_id cls.RECORD_TYPE, record_id, {"retrieveTags": False} File "/home/indy/aries_cloudagent/storage/indy.py", line 112, in get_record ) from x_indy aries_cloudagent.storage.error.StorageNotFoundError: connection record not found: d8f851e1-7c82-47d3-9720-0966d81f5e6d ```

etschelp (Mon, 14 Sep 2020 08:15:24 GMT):
I think the HTTP response is misleading in this case. You have to match the thread_id in the response with the thread_id of the Webhook event you will receive in a second step, this event then contains the actual state of the connection.

sklump (Mon, 14 Sep 2020 10:27:35 GMT):
For those, at present you need to use the indy-sdk toolkit underlying: https://github.com/hyperledger/indy-sdk/blob/master/wrappers/python/indy/non_secrets.py. `storage/` is aca-py internal. If we are going to expose non-secret records directly, it will be through `/wallet`.

sklump (Mon, 14 Sep 2020 12:25:39 GMT):
At the time the sender returns HTTP status, it is unknowable whether the receiver can respond: the sender's side is perfectly fine. etschelp's advice appears best.

swcurran (Mon, 14 Sep 2020 22:06:49 GMT):
Join us for the ACA-Py User Group this coming Wednesday at 11AM Pacific (18:00 UTC) -- the hour before the Aries WG Call. We'll have the core maintainers on the call to answer any questions. We'll be talking about attachments in ACA-Py (led by Kiva) and more on lessons learned and battle scars in getting revocation production ready. Zoom link will be: https://zoom.us/j/900111661; Link to meeting agenda page: https://wiki.hyperledger.org/display/ARIES/2020-09-16+Aries+Cloud+Agent+-+Python+Users+Group+Community+Meeting Everyone is welcome!

jcourt (Mon, 14 Sep 2020 22:07:20 GMT):
Ok that all makes sense but it places the whole ping concept into the basic message category of needing a second web server to deal with the web hooks. So there is no real way of creating functional web ui with just ACA-py. Most of the other functionality you can get enough status by polling and ACA-py holds the results.

jcourt (Mon, 14 Sep 2020 22:07:20 GMT):
Ok that all makes sense but it places the whole ping concept into the basic message category of needing a second web server to deal with the web hooks. So there is no real way of creating functional web ui with just ACA-py. Most of the other credential and schema definition functionality you can get enough status by polling and ACA-py holds the results.

jcourt (Mon, 14 Sep 2020 22:16:44 GMT):
Now maybe this is a moot point anyway since any service implementing revocable credentials will have to have another web server to deal with tracking the credential issuance etc. Its just something I hadn't realised.

biligunb (Tue, 15 Sep 2020 03:55:16 GMT):

Clipboard - September 15, 2020 11:55 AM

biligunb (Tue, 15 Sep 2020 03:55:33 GMT):
Hey guys I see that ACA-PY is supports multitenant now.. If i am correct ACA-PY takes seed, name, key etc to add new wallet to Docker. But i dont see any import option. (what about existing wallet?)

sklump (Tue, 15 Sep 2020 10:28:43 GMT):
Get rid of the HEAD methods: `... allow_head=False` like so: https://github.com/hyperledger/aries-cloudagent-python/blob/800c3dc0527a2c6300bc66de33c1aa0757a157bd/aries_cloudagent/protocols/issue_credential/v1_0/routes.py#L1325

sklump (Tue, 15 Sep 2020 10:28:43 GMT):
To get rid of the HEAD methods: `... allow_head=False` like so: https://github.com/hyperledger/aries-cloudagent-python/blob/800c3dc0527a2c6300bc66de33c1aa0757a157bd/aries_cloudagent/protocols/issue_credential/v1_0/routes.py#L1325

zickau (Tue, 15 Sep 2020 10:45:57 GMT):
Hey, maybe this was already discussed (sorry), but does the non_revoked-fields{to, from} work in ACAPy as intended, we have some trouble with it, and currently in our agent it doesn't have any effect. Is there a specific ACAPy version which supports it?

sklump (Tue, 15 Sep 2020 10:51:19 GMT):
aca-py implements indy-sdk design. "some trouble" is not an operable description.

sklump (Tue, 15 Sep 2020 10:52:47 GMT):
{"from", "to"} means for the prover to supply a timestamp any time (prover choice) between "from" and "to". It does not mean 'throughout the entire "from", "to" period' à la X.509.

zickau (Tue, 15 Sep 2020 10:53:22 GMT):
So, both values (from/to) should be the same?

sklump (Tue, 15 Sep 2020 10:53:37 GMT):
If you are interested in exactly one timestamp, yes

zickau (Tue, 15 Sep 2020 10:55:01 GMT):
But it could also be used to check verified=true: for from=1st Sep to=4th Sep

sklump (Tue, 15 Sep 2020 10:56:14 GMT):
For any time within 09-01 to 09-04, not for all time spanning 09-01 to 09-04 _(epoch conversions to local time apply)_

zickau (Tue, 15 Sep 2020 10:58:40 GMT):
(epoch conversions to local time apply) does it mean that it is/should be different from the GMT UNIX time for example different from the German summer time?

sklump (Tue, 15 Sep 2020 11:01:36 GMT):
Epoch is epoch. For example, September 1 here (GMT-5:00) corresponds to a period spanning September 1-2 GMT.

sklump (Tue, 15 Sep 2020 11:01:36 GMT):
Epoch is epoch. For example, September 1 here (GMT-5:00) corresponds to a period spanning September 1-2 GMT. Note that from/to take epoch integers in proof requests.

sklump (Tue, 15 Sep 2020 11:05:01 GMT):
Re: main line, suppose issuer revokes cred on Sept 3 and a proof request to which that credential applies has from/to spanning Sept 1-Sept 4. The prover can supply a proof with a timestamp of Sept 1 and it will verify as True. A proof with a timestamp of Sept 4 will verify as False, because the delta for the credential's revocation registry on the ledger at that time will fail the non-revocation proof.

sklump (Tue, 15 Sep 2020 11:05:51 GMT):
Indy revocation consumes at least eight times more blood and treasure than indy credential issue. Welcome. You'll never leave.

sklump (Tue, 15 Sep 2020 11:09:44 GMT):
Indy revocation is trickier than meets the eye and there are deeper pitfalls lurking beneath for implementation. Aca-py is the most complete code base and has been through a few revisions. There may be more things we haven't thought of and it may be you who finds them.

sklump (Tue, 15 Sep 2020 11:09:44 GMT):
Indy revocation is trickier than meets the eye and there are deeper pitfalls lurking beneath for implementation. Aca-py is the most complete code base AFAIK and has been through a few revisions. There may be more things we haven't thought of and it may be you who finds them.

zickau (Tue, 15 Sep 2020 11:11:12 GMT):
Thx a lot for the extended reply and example, I will provide this to our dev group

sklump (Tue, 15 Sep 2020 11:12:54 GMT):
For simplicity, I advise picking an epoch timestamp of interest and specifying it as both "to" and "from".

zickau (Tue, 15 Sep 2020 11:13:58 GMT):
Yes, that'd be also my approach, I the channel know if we experience some issues etc.

zickau (Tue, 15 Sep 2020 15:07:10 GMT):
We are using v0.5.2 for the time being as we have problems with our software on v 0.5.3 and 0.5.4. Does the to/from (should) work with 0.5.2

zickau (Tue, 15 Sep 2020 15:07:12 GMT):
?

esune (Tue, 15 Sep 2020 16:18:02 GMT):
@ianco may know more. I believe multi-tenenacy is still under development and not officially supported, but my info may be outdated.

esune (Tue, 15 Sep 2020 16:18:02 GMT):
@ianco will know more. I believe multi-tenenacy is still under development and not officially supported, but my info may be outdated.

ianco (Tue, 15 Sep 2020 16:20:25 GMT):
There is some multitenant support in the `multitenancy` branch but it's POC only

ianco (Tue, 15 Sep 2020 16:21:13 GMT):
For example I don't think there's support for any kind of wallet security yet (i.e. the agency has access to all wallets)

ianco (Tue, 15 Sep 2020 16:22:03 GMT):
I don't know about import or any other wallet features

swcurran (Tue, 15 Sep 2020 16:52:40 GMT):
I think that part of ACA-Py should be the same for 0.5.2. I looked through the release notes. Changes in 0.5.4 make controller management of Revocation WAY easier, but revocation was supported in 0.5.2

biligunb (Tue, 15 Sep 2020 23:45:44 GMT):
Tnx @esune @ianco . I understand

jameshiester (Wed, 16 Sep 2020 01:32:24 GMT):
ls it possible to reject a connection-invitation after you receive it? Does removing send a message to the other agent?

lohan.spies (Wed, 16 Sep 2020 07:46:53 GMT):
Has joined the channel.

sklump (Wed, 16 Sep 2020 12:41:18 GMT):
There are gotchas with 0.5.2 if you are mixing revocable and non-revocable credentials where both might satisfy a proof request.

sklump (Wed, 16 Sep 2020 12:41:18 GMT):
There are gotchas before 0.5.4 if mixing revocable and non-revocable credentials where both might satisfy a proof request.

zickau (Wed, 16 Sep 2020 12:44:07 GMT):
Thx. At the moment we only do tests with revocable creds

WadeBarnes (Wed, 16 Sep 2020 17:34:09 GMT):
@esune, @andrew.whitehead, @lohan.spies would like to discuss details of connectionless proofs.

esune (Wed, 16 Sep 2020 17:38:41 GMT):
What's the use-case that we are trying to achieve - to have some context?

lohan.spies (Wed, 16 Sep 2020 17:44:40 GMT):
I want to be able to create a connection-less proof presentation that can then be verified by another aca-py instance. The issue is that I am unsure how to process the connection-less proof request in the other aca-py instance

lohan.spies (Wed, 16 Sep 2020 17:46:05 GMT):
i.e. Use this endpoint on agent 1 to create proof request (connection-less) /present-proof/create-request. How do I process that message on agent 2?

esune (Wed, 16 Sep 2020 17:48:20 GMT):
I don't think - as of now - aca-py supports being fed with connection-less proofs (all of the use-cases I have been working with have been with aca-py generating the proof, and a mobile wallet using it).

esune (Wed, 16 Sep 2020 17:49:11 GMT):
@andrew.whitehead could you confirm wether my point is still teue, or has something changed recently that adds support for receiving connection-less proof requests?

esune (Wed, 16 Sep 2020 17:53:50 GMT):
The result of the call to `/present-proof/create-request` needs to be paired with a service-decorator specifying where the response needs to be sent to (example [here](https://github.com/bcgov/vc-authn-oidc/blob/master/oidc-controller/src/VCAuthn/IdentityServer/Endpoints/AuthorizationEndpoint/AuthorizeEndpoint.cs#L190-L203)), however I believe aca-py does not have an endpoint to process that payload as a receiver right now

andrew.whitehead (Wed, 16 Sep 2020 17:57:58 GMT):
That's right, it would need to create a new connection based on the service decorator and then process the request

lohan.spies (Wed, 16 Sep 2020 18:56:50 GMT):
@andrew.whitehead can you explain how to achieve that with aca-py. Still not sure I am completely understanding the flow.

rileyphughes (Wed, 16 Sep 2020 22:09:43 GMT):
@lohan.spies this use case is supported in Aries .NET & in Trinsic APIs, I'll PM you

andrew.whitehead (Wed, 16 Sep 2020 22:50:44 GMT):
It's not something that aca-py supports currently. It might be possible if the controller parsed out the service decorator and used the API to create a connection, but the API itself does not support the service decorator on incoming messages

andrew.whitehead (Wed, 16 Sep 2020 22:50:44 GMT):
It's not something that aca-py supports currently. It might be possible if the controller parsed out the service decorator and used the API to create a connection, but the agent itself does not support the service decorator on incoming messages

sj1 4 (Thu, 17 Sep 2020 00:43:36 GMT):
Has joined the channel.

lohan.spies (Thu, 17 Sep 2020 07:38:56 GMT):
@andrew.whitehead thank you for the clarification.

lohan.spies (Thu, 17 Sep 2020 07:39:16 GMT):
@rileyphughes will reply to your email

domwoe (Thu, 17 Sep 2020 14:23:56 GMT):
Hi, we are working on use cases where Aries agents of organisations are interacting. We think those organisations should have stable public identifiers and the organisations should exchange them. Quite some time ago I opened the following [issue](https://github.com/hyperledger/aries-cloudagent-python/issues/35) but discussions stalled. Now I'd like to revisit this issue and I'm open to contributing code. But I'm wondering: 1. Is using the connection/didexchange protocol with a public DID a total antipattern that should not be allowed? 2. Should we have an additional "Proof I control this public DID" protocol? 3. Should every org register a credential definition for just issuing itsef 'this is me' credentials (feels strange) Or are there other solutions?

swcurran (Thu, 17 Sep 2020 14:57:13 GMT):
1 is not an anti-pattern and will be common. Go for it! We talked about it some on DIDComm v1 (what we are using today) and tons on DIDComm v2. 2. By using the public DID in sending a DIDComm message, proof of control is provided. I don't think anything else is needed. 3. We think an organization should get a credential from the authority over creating organization -- e.g. BC Registries in BC, which is legislative authorized to issue Certificate of Incorporation documents, etc. They should be the issuer of that. But that is may be a bigger issue Binding of the DID to the organization might be done for now using something like DNS and the ".well-known" mechanism.

domwoe (Thu, 17 Sep 2020 15:06:23 GMT):
thanks @swcurran. I’ll look into adding the “connections with public DIDs” to ACA-PY in the next weeks. (2) was meant as an alternative to (1). looking forward to (3) ;) We’re also working with “Identity providers” that may act as proxies to provide something like digitized commerical registry entries because not everyone is as far as BC ;) And yeah, we need to integrate the work of DIF on linked domains

athulramesh (Thu, 17 Sep 2020 18:32:35 GMT):
Hi all, I am working on out-of-band connection protocol and I tried to create a connection invitation with public =true and multi_use=true query. Then I got error like this ` 403: Configuration does not include public invitations` But i already assign a current public did.

swcurran (Thu, 17 Sep 2020 18:34:41 GMT):
Can you please add a GitHub issue on this one and we'll get it looked at?

athulramesh (Thu, 17 Sep 2020 18:35:56 GMT):
I will add. Thank you.

AngelPalomares (Fri, 18 Sep 2020 09:51:52 GMT):
Has joined the channel.

sklump (Fri, 18 Sep 2020 11:03:07 GMT):
You need command-line flag `--public-invites` to use public invitations here

athulramesh (Fri, 18 Sep 2020 11:52:22 GMT):
Now it's working.

athulramesh (Fri, 18 Sep 2020 11:55:11 GMT):
Is there any helpful documents relating to out-of-band protocol except aries-rfcs/features /0434-outofband

AngelPalomares (Fri, 18 Sep 2020 12:05:02 GMT):
Hello I am testing a did_exchange using on one hand a agent developed in go and other developed in python and I have the following error:``` Faber | 2020-09-18 09:30:50,478 aries_cloudagent.transport.outbound.manager ERROR >>> Error when posting to: http://192.168.1.35:8082; Error: (, OutboundTransportError('Unexpected response status 404, caused by: Not Found',), ); Re-queue failed message ... ``` Is it feasible to do so?, am I doing something wrong?. Thank you in advance

sklump (Fri, 18 Sep 2020 12:13:24 GMT):
It's quite new: I don't know of any

mattatkiva (Fri, 18 Sep 2020 13:49:57 GMT):
In theory it should be feasible. I cannot speak the go agent is compatible or not however.

swcurran (Fri, 18 Sep 2020 17:25:52 GMT):
At this point it is not possible AFAIK. ACA-Py supports the Connections protocol (RFC 0160, per AIP 1.0 -- RFC 0302), while Go supports the DID Exchange protocols. ACA-Py will be moving to DID Exchange, but is not there yet. We are looking forward to AIP 2.0 that will no doubt include DID Exchanghe.

swcurran (Fri, 18 Sep 2020 17:28:00 GMT):
There is a second RFC about transitioning to OOB. There is not much in ACA-Py yet.

swcurran (Fri, 18 Sep 2020 17:28:04 GMT):
:-(

AngelPalomares (Sat, 19 Sep 2020 07:59:32 GMT):
Thank you very much, just one last question, when do you think that ACA-Py will be able to be interoperable with aries-go?

discoverer (Sun, 20 Sep 2020 10:54:46 GMT):
@YukiB - I am having similar error. I can confirm that id has database create permission. I have post details here. any clue? https://github.com/hyperledger/aries-cloudagent-python/issues/720

discoverer (Sun, 20 Sep 2020 10:54:46 GMT):
@YukiB - I am having similar error. I can confirm that id has database create permission. I have posted details here. any clue? https://github.com/hyperledger/aries-cloudagent-python/issues/720

discoverer (Sun, 20 Sep 2020 11:00:55 GMT):
@kukgini - did you manage find solution? I am having similar error. I can confirm that id has database create permission. I have posted details here. any clue? https://github.com/hyperledger/aries-cloudagent-python/issues/720

discoverer (Sun, 20 Sep 2020 11:00:55 GMT):
@kukgini - did you manage to find solution? I am having similar error. I can confirm that id has database create permission. I have posted details here. any clue? https://github.com/hyperledger/aries-cloudagent-python/issues/720

discoverer (Sun, 20 Sep 2020 11:07:48 GMT):
kukgini - did you manage to find solution? I am having similar error. I can confirm that id has database create permission. I have posted details here. any clue? https://github.com/hyperledger/aries-cloudagent-python/issues/720

wip-abramson (Mon, 21 Sep 2020 09:57:00 GMT):
Anyone run into any issues accepting the TAA for the staging network recently? I had a flow that worked but it no longer seems to be because of some JSONDecode error in the agent. We are creating the TAA using this: response = await agent_controller.ledger.get_taa() TAA = response['result']['taa_record'] TAA['mechanism'] = "service_agreement" print(TAA)

wip-abramson (Mon, 21 Sep 2020 09:58:09 GMT):
then accepting that TAA object - which is a valid JSON

wip-abramson (Mon, 21 Sep 2020 11:05:45 GMT):
Sorted it

zickau (Mon, 21 Sep 2020 11:55:17 GMT):
It seems that on the holder side there is sth to change for the non_revoked{from,to} to work. We tested our inst. agent with th trinsic app now and it seem to have the expected behavior

swcurran (Mon, 21 Sep 2020 13:21:33 GMT):
Could you give some more details on the above statement -- an "sth"? We're trying to use the Trinsic app with revocable credentials and we can't get it to work. FYI @esune

swcurran (Mon, 21 Sep 2020 13:22:49 GMT):
Not sure. Go is using protocols that are ahead of the rest of the community. AIP 2.0 needs to be defined, which will likely include those protocols.

AngelPalomares (Mon, 21 Sep 2020 14:25:04 GMT):
Thank you very much Stephen

zickau (Mon, 21 Sep 2020 15:28:18 GMT):
I don't actually know what there is to do/change on the holder side. My colleague reported that our tests we did with the Lissi app did not brought the expected results when incl. "non_revoke". He will do some more testing and I get back to you tomrw. We also try to test the esatus app as well.

zickau (Mon, 21 Sep 2020 15:29:42 GMT):
But he could validate the "non_revoke"-behavior credentials correctly while using the trinsic app on the holder side

zickau (Mon, 21 Sep 2020 15:30:21 GMT):
On our backend we still use the 0.5.2 version of teh ACApy for the time being

esune (Mon, 21 Sep 2020 15:35:28 GMT):
Are you using one global non-revocation intervals, or specifying one for each attribute restriction? Curious to know more, we are testing using 0.5.4 and Lissi seems to work as expected for us.

zickau (Mon, 21 Sep 2020 15:38:02 GMT):
At the moment we use a global interval, also only testing one credential, interesting to hear that the lissi app works in your setup as we are actually working on the lissi backend ;)

jameshiester (Mon, 21 Sep 2020 18:30:20 GMT):
was Microsoft included in the interoperathon? To what degree is Sovrin/other networks expected to be compatible with the Microsoft Authenticator VC functionality?

swcurran (Mon, 21 Sep 2020 20:43:50 GMT):
I don't think anyone from MS was at the Interop-athon as the focus was interop across Indy networks vs. across any SSI networks. Interop across more networks is a goal -- just not of the Indy Interop-athon. I believe that for the MS Auth VC functionality, it might be possible to use Indy DIDs. MS does not AFAIK support ZKPs with this tech at this time, so the functionality is only dependent on DIDs and resolving DID. I don't know if MS Auth VC supports DID methods beyond their Ion Bitcoin sidetree DID method.

kukgini (Tue, 22 Sep 2020 05:46:23 GMT):
@discoverer In my case adding `--wallet-type indy` solved the problem.

lohan.spies (Tue, 22 Sep 2020 07:27:34 GMT):
We encountered a weird error. None of our code or agent versions changed but suddenly when trying to send a proof request it fails with the following error `ClientResponseError: 422, message='Unprocessable Entity', url=URL('http://id-verifier-agent:8051/present-proof/send-request')`

lohan.spies (Tue, 22 Sep 2020 07:27:41 GMT):
Did anyone encounter this before?

lohan.spies (Tue, 22 Sep 2020 07:28:19 GMT):
Here is the proof request object `{'connection_id': '38db2951-9220-4571-96cc-e17c1d7bda60', 'proof_request': {'name': 'Proof of Completion of PyDentity SSI Tutorial', 'version': '1.0', 'requested_attributes': {'0_fullname_uuid': {'name': 'fullname', 'restrictions': [{'schema_id': 'EuEtnVakYFyBtGFT1nHYtH:2:SSI PyDentity Tutorial:0.0.1'}]}, '0_skill_uuid': {'name': 'skill', 'restrictions': [{'schema_id': 'EuEtnVakYFyBtGFT1nHYtH:2:SSI PyDentity Tutorial:0.0.1'}]}, '0_country_uuid': {'name': 'country'}}, 'requested_predicates': {'0_age_GE_uuid': {'name': 'age', 'p_type': '>=', 'p_value': 21, 'restrictions': [{'schema_id': 'EuEtnVakYFyBtGFT1nHYtH:2:SSI PyDentity Tutorial:0.0.1'}]}}}, 'trace': False}`

athulramesh (Tue, 22 Sep 2020 07:54:22 GMT):
Here you didn't add the restriction for "0_country_uuid".

lohan.spies (Tue, 22 Sep 2020 07:55:11 GMT):
Even took out the self-attested, predicates and restrictions. Same issue

lohan.spies (Tue, 22 Sep 2020 07:55:11 GMT):
Even took out self-attested, predicates and restrictions. Same issue

lohan.spies (Tue, 22 Sep 2020 07:55:47 GMT):
`0_country_uuid` is self-attested and don't require any restrictions

lohan.spies (Tue, 22 Sep 2020 09:21:56 GMT):
Issue resolved!!

athulramesh (Tue, 22 Sep 2020 11:37:08 GMT):
what was the problem?

matteo (Tue, 22 Sep 2020 16:25:44 GMT):
Hi @swcurran, do you plan to post aca-pug 2020-09-16 meeting recording f?

matteo (Tue, 22 Sep 2020 16:25:44 GMT):
Hi @swcurran, do you plan to post aca-pug 2020-09-16 meeting recording ?

lohan.spies (Tue, 22 Sep 2020 18:55:27 GMT):
had issues in the controller.

severus-sn4pe (Wed, 23 Sep 2020 08:29:50 GMT):
Hi all. Is there any documentation available on what can be done inside Predicates of Proofs? I'm curious about what all can be done inside predicates to form ZKPs, but cannot find much information about that online. I'm especially interested if attributes could be compared to each other, or if some basic calculations could be made with them inside a proof.

RounakGhosh (Wed, 23 Sep 2020 08:30:16 GMT):
Has joined the channel.

adrijanrogan (Wed, 23 Sep 2020 13:12:38 GMT):
Has joined the channel.

blidd (Wed, 23 Sep 2020 14:35:01 GMT):
Has joined the channel.

swcurran (Wed, 23 Sep 2020 14:40:55 GMT):
Proof documentation is not easy to come by. AFAIK, predicates are the four operators <, <=, >, >= and must be on the encoded value in the credential. Since the encoding format is limited to just ints as ints and strings as hashes, only numbers can be used in predicates. Only values passed in via the Proof Request can be used in the expression -- not other claims.

wip-abramson (Wed, 23 Sep 2020 17:57:42 GMT):
Hey, how can I back up the state of an indy wallet using docker-compose volumes? Anyone know where the data is located? Cheers

severus-sn4pe (Thu, 24 Sep 2020 07:05:16 GMT):
Ok. Thanks Stephen

domwoe (Thu, 24 Sep 2020 07:52:12 GMT):
Hey, I'm experimenting with connection-less issuance of credentials. I've created an offer and the the client (Streetcred.id app in this case) is sending a credential request. The request is received by ACA-PY (v0.5.4), but there I get "aries_cloudagent.messaging.base_handler.HandlerException: No connection established for credential request" How am I supposed to handle this? I'm wondering that the ~thread object of the offer is empty. I thought this would be the way to identify the request.

DucaDellaForcoletta (Thu, 24 Sep 2020 10:07:47 GMT):
Hi All, does anyone know why the ledger.keepalive parameter is not configurable in the start command? Where used seems considered as condifurable when readed but not in the args parsing.

DucaDellaForcoletta (Thu, 24 Sep 2020 10:07:47 GMT):
Hi All, does anyone know why the ledger.keepalive parameter is not configurable in the start command? In the code seems configurable when readed but not in the args parsing.

sheru (Thu, 24 Sep 2020 11:48:47 GMT):

Clipboard - September 24, 2020 5:18 PM

sheru (Thu, 24 Sep 2020 11:48:57 GMT):
Hello all, I am getting this issue when tried to issue a credential using aca-py.

sheru (Thu, 24 Sep 2020 11:48:57 GMT):
Hello all, I am getting this issue when tried to issue a credential using aca-py. Can anyone help me to understand this. Thanks

bruno_santos (Thu, 24 Sep 2020 12:20:24 GMT):
Has joined the channel.

bruno_santos (Thu, 24 Sep 2020 12:26:54 GMT):

Clipboard - 24 de Setembro de 2020 13:26

bruno_santos (Thu, 24 Sep 2020 12:27:40 GMT):
Hello all , I'm trying to verify the following Alice's credential: { "results": [ { "referent": "aed1f234-911a-47a9-90d7-a455dd5d8505", "attrs": { "score": "34" }, "schema_id": "7yubMijdRrkhPCt4Jn8Qer:2:teste:1.0", "cred_def_id": "7yubMijdRrkhPCt4Jn8Qer:3:CL:18:default", "rev_reg_id": null, "cred_rev_id": null } ] } I've sent a proof request with ACME: { "comment": "string", "connection_id": "e367e1c2-7b1e-471c-9eb0-909106097b83", "proof_request": { "name": "Proof of Score", "version": "1.0", "requested_attributes":{}, "requested_predicates": { "0_score_GE_uuid": { "name": "score", "p_type": ">=", "p_value": 30, "restrictions": [ { "cred_def_id": "7yubMijdRrkhPCt4Jn8Qer:3:CL:18:default" } ] } } } } But when trying to prove it on Alice's side, I get the following error: (see Clipboard)

bruno_santos (Thu, 24 Sep 2020 12:27:40 GMT):
Hello all , I'm trying to verify the following Alice's credential: { "results": [ { "referent": "aed1f234-911a-47a9-90d7-a455dd5d8505", "attrs": { "score": "34" }, "schema_id": "7yubMijdRrkhPCt4Jn8Qer:2:teste:1.0", "cred_def_id": "7yubMijdRrkhPCt4Jn8Qer:3:CL:18:default", "rev_reg_id": null, "cred_rev_id": null } ] } I've sent a proof request with ACME: { "comment": "string", "connection_id": "e367e1c2-7b1e-471c-9eb0-909106097b83", "proof_request": { "name": "Proof of Score", "version": "1.0", "requested_attributes":{}, "requested_predicates": { "0_score_GE_uuid": { "name": "score", "p_type": ">=", "p_value": "30", "restrictions": [ { "cred_def_id": "7yubMijdRrkhPCt4Jn8Qer:3:CL:18:default" } ] } } } } But when trying to prove it on Alice's side, I get the following error: (see Clipboard)

sheru (Thu, 24 Sep 2020 12:39:23 GMT):
This issue is fixed now. I guess the issue was there because of connection state not changed to active when sending the issue credential request. Thanks

domwoe (Thu, 24 Sep 2020 13:13:20 GMT):
@andrew.whitehead What am I missing? In contrast in`/present-proof/create-request` a threadId created

swcurran (Thu, 24 Sep 2020 13:16:02 GMT):
AFAIK, ACA-Py does not support this, but am not certain. We'd like to. Pinging @esune on this as well for their info.

swcurran (Thu, 24 Sep 2020 13:16:02 GMT):
AFAIK, ACA-Py does not support this, but am not certain. We'd like to. Pinging @esune on this as well for feedback on this.

esune (Thu, 24 Sep 2020 15:03:44 GMT):
@swcurran is correct, aca-py does not support connection-less protocols out of the box at this time

swcurran (Thu, 24 Sep 2020 18:19:15 GMT):
You should be able to find the stack trace in the command line window to get more details about the error.

kh_touati (Fri, 25 Sep 2020 09:33:24 GMT):
Dear All, Using aca-py is it possibel to import and export wallet. Indeed, I want to share the same wallet between two agents and I want to check if this is possible with aca-py Thank you in advance

domwoe (Fri, 25 Sep 2020 10:14:31 GMT):
Thanks @esune, seems that there is not too much missing. The initial id of the offer can be used as a thread id and it seems that ACA-PY should already support the transport route RFC which is used in the credential request from the Trinsic wallet app

SuperSeiyan (Fri, 25 Sep 2020 11:17:51 GMT):
Hi All, I know that there is a limit on ACA-py outbound transport on webhook, which throws error as `'aries_cloudagent.transport.outbound.base.OutboundTransportError'>, OutboundTransportError('Unexpected response status 413, caused by: Request Entity Too Large'), )`. In my use case, It needs the large content to send out from ACA-py. Is there a way to config to allow data transportation larger than 1 MB?

miguelmesquita (Fri, 25 Sep 2020 11:34:58 GMT):
Has joined the channel.

miguelmesquita (Fri, 25 Sep 2020 11:34:58 GMT):
Hello, is it possible to send a complex type - for example a list of items - inside a credential, following a a defined schema?

miguelmesquita (Fri, 25 Sep 2020 11:39:18 GMT):
It appears that it only supports strings

ldej (Fri, 25 Sep 2020 12:11:23 GMT):
Has joined the channel.

swcurran (Fri, 25 Sep 2020 18:25:01 GMT):
You can import/export wallets at the indy level. I'm not sure if ACA-Py supports it directly, but I don't think so. Generally, ACA-Py is used in an enterprise context, and so we (BC Gov) generally use database tools for backup/restore. We use Postgres for that. The sharing of one wallet between multiple agents is something that is being worked on in the community. The "multi-tenant agent" concept is in a branch in the ACA-Py repo and being worked.

swcurran (Fri, 25 Sep 2020 18:28:46 GMT):
That's an indy limitation in place with the current version of credentials. You could, if your use case allows, use the string to hold a complex data type -- a bit of hack IMHO. We anticipate that future versions will allows JSON-LD credentials to allow for a richer handling. However, note that to support ZKPs and selective disclosure, each data element must be signed independently, and as such, rich data structures have to be flattened to an array. It makes the handling of arrays "interesting".

swcurran (Fri, 25 Sep 2020 18:29:52 GMT):
Are you planning on adding that support @domwoe ? We'd appreciate it and would like to use it, but have not had a chance to add it.

esune (Fri, 25 Sep 2020 18:42:15 GMT):
I second that, pull requests are always welcome :)

kh_touati (Sat, 26 Sep 2020 11:41:08 GMT):
Thank you swcurran for the details :)

miguelmesquita (Mon, 28 Sep 2020 03:54:25 GMT):
yep, i want to avoid to perform a serialization/deserialization by myself, if i can avoid it, but if there is no other way

miguelmesquita (Mon, 28 Sep 2020 03:55:33 GMT):
i assume i have to suck it up

sklump (Mon, 28 Sep 2020 15:06:12 GMT):
It's a bug. I'm working on it.

sklump (Mon, 28 Sep 2020 15:06:12 GMT):
p_value should be an int, not a stringified int here.

lijiachuan (Mon, 28 Sep 2020 22:26:02 GMT):
Hi all, I am not sure is there any change for setting up a new agent with ACA-Py, when I tried to use below command to start the new agent, it returened `Ledger rejected transaction request: client request invalid: could not authenticate, verkey for DPvobytTtKvmyeRTJZYjsg cannot be found`, but previously there is not such error happen. I am using a VON test network. Anyone can help? Thanks. ``` PORTS="8080:8080 8000:8000" \ scripts/run_docker start --wallet-type indy \ --seed 000000000000000000000000000Agent \ --wallet-key welldone \ --wallet-name myWallet \ --genesis-url http://VON_IP/genesis \ -e http://Agent_IP:8000 \ --inbound-transport http 0.0.0.0 8000 \ --outbound-transport http \ --admin 0.0.0.0 8080 \ --admin-insecure-mode \ --auto-ping-connection ```

swcurran (Mon, 28 Sep 2020 22:33:53 GMT):
@andrew.whitehead might no better, but I think it is because you are starting up in readonly mode (no writes to the ledger), but the DID for the give seed (`000...Agent`) does not exist on the ledger. Did you reset the ledger?

lijiachuan (Mon, 28 Sep 2020 22:36:02 GMT):
I started the ledger with this command as usual `./manage start VON_IP WEB_SERVER_HOST_PORT=80 "LEDGER_INSTANCE_NAME=My Ledger" &`, whether this will make the ledger readonly?

lijiachuan (Mon, 28 Sep 2020 22:36:58 GMT):
And previously after I started the ACA-Py agent, it gave me the DID and VerKey in the command window, then I will register it in the VON network page

lijiachuan (Mon, 28 Sep 2020 22:37:43 GMT):
whether currently we need to register the new agent's in the ledger firstly and then we can start the agent successfully?

lijiachuan (Mon, 28 Sep 2020 22:43:52 GMT):
After register the agent with its seed firstly in the VON network, then the agent can started sucessfully. Is this a new requirement for setting up a new agent?

esune (Mon, 28 Sep 2020 22:58:24 GMT):
Are you using a volume to persist your wallet? If not that could be an issue maybe, as on first start the agent will derive the verkey from the seed, generate the wallet and register itself on the ledger. If the wallet creation has to start from scratch, but the did corresponding to the seed/verkey is already on the ledger you could see issues.

esune (Mon, 28 Sep 2020 22:59:04 GMT):
Basically what I am saying is: did you already try with a "clean" `./manage rm / ./manage start` instance of `von-network`?

lijiachuan (Tue, 29 Sep 2020 02:54:42 GMT):
hi @esune, I used `./manage rm` and then `./manage start 40.122.210.* WEB_SERVER_HOST_PORT=80 "LEDGER_INSTANCE_NAME=My Ledger" &`, and created a new VM to host ACA-Py agent, use below command to start the agent, but that error still happened. ``` PORTS="8080:8080 8000:8000" \ scripts/run_docker start \ -l CorpReg \ --inbound-transport http 0.0.0.0 8000 \ --outbound-transport http \ --admin 0.0.0.0 8080 \ --admin-insecure-mode \ --endpoint http://13.78.88.*:8000 \ --genesis-url http://47.115.180.*/genesis \ --wallet-type indy \ --seed 0000000000000000000000000CorpReg \ --log-level 'info' \ --auto-accept-invites \ --auto-accept-requests \ --auto-ping-connection \ --auto-respond-credential-offer \ --auto-respond-credential-request \ --auto-store-credential \ --auto-verify-presentation ```

lijiachuan (Tue, 29 Sep 2020 02:56:47 GMT):
So whether currently when initialize a new ACA-Py agent, its DID must be registered on the ledger firstly then, then we can start to initialize the agent?

lijiachuan (Tue, 29 Sep 2020 02:57:51 GMT):
Previous' behavior is not like this, I didn't need to register the Agent's DID before I initialize the agent.

esune (Tue, 29 Sep 2020 03:40:08 GMT):
As far as I know it was always necessary to register the DID on the ledger if you want to run the agent with write capabilities. There may have been tweaks to the APIs and behaviour of aca-py though that require you to either have a registered DID or run in read only mode explicitly.

swcurran (Tue, 29 Sep 2020 03:43:24 GMT):
Awhile ago we added settings for separating provisioning mode from operational mode. There is a read-only flag that you can control in the startup params. PR is here: https://github.com/hyperledger/aries-cloudagent-python/pull/364

swcurran (Tue, 29 Sep 2020 03:46:25 GMT):
When did you last play with this? What version are you using now?

lijiachuan (Tue, 29 Sep 2020 03:48:07 GMT):
It was around last May, and currently I think I am using the latest version from the github.

domwoe (Tue, 29 Sep 2020 06:31:25 GMT):
Currently not, but maybe later on. It would have been only a convenience for a demo. There are features that are more urgent for us. Would be great to get some feedback here: https://github.com/hyperledger/aries-cloudagent-python/issues/358 ;)

krgko (Tue, 29 Sep 2020 09:51:48 GMT):
Has joined the channel.

swcurran (Tue, 29 Sep 2020 20:42:34 GMT):
Join us for the ACA-Py User Group this coming Wednesday (tomorrow!) at 11AM Pacific (18:00 UTC) -- the hour before the Aries WG Call. We'll have the core maintainers on the call to answer questions. We'll be talking about attachments in ACA-Py (led by Kiva - deferred from last meeting) and going over some open issues. If anyone wants to raise some topics, reply to this note or bring them up in the meeting. NOTE: New zoom link for the meeting!!! See below. Zoom link will be: https://zoom.us/my/hyperledger.community?pwd=STZQd0xMZU9xRVVOVnpQM3JNQ2dqZz09 ; Link to meeting agenda page: https://wiki.hyperledger.org/display/ARIES/2020-09-30+Aries+Cloud+Agent+-+Python+Users+Group+Community+Meeting Everyone is welcome!

ankita.p (Wed, 30 Sep 2020 07:10:10 GMT):

postgresIntegration.png

ankita.p (Wed, 30 Sep 2020 07:11:41 GMT):

DB table access.png

lohan.spies (Wed, 30 Sep 2020 09:54:51 GMT):
Hey @wip-abramson figured this out with @WadeBarnes yesterday. Just add the following to the docker compose file ` volumes: - issuer-agent:/home/indy/.indy_client/wallet`

lohan.spies (Wed, 30 Sep 2020 09:54:51 GMT):
Hey @wip-abramson figured this out with @WadeBarnes yesterday. Just add the following to the docker compose file ``` volumes: - issuer-agent:/home/indy/.indy_client/wallet```

WadeBarnes (Wed, 30 Sep 2020 13:44:30 GMT):
That assumes you're agent is using the default, local, SQLite wallet. If using Postgres for you wallet, you'll want to mount a volume to the Postgres data directory.

WadeBarnes (Wed, 30 Sep 2020 13:44:30 GMT):
That assumes your agent is using the default, local, SQLite wallet. If using Postgres for you wallet, you'll want to mount a volume to the Postgres data directory.

WadeBarnes (Wed, 30 Sep 2020 13:44:30 GMT):
That assumes your agent is using the default, local, SQLite wallet. If using Postgres for your wallet, you'll want to mount a volume to the Postgres data directory.

WadeBarnes (Wed, 30 Sep 2020 13:46:13 GMT):
To be clear, this provides persistence for the container's data. This does not provide "back up" in the traditional sense. But I believe persistence is what you were looking for.

lohan.spies (Wed, 30 Sep 2020 13:47:14 GMT):
Indeed, we just wanted persistence of the wallet state at the moment.

WadeBarnes (Wed, 30 Sep 2020 13:52:00 GMT):
Where is the Postgres database hosted in relation to your agent? Check the address and port specification. In particular your port `5430`, Postgres typically uses `5432`.

WadeBarnes (Wed, 30 Sep 2020 13:54:28 GMT):
Also make sure you are providing the agent with the correct wallet configuration and credentials. Docker example; https://github.com/bcgov/aries-vcr/blob/master/docker/docker-compose.yml#L225

ankita.p (Wed, 30 Sep 2020 13:59:46 GMT):
It is in docker on my local system. I gave port as 5430

WadeBarnes (Wed, 30 Sep 2020 14:27:19 GMT):
Is the agent also running in docker?

TelegramSam (Wed, 30 Sep 2020 18:05:54 GMT):
Meeting today?

TelegramSam (Wed, 30 Sep 2020 18:06:42 GMT):
found new link above^

wip-abramson (Wed, 30 Sep 2020 18:08:41 GMT):
Yeah thanks! Thats the one

andrew.whitehead (Wed, 30 Sep 2020 18:08:43 GMT):
It switched to a hyperledger room, so you may see 'waiting for host to start' if you join the old room

ankita.p (Wed, 30 Sep 2020 20:32:27 GMT):
I tried with running in same docker container and on outside container as well. Tried with giving the IP address of the Host instead of localhost of loopback as well but same problem

WadeBarnes (Wed, 30 Sep 2020 22:07:34 GMT):
If you're running the services in docker using docker compose you could be able to reference the containers by the service name you give it in the docker-compose file. Otherwise you'll need to use the dockerhost IP address.

WadeBarnes (Wed, 30 Sep 2020 22:08:08 GMT):
Have a look here; https://github.com/bcgov/aries-vcr/tree/master/docker

WadeBarnes (Wed, 30 Sep 2020 22:08:29 GMT):
and here; https://github.com/bcgov/aries-vcr/blob/master/docker/manage#L3

jcourt (Thu, 01 Oct 2020 03:30:32 GMT):
Question about the "credentials" api. There doesn't seem to be a unique identifier for a credential, the returned attributes include a cred_def_id and schema_id but I would assume someone could have two credentials issued from the same issuer for the same credential definition. One obvious case would be a credential about to expire so there is the current and future version of the credential in the wallet ? In this case how would you use the POST /credential/{credential_id}/remove to get rid of the expired credential ?

jcourt (Thu, 01 Oct 2020 03:41:25 GMT):
Actually maybe this is just a result of me looking at the swagger interface and it not being up to date with https://github.com/hyperledger/aries-cloudagent-python/issues/721 I assume the "referent" in that issue is the actual unique credential identifier ?

ldej (Thu, 01 Oct 2020 07:37:26 GMT):
Yes the referent is the identifier :)

ldej (Thu, 01 Oct 2020 07:38:01 GMT):
The swagger docs and the returned response were not in line.

jcourt (Thu, 01 Oct 2020 07:38:49 GMT):
Thanks

ldej (Thu, 01 Oct 2020 07:39:06 GMT):
If you run the latest master version of ACA-py the documentation should be a but better, only the documentation of attrs is wrong: https://github.com/hyperledger/aries-cloudagent-python/pull/732

jcourt (Thu, 01 Oct 2020 07:40:40 GMT):
I pulled up to the latest today and recreated the typescript wrappers using swagger. There we're a few differences that showed up around other issues that have been fixed too

ldej (Thu, 01 Oct 2020 07:40:52 GMT):
The interesting thing with the referent, is that you can choose a referent when you call the /issue-credential/records/{id}/store function

jcourt (Thu, 01 Oct 2020 07:41:29 GMT):
Right so the controller can probably use that to tie to other DBs it may be storing cred information in

ldej (Thu, 01 Oct 2020 07:42:01 GMT):
I didn't think of that yet, but yes that makes sense

jcourt (Thu, 01 Oct 2020 07:42:27 GMT):
Particularly since that is an issue method and they will need to track credentials for revocation reasons

ldej (Thu, 01 Oct 2020 07:43:33 GMT):
Does creating the typescript wrappers work? I feel that quite some endpoints have undocumented responses.

ldej (Thu, 01 Oct 2020 07:44:17 GMT):
So I manually go through all the steps and create my own Go wrappers based on the responses

jcourt (Thu, 01 Oct 2020 07:44:24 GMT):
I have been hitting a number of them as I implement a prototype controller. I just raise an issue and @sklump usually fixes them in a short time.

ldej (Thu, 01 Oct 2020 07:44:50 GMT):
Yeah he's good :)

jcourt (Thu, 01 Oct 2020 07:45:11 GMT):
Figure they could do with some people trying to use the swagger methodology to help iron out some areas.

jcourt (Thu, 01 Oct 2020 07:46:17 GMT):
Using swagger is better for me as there are changes happening in lots of areas and I don't want to have to go recheck them on every release to see if they changed.

RicardoPeixoto (Thu, 01 Oct 2020 21:38:10 GMT):
Hi, does someone know if ACA-Py support change of credential's holder? For example, Alice buys a cinema ticket (credential) and wants to give it to Bob. Is there some strategy to deal with these use cases in a convinient way for Alice?

TelegramSam (Thu, 01 Oct 2020 22:04:51 GMT):
Delegated and Transferred credentials are something we've talked about as a community, but never defined precise mechanisms for.

TelegramSam (Thu, 01 Oct 2020 22:05:11 GMT):
So, no, there is not an out of the box solution for that.

lijiachuan (Fri, 02 Oct 2020 13:00:06 GMT):
Hi All, may I know whether the agent based on ACA-Py can interact with the agent based on Aries Agent Framework(.NET)?

swcurran (Fri, 02 Oct 2020 13:04:13 GMT):
Yes. You can look at the Aries Agent Test Harness (https://github.com/hyperledger/aries-agent-test-harness) to test that. But lots of people are using the two together, including the main mobile apps -- Trinsic, esatus and Lissi.

lsm (Fri, 02 Oct 2020 17:57:57 GMT):
Hi All, looks like since one update the `/ledger/regiser-nym` request also updates the metadata of the did send in the nym. This means it only works for DIDs belonging the current wallet of the agent and not any did. Is there another way to send a nym for a different entity or is that not a wanted functionality?

sklump (Fri, 02 Oct 2020 18:12:17 GMT):
That

sklump (Fri, 02 Oct 2020 18:12:17 GMT):
That's a feature. You cannot update anyone else's NYM on the ledger!

sklump (Fri, 02 Oct 2020 18:12:17 GMT):
~That's a feature. You cannot update anyone else's NYM on the ledger!~ _(incorrect: TRUSTEEs can write NYMs on the ledger)_

lsm (Fri, 02 Oct 2020 18:25:59 GMT):
Hmm why not someone always has to register your did first right?

lsm (Fri, 02 Oct 2020 18:25:59 GMT):
Hmm why not? someone always has to register your did first right?

lsm (Fri, 02 Oct 2020 18:26:23 GMT):
Also I think it is still registering the did but just throwing an error: `400: Registered NYM for DID T7BeeMUNLNrwy2Umq4QbmW on ledger but could not replace metadata in wallet: Unknown DID: T7BeeMUNLNrwy2Umq4QbmW.`

lsm (Fri, 02 Oct 2020 18:35:15 GMT):
Hi Ricardo, there is a rfc for chained credential, which could be used for what you talk about. However I don't think there is an implementation for that

lsm (Fri, 02 Oct 2020 18:35:15 GMT):
Hi Ricardo, there is a rfc for chained credential, which describes what you talk about. However I don't think there is an implementation for that

lsm (Fri, 02 Oct 2020 18:37:31 GMT):
You probably could bild your own protocol by using the introduction protocol: - bob gets credential from cinema - bob introduces alice to cinema - bob asks (in basic message) to revoke his credential and create one for alice - (bob proofs posession he has a valid credential) - cinema revokes cred of bob - cinema issues cred to alice

lsm (Fri, 02 Oct 2020 18:37:55 GMT):
not sure if that helps but maybe an idea :D

sklump (Fri, 02 Oct 2020 18:42:08 GMT):
In any case, the call pertains to a DID in the current wallet.

sklump (Fri, 02 Oct 2020 18:42:08 GMT):
In any case, the call pertains to a DID that is local in the current wallet.

lsm (Fri, 02 Oct 2020 19:02:57 GMT):
But shouldn't the agent test if its one of his dids and not send the nym if it is a "foreign did", then?

sklump (Fri, 02 Oct 2020 19:40:43 GMT):
aca-py models roles of ENDORSER (=former TRUSTEE) or less on the ledger. Only TRUSTEEs or higher may alter a NYM on the ledger.

sklump (Fri, 02 Oct 2020 19:40:43 GMT):
aca-py models roles of ENDORSER or less on the ledger. Only TRUSTEEs or STEWARDS may alter a NYM on the ledger.

sklump (Fri, 02 Oct 2020 19:40:43 GMT):
aca-py models roles of ENDORSER or less on the ledger. Only TRUSTEEs or STEWARDs may alter a NYM on the ledger.

sklump (Fri, 02 Oct 2020 19:40:43 GMT):
aca-py models roles of ENDORSER or less on the ledger. Only TRUSTEEs or STEWARDs may alter a NYM on the ledger for which they do not control the private key.

sklump (Fri, 02 Oct 2020 19:45:16 GMT):
If you still think that's wrong, write up a detailed use case in aca-py issues please & thanks

sklump (Fri, 02 Oct 2020 19:47:16 GMT):
ref: https://hyperledger-indy.readthedocs.io/projects/node/en/latest/auth_rules.html

sklump (Fri, 02 Oct 2020 19:53:27 GMT):
That it wrote to the ledger is surprising, to be sure. It might be worth a look on Monday.

jameshiester (Fri, 02 Oct 2020 20:03:01 GMT):
can an agent create connections/issue credentials to itself?

sklump (Fri, 02 Oct 2020 20:03:21 GMT):
yes

sklump (Fri, 02 Oct 2020 20:07:20 GMT):
maybe - but the way it is now, it does what it can and provides a detailed error for what it can't: that seems right to me

lsm (Fri, 02 Oct 2020 20:12:38 GMT):
thats a good point :) but not sure if that fits to the 400 status...

lsm (Fri, 02 Oct 2020 20:14:28 GMT):
also I can select the role to be one of `STEWARD, TRUSTEE, ENDORSER, NETWORK_MONITOR` wouldn't that indicate that the endpoint is for one of them to assing another entitiy one of the roles it is allowed to assing? I think I need to look more into indy and it roles... sorry if I'm confusing stuff

lsm (Fri, 02 Oct 2020 20:14:55 GMT):
I'll think about it over the weekend :sweat_smile:

RicardoPeixoto (Sat, 03 Oct 2020 00:51:19 GMT):
@lsm thank you for the response :) I'll look into that RFC and decide the best option.

ankita.p (Mon, 05 Oct 2020 17:01:05 GMT):
Thanks

ankita.p (Mon, 05 Oct 2020 17:01:05 GMT):
Thanks Wade

brian.richter (Mon, 05 Oct 2020 19:50:39 GMT):
Has joined the channel.

sj1 4 (Tue, 06 Oct 2020 06:45:33 GMT):
Can Alice and Bob connect without Faber?

SamB (Tue, 06 Oct 2020 08:40:58 GMT):
@darkchylde I'm trying to build mobile agent with reactnative. Is there any reference you can suggest? As I'm facing issues in initializing agent

Koushik (Tue, 06 Oct 2020 19:59:46 GMT):
Hi Guys, QQ. I have read documentation regarding the docker images used in the aries demo (https://github.com/hyperledger/aries-cloudagent-python/tree/master/demo#running-in-docker), I am having a hard time finding the docker images in docker hub under Hyperledger. Can anyone link me to the images in docker hub for aries and von-network nodes?

swcurran (Tue, 06 Oct 2020 20:02:50 GMT):
They are under bcgovimages -- https://hub.docker.com/u/bcgovimages

Koushik (Tue, 06 Oct 2020 20:20:45 GMT):
@swcurran thanks. QQ is Linux Foundation/Hyperledger managing them or repsonsible for them?

Koushik (Tue, 06 Oct 2020 20:20:45 GMT):
@swcurran thanks. QQ is Linux Foundation/Hyperledger managing them or repsonsible for them? Also isnt the Von_network based off https://hub.docker.com/r/hyperledgerlabs/indy-node

Koushik (Tue, 06 Oct 2020 20:26:38 GMT):
@swcurran I am trying to find out where the Linux Foundation/Hyperledger come into play here and where their Organization comes into play?

swcurran (Tue, 06 Oct 2020 21:17:10 GMT):
BC Gov in Canada builds the images and maintains VON Network. VON Network and the images are built from Hyperledger Indy code. It probably makes more sense that the images and the von-network repo were in Hyperledger, but it hasn't really been discussed much.

Koushik (Tue, 06 Oct 2020 22:26:20 GMT):
Hi @swcurran, Thanks for the prompt response, I am excited to learn more about Hyperledger Aires and Indy and use the frameworks but I have some more questions, ```text 1. You mentioned that BC Gov in Canada builds the images and maintains the VON Network, if I am understanding this correctly just like other Hyperledger frameworks BC Govt is a maintainer and contributor to the VON Network *but* not the Owner. The owner or the authority/governance entity for the VON-network would be Hyperledger? 2. In regards to Hyperledger Aries, is it correct to assume that also the image (https://hub.docker.com/r/bcgovimages/aries-cloudagent) and the framework Hyperledger Aires are heavily contributed and maintained by BC Govt in Canada *but* Hyperledger is the governing entity for Hyperledger aires related images. 3. From holistic point of view from the demo, am I correct in stating that Hyperledger Aires acts as the business logic (issuing and revoking identities) for IAM and Hyperledger is just used to record the transactions in a immutable ledger such as when the credential was issued and a credential was revoked ``` Thank you again for taking the time to answer my previous questions.

Koushik (Tue, 06 Oct 2020 22:26:20 GMT):
Hi @swcurran, Thanks for the prompt response, I am excited to learn more about Hyperledger Aires and Indy and use the frameworks but I have some more questions, ``` 1. You mentioned that BC Gov in Canada builds the images and maintains the VON Network, if I am understanding this correctly just like other Hyperledger frameworks BC Govt is a maintainer and contributor to the VON Network *but* not the Owner. The owner or the authority/governance entity for the VON-network would be Hyperledger? 2. In regards to Hyperledger Aries, is it correct to assume that also the image (https://hub.docker.com/r/bcgovimages/aries-cloudagent) and the framework Hyperledger Aires are heavily contributed and maintained by BC Govt in Canada *but* Hyperledger is the governing entity for Hyperledger aires related images. 3. From holistic point of view from the demo, am I correct in stating that Hyperledger Aires acts as the business logic (issuing and revoking identities) for IAM and Hyperledger is just used to record the transactions in a immutable ledger such as when the credential was issued and a credential was revoked ``` Thank you again for taking the time to answer my previous questions.

Koushik (Tue, 06 Oct 2020 22:26:20 GMT):
Hi @swcurran, Thanks for the prompt response, I am excited to learn more about Hyperledger Aires and Indy and use the frameworks but I have some more questions, ```text 1. You mentioned that BC Gov in Canada builds the images and maintains the VON Network, if I am understanding this correctly just like other Hyperledger frameworks BC Govt is a maintainer and contributor to the VON Network **but** not the Owner. The owner or the authority/governance entity for the VON-network would be Hyperledger? 2. In regards to Hyperledger Aries, is it correct to assume that also the image (https://hub.docker.com/r/bcgovimages/aries-cloudagent) and the framework Hyperledger Aires are heavily contributed and maintained by BC Govt in Canada *but* Hyperledger is the governing entity for Hyperledger aires related images. 3. From holistic point of view from the demo, am I correct in stating that Hyperledger Aires acts as the business logic (issuing and revoking identities) for IAM and Hyperledger is just used to record the transactions in a immutable ledger such as when the credential was issued and a credential was revoked ``` Thank you again for taking the time to answer my previous questions.

Koushik (Tue, 06 Oct 2020 22:26:20 GMT):
Hi @swcurran, Thanks for the prompt response, I am excited to learn more about Hyperledger Aires and Indy and use the frameworks but I have some more questions, ``` 1. You mentioned that BC Gov in Canada builds the images and maintains the VON Network, if I am understanding this correctly just like other Hyperledger frameworks BC Govt is a maintainer and contributor to the VON Network **but** not the Owner. The owner or the authority/governance entity for the VON-network would be Hyperledger? 2. In regards to Hyperledger Aries, is it correct to assume that also the image (https://hub.docker.com/r/bcgovimages/aries-cloudagent) and the framework Hyperledger Aires are heavily contributed and maintained by BC Govt in Canada *but* Hyperledger is the governing entity for Hyperledger aires related images. 3. From holistic point of view from the demo, am I correct in stating that Hyperledger Aires acts as the business logic (issuing and revoking identities) for IAM and Hyperledger is just used to record the transactions in a immutable ledger such as when the credential was issued and a credential was revoked ``` Thank you again for taking the time to answer my previous questions.

Koushik (Tue, 06 Oct 2020 22:26:20 GMT):
Hi @swcurran, Thanks for the prompt response, I am excited to learn more about Hyperledger Aires and Indy and use the frameworks but I have some more questions, ``` 1. You mentioned that BC Gov in Canada builds the images and maintains the VON Network, if I am understanding this correctly just like other Hyperledger frameworks BC Govt is a maintainer and contributor to the VON Network *but* not the Owner. The owner or the authority/governance entity for the VON-network would be Hyperledger? 2. In regards to Hyperledger Aries, is it correct to assume that also the image (https://hub.docker.com/r/bcgovimages/aries-cloudagent) and the framework Hyperledger Aires are heavily contributed and maintained by BC Govt in Canada *but* Hyperledger is the governing entity for Hyperledger aires related images. 3. From holistic point of view from the demo, am I correct in stating that Hyperledger Aires acts as the business logic (issuing and revoking identities) for IAM and Hyperledger is just used to record the transactions in a immutable ledger such as when the credential was issued and a credential was revoked ``` Thank you again for taking the time to answer my previous questions.

swcurran (Tue, 06 Oct 2020 23:49:06 GMT):
Lots of things here: 1. von-network is a repo that is built based on Hyperledger Indy that makes spinning up HL Indy ledgers easy and fast. It is a GitHub repo owned by BCGov and dependent on Hyperledger Indy Code. Anyone can use von-network to run an Indy network and they would be the governance authority over that instance of a ledger. 2. Aries open source code is managed in repos in Hyperledger. The images that BC Gov builds and publishes on hub.docker.com are created using artifacts from Hyperledger repo. The dockerfile that is used to build the images is managed and owned (if you want to call it that) by BC Gov. Hyperledger could do the same thing, but doesn't to this point -- the maintainers haven't seen the same need. 3. This statement is way off. - Aries provides protocols that allow business applications to be created as Agents for communicating and exchanging credentials. So the business logic is add on top of Aries. - HL Indy software can be deployed to create an instance of a ledger. For example, Sovrin operates an instance of Indy using Stewards -- companies that operate nodes of the Sovrin network. - Data about credentials is NEVER written to the Indy network. Indy is used to publish DIDs with public keys and ways to communicate with the DID owner, and metadata about Credentials. The credentials themselves are issued by an issuer to a holder and a holder can use those credentials to prove claims to verifiers. Nothing about issuing or proving is ever written to the ledger. Clear as mud? If you want to know more about how this all fits together, we put together some edX courses on this: https://www.edx.org/course/introduction-to-hyperledger-sovereign-identity-blockchain-solutions-indy-aries-and-ursa and https://www.edx.org/course/becoming-a-hyperledger-aries-developer

jcourt (Wed, 07 Oct 2020 07:58:59 GMT):
I can't seem to find a method to clean up Credential Issue exchange records that never completed (i.e. no remove endpoint in the "issue-credentials" section) ? I know that you can set auto_remove for when the protocol completes but is there a reason there is no manual force remove method, or does the "problem_report" method perform this cleanup function ? So far I haven't been able to get the "problem_report" to clean up but I may be doing something wrong.

TimoGlastra (Wed, 07 Oct 2020 13:02:21 GMT):
Does anyone know the correct combination of versions for ACA-Py, aries-toolbox, and aries-acapy-plugin-toolbox? I've tried ACA-Py 0.5.4, 0.5.3 and master, aries-acapy-plugin-toolbox master and acapy053 tag and aries-toolbox master. I can't get through the process of creating a connection, creating the schema and cred def and finally issuing a credential. When using ACA-Py master aries-toolbox is fairly broken, and in the other versions it either hangs on creating a credential definition or issuing a credential. Any help is appreciated!

swcurran (Wed, 07 Oct 2020 13:30:33 GMT):
I suspect that this doesn't exist. In general, we either keep all Issue records or we don't. We have now made the default that we keep a minimal record after completion of the protocol (vs. all the protocol state data). I suggest an issue with a proposal on what you think should happen.

Xand (Wed, 07 Oct 2020 14:01:29 GMT):
Has joined the channel.

ianco (Wed, 07 Oct 2020 18:25:38 GMT):
I got it working using the master branch of aries-toolbox and aries-acapy-plugin-toolbox master branches

ianco (Wed, 07 Oct 2020 18:25:57 GMT):
npm install and npm run dev for aries-toolbox

ianco (Wed, 07 Oct 2020 18:26:08 GMT):
docker-compose command for the plugin

ianco (Wed, 07 Oct 2020 18:26:41 GMT):
Make sure to copy the Invitation URL *not* the json

TimoGlastra (Wed, 07 Oct 2020 18:47:51 GMT):
Thanks for looking into this, I’ll try again. Which version of ACA-Py where you using? And did you manage to complete the whole process of creating a connection, creating the schema + cred def and also issuing the credentials? I get stuck on issue-credential.

TimoGlastra (Wed, 07 Oct 2020 18:48:06 GMT):
See https://github.com/animo/hyperledger-aries-workshop/blob/master/Dockerfile.acapy and https://github.com/animo/hyperledger-aries-workshop/blob/master/docker-compose-acapy.yml for my setup

ianco (Wed, 07 Oct 2020 19:01:04 GMT):
Yes I was able to get through the whole process (connected betweenalice & bob agents, created schemaand cred def and issued credential from alice to bob)

ianco (Wed, 07 Oct 2020 19:01:04 GMT):
Yes I was able to get through the whole process (connected between alice & bob agents, created schema and cred def and issued credential from alice to bob)

ianco (Wed, 07 Oct 2020 19:01:26 GMT):
Not sure the aca-py version, I just ran the docker build script, I'll check ...

ianco (Wed, 07 Oct 2020 19:02:59 GMT):
aca-py 0.5.3 according to: https://github.com/hyperledger/aries-acapy-plugin-toolbox/blob/master/requirements.txt

TimoGlastra (Wed, 07 Oct 2020 19:26:55 GMT):
``` ```

TimoGlastra (Wed, 07 Oct 2020 19:26:55 GMT):
``` agent-bob_1 | 2020-10-07 19:12:32,902 indy.libindy.native.indy.services.pool.pool ERROR src/services/pool/pool.rs:701 | Error during retrieving nodes: IndyError { inner: agent-bob_1 | agent-bob_1 | Node is not a validator agent-bob_1 | agent-bob_1 | Invalid library state } ``` With the docker compose file from the plugin repo I get some indy node errors. Anyway, thanks for looking into this, I'll do some more research first

ianco (Wed, 07 Oct 2020 19:57:56 GMT):
Yah I think you can ignore the node errors, probably the list of nodes is out of date

jcourt (Wed, 07 Oct 2020 21:36:34 GMT):
Thanks Stephen, will do.

cheng.suisse (Thu, 08 Oct 2020 09:52:36 GMT):
Has joined the channel.

ArturPhilipp (Thu, 08 Oct 2020 09:53:28 GMT):
Has joined the channel.

ArturPhilipp (Thu, 08 Oct 2020 09:53:28 GMT):
Hi everybody! Not sure if this is the right channel for the following question. I have set up manually a 4 node indy network in a docker environment on mac os. Each node has its own container ip address and is in the same docker network. Now I would like to start an instance of ACA-PY on my docker host (mac os) and connect it to the indy node network within my docker environment. This seems to be an issue (on mac os), because of the fact, that the indy genesis file has to contain the internal docker ip addresses of the nodes in order to make the nodes able to see each other within the docker network. But from the docker host / ACA-PY perspective on my docker host (mac os) those ip addresses provided in the genesis file do not exist or at least do not route to the indy nodes within the docker network. The "default" way of accessing docker containers from host on mac os is via port forwarding. Since in my indy network every node uses an unique node and client port, this should be possible. So the question is: Can I provide a different genesis file to my ACA-PY on my host than is used by the indy nodes within the docker network? I changed all the docker container ip addresses of my node to localhost, but I was not able to establish a connection from my ACA-PY instance on my host. What is the solution / best practice here?

ArturPhilipp (Thu, 08 Oct 2020 09:53:28 GMT):
Hi everybody! Not sure if this is the right channel for the following question. I have set up manually a 4 node indy network in a docker environment on mac os. Each node has its own container ip address and is in the same docker network. Now I would like to start an instance of ACA-PY on my docker host (mac os) and connect it to the indy node network within my docker environment. This seems to be an issue (on mac os), because of the fact, that the indy genesis file has to contain the internal docker ip addresses of the nodes in order to make the nodes able to see each other within the docker network. But from the docker host / ACA-PY perspective on my docker host (mac os) those ip addresses provided in the genesis file do not exist or at least do not route to the indy nodes within the docker network. The "default" way of accessing docker containers from host on mac os is via port forwarding. Since in my indy network every node uses an unique node and client port, this should be possible. So the question is: Can I provide a different genesis file to my ACA-PY on my host than is used by the indy nodes within the docker network? I changed all the docker container ip addresses of my nodes in the gensis file I will use with ACA-PY to localhost, but I was not able to establish a connection from my ACA-PY instance on my host. What is the solution / best practice here?

ArturPhilipp (Thu, 08 Oct 2020 09:53:28 GMT):
Hi everybody! Not sure if this is the right channel for the following question. I have set up manually a 4 node indy network in a docker environment on mac os. Each node has its own container ip address and is in the same docker network. Now I would like to start an instance of ACA-PY on my docker host (mac os) and connect it to the indy node network within my docker environment. This seems to be an issue (on mac os), because of the fact, that the indy genesis file has to contain the internal docker ip addresses of the nodes in order to make the nodes able to see each other within the docker network. But from the docker host / ACA-PY perspective on my docker host (mac os) those ip addresses provided in the genesis file do not exist or at least do not route to the indy nodes within the docker network. The "default" way of accessing docker containers from host on mac os is via port forwarding. Since in my indy network every node uses an unique node and client port, this should be possible. So the question is: Can I provide a different genesis file to my ACA-PY on my host than is used by the indy nodes within the docker network? I changed all the docker container ip addresses of my nodes in the genesis file I use with ACA-PY to localhost, but I was not able to establish a connection from my ACA-PY instance running my host to the indy network within the docker network. What is the solution / best practice here?

ArturPhilipp (Thu, 08 Oct 2020 09:53:28 GMT):
Hi everybody! Not sure if this is the right channel for the following question. I have set up manually a 4 node indy network in a docker environment on mac os. Each node has its own container ip address and is in the same docker network. Now I would like to start an instance of ACA-PY on my docker host (mac os) and connect it to the indy node network within my docker environment. This seems to be an issue (on mac os), because of the fact, that the indy genesis file has to contain the internal docker ip addresses of the nodes in order to make the nodes able to see each other within the docker network. But from the docker host / ACA-PY perspective on my docker host (mac os) those ip addresses provided in the genesis file do not exist or at least do not route to the indy nodes within the docker network. The "default" way of accessing docker containers from host on mac os is via port forwarding. Since in my indy network every node uses an unique node and client port, this should be possible. So the question is: Can I provide a different genesis file to my ACA-PY on my host than is used by the indy nodes within the docker network? I changed all the docker container ip addresses of my nodes in the genesis file I use with ACA-PY to localhost, but I was not able to establish a connection from my ACA-PY instance running my host to the indy network within the docker network. What is the solution / best practice here? I saw that von-network uses ngrok for bypassing this issue, which seems a bit inconvenient to me...

vasantkk (Thu, 08 Oct 2020 10:25:04 GMT):
Has joined the channel.

cheng.suisse (Thu, 08 Oct 2020 11:01:23 GMT):
Hi everyone, I have a question on *connection-less proof request* using aca-py. Basically, I started an aca-py agent, and used endpint /present-proof/create-request to create a proof request (P.S. Is this the right way to create a connectionless proof request?). And I got a 200 response with the following body. Now what is the next step if I want to use an edge wallet to respond to this request? I tried to convert the json body into QR code and scan it use some off-the-shelf edge wallets (e.g. Trinsic Wallet, Connect.Me...). They all say that the QR is invalid... Thanks in advance for your help! { "updated_at": "2020-10-08 10:49:37.924707Z", "state": "request_sent", "role": "verifier", "presentation_request": { "name": "Proof of Identity", "version": "1.0", "requested_attributes": { "0_name_uuid": { "name": "name", "restrictions": [ {} ] }, "0_dob_uuid": { "name": "date-of-birth", "restrictions": [ {} ] }, "0_nationality_uuid": { "name": "nationality", "restrictions": [ {} ] } }, "requested_predicates": {}, "nonce": "344044241555712615318408" }, "thread_id": "b53eb041-05f4-43a2-8a7e-48caf8348bb4", "auto_present": false, "created_at": "2020-10-08 10:49:37.924707Z", "presentation_exchange_id": "e6675f04-8413-4360-b316-5fa675e8455d", "trace": false, "initiator": "self", "presentation_request_dict": { "@type": "did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/present-proof/1.0/request-presentation", "@id": "b53eb041-05f4-43a2-8a7e-48caf8348bb4", "comment": "Please prove this", "request_presentations~attach": [ { "@id": "libindy-request-presentation-0", "mime-type": "application/json", "data": { "base64": "eyJuYW1lIjogIlByb29mIG9mIElkZW50aXR5IiwgInZlcnNpb24iOiAiMS4wIiwgInJlcXVlc3RlZF9hdHRyaWJ1dGVzIjogeyIwX25hbWVfdXVpZCI6IHsibmFtZSI6ICJuYW1lIiwgInJlc3RyaWN0aW9ucyI6IFt7fV19LCAiMF9kb2JfdXVpZCI6IHsibmFtZSI6ICJkYXRlLW9mLWJpcnRoIiwgInJlc3RyaWN0aW9ucyI6IFt7fV19LCAiMF9uYXRpb25hbGl0eV91dWlkIjogeyJuYW1lIjogIm5hdGlvbmFsaXR5IiwgInJlc3RyaWN0aW9ucyI6IFt7fV19fSwgInJlcXVlc3RlZF9wcmVkaWNhdGVzIjoge30sICJub25jZSI6ICIzNDQwNDQyNDE1NTU3MTI2MTUzMTg0MDgifQ==" } } ] } }


cheng.suisse (Thu, 08 Oct 2020 11:01:23 GMT):

Hi everyone, I have a question on *connection-less proof request* using aca-py. Basically, I started an aca-py agent, and used endpint /present-proof/create-request to create a proof request (P.S. Is this the right way to create a connectionless proof request?). And I got a 200 response with the following body. Now what is the next step if I want to use an edge wallet to respond to this request? I tried to convert the json body into QR code and scan it use some off-the-shelf edge wallets (e.g. Trinsic Wallet, Connect.Me...). They all say that the QR is invalid... Thanks in advance for your help!

{
  "updated_at": "2020-10-08 10:49:37.924707Z",
  "state": "request_sent",
  "role": "verifier",
  "presentation_request": {
    "name": "Proof of Identity",
    "version": "1.0",
    "requested_attributes": {
      "0_name_uuid": {
        "name": "name",
        "restrictions": [
          {}
        ]
      },
      "0_dob_uuid": {
        "name": "date-of-birth",
        "restrictions": [
          {}
        ]
      },
      "0_nationality_uuid": {
        "name": "nationality",
        "restrictions": [
          {}
        ]
      }
    },
    "requested_predicates": {},
    "nonce": "344044241555712615318408"
  },
  "thread_id": "b53eb041-05f4-43a2-8a7e-48caf8348bb4",
  "auto_present": false,
  "created_at": "2020-10-08 10:49:37.924707Z",
  "presentation_exchange_id": "e6675f04-8413-4360-b316-5fa675e8455d",
  "trace": false,
  "initiator": "self",
  "presentation_request_dict": {
    "@type": "did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/present-proof/1.0/request-presentation",
    "@id": "b53eb041-05f4-43a2-8a7e-48caf8348bb4",
    "comment": "Please prove this",
    "request_presentations~attach": [
      {
        "@id": "libindy-request-presentation-0",
        "mime-type": "application/json",
        "data": {
          "base64": "eyJuYW1lIjogIlByb29mIG9mIElkZW50aXR5IiwgInZlcnNpb24iOiAiMS4wIiwgInJlcXVlc3RlZF9hdHRyaWJ1dGVzIjogeyIwX25hbWVfdXVpZCI6IHsibmFtZSI6ICJuYW1lIiwgInJlc3RyaWN0aW9ucyI6IFt7fV19LCAiMF9kb2JfdXVpZCI6IHsibmFtZSI6ICJkYXRlLW9mLWJpcnRoIiwgInJlc3RyaWN0aW9ucyI6IFt7fV19LCAiMF9uYXRpb25hbGl0eV91dWlkIjogeyJuYW1lIjogIm5hdGlvbmFsaXR5IiwgInJlc3RyaWN0aW9ucyI6IFt7fV19fSwgInJlcXVlc3RlZF9wcmVkaWNhdGVzIjoge30sICJub25jZSI6ICIzNDQwNDQyNDE1NTU3MTI2MTUzMTg0MDgifQ=="
        }
      }
    ]
  }
}

cheng.suisse (Thu, 08 Oct 2020 11:01:23 GMT):

Hi everyone, I have a question on *connection-less proof request* using aca-py. Basically, I started an aca-py agent, and used endpint /present-proof/create-request to create a proof request (P.S. Is this the right way to create a connectionless proof request?). And I got a 200 response with the following body. Now what is the next step if I want to use an edge wallet to respond to this request? I tried converting the json body into QR code and scanning it use some off-the-shelf edge wallets (e.g. Trinsic Wallet, Connect.Me...). They all say that the QR is invalid... Thanks in advance for your help!

{
  "updated_at": "2020-10-08 10:49:37.924707Z",
  "state": "request_sent",
  "role": "verifier",
  "presentation_request": {
    "name": "Proof of Identity",
    "version": "1.0",
    "requested_attributes": {
      "0_name_uuid": {
        "name": "name",
        "restrictions": [
          {}
        ]
      },
      "0_dob_uuid": {
        "name": "date-of-birth",
        "restrictions": [
          {}
        ]
      },
      "0_nationality_uuid": {
        "name": "nationality",
        "restrictions": [
          {}
        ]
      }
    },
    "requested_predicates": {},
    "nonce": "344044241555712615318408"
  },
  "thread_id": "b53eb041-05f4-43a2-8a7e-48caf8348bb4",
  "auto_present": false,
  "created_at": "2020-10-08 10:49:37.924707Z",
  "presentation_exchange_id": "e6675f04-8413-4360-b316-5fa675e8455d",
  "trace": false,
  "initiator": "self",
  "presentation_request_dict": {
    "@type": "did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/present-proof/1.0/request-presentation",
    "@id": "b53eb041-05f4-43a2-8a7e-48caf8348bb4",
    "comment": "Please prove this",
    "request_presentations~attach": [
      {
        "@id": "libindy-request-presentation-0",
        "mime-type": "application/json",
        "data": {
          "base64": "eyJuYW1lIjogIlByb29mIG9mIElkZW50aXR5IiwgInZlcnNpb24iOiAiMS4wIiwgInJlcXVlc3RlZF9hdHRyaWJ1dGVzIjogeyIwX25hbWVfdXVpZCI6IHsibmFtZSI6ICJuYW1lIiwgInJlc3RyaWN0aW9ucyI6IFt7fV19LCAiMF9kb2JfdXVpZCI6IHsibmFtZSI6ICJkYXRlLW9mLWJpcnRoIiwgInJlc3RyaWN0aW9ucyI6IFt7fV19LCAiMF9uYXRpb25hbGl0eV91dWlkIjogeyJuYW1lIjogIm5hdGlvbmFsaXR5IiwgInJlc3RyaWN0aW9ucyI6IFt7fV19fSwgInJlcXVlc3RlZF9wcmVkaWNhdGVzIjoge30sICJub25jZSI6ICIzNDQwNDQyNDE1NTU3MTI2MTUzMTg0MDgifQ=="
        }
      }
    ]
  }
}

cheng.suisse (Thu, 08 Oct 2020 11:01:23 GMT):

Hi everyone, I have a question on *connection-less proof request* using aca-py. Basically, I started an aca-py agent, and used endpint /present-proof/create-request to create a proof request (P.S. Is this the right way to create a connectionless proof request?). And I got a 200 response with the following body. Now what is the next step if I want to use an edge wallet to respond to this request? I tried converting the json body into QR code and scanning it using some off-the-shelf edge wallets (e.g. Trinsic Wallet, Connect.Me...). They all say that the QR is invalid... Thanks in advance for your help!

{
  "updated_at": "2020-10-08 10:49:37.924707Z",
  "state": "request_sent",
  "role": "verifier",
  "presentation_request": {
    "name": "Proof of Identity",
    "version": "1.0",
    "requested_attributes": {
      "0_name_uuid": {
        "name": "name",
        "restrictions": [
          {}
        ]
      },
      "0_dob_uuid": {
        "name": "date-of-birth",
        "restrictions": [
          {}
        ]
      },
      "0_nationality_uuid": {
        "name": "nationality",
        "restrictions": [
          {}
        ]
      }
    },
    "requested_predicates": {},
    "nonce": "344044241555712615318408"
  },
  "thread_id": "b53eb041-05f4-43a2-8a7e-48caf8348bb4",
  "auto_present": false,
  "created_at": "2020-10-08 10:49:37.924707Z",
  "presentation_exchange_id": "e6675f04-8413-4360-b316-5fa675e8455d",
  "trace": false,
  "initiator": "self",
  "presentation_request_dict": {
    "@type": "did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/present-proof/1.0/request-presentation",
    "@id": "b53eb041-05f4-43a2-8a7e-48caf8348bb4",
    "comment": "Please prove this",
    "request_presentations~attach": [
      {
        "@id": "libindy-request-presentation-0",
        "mime-type": "application/json",
        "data": {
          "base64": "eyJuYW1lIjogIlByb29mIG9mIElkZW50aXR5IiwgInZlcnNpb24iOiAiMS4wIiwgInJlcXVlc3RlZF9hdHRyaWJ1dGVzIjogeyIwX25hbWVfdXVpZCI6IHsibmFtZSI6ICJuYW1lIiwgInJlc3RyaWN0aW9ucyI6IFt7fV19LCAiMF9kb2JfdXVpZCI6IHsibmFtZSI6ICJkYXRlLW9mLWJpcnRoIiwgInJlc3RyaWN0aW9ucyI6IFt7fV19LCAiMF9uYXRpb25hbGl0eV91dWlkIjogeyJuYW1lIjogIm5hdGlvbmFsaXR5IiwgInJlc3RyaWN0aW9ucyI6IFt7fV19fSwgInJlcXVlc3RlZF9wcmVkaWNhdGVzIjoge30sICJub25jZSI6ICIzNDQwNDQyNDE1NTU3MTI2MTUzMTg0MDgifQ=="
        }
      }
    ]
  }
}

sklump (Thu, 08 Oct 2020 11:02:58 GMT):

I can plumb in an admin API call to remove a cred ex record by cred ex id. I assume you will know the cred ex id?

sklump (Thu, 08 Oct 2020 12:13:34 GMT):

https://github.com/hyperledger/aries-cloudagent-python/pull/747

esune (Thu, 08 Oct 2020 16:12:22 GMT):

You will need to add a service decorator to tell the target agent where to send the response to. This is not something aca-py does out-of-the-box, so your controller will need to add this piece for you.

esune (Thu, 08 Oct 2020 16:36:38 GMT):

Your final payload should look something like this:
```
{
    "@id": "3b67c4bf-3953-4ace-94ef-28e0969288c5",
    "@type": "did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/present-proof/1.0/request-presentation",
    "request_presentations~attach": [
        {
            "@id": "libindy-request-presentation-0",
            "mime-type": "application/json",
            "data": {
                "base64": "eyJuYW1lIjoiQ29udGFjdCBBZGRyZXNzIiwidmVyc2lvbiI6IjEuMC4wIiwibm9uY2UiOiIzOTIyNTEwMjk1NjY5MzcxNDIxNTIzMDgiLCJyZXF1ZXN0ZWRfYXR0cmlidXRlcyI6eyJHaXZlbiBOYW1lcyI6eyJuYW1lIjoiZ2l2ZW5fbmFtZXMiLCJyZXN0cmljdGlvbnMiOlt7InNjaGVtYV9pc3N1ZXJfZGlkIjoiODU0NTlHeGpOeVNKOEh3VFRRNHZxNyIsInNjaGVtYV9uYW1lIjoidmVyaWZpZWRfcGVyc29uIiwic2NoZW1hX3ZlcnNpb24iOiIxLjQuMCJ9LHsic2NoZW1hX25hbWUiOiJ1bnZlcmlmaWVkX3BlcnNvbiIsInNjaGVtYV92ZXJzaW9uIjoiMC4xLjAiLCJpc3N1ZXJfZGlkIjoiOFlxN0VoS0JNdWpoMjVOa0xHR2IydCJ9XX0sIkZhbWlseSBOYW1lIjp7Im5hbWUiOiJmYW1pbHlfbmFtZSIsInJlc3RyaWN0aW9ucyI6W3sic2NoZW1hX2lzc3Vlcl9kaWQiOiI4NTQ1OUd4ak55U0o4SHdUVFE0dnE3Iiwic2NoZW1hX25hbWUiOiJ2ZXJpZmllZF9wZXJzb24iLCJzY2hlbWFfdmVyc2lvbiI6IjEuNC4wIn0seyJzY2hlbWFfbmFtZSI6InVudmVyaWZpZWRfcGVyc29uIiwic2NoZW1hX3ZlcnNpb24iOiIwLjEuMCIsImlzc3Vlcl9kaWQiOiI4WXE3RWhLQk11amgyNU5rTEdHYjJ0In1dfSwiRGF0ZSBvZiBCaXJ0aCI6eyJuYW1lIjoiYmlydGhkYXRlIiwicmVzdHJpY3Rpb25zIjpbeyJzY2hlbWFfaXNzdWVyX2RpZCI6Ijg1NDU5R3hqTnlTSjhId1RUUTR2cTciLCJzY2hlbWFfbmFtZSI6InZlcmlmaWVkX3BlcnNvbiIsInNjaGVtYV92ZXJzaW9uIjoiMS40LjAifSx7InNjaGVtYV9uYW1lIjoidW52ZXJpZmllZF9wZXJzb24iLCJzY2hlbWFfdmVyc2lvbiI6IjAuMS4wIiwiaXNzdWVyX2RpZCI6IjhZcTdFaEtCTXVqaDI1TmtMR0diMnQifV19LCJTdHJlZXQgQWRkcmVzcyI6eyJuYW1lIjoic3RyZWV0X2FkZHJlc3MiLCJyZXN0cmljdGlvbnMiOlt7InNjaGVtYV9pc3N1ZXJfZGlkIjoiODU0NTlHeGpOeVNKOEh3VFRRNHZxNyIsInNjaGVtYV9uYW1lIjoidmVyaWZpZWRfcGVyc29uIiwic2NoZW1hX3ZlcnNpb24iOiIxLjQuMCJ9LHsic2NoZW1hX25hbWUiOiJ1bnZlcmlmaWVkX3BlcnNvbiIsInNjaGVtYV92ZXJzaW9uIjoiMC4xLjAiLCJpc3N1ZXJfZGlkIjoiOFlxN0VoS0JNdWpoMjVOa0xHR2IydCJ9XX0sIlBvc3RhbCBDb2RlIjp7Im5hbWUiOiJwb3N0YWxfY29kZSIsInJlc3RyaWN0aW9ucyI6W3sic2NoZW1hX2lzc3Vlcl9kaWQiOiI4NTQ1OUd4ak55U0o4SHdUVFE0dnE3Iiwic2NoZW1hX25hbWUiOiJ2ZXJpZmllZF9wZXJzb24iLCJzY2hlbWFfdmVyc2lvbiI6IjEuNC4wIn0seyJzY2hlbWFfbmFtZSI6InVudmVyaWZpZWRfcGVyc29uIiwic2NoZW1hX3ZlcnNpb24iOiIwLjEuMCIsImlzc3Vlcl9kaWQiOiI4WXE3RWhLQk11amgyNU5rTEdHYjJ0In1dfSwiQ2l0eSI6eyJuYW1lIjoibG9jYWxpdHkiLCJyZXN0cmljdGlvbnMiOlt7InNjaGVtYV9pc3N1ZXJfZGlkIjoiODU0NTlHeGpOeVNKOEh3VFRRNHZxNyIsInNjaGVtYV9uYW1lIjoidmVyaWZpZWRfcGVyc29uIiwic2NoZW1hX3ZlcnNpb24iOiIxLjQuMCJ9LHsic2NoZW1hX25hbWUiOiJ1bnZlcmlmaWVkX3BlcnNvbiIsInNjaGVtYV92ZXJzaW9uIjoiMC4xLjAiLCJpc3N1ZXJfZGlkIjoiOFlxN0VoS0JNdWpoMjVOa0xHR2IydCJ9XX0sIlByb3ZpbmNlIjp7Im5hbWUiOiJyZWdpb24iLCJyZXN0cmljdGlvbnMiOlt7InNjaGVtYV9pc3N1ZXJfZGlkIjoiODU0NTlHeGpOeVNKOEh3VFRRNHZxNyIsInNjaGVtYV9uYW1lIjoidmVyaWZpZWRfcGVyc29uIiwic2NoZW1hX3ZlcnNpb24iOiIxLjQuMCJ9LHsic2NoZW1hX25hbWUiOiJ1bnZlcmlmaWVkX3BlcnNvbiIsInNjaGVtYV92ZXJzaW9uIjoiMC4xLjAiLCJpc3N1ZXJfZGlkIjoiOFlxN0VoS0JNdWpoMjVOa0xHR2IydCJ9XX0sIkNvdW50cnkiOnsibmFtZSI6ImNvdW50cnkiLCJyZXN0cmljdGlvbnMiOlt7InNjaGVtYV9pc3N1ZXJfZGlkIjoiODU0NTlHeGpOeVNKOEh3VFRRNHZxNyIsInNjaGVtYV9uYW1lIjoidmVyaWZpZWRfcGVyc29uIiwic2NoZW1hX3ZlcnNpb24iOiIxLjQuMCJ9LHsic2NoZW1hX25hbWUiOiJ1bnZlcmlmaWVkX3BlcnNvbiIsInNjaGVtYV92ZXJzaW9uIjoiMC4xLjAiLCJpc3N1ZXJfZGlkIjoiOFlxN0VoS0JNdWpoMjVOa0xHR2IydCJ9XX19LCJyZXF1ZXN0ZWRfcHJlZGljYXRlcyI6e319"
            }
        }
    ],
    "comment": null,
    "~service": {
        "recipientKeys": [
            "F2fFPEXABoPKt8mYjNAavBwbsmQKYqNTcv3HKqBgqpLw"
        ],
        "routingKeys": null,
        "serviceEndpoint": "https://my-url.test.org"
    }
}
```

esune (Thu, 08 Oct 2020 16:37:10 GMT):

The base64 payload is the result of your call to ` /present-proof/create-request`

cheng.suisse (Fri, 09 Oct 2020 08:01:34 GMT):

Hi esune, thanks so much for your reply. That is very helpful.

cheng.suisse (Fri, 09 Oct 2020 08:09:08 GMT):

Hi esune. Thanks so much for your reply. That was very helpful. So my understanding is: I have to construct a payload like what you pasted (of course it need to updated with the correct information for base64 and service endpoint). 

Now my question is: how this payload could be transfered to an off-the-shelf edge wallet (e.g. Trinsic Wallet or Connect.Me installed on my smartphone)? I tried converting the payload into QR code and scanning it with the edge wallet, but it will just say : The QR is invalid. 

Guess I made some stupid mistakes here. :)

raduke (Fri, 09 Oct 2020 12:22:24 GMT):

Has joined the channel.

matteo (Fri, 09 Oct 2020 16:35:07 GMT):

hi @cheng.suisse, with request-presentation you might be facing the problem where its data is too big to fit into a QR code.

esune (Fri, 09 Oct 2020 16:59:55 GMT):

You may need to base64 encode the whole proof requests and use a URL in the QR code, something like `https://my-url.orgWoo?m=`.

esune (Fri, 09 Oct 2020 16:59:55 GMT):

You may need to base64 encode the whole proof requests and use a URL in the QR code, something like `https://my-url.org?m=`.

esune (Fri, 09 Oct 2020 17:00:31 GMT):

I don't think there is a "real" standard/RFC defining this, but I may be wrong.

jameshiester (Fri, 09 Oct 2020 20:12:14 GMT):

is tails file configuration still required for >5.4?  I'm getting a 400 error about tails file configuration when creating a credential definition.  However if I then get the created credential definitions it shows the definition I attempted to create?

swcurran (Sat, 10 Oct 2020 02:29:42 GMT):

Not sure what you are asking, but in 5.4, you have to provide a URL for the tails server, and then ACA-Py will automagically pubish the tails file to that location.

The demo has examples -- particularl AliceGetsAPhone.

lijiachuan (Sun, 11 Oct 2020 07:00:56 GMT):

hi, may I know whether a connection is one pre-condition for proof request and verification? I saw there is one service provided from ACA-Py which is `/present-proof/create-request`, its description as `Creates a presentation request not bound to any proposal or existing connection`, so if this request is not associated with any connection, how the prover can response to this proof request with required credentials. I have one scenarion which might need this approach, imagine there is one ecosystem, company B's service can be used by the user if user can prove he/she is a member of company A, so company B can create one proof request to anyone, maybe there is one approach the user can response to this proof request, and once company B can verify the credential then it will allow this user to use its service. But not sure how user can interact with this `no-specific-connection` proof request. Any idea?

jcourt (Sun, 11 Oct 2020 21:55:32 GMT):

I need to get better at seeing responses in threads :-) Your assumption is of course correct, thanks again !

ankita.p17 (Mon, 12 Oct 2020 08:31:27 GMT):

Has joined the channel.

jameshiester (Mon, 12 Oct 2020 15:23:50 GMT):

should the tails server be publicly accessible? Or just to the agent that's issuing/revoking?

deas (Mon, 12 Oct 2020 16:21:21 GMT):

Has joined the channel.

DucaDellaForcoletta (Mon, 12 Oct 2020 16:24:41 GMT):

Hi all, I'm using a  postgres wallet created with libindy with aca-py 0.5.4. In the wallet are present about 4500 dids. Aca-py is particularly slow in connection and credential release features. Looking at the logs it seems that it repeatedly iterates over all the dids in the wallet. Has anyone encountered the same problem as me?

DucaDellaForcoletta (Mon, 12 Oct 2020 16:24:41 GMT):

Hi all, I'm using a  postgres wallet created one years ago with libindy under aca-py 0.5.4. In the wallet are present about 4500 dids. Aca-py is particularly slow in connection and credential release features. Looking at the logs it seems that it repeatedly iterates over all the dids in the wallet. Has anyone encountered the same problem as me?

esune (Mon, 12 Oct 2020 17:33:45 GMT):

The tails server needs to be publicly accessible, since verifiers will need to download the tails file to process the proof and validate it against a revocation interval

esune (Mon, 12 Oct 2020 17:35:08 GMT):

That endpoint is used to generate a connection-less proof request. The payload generated by that API is wrapped in a service decorator that tells the target agent where to send the proof-response

jameshiester (Mon, 12 Oct 2020 17:42:22 GMT):

there's not an s3 plugin by any chance is there?

esune (Mon, 12 Oct 2020 17:43:17 GMT):

No, but I guess there is no reason why it couldn't be written.

esune (Mon, 12 Oct 2020 17:44:25 GMT):

You can also test out things by directly calling the revocation APIs to see if/how the S3 approach would work. You will not have any automatic handling of tails files though (creation, publishing, rotation)

esune (Mon, 12 Oct 2020 17:45:09 GMT):

We also have public instances of Tails Server at BC Gov you could use.

lijiachuan (Mon, 12 Oct 2020 17:47:58 GMT):

The response for this request is a JSON string, but how should we let prover get this? If we take invitation service as an example, the invitation URL we can make it as a QR code so user can scan it and get the information, I am not sure whether there is a similar approach for this proof request?

esune (Mon, 12 Oct 2020 17:49:59 GMT):

See here: https://chat.hyperledger.org/channel/aries-cloudagent-python?msg=u7nXmEH6YX94yEYtk

jameshiester (Mon, 12 Oct 2020 18:23:33 GMT):

if i set --public-invites does that make the default true for all invites, or only for when I specify public=true when creating an invitatoin?

jameshiester (Mon, 12 Oct 2020 18:24:15 GMT):

is adding PUBLIC_TAILS_URL to the env the only change needed, or are there startup args required as well?

esune (Mon, 12 Oct 2020 18:27:52 GMT):

The environment variable is only for the demo, you will need to add a startup argument - I can't remember exactly how it is spelled so I'd suggest checking the usage to be sure

jameshiester (Mon, 12 Oct 2020 19:00:40 GMT):

what's the public tails server url?

esune (Mon, 12 Oct 2020 19:27:43 GMT):

DEV: https://tails-server-dev.pathfinder.gov.bc.ca
TEST: https://tails-server-test.pathfinder.gov.bc.ca
PROD: https://tails.vonx.io

tejgundavelli (Mon, 12 Oct 2020 22:34:58 GMT):

Has joined the channel.

jameshiester (Tue, 13 Oct 2020 00:12:22 GMT):

http://greenlight.bcovrin.vonx.io/ is this the network url for the bc gov testnet with trinsic and the other wallets?  I got a network mismatch when I issued credentials from it.  Trying to work out if that's the error.

lohan.spies (Tue, 13 Oct 2020 11:50:19 GMT):

This should provide you with all the info required and a very good set of Jupyter notebooks taking you over all the aspects of Aca-Py - https://github.com/OpenMined/PyDentity/tree/master/tutorials/aries-basic-controller

cheng.suisse (Tue, 13 Oct 2020 11:53:40 GMT):

Hi all, I'm playing a bit with Trinsic API and aca-py and I have a question on the grouping of attributes in a proof request. 

Basically, in Trinsic API, if I create a verification policy containing multiple attributes (https://docs.trinsic.id/reference#createverificationpolicy), and then send a proof request from that policy (https://docs.trinsic.id/reference#sendverificationfrompolicy) to a mobile Trinsic wallet, the multiple attributes (say, name, dob, nationality...) are grouped together. The holder can freely choose which VC to use to respond, but he/she is forced to respond to all these attributes using one single VC (see screenshots here https://github.com/ChengSuisse/public/blob/master/Screenshot_trinsic_1.jpg and here: https://github.com/ChengSuisse/public/blob/master/Screenshot_trinsic_2.jpg.

I tried doing the similar thing using aca-py (using the present-proof/send-request endpoint to send a proof request, still to an Trinsic wallet), then the requested attributes are listed individually in the wallet, and the holder can choose a different VC to respond to each attribute. See screenshot here: https://github.com/ChengSuisse/public/blob/master/Screenshot_aca-py_1.jpg

My questions: can we achieve the same behavior (grouping the attributes to be responded with a single VC) via aca-py, or is it something particular to Trinsic API and needs to be developed on top of the existing Aries protocols ?

cheng.suisse (Tue, 13 Oct 2020 11:53:40 GMT):

Hi all, I'm playing a bit with Trinsic API and aca-py and I have a question on the grouping of attributes in a proof request. 

Basically, in Trinsic API, if I create a verification policy containing multiple attributes (https://docs.trinsic.id/reference#createverificationpolicy), and then send a proof request from that policy (https://docs.trinsic.id/reference#sendverificationfrompolicy) to a mobile Trinsic wallet, the multiple attributes (say, name, dob, nationality...) are grouped together. The holder can freely choose which VC to use to respond, but he/she is forced to respond to all these attributes using one single VC (see screenshots here https://github.com/ChengSuisse/public/blob/master/Screenshot_trinsic_1.jpg and here: https://github.com/ChengSuisse/public/blob/master/Screenshot_trinsic_2.jpg.

I tried doing the similar thing using aca-py (using the present-proof/send-request endpoint to send a proof request, still to an Trinsic wallet), then the requested attributes are listed individually in the wallet, and the holder can choose a different VC to respond to each attribute. See screenshot here: https://github.com/ChengSuisse/public/blob/master/Screenshot_aca-py_1.jpg

My questions: can we achieve the same behavior (grouping the attributes to be responded with a single VC) via aca-py, or is it something particular to Trinsic API and needs to be developed on top of the existing Aries protocols if we want it ?

cheng.suisse (Tue, 13 Oct 2020 11:55:53 GMT):

Hi all, I'm playing a bit with Trinsic API and aca-py and I have a question on the grouping of attributes in a proof request. 

Basically, in Trinsic API, if I create a verification policy containing multiple attributes (https://docs.trinsic.id/reference#createverificationpolicy), and then send a proof request from that policy (https://docs.trinsic.id/reference#sendverificationfrompolicy) to a mobile Trinsic wallet, the multiple attributes (say, name, dob, nationality...) are grouped together. The holder can freely choose which VC to use to respond, but he/she is forced to respond to all these attributes using one single VC (see screenshots here https://github.com/ChengSuisse/public/blob/master/Screenshot_trinsic_1.jpg and here: https://github.com/ChengSuisse/public/blob/master/Screenshot_trinsic_2.jpg.

I tried doing the similar thing using aca-py (using the present-proof/send-request endpoint to send a proof request, still to an Trinsic wallet), then the requested attributes are listed individually in the wallet, and the holder can choose a different VC to respond to each attribute. See screenshot here: https://github.com/ChengSuisse/public/blob/master/Screenshot_aca-py_1.jpg

My questions: can we achieve the same behavior (grouping the attributes to be responded with a single VC) via aca-py, or is it something particular to Trinsic API and needs to be developed on top of the existing Aries protocols ?

jameshiester (Tue, 13 Oct 2020 12:20:37 GMT):

nevermind, found the right link

jameshiester (Tue, 13 Oct 2020 12:26:37 GMT):

This is a feature, not a bug.  I believe the query syntax in Proof Requests allows control over whether the values must come from the same (or similar) credential.  The ability to combine multiple VCs can be highly useful in many situations, and helps enable more granular schemas to prevent data overcollection.  It does make things more complex for users.  Those implementing wallets will have to think carefully about how to balance UX with supporting the full range of capabilities.  TLDR, if you want to restrict the proof to a single VC, I would explore the options in terms of creating the proof request to restrict it as such.  Otherwise, yes you have to build it on top

jameshiester (Tue, 13 Oct 2020 12:30:18 GMT):

from @esune  "Additionally, if you want to request more than one attribute from the same credential (using the same restriction), rather than requesting multiple fields with multiple restrictions using the "name": "Name" property, you can instead declare something like "names": ["Name", "Surname"]"

cheng.suisse (Tue, 13 Oct 2020 14:02:11 GMT):

Thanks. I did not mean it was a bug. I wanted to know if there is a way in aca-py to achieve the same behavior as in Trinsic API. In Trinsic API, multiple attributes defined in the same verification policy will require a same credential to prove. On the other hand, in a single proof request you can put multiple policies, so there is a bit flexibility to fine tune the granularity: attributes in the same policy will need to be proved with a same credential, while attributes in different policies (but still in the same proof request) can be proved with different credentials.

The suggestion to use "names": ["Name", "Surname"]" instead of "name": "Name" seems very interesting. So I tried the following request body: 

{
  "connection_id": connection_id,
  "comment": "Please prove this.",
  "proof_request": {
    "name": "Proof of Identity",
    "version": "1.0",
    "requested_attributes": {
      "0_name_uuid": *{"names": ["name", "Surname"]}*,
      "0_dob_uuid": {"name": "date of birth"},
      "0_dob_nationality": {"name": "nationality"},      
    },    
    "requested_predicates": {  
    }
  },
}

If I call the present-proof/send-request endpoint with the above body, I got 422 response "attribute specification" on "names" must have non-empty restriction". So it seems that I have to impose at least one restriction for this to work? Can I achieve something like this: Prove me your name/dob/nationality from a same credential (but I don't care from which issuer this credential comes from, or any other restrictions)?

cheng.suisse (Tue, 13 Oct 2020 14:02:11 GMT):

Thanks. I did not mean it was a bug. I wanted to know if there is a way in aca-py to achieve the same behavior as in Trinsic API. In Trinsic API, multiple attributes defined in the same verification policy will require a same credential to prove. On the other hand, in a single proof request you can put multiple policies, so there is a bit flexibility to fine tune the granularity: attributes in the same policy will need to be proved with a same credential, while attributes in different policies (but still in the same proof request) can be proved with different credentials.

The suggestion to use "names": ["Name", "Surname"]" instead of "name": "Name" seems very interesting. So I tried the following request body: 

{
  "connection_id": {connection_id},
  "comment": "Please prove this.",
  "proof_request": {
    "name": "Proof of Identity",
    "version": "1.0",
    "requested_attributes": {
      "0_name_uuid": *{"names": ["name", "Surname"]}*,
      "0_dob_uuid": {"name": "date of birth"},
      "0_dob_nationality": {"name": "nationality"},      
    },    
    "requested_predicates": {  
    }
  },
}

If I call the present-proof/send-request endpoint with the above body, I got 422 response "attribute specification" on "names" must have non-empty restriction". So it seems that I have to impose at least one restriction for this to work? Can I achieve something like this: Prove me your name/dob/nationality from a same credential (but I don't care from which issuer this credential comes from, or any other restrictions)?

cheng.suisse (Tue, 13 Oct 2020 14:02:11 GMT):

Thanks. I did not mean it was a bug. I wanted to know if there is a way in aca-py to achieve the same behavior as in Trinsic API. In Trinsic API, multiple attributes defined in the same verification policy will require a same credential to prove. On the other hand, in a single proof request you can put multiple policies, so there is a bit flexibility to fine tune the granularity: attributes in the same policy will need to be proved with a same credential, while attributes in different policies (but still in the same proof request) can be proved with different credentials.

The suggestion to use "names": ["Name", "Surname"]" instead of "name": "Name" seems very interesting. So I tried the following request body: 

{
  "connection_id": {connection_id},
  "comment": "Please prove this.",
  "proof_request": {
    "name": "Proof of Identity",
    "version": "1.0",
    "requested_attributes": {
      "0_name_uuid": *{"names": ["name", "Surname"]}*,
      "0_dob_uuid": {"name": "date of birth"},
      "0_dob_nationality": {"name": "nationality"},      
    },    
    "requested_predicates": {  
    }
  },
}

If I call the present-proof/send-request endpoint with the above body, I got 422 response "attribute specification on "names" must have non-empty restriction". So it seems that I have to impose at least one restriction for this to work? Can I achieve something like this: Prove me your name/dob/nationality from a same credential (but I don't care from which issuer this credential comes from, or any other restrictions)?

jameshiester (Tue, 13 Oct 2020 15:55:06 GMT):

I would suggest restricting it to a certain schema maybe?

jameshiester (Tue, 13 Oct 2020 15:55:53 GMT):

that would probably be a best practice to ensure it's easy to handle it on your application side, and enforce issuers to use the same schema to issue the same information

swcurran (Tue, 13 Oct 2020 17:42:49 GMT):

The grouping behaviour is at the Indy anoncreds proof request level, not at ACA-Py.  If you use the "names" array in the proof request, you should get the same ~behaviour as you are seeing in Trinsic.  ACA-Py does not define/structure the proof request -- that is left to the controller.

thmstzk (Wed, 14 Oct 2020 07:11:59 GMT):

Has joined the channel.

thmstzk (Wed, 14 Oct 2020 07:11:59 GMT):

How to send messages/attachments between verifiers (NOT during a credential exchange)?

thmstzk (Wed, 14 Oct 2020 07:11:59 GMT):

Hi all, How can I send messages/attachments between verifiers (NOT during a credential exchange)?

lohan.spies (Wed, 14 Oct 2020 09:41:25 GMT):

@thmstzk you can look at this repo for a basic messaging example https://github.com/OpenMined/PyDentity/tree/master/tutorials/aries-basic-controller and this repo https://github.com/OpenMined/PyDentity/tree/master/tutorials/attachments for a extension allowing for file/attachment transfers

matteo (Wed, 14 Oct 2020 10:01:58 GMT):

Hi, is there a command line argument to accept TAA programmatically when running aca-py in a docker container?

lohan.spies (Wed, 14 Oct 2020 10:22:50 GMT):

Hi @matteo yes there is - have a look at this notebook - https://github.com/OpenMined/PyDentity/blob/master/tutorials/aries-stagingnet/notebooks/issuer/Part%202%20-%20Writing%20a%20Public%20DID%20to%20the%20Sovrin%20StagingNet.ipynb

matteo (Wed, 14 Oct 2020 10:32:48 GMT):

many thanks, I was hoping that we could accept TAA via command argument but it seems that this is not available/possible

mattatkiva (Wed, 14 Oct 2020 12:35:23 GMT):

I am starting acapy this way:
```python3 ./aca-py start \
    --inbound-transport http 0.0.0.0 8123 \
    --admin 0.0.0.0 8124 --admin-insecure-mode \
    --outbound-transport http \
    --webhook-url "http://127.0.0.1:5000/v1/controller/alice" \
    --endpoint http://0.0.0.0:8123 \
    --admin-api-key bob```

and I am getting this error message
```mattraffel@kiva-mattr:~/src/hyperledger/acapy/bin$ ./start_acapy_alice.sh
Traceback (most recent call last):
  File "./aca-py", line 49, in 
    run_command(command, args)
  File "/Library/Python/3.8/site-packages/aries_cloudagent/commands/__init__.py", line 34, in run_command
    module.execute(argv)
  File "/Library/Python/3.8/site-packages/aries_cloudagent/commands/start.py", line 47, in execute
    settings = get_settings(args)
  File "/Library/Python/3.8/site-packages/aries_cloudagent/config/argparse.py", line 73, in get_settings
    settings.update(group.get_settings(args))
  File "/Library/Python/3.8/site-packages/aries_cloudagent/config/argparse.py", line 146, in get_settings
    raise ArgsParseError(
aries_cloudagent.config.error.ArgsParseError: Either --admin-api-key or --admin-insecure-mode must be set but not both.```

Not sure what to do here.   I am only specificing --admin-api-key

mattatkiva (Wed, 14 Oct 2020 12:48:53 GMT):

I am having some trouble starting acapy, after installing latest and pulling latest from github.  I am following the directions here:
https://github.com/hyperledger/aries-cloudagent-python/blob/master/DevReadMe.md#about-aca-py-command-line-parameters

I am starting acapy like this:
```aca-py start \
    --inbound-transport http 0.0.0.0 8123 \
    --admin 0.0.0.0 8124 \
    --admin-api-key bob \
    --outbound-transport http \
    --webhook-url "http://127.0.0.1:5000/v1/controller/alice" \
    --endpoint http://0.0.0.0:8123 \
    --wallet-type basic```

and I am getting this error:
```2020-10-14 06:45:38,134 aries_cloudagent.commands.start ERROR Exception during startup:
Traceback (most recent call last):
  File "/Library/Python/3.8/site-packages/aries_cloudagent/utils/classloader.py", line 70, in load_module
    return import_module(mod_path, package)
  File "/Applications/Xcode.app/Contents/Developer/Library/Frameworks/Python3.framework/Versions/3.8/lib/python3.8/importlib/__init__.py", line 127, in import_module
    return _bootstrap._gcd_import(name[level:], package, level)
  File "", line 1014, in _gcd_import
  File "", line 991, in _find_and_load
  File "", line 975, in _find_and_load_unlocked
  File "", line 671, in _load_unlocked
  File "", line 783, in exec_module
  File "", line 219, in _call_with_frames_removed
  File "/Library/Python/3.8/site-packages/aries_cloudagent/ledger/routes.py", line 16, in 
    from .indy import Role
  File "/Library/Python/3.8/site-packages/aries_cloudagent/ledger/indy.py", line 15, in 
    import indy.ledger
ModuleNotFoundError: No module named 'indy.ledger'```

there is no package called indy.ledger.   (I did install indy package however)

mattatkiva (Wed, 14 Oct 2020 12:50:25 GMT):

(all I want to do is get acapy to run so that I can open the swagger documentation...if there is an easier way to do that, Im fine with that approach)

ianco (Wed, 14 Oct 2020 13:04:31 GMT):

You need to have the indy python libraries in your PYTHONPATH

swcurran (Wed, 14 Oct 2020 13:04:41 GMT):

Easiest way to get the dynamic API docs is:

```
cd demo
./run_demo faber
```

and navigate to http://localhost:8021

swcurran (Wed, 14 Oct 2020 13:11:37 GMT):

And agreed that is not obvious to get the info what you want to do :-)

mattatkiva (Wed, 14 Oct 2020 13:32:01 GMT):

perfect.  thank you

swcurran (Wed, 14 Oct 2020 14:46:37 GMT):

Join us for the ACA-Py User Group is today, Wednesday at 11AM Pacific (18:00 UTC) -- the hour before the Aries WG Call. We'll have the core maintainers on the call to answer questions. We'll be talking the new command line parameters/config file handling (with YAML support!!), a design for a new protocol for signing attachments that can be used by authors and endorsers on Indy, and another look at multi-tenancy in ACA-Py. 

Zoom link will be: https://zoom.us/my/hyperledger.community?pwd=STZQd0xMZU9xRVVOVnpQM3JNQ2dqZz09 ; Link to meeting agenda page: https://wiki.hyperledger.org/display/ARIES/2020-10-14+Aries+Cloud+Agent+-+Python+Users+Group+Community+Meeting

Everyone is welcome!

zickau (Wed, 14 Oct 2020 14:56:56 GMT):

Hi, does anyone have experience with testing attachment functionalities with the acapy?

mmoram (Wed, 14 Oct 2020 15:15:44 GMT):

Has joined the channel.

swcurran (Wed, 14 Oct 2020 15:22:58 GMT):

Kiva has done some work on that, evidently.  @cam-parra

swcurran (Wed, 14 Oct 2020 15:23:28 GMT):

It might be worth outlining your use case a little more.  There are a number of attachment scenarios that people discuss.

zickau (Wed, 14 Oct 2020 18:53:49 GMT):

Thx for the reply, our first use case is about adding a picture to the credential as an overall representation such as a general driving license or passport image, later we want to use of course photos as claims within a cred as well

nage (Wed, 14 Oct 2020 18:54:56 GMT):

Yes, we’re doing pictures in credentials at Kiva.  @cam-parra is preparing a discussion of it for IIW next week.

zickau (Wed, 14 Oct 2020 18:55:45 GMT):

Could you point me to some example code?

nage (Wed, 14 Oct 2020 18:55:55 GMT):

The image is a credential attribute so you can prove it is the right image but we haven’t done anything fancy like a biometric matching template as an attribute yet

TelegramSam (Wed, 14 Oct 2020 19:00:31 GMT):

meeting link: https://zoom.us/j/5184947650?pwd=UE90WHhEaHRqOGEyMkV3cldKa2d2dz09

kthomas (Wed, 14 Oct 2020 21:46:48 GMT):

connecting to fabric

cam-parra (Wed, 14 Oct 2020 21:58:18 GMT):

Just getting that ready for you. I'll send you some examples soon

jcourt (Thu, 15 Oct 2020 00:48:07 GMT):

Is it expected behaviour that the Issuer wallet deletes the credential exchange record even when aca-py was started with --preserve-exchange-records and the original proposal from the Holder specified auto_remove=false ?   The record seems to hang around in the Issuer until the last step when an credential_ack is received then it is automatically deleted ?

jcourt (Thu, 15 Oct 2020 00:49:03 GMT):

Interestingly the credential exchange record isn't deleted on the Holder side after the credential is stored.

HarshMultani (Thu, 15 Oct 2020 10:47:37 GMT):

Has joined the channel.

HarshMultani (Thu, 15 Oct 2020 10:47:38 GMT):

I have installed and configured the indy-sdk and aca-py in my ubuntu 18.04 system. Now, I tried to change some part of the code of my local aca-py and when I run the agents those changes are not being reflected. How should I update the aca-py, so that the changes are reflected?

ldej (Thu, 15 Oct 2020 10:54:45 GMT):

When you have a checkout of ACA-py, you can run `pip3 install --no-cache-dir -e .` to install your modified version of ACA-py.

ldej (Thu, 15 Oct 2020 10:55:45 GMT):

That is, if you modified ACA-py itself. Modifications in the demo runners do not require is.

HarshMultani (Thu, 15 Oct 2020 11:34:24 GMT):

Thanks for the help, I did some more research and it got installed again with the changes

darkchylde (Thu, 15 Oct 2020 12:51:45 GMT):

@TelegramSam Is there any limitation on how much data can be transmitted in a single DIDComm ?

darkchylde (Thu, 15 Oct 2020 12:53:52 GMT):

If so, is this limitation depending on transport used ?

victor.martinez (Thu, 15 Oct 2020 13:22:08 GMT):

Hey Lohan, thanks for the answer. Could you point us out where we can find the the aca-py  code in you repo where you have  extended the basic message protocol with attachments ?

victor.martinez (Thu, 15 Oct 2020 13:22:08 GMT):

Hey @lohan.spies , thanks for the answer. Could you point us out where we can find the the aca-py  code in you repo where you have  extended the basic message protocol with attachments ?

victor.martinez (Thu, 15 Oct 2020 13:24:48 GMT):

Hi @lohan.spies , thanks for your answer.  I think what @matteo was trying to ask if is possible to configure the acceptance of the TTA via aca-py comand line during the provision of the agent

victor.martinez (Thu, 15 Oct 2020 13:31:41 GMT):

@lohan.spies , @wip-abramson  Are you planing to build a distributed machine learning system  using aca-py , PySyft and PyGrid ?

ianco (Thu, 15 Oct 2020 13:52:21 GMT):

You can also run with `PYTHONPATH=.` to pick up code from the local directory

wip-abramson (Thu, 15 Oct 2020 14:52:49 GMT):

The attachment protocol is here - https://github.com/OpenMined/PyDentity/tree/master/libs/attachment-protocol we just include it as a plugin to the default acapy docker image

wip-abramson (Thu, 15 Oct 2020 14:54:56 GMT):

Yeah @victor.martinez its certainly something we are exploring. Perhaps even integration aries capabilities directly into the Syft core library. We are still experimenting

wip-abramson (Thu, 15 Oct 2020 14:55:41 GMT):

Been thinking about it for a while though, here is a paper published on the topic if your interested - https://www.researchgate.net/publication/341932337_A_Distributed_Trust_Framework_for_Privacy-Preserving_Machine_Learning/stats

cam-parra (Thu, 15 Oct 2020 15:02:23 GMT):

https://github.com/kiva/protocol-demo/blob/master/implementations/demo/src/data.service.ts#L35

cam-parra (Thu, 15 Oct 2020 15:03:17 GMT):

take a look at how we use mime types here :)  We encode the image and set it as a mime type attribute. Then our front end app renders that image

cam-parra (Thu, 15 Oct 2020 15:03:53 GMT):

We're currently working on open sourcing our rendering code so i will give you that when it's ready.

victor.martinez (Thu, 15 Oct 2020 16:06:17 GMT):

Hey @wip-abramson  thanks for the links, it is clear now

swcurran (Thu, 15 Oct 2020 18:20:09 GMT):

DIDComm has no mention of limits. As such, any limits would be at the transport/practical level vs. set by DIDComm.  Since we assume that messages will likely pass through a series of agents in getting from the sender to the receiver, those practical limits should be assumed.

HarshMultani (Fri, 16 Oct 2020 06:45:37 GMT):

After this update I was trying to run an agent as seed and so I used the following command

HarshMultani (Fri, 16 Oct 2020 06:46:59 GMT):

After this update, I tried to run the agent (also giving the seed parameter) like this :-

HarshMultani (Fri, 16 Oct 2020 06:48:14 GMT):

aca-py start --wallet-name user3 --wallet-key user3 --wallet-type indy --genesis-file //docker_pool_transactions_genesis --ledger-pool-name local_pool --inbound-transport http 127.0.0.1 8001 --admin 127.0.0.1 9001 --endpoint http://127.0.0.1:8001 --outbound-transport http --log-level DEBUG --admin-insecure-mode --seed 00000000000000000000000000000001

HarshMultani (Fri, 16 Oct 2020 06:49:09 GMT):

But it gave me the following error :-    aries_cloudagent.config.base.ConfigError: Ledger rejected transaction request: client request invalid: could not authenticate, verkey for 4cLztgZYocjqTdAZM93t27 cannot be found

HarshMultani (Fri, 16 Oct 2020 06:49:51 GMT):

Why is this error popping up? Any idea?

sheru (Fri, 16 Oct 2020 12:37:24 GMT):

Hey Everyone, Is there any process of issue credential without making a connection with the mobile agent. Thanks for the help. Please share the helpful resource or documentation. Thanks

swcurran (Fri, 16 Oct 2020 14:19:57 GMT):

That feature is not supported in ACA-Py yet.  It's been considered, but not worked on.

ianco (Fri, 16 Oct 2020 15:54:44 GMT):

You need to create the DID on the ledger (aca-py doesn't do this)

sklump (Fri, 16 Oct 2020 18:25:55 GMT):

The auto_remove overrides the configuration setting, only on the local side. The holder cannot tell the issuer to retain records: the holder can make that call for his or her own records.

sheru (Fri, 16 Oct 2020 18:29:12 GMT):

is this in WIP or any PR for this concept. Its also helpful if there is an RFC for this one. Thanks

swcurran (Fri, 16 Oct 2020 18:47:02 GMT):

No WIP yet, but if anyone is interested in doing a PR, we'd be glad to help on getting started.

There is no formal RFC as this is just applying the concept of the "Issue-Credential" protocol (0036 as I recall) with the "Service Decorator".  This is easier with "Present-Proof" because it only has the QR code and the single DIDComm prove message, whereas there are more messages with Issue Credential.

To be added for ACA-Py is how to initiate the process on the Admin side and how to manage the threading when there is no connection object to associate with the protocol.  There may be more -- not sure.

swcurran (Fri, 16 Oct 2020 19:46:06 GMT):

FYI: *Aries Cloud Agent - Python Release 0.5.5* has been tagged and posted to PyPi. Release notes can be found here - https://github.com/hyperledger/aries-cloudagent-python/releases/tag/0.5.5.

This release is has a lot on revocation -- making it much easier from the Controller's perspective:

- Improvements to revocation registry creation in the face of errors/outages
- Unified configuration handling using command line parameters, environment variables and (NEW!!!) YAML files.
- An Admin endpoint to check the revocation status of a held credential
- Configurable support for the use of unencrypted tags on records
- New handling of credential issue records -- keep protocol record, keep minimal data after protocol completes (NEW), or delete

Code reference documentation has been generated to ReadTheDocs - https://aries-cloud-agent-python.readthedocs.io/en/latest/

A docker image has been posted to Docker Hub: https://hub.docker.com/r/bcgovimages/aries-cloudagent, tag py36-1.15-0_0.5.5

swcurran (Fri, 16 Oct 2020 19:46:06 GMT):

FYI: *Aries Cloud Agent - Python Release 0.5.5* has been tagged and posted to PyPi. Release notes can be found here - https://github.com/hyperledger/aries-cloudagent-python/releases/tag/0.5.5.

Highlights in this release:

- Improvements to revocation registry creation in the face of errors/outages
- Unified configuration handling using command line parameters, environment variables and (NEW!!!) YAML files.
- An Admin endpoint to check the revocation status of a held credential
- Configurable support for the use of unencrypted tags on records
- New handling of credential issue records -- keep protocol record, keep minimal data after protocol completes (NEW), or delete

Code reference documentation has been generated to ReadTheDocs - https://aries-cloud-agent-python.readthedocs.io/en/latest/

A docker image has been posted to Docker Hub: https://hub.docker.com/r/bcgovimages/aries-cloudagent, tag py36-1.15-0_0.5.5

jcourt (Sun, 18 Oct 2020 23:12:30 GMT):

Thats as I expected it would behave.  I just tried different options when I found the Issuer was deleting them on the ack regardless of how it was started.  I wonder if it is because the Issuer in my case never sends the proposal so never has the option to set the auto_remove option during the issue process.

sklump (Mon, 19 Oct 2020 10:26:28 GMT):

The Issuer does not send a proposal. The (prospective) Holder may send a proposal. The Issuer sends a request. https://github.com/hyperledger/aries-rfcs/blob/master/features/0036-issue-credential/credential-issuance.png

lsm (Mon, 19 Oct 2020 11:17:03 GMT):

OPTIONS

gnarula (Mon, 19 Oct 2020 17:03:17 GMT):

Has joined the channel.

jcourt (Mon, 19 Oct 2020 21:33:28 GMT):

Right but there is a possible start point in the protocol where the issuer can send an offer without proposal, "POST /issue-credential/send-offer". This api has the ability to specify "auto_remove".  I haven't tried it yet but I bet if I use that method the cred exchange record won't get deleted.  Anyway I just pulled up to the 0.5.5 release so will retest.  To be clear you "Don't" expect the cred ex record to be deleted on the issuer if ACA-py is started with the --preserve-exchange-records option correct >?

swcurran (Mon, 19 Oct 2020 23:47:30 GMT):

FYI: We're sad to report that *Aries Cloud Agent - Python Release 0.5.6* has been tagged and posted to PyPi. Release notes can be found here - https://github.com/hyperledger/aries-cloudagent-python/releases/tag/0.5.6.

Highlights in this release:

- Correction to an issue with a "read-only" agent instance trying to update an on ledger endpoint

Code reference documentation has been generated to ReadTheDocs - https://aries-cloud-agent-python.readthedocs.io/en/latest/

A docker image has been posted to Docker Hub: https://hub.docker.com/r/bcgovimages/aries-cloudagent, tag py36-1.15-0_0.5.6

sklump (Tue, 20 Oct 2020 10:27:37 GMT):

Correct.

thmstzk (Tue, 20 Oct 2020 13:06:18 GMT):

Hi everyone, @lohan.spies @wip-abramson 
I am trying to run the tutorial from PyDentity on sending attachments between two agents as in here:
https://github.com/OpenMined/PyDentity/tree/master/tutorials/attachments 
I installed the requirements mentioned (e.g. attachment-controller and aries-basic-controller). And when I run ./manage start, Alice and Bob are listening but they do not seem to get connected. I get the following error in terminal:

bob-agent_1       | 2020-10-20 12:41:46,860 aries_cloudagent.transport.outbound.manager ERROR >>> Outbound message failed to deliver, NOT Re-queued.

bob-agent_1       | 2020-10-20 12:41:46,861 aries_cloudagent.transport.outbound.manager ERROR Outbound message could not be delivered to http://192.168.65.3:8052/topic/connections/

And from Alice side I see this error:

alice-agent_1     | aiohttp.client_exceptions.ClientOSError: [Errno None] Can not write request body for http://192.168.65.3:8022/topic/connections/

I can initialise a controller in Alice's and Bob's notebook but the next step to check if a connection exists gets the following errors:
ClientConnectorError: Cannot connect to host alice-agent:8021 ssl:default [nodename nor servname provided, or not known]

What is missing?

lohan.spies (Tue, 20 Oct 2020 15:20:32 GMT):

Hi @thmstzk

lohan.spies (Tue, 20 Oct 2020 15:21:06 GMT):

This error `ClientConnectorError: Cannot connect to host alice-agent:8021 ssl:default [nodename nor servname provided, or not known]` means the agent is not yet running

lohan.spies (Tue, 20 Oct 2020 15:21:20 GMT):

i.e. You need to wait a bit longer

lohan.spies (Tue, 20 Oct 2020 15:22:07 GMT):

Once you see output like this ```iiw-agent_1     | 
iiw-agent_1     | ::::::::::::::::::::::::::::::::::::::::::::::
iiw-agent_1     | :: IIW                                      ::
iiw-agent_1     | ::                                          ::
iiw-agent_1     | ::                                          ::
iiw-agent_1     | :: Inbound Transports:                      ::
iiw-agent_1     | ::                                          ::
iiw-agent_1     | ::   - http://0.0.0.0:8020                  ::
iiw-agent_1     | ::                                          ::
iiw-agent_1     | :: Outbound Transports:                     ::
iiw-agent_1     | ::                                          ::
iiw-agent_1     | ::   - http                                 ::
iiw-agent_1     | ::   - https                                ::
iiw-agent_1     | ::                                          ::
iiw-agent_1     | :: Public DID Information:                  ::
iiw-agent_1     | ::                                          ::
iiw-agent_1     | ::   - DID: 7Rm6HjjfY3VZGkHFPFtFNC          ::
iiw-agent_1     | ::                                          ::
iiw-agent_1     | :: Administration API:                      ::
iiw-agent_1     | ::                                          ::
iiw-agent_1     | ::   - http://0.0.0.0:8021                  ::
iiw-agent_1     | ::                                          ::
iiw-agent_1     | ::                               ver: 0.5.4 ::
iiw-agent_1     | ::::::::::::::::::::::::::::::::::::::::::::::
iiw-agent_1     | 
iiw-agent_1     | Listening...
iiw-agent_1     | 
``` the agent is running

lohan.spies (Tue, 20 Oct 2020 15:22:58 GMT):

This error `bob-agent_1 | 2020-10-20 12:41:46,861 aries_cloudagent.transport.outbound.manager ERROR Outbound message could not be delivered to http://192.168.65.3:8052/topic/connections/` is because you did not yet start your webhook handlers in the notebooks

lohan.spies (Tue, 20 Oct 2020 15:24:48 GMT):

Once you have those managed we can look at `alice-agent_1 | aiohttp.client_exceptions.ClientOSError: [Errno None] Can not write request body for http://192.168.65.3:8022/topic/connections/`

wip-abramson (Tue, 20 Oct 2020 17:34:43 GMT):

I actually think that error can be ignored. It is because the script create_connection.py runs in the setup container but webhooks aren't setup in that script. So error is expected and can be ignored. Probably should do something about that ;)

wip-abramson (Tue, 20 Oct 2020 17:35:21 GMT):

I would just try run the notebooks and they should work :fingers_crossed:

jameshiester (Tue, 20 Oct 2020 18:50:34 GMT):

what field should be used in the QR code for a proof request?  Is it proof request dictionary?  Specifically I'm trying to integrate with trinsic wallet.

ianco (Tue, 20 Oct 2020 20:30:37 GMT):

Yes there's a field called `presentation_request_dict`, and then you have to add a service decorator so the mobile knows where to respond with the proof

ianco (Tue, 20 Oct 2020 20:30:58 GMT):

(Assuming you are asking for a proof request and there is no pre-existing connection between your agent and the mobile agent)

jameshiester (Tue, 20 Oct 2020 21:29:02 GMT):

Can I use the presentation_request_dict keys as they are, or do I have to strip the '@' from the Id key?  From the docs it looks like I should then add the service decorator and base64 encode as a query string appended to the service endpoint?  Does the query parameter name matter?  Looking a the bcgov oid example it looks like it's just using "m"?

ianco (Tue, 20 Oct 2020 21:36:16 GMT):

... so when you create a proof request (not attached to a specific connection), you get something like this:

```{
  presentation_request_dict: {
    '@type': 'did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/present-proof/1.0/request-presentation',
    '@id': '92cd656d-106e-4313-8688-4d6dd0f3d549',
    comment: 'Please provide information to show eligibility',
    'request_presentations~attach': [ [Object] ]
  },
  ...
}
```

ianco (Tue, 20 Oct 2020 21:36:56 GMT):

You take the complete `presentation_request_dict` section, and then attach a service decorator with your endpoint and keys

ianco (Tue, 20 Oct 2020 21:38:03 GMT):

To get this to the mobile agent you can base64 encode the whole thing,  put it in a url and generate a QR code for the whole thing, or generate a shorter url (that you then QR code) which will redirect to the longer url with the full base64 encoded string

ianco (Tue, 20 Oct 2020 21:39:01 GMT):

As for the parameters just do it exactly the way the bc gov oid demo works, I don't know if there is any specification around this or just a few wallet developers got it working and it's a "de facto" standard

jameshiester (Tue, 20 Oct 2020 21:42:11 GMT):

cool, thank you.  Just to confirm, by the whole thing, you mean the whole presentation_request_dict right?  not the full create-request response?

ianco (Tue, 20 Oct 2020 21:44:42 GMT):

"the whole thing" will look something like:

ianco (Tue, 20 Oct 2020 21:45:24 GMT):

```
{
  '@type': 'did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/present-proof/1.0/request-presentation',
  '@id': '92cd656d-106e-4313-8688-4d6dd0f3d549',
  comment: 'Please provide information to show eligibility',
  'request_presentations~attach': [
    {
      '@id': 'libindy-request-presentation-0',
      'mime-type': 'application/json',
      data: [Object]
    }
  ],
  '~service': {
    recipientKeys: [ '82x1zbZdq4so5sMkyhUjep5zzih6BgMxCGcpbjiA4iik' ],
    serviceEndpoint: 'https://4c10341ae112.ngrok.io'
  }
}```

jameshiester (Tue, 20 Oct 2020 21:45:53 GMT):

thanks

thmstzk (Wed, 21 Oct 2020 08:48:26 GMT):

@lohan.spies  I get the errors after the confirmation that the agents are listening:

bob-agent_1       | 
bob-agent_1       | ::::::::::::::::::::::::::::::::::::::::::::::
bob-agent_1       | :: Bob                                      ::
bob-agent_1       | ::                                          ::
bob-agent_1       | ::                                          ::
bob-agent_1       | :: Inbound Transports:                      ::
bob-agent_1       | ::                                          ::
bob-agent_1       | ::   - http://0.0.0.0:8050                  ::
bob-agent_1       | ::                                          ::
bob-agent_1       | :: Outbound Transports:                     ::
bob-agent_1       | ::                                          ::
bob-agent_1       | ::   - http                                 ::
bob-agent_1       | ::   - https                                ::
bob-agent_1       | ::                                          ::
bob-agent_1       | :: Public DID Information:                  ::
bob-agent_1       | ::                                          ::
bob-agent_1       | ::   - DID: gZj39Y8JGQ5GVQp2y6zFH           ::
bob-agent_1       | ::                                          ::
bob-agent_1       | :: Administration API:                      ::
bob-agent_1       | ::                                          ::
bob-agent_1       | ::   - http://0.0.0.0:8051                  ::
bob-agent_1       | ::                                          ::
bob-agent_1       | ::                               ver: 0.5.4 ::
bob-agent_1       | ::::::::::::::::::::::::::::::::::::::::::::::
bob-agent_1       | 
bob-agent_1       | Listening...
bob-agent_1       | 
bob-agent_1       | 2020-10-21 08:38:24,369 aries_cloudagent.transport.outbound.manager ERROR >>> Error when posting to: http://192.168.65.3:8052/topic/connections/; Error: (, ClientOSError(None, 'Can not write request body for http://192.168.65.3:8052/topic/connections/'), ); Re-queue failed message ...
@wip-abramson I tried to run the notebooks despite the errors but I get error that the connection cannot be made. This is the error from the notebooks (the same happens for Alice)
ClientConnectorError: Cannot connect to host bob-agent:8051 ssl:default [nodename nor servname provided, or not known]

bruno_santos (Wed, 21 Oct 2020 09:34:13 GMT):

Hello everyone. I'm now trying to test the acapy-controllers, and after building the images, I can't seem to perform something like Creating an invitation

bruno_santos (Wed, 21 Oct 2020 09:34:16 GMT):



Clipboard - 21 de Outubro de 2020 10:34

bruno_santos (Wed, 21 Oct 2020 09:35:10 GMT):

For what I understood, this project builds images for the controllers as well as for the agents

bruno_santos (Wed, 21 Oct 2020 09:35:10 GMT):

From what I understood, this project builds images for the controllers as well as for the agents

wip-abramson (Wed, 21 Oct 2020 10:44:25 GMT):

Weird, not too sure mate. Can you access the admin api at https://localhost:8051

wip-abramson (Wed, 21 Oct 2020 10:45:47 GMT):

It is saying its unable to connect to that endpoint

swcurran (Wed, 21 Oct 2020 13:29:24 GMT):

@andrew.whitehead @ianco ^^

swcurran (Wed, 21 Oct 2020 13:30:54 GMT):

@amanji ^^^

khalifa (Wed, 21 Oct 2020 13:51:33 GMT):

Hi All,

I want to share with you this medium tutorial (https://medium.com/@khalifa.toumi/how-to-use-hyperledger-aries-cloud-agent-for-a-classical-workflow-issuer-holder-verifier-9dd595f2f847) that describes the different steps to have a simple workflow between a verifier, issuer and a holder.
Do not hesitate to comment it. I hope that it may help someone.

sheru (Wed, 21 Oct 2020 14:04:12 GMT):

Thanks

amanji (Wed, 21 Oct 2020 14:12:46 GMT):

Hi @bruno_santos are you running the demo locally or with a cloud service like AWS?

bruno_santos (Wed, 21 Oct 2020 14:17:28 GMT):

Hello @amanji , I'm running it locally. To summarize it, I've used the following command: ```

``` ./run_demo ALICE_AGENT_HOST=172.31.8.237 FABER_AGENT_HOST=172.31.8.237 ACME_AGENT_HOST=172.31.8.237 webstart```

``` The issue is, both Faber and Acme's controllers are connecting to their respective agents (green light on top right), but the same isn't occurring for Alice...

bruno_santos (Wed, 21 Oct 2020 14:17:28 GMT):

Hello @amanji , I'm running it locally. To summarize it, I've used the following command: ```

``` ./run_demo ALICE_AGENT_HOST=172.31.8.237 FABER_AGENT_HOST=172.31.8.237 ACME_AGENT_HOST=172.31.8.237 webstart ```

``` The issue is, both Faber and Acme's controllers are connecting to their respective agents (green light on top right), but the same isn't occurring for Alice...

bruno_santos (Wed, 21 Oct 2020 14:17:28 GMT):

Hello @amanji , I'm running it locally. To summarize it, I've used the following command:

./run_demo ALICE_AGENT_HOST=172.31.8.237 FABER_AGENT_HOST=172.31.8.237 ACME_AGENT_HOST=172.31.8.237 webstart

The issue is, both Faber and Acme's controllers are connecting to their respective agents (green light on top right), but the same isn't occurring for Alice...

bruno_santos (Wed, 21 Oct 2020 14:19:31 GMT):

Using only ./run_demo webstart will cause that neither of the 3 controllers connects to their agents

amanji (Wed, 21 Oct 2020 14:28:33 GMT):

Here’s a couple of things to try. The first option, could you try deleting the built images and containers and rebuild using just `./run_demo web start` (unless you already tried this). The second option, if you have set the host variables when building the demo, do you have inbound and outbound rules set up for Alice Agent ports? https://github.com/hyperledger/aries-acapy-controllers/blob/master/AliceFaberAcmeDemo/README.md#opening-ports

bruno_santos (Wed, 21 Oct 2020 14:39:15 GMT):

It seems I didn't check that note, I've tried the first option, I'll look into the port rules. Thank you :thumbsup:

amanji (Wed, 21 Oct 2020 14:43:42 GMT):

If those don’t work and you’re simply checking the demo out I’d also recommend the ‘Play with VON/Play with Docker’ option. 

amanji (Wed, 21 Oct 2020 14:44:02 GMT):

If not please let me know and I’ll try to assist 

thmstzk (Wed, 21 Oct 2020 15:20:07 GMT):

It is weird! I can access the admin api

wip-abramson (Wed, 21 Oct 2020 15:23:50 GMT):

hmm I just checked it on mine and seemed to run

wip-abramson (Wed, 21 Oct 2020 15:23:56 GMT):

What is your docker version

wip-abramson (Wed, 21 Oct 2020 15:24:21 GMT):

Mine is docker-compose version 1.24.1

wip-abramson (Wed, 21 Oct 2020 15:25:36 GMT):

docker-compose version 1.24.1

wip-abramson (Wed, 21 Oct 2020 15:26:00 GMT):

Docker version 19.03.6

wip-abramson (Wed, 21 Oct 2020 15:26:15 GMT):

not sure if it makes a difference be interesting to see

thmstzk (Wed, 21 Oct 2020 15:30:31 GMT):

docker version 19.03.13
docker-compose version 1.27.4, build 40524192

wip-abramson (Wed, 21 Oct 2020 15:31:41 GMT):

hmm dont think it should be that. could you try a different tutorial like the aries-stagingnet one

ianco (Wed, 21 Oct 2020 15:33:23 GMT):

Not that I'm aware of

mattatkiva (Wed, 21 Oct 2020 20:23:57 GMT):

Im having trouble running acapy.  I've gone through the installation instuctions.  I had this working previously (a couple weeks ago).  Last week I posted a message about running acapy from the commandline and it was suggested I run `./run_demo faber`

This also fails:
```mattraffel@kiva-mattr:~/src/hyperledger/acapy/demo$ ./run_demo faber
Preparing agent image...
sha256:0ce896e6ceb7bf2f98d41e5d3b7148facc39f5daa7b9e493ac780c3460b9dceb
Trying to detect ngrok service endpoint
ngrok not detected for agent endpoint
192.168.65.3
Starting [faber] agent with args [--port 8020]
Error retrieving ledger genesis transactions
mattraffel@kiva-mattr:~/src/hyperledger/acapy/demo$ git status
On branch master
Your branch is up to date with 'origin/master'.```

ianco (Wed, 21 Oct 2020 20:28:51 GMT):

What ledger are you trying to connect to?

mattatkiva (Wed, 21 Oct 2020 20:29:19 GMT):

if I tried to run acapy directly from the command line, I get this error:
```mattraffel@kiva-mattr:~/src/hyperledger/acapy/bin$ python3 ./aca-py start \
>     --inbound-transport http 0.0.0.0 8123 \
>     --admin 0.0.0.0 8124 \
>     --outbound-transport http \
>     --webhook-url "http://127.0.0.1:5000/v1/controller/alice" \
>     --endpoint http://0.0.0.0:8123 \
>     --admin-api-key bob
2020-10-21 14:25:50,233 aries_cloudagent.commands.start ERROR Exception during startup:
Traceback (most recent call last):
  File "/Library/Python/3.8/site-packages/aries_cloudagent/utils/classloader.py", line 70, in load_module
    return import_module(mod_path, package)
  File "/Applications/Xcode.app/Contents/Developer/Library/Frameworks/Python3.framework/Versions/3.8/lib/python3.8/importlib/__init__.py", line 127, in import_module
    return _bootstrap._gcd_import(name[level:], package, level)
  File "", line 1014, in _gcd_import
  File "", line 991, in _find_and_load
  File "", line 975, in _find_and_load_unlocked
  File "", line 671, in _load_unlocked
  File "", line 783, in exec_module
  File "", line 219, in _call_with_frames_removed
  File "/Library/Python/3.8/site-packages/aries_cloudagent/ledger/routes.py", line 16, in 
    from .indy import Role
  File "/Library/Python/3.8/site-packages/aries_cloudagent/ledger/indy.py", line 15, in 
    import indy.ledger
ModuleNotFoundError: No module named 'indy.ledger'```

mattatkiva (Wed, 21 Oct 2020 20:30:06 GMT):

Im running run_demo script.  All I pass in is faber.  so Im not sure what ledger it would be trying to connect to

andrew.whitehead (Wed, 21 Oct 2020 20:52:49 GMT):

It doesn't look like you have the python3-indy module installed

mattatkiva (Wed, 21 Oct 2020 20:53:50 GMT):

thnx.  I couldnt figure out what indy module I needed.  that works

ianco (Wed, 21 Oct 2020 20:53:52 GMT):

If you run it from the command line you need to have all the indy stuff installed

ianco (Wed, 21 Oct 2020 20:54:02 GMT):

However if you run the faber demo, it all runs in a docker container

ianco (Wed, 21 Oct 2020 20:54:18 GMT):

By default the faber demo looks for a local ledger (i.e. von network)

ianco (Wed, 21 Oct 2020 20:54:32 GMT):

You can specify a different ledger when you run the demo

mattatkiva (Wed, 21 Oct 2020 21:04:01 GMT):

is the bon network something I need to setup independently of acapy?

ianco (Wed, 21 Oct 2020 21:05:06 GMT):

yes, check out:  https://github.com/bcgov/von-network

JamesEbert (Thu, 22 Oct 2020 04:49:06 GMT):

Has joined the channel.

ldej (Thu, 22 Oct 2020 06:14:33 GMT):

Hi,

I'm trying to use aca-py to create an issuer agent on Sovrin BuilderNet. As I learned in the course "Becoming A Hyperledger Aries Developer", there is a separate command for provisioning a wallet (aca-py provision). The provisioning only succeeds with the seed `000000000000000000000000Trustee1`, as that is the "magic" seed for the DID of the trustee. It will of course always say: "Created new public DID V4SGRU86Z58d6TV7PBUe6f". When I run the provisioning step with any other seed value, it fails obviously.

1. Does this mean that to create a new public DID for my issuer, I first need to provision a wallet with the magic seed, and then use `aca-py start` and register a new public DID using `/ledger/register-nym`?
2. With `--endpoint` being required right now, after running `aca-py provision` with `--endpoint`, it updates the endpoint for `V4SGRU86Z58d6TV7PBUe6f` in the ledger: https://indyscan.io/tx/SOVRIN_BUILDERNET/domain/2405 Is this desired behaviour?
3. I have registered DIDs using the method in the linked Google Doc at https://selfserve.sovrin.org/ as well. libsovtoken seems to be unavailable when I follow the step `sudo apt-get install -y indy-cli libsovtoken`. Is this outdated? I am using Ubuntu 18.04. libindy is installed though.

WadeBarnes (Thu, 22 Oct 2020 14:03:09 GMT):

In order for your `aca-py` agent to be able to write to the ledger it needs to use a DID with the appropriate privileges, AND that DID needs to be registered FIRST (separately) on the ledger and then registered by `aca-py` in it's own wallet.

WadeBarnes (Thu, 22 Oct 2020 14:03:54 GMT):

You are likely missing the first part; registering the DID on the ledger.

WadeBarnes (Thu, 22 Oct 2020 14:04:55 GMT):

It's working with `V4SGRU86Z58d6TV7PBUe6f` because that DID just happens to already be registered on BuilderNet as an Endorser.

WadeBarnes (Thu, 22 Oct 2020 14:06:37 GMT):

The `000000000000000000000000Trustee1` seed is only "magic" for locally provisioned (developer) node pools.

WadeBarnes (Thu, 22 Oct 2020 14:09:28 GMT):

What DIDs have you registered with `https://selfserve.sovrin.org/`, and on which network?

WadeBarnes (Thu, 22 Oct 2020 14:10:14 GMT):

What does your `aca-py` startup configuration look like?  Are you pointing it at the correct network?

WadeBarnes (Thu, 22 Oct 2020 14:12:01 GMT):

Yes `aca-py` will register an endpoint.  But that endpoint needs to be publicly accessible for other agents to communicate with it.

WadeBarnes (Thu, 22 Oct 2020 14:14:46 GMT):

If you want a bit more control while you're getting this all figured out on your local machine you could use [von-network](https://github.com/bcgov/von-network).

WadeBarnes (Thu, 22 Oct 2020 14:14:46 GMT):

If you want a bit more control while you're getting this all figured out on your local machine you could use [von-network](https://github.com/bcgov/von-network) as the ledger.

mickra (Thu, 22 Oct 2020 22:49:42 GMT):

Has joined the channel.

ldej (Fri, 23 Oct 2020 05:09:36 GMT):

Hi Wade, thanks for the response.

I have been working with von-network for the past two months, and I wanted to figure out how to get it working with Sovrin BuilderNet and a postgres database. I got the postgres database working with both indy-cli and aca-py and confirmed that they use the same wallet, so that's good. I was just a little confused on what the order of operations was when just using aca-py.

So, to get it straight:
1. (indy-cli) Configure a local wallet that is configured for the BuilderNet ledger
2. (indy-cli) Generate a DID
3. Register the DID and Verkey for the BuilderNet ledger via https://selfserve.sovrin.org/ (no payment address required)
4. (indy-cli) Receive DID metadata using `ledger get-nym did=`
5. (indy-cli) Set the DID as the public DID using `did use `
6. (aca-py) Start aca-py using the same wallet and connecting to BuilderNet

With this it means that my local wallet has the keys for my DID and it registered in the BuilderNet ledger.

Now to get to the part that is unclear, is it possible to do this without indy-cli, and just with aca-py?

I have registered a DID on BuilderNet using the steps I listed.

I understand my endpoint needs to be a publically accessible URL, I am about to deploy to get that.

Yes I am pointing aca-py to the right network using `--genesis-file ./pool_transactions_builder_genesis`

thmstzk (Fri, 23 Oct 2020 08:14:02 GMT):

Now it is resolved by changing the docker-compose.yml. Apparently there is some difference in Mac regarding aiohttp!

thmstzk (Fri, 23 Oct 2020 08:14:02 GMT):

Now it is resolved by changing the docker-compose.yml. Apparently there are some differences in Mac regarding aiohttp!

thmstzk (Fri, 23 Oct 2020 08:18:41 GMT):

I wonder how the attachment exchange is implemented? Is it best effort or there is an ack being sent back from receiver. 
Also, is there a possibility of broadcast an attachment rather than sending agent to agent?

wip-abramson (Fri, 23 Oct 2020 13:08:23 GMT):

Interesting, what was the change you had to make. It will be worth knowing in case others run into that

wip-abramson (Fri, 23 Oct 2020 13:09:02 GMT):

The atachment code is here: https://github.com/OpenMined/PyDentity/tree/master/libs/attachment-protocol it uses decorators.

wip-abramson (Fri, 23 Oct 2020 13:09:44 GMT):

I am not sure about broadcast, I think the best way to do that would be through some signing api. Then just publish the signed attachment wherever you want, not through agent communication

WadeBarnes (Fri, 23 Oct 2020 14:18:19 GMT):

Yes, you can do that without the `indy-cli` step.  `aca-py`, given the seed, will create it's own wallet and register the matching DID in it.

WadeBarnes (Fri, 23 Oct 2020 14:19:00 GMT):

The content of `./pool_transactions_builder_genesis`, is it the same as; https://raw.githubusercontent.com/sovrin-foundation/sovrin/stable/sovrin/pool_transactions_builder_genesis

YukiB (Sat, 24 Oct 2020 17:28:39 GMT):

Hello does anyone an example credential definition I can look at

YukiB (Sat, 24 Oct 2020 17:29:21 GMT):

I have searched far and wide to find an example definition without success

YukiB (Sat, 24 Oct 2020 17:29:46 GMT):

What I am trying to understand are:

YukiB (Sat, 24 Oct 2020 17:30:49 GMT):

1. How to request different attributes from different schemas

YukiB (Sat, 24 Oct 2020 17:31:55 GMT):

2.  Is it possible to restrict the requested attribute to more than one specific schema

YukiB (Sat, 24 Oct 2020 18:04:09 GMT):

@swcurran can you please look at my question immediately above

swcurran (Sun, 25 Oct 2020 19:50:03 GMT):

You are looking for a proof request, not a credential definition.  Proof requests are not too well documented in indy :-(.  I keep meaning to get some documentation together on it, but I don't have the time.  

You can find a number of examples in this test file: https://github.com/hyperledger/indy-sdk/blob/master/libindy/tests/anoncreds.rs  --- search for "restrictions", as that is the key component of a proof.  The basic concepts:

1. You have an array of referents --  claims from credentials that you want to prove.  If a referent has multiple names (array) -- all of the names are of claims and must be from the same credential.
2. A referent can have restrictions in any combination of: schema, issuer DID, credential definitions (issuer DID and schema), schema attribute name, or schema attribute value.  So that means you can do things like:
- request just that it be from a schema, and it can come from any issuer
- request just that it be from a credential definition which locks it to an issuer and a schema
- request that it be from a specific named claim and it can be from any schema with that name from any issuer
- AND'd combinations of all of the above, OR'd as well.
3. Predicates can also be requested, also with restrictions.  Predicates are logical expressions with a supplied value against a claim using ">=", "<=", ">". "<" operators only.  In the file above, search for "requested_predicates" for examples.

That's the shortest description I can come up with.

deas (Mon, 26 Oct 2020 00:25:02 GMT):

Thanks for that description of a proof request! I'm working on a toy demo where I'm converting the Faber/Alice example into a different thing, and was hitting an error from the *aries_cloudagent.verifier.indy* where a presentation could not be validated due to missing essential components--in this case, a missing requested predicate '0_age_GE_uuid' that I'd forgotten to remove. 

I'd absolutely love some additional documentation when it becomes available. At the moment, though, I've really just got one question: is there a plan for equivalence ('=' or '==') to be included in the logical expressions supported in the predicate functionality? Or is it really only intended for numerical evaluation in relative terms? I'm new to ZKPs, so I'm not even sure if that's a foolish question. :slight_smile:

swcurran (Mon, 26 Oct 2020 00:33:10 GMT):

When you are looking for equality, you should use a restriction, since by definition there is no need for a predicate (not exposing the data).  If you want to verify that the "STATE" is equal to "CA", if the value of the predicate is "TRUE", then you know what the value is in the credential.  So, instead of using a predicate, you just use a restriction on the value.

Clear as mud.

swcurran (Mon, 26 Oct 2020 00:33:10 GMT):

When you are looking for equality, you should use a restriction, since by definition there is no need for a predicate (not exposing the data).  If you want to verify that the "STATE" is equal to "CA", if the value of the predicate is "TRUE", then you know what the value is in the credential.  So, instead of using a predicate, you just use a restriction on the value.

Clear as mud?

deas (Mon, 26 Oct 2020 00:37:34 GMT):

I actually think I follow that. :laughing: Thank you!

thmstzk (Mon, 26 Oct 2020 10:08:17 GMT):

Add --no-ledger tag and wallet-name and wallet-key for each agent in docker-compose
Then it can be run on mac

ldej (Mon, 26 Oct 2020 10:50:30 GMT):

Okay I resolved my confusion. When I start ACA-py in provision mode with a self-chosen seed, I tried to accept the transaction author agreement. However, that results in an error: `aries_cloudagent.ledger.error.LedgerTransactionError: Ledger rejected transaction request: client request invalid: could not authenticate, verkey for 326fee8CzKnqQjKoYLh55g cannot be found`. So before I accept the agreement, I need to go to the selfserve website and enter the DID and verkey there. When I accept the `taa` after that, it completes successfully. I feel so dumb now. However, I hadn't found a place where they described the steps. And the steps for using `indy-cli` and the information provided in the course "Becoming a Hyperledger Developer" didn't make it clear. Thanks for the help Wade!

michawensveen (Mon, 26 Oct 2020 11:22:41 GMT):

Has joined the channel.

michawensveen (Mon, 26 Oct 2020 12:03:52 GMT):

Hi,
We are looking to build a controller that is called by the ACA-py using the web-hook. But we have difficulty in finding documentation about the api the controller should implement.
Can somebody point us to documentation?
Thanks

matteo (Mon, 26 Oct 2020 13:19:42 GMT):

Try here: https://github.com/hyperledger/aries-cloudagent-python/blob/015928faa9368282e87ece550b68fb7eed14ea76/AdminAPI.md#administration-api-webhooks

michawensveen (Mon, 26 Oct 2020 13:21:11 GMT):

Thanks,

wip-abramson (Mon, 26 Oct 2020 14:52:14 GMT):

Interesting, thanks. So its a acapy thing

luanafrattini (Tue, 27 Oct 2020 12:26:23 GMT):

Has joined the channel.

luanafrattini (Tue, 27 Oct 2020 13:07:22 GMT):

Hi!

luanafrattini (Tue, 27 Oct 2020 13:07:32 GMT):

Is there a way to issue a credential with several data in a single attribute?

luanafrattini (Tue, 27 Oct 2020 13:07:36 GMT):

This data is volatile, it changes according to the credential.

sklump (Tue, 27 Oct 2020 13:17:45 GMT):

No.

sklump (Tue, 27 Oct 2020 13:18:12 GMT):

The issuer signs one value per attribute.

ianco (Tue, 27 Oct 2020 13:22:33 GMT):

You can store a data structure (such as json) in the attribute, or you can use the attribute to store an external link (e.g. a hashlink), or the attribute can contain a pdf document or image (a small one), but as @sklump says as far as indy is concerned each attribute is a single value

luanafrattini (Tue, 27 Oct 2020 13:33:41 GMT):

Ok. Thank you both!

HansHuber080883 (Tue, 27 Oct 2020 14:13:17 GMT):

Has joined the channel.

wip-abramson (Tue, 27 Oct 2020 14:18:06 GMT):

Hey, has anyone used the introduce protocol implemented in ACA-Py. Wondering how I use the single endpoint implemented to initiate an introduction between two parties that I have a connection with. As I understand the protocol the aim is for the introducer to initiate an out of band connection between two connections they wish to introduce if the parties first agree to be willing to be introduced

rileyphughes (Tue, 27 Oct 2020 14:39:57 GMT):

@YukiB does this documentation help? It's Trinsic documentation but Trinsic uses Aries agents so most should be common https://docs.trinsic.id/docs/verifications-1

wip-abramson (Tue, 27 Oct 2020 17:35:09 GMT):

Hey, also playing around with action menu protocol in ACA-Py. Seems like the only way to use it is through webhooks right? The responder does not store the responses to action menu's they receive they just throw a webhook, which the responder can respond to with any message they deem appropriate. Are the webhooks purposely different: actionmenu, perform-menu-action ...? If so what is the reason for this as opposed to using protocol state?

wip-abramson (Tue, 27 Oct 2020 17:36:28 GMT):

Also seems odd that send-menu endpoint starts with /connections instead of /action-menu?

wip-abramson (Tue, 27 Oct 2020 17:37:30 GMT):

Happy to submit a P.R around this, my guess is no one really uses action-menu much

swcurran (Tue, 27 Oct 2020 17:38:39 GMT):

@andrew.whitehead ^^^

sklump (Tue, 27 Oct 2020 17:40:35 GMT):

I'll fix the URL in my incoming PR

wip-abramson (Tue, 27 Oct 2020 17:46:09 GMT):

Cool, any thoughts on the webhook topic naming?  just curious more than anything

jameshiester (Tue, 27 Oct 2020 21:06:02 GMT):

@wip-abramson did you get an answer on the introduction protocol?  I'm curious about that as well

swcurran (Tue, 27 Oct 2020 23:06:35 GMT):

Join us for the ACA-Py User Group is today, Wednesday at 11AM Pacific (18:00 UTC) -- the hour before the Aries WG Call. We'll have the core maintainers on the call to answer questions. We'll have @andrew.whitehead joining us to talk about the evolution of the indy-wallet to create aries-askar.  What's the same, what's different, what's under the hood?

Zoom link will be: https://zoom.us/my/hyperledger.community?pwd=STZQd0xMZU9xRVVOVnpQM3JNQ2dqZz09 ; Link to meeting agenda page: https://wiki.hyperledger.org/display/ARIES/2020-10-28+Aries+Cloud+Agent+-+Python+Users+Group+Community+Meeting

Everyone is welcome!

andrewtan (Wed, 28 Oct 2020 00:19:33 GMT):

Has joined the channel.

wip-abramson (Wed, 28 Oct 2020 10:21:40 GMT):

not yet, will let you know though

YukiB (Wed, 28 Oct 2020 15:08:30 GMT):

Thanks a million for you detailed post.  I had to read it a few times to really digest the consequences.  One thing that stood out was the the cred-def is simply a mechanism to tie the schema and issuer.  The real meat is in the proof request as you described above

mattatkiva (Wed, 28 Oct 2020 16:48:09 GMT):

whats the reason for the hardcoded value here:  https://github.com/hyperledger/aries-cloudagent-python/blob/c5279775186817409537712d7c2f80cb6663db5d/demo/runners/alice.py#L144

sklump (Wed, 28 Oct 2020 16:55:27 GMT):

[ ](https://chat.hyperledger.org/channel/aries-cloudagent-python?msg=eA22rWKys2BBMQndZ) Why not? It's just a self-attested value, not an attribute value from a credential.

sklump (Wed, 28 Oct 2020 16:55:27 GMT):

[ ](https://chat.hyperledger.org/channel/aries-cloudagent-python?msg=eA22rWKys2BBMQndZ) Why not? It's just a self-attested value, not an attribute value from a credential. It could be anything, so "my self-attested value" stands in for anything you'd like to see.

mattatkiva (Wed, 28 Oct 2020 16:59:27 GMT):

I get that.  I guess I was expecting it would generate a value rather than just hardcoded value.

jameshiester (Wed, 28 Oct 2020 17:30:18 GMT):

what is the purpose/use case for the establish inbound connection endpoint?

mattatkiva (Wed, 28 Oct 2020 17:41:37 GMT):

exit

ianco (Wed, 28 Oct 2020 17:52:37 GMT):

"It's only a demo"  (https://www.youtube.com/watch?v=m3dZl3yfGpc)

ianco (Wed, 28 Oct 2020 17:53:05 GMT):

This is for routing

ianco (Wed, 28 Oct 2020 17:54:01 GMT):

You can see an example here:  https://github.com/hyperledger/aries-cloudagent-python/blob/master/demo/runners/performance.py#L70

TimoGlastra (Wed, 28 Oct 2020 17:55:50 GMT):

The timezones are confusing me. Is the ACA-Pug call in 5 minutes?

ianco (Wed, 28 Oct 2020 17:56:26 GMT):

yes

TimoGlastra (Wed, 28 Oct 2020 17:57:55 GMT):

Thanks!

mattatkiva (Wed, 28 Oct 2020 18:00:31 GMT):

:D true

swcurran (Wed, 28 Oct 2020 19:23:16 GMT):

I highly recommend this site -- https://www.worldtimebuddy.com/

swcurran (Wed, 28 Oct 2020 19:23:33 GMT):

I bought a subscription -- it's really good for questions like that.

swcurran (Wed, 28 Oct 2020 19:23:46 GMT):

:-)

swcurran (Wed, 28 Oct 2020 19:24:57 GMT):

Cred-Def also has a per claim public key that is used for signing each claim.

swcurran (Wed, 28 Oct 2020 19:25:04 GMT):

But, yes, you got it.

TimoGlastra (Wed, 28 Oct 2020 19:38:13 GMT):

I just discovered the Hyperledger calendar which solves the issue!  I was confused because not all meetings use the same time zones (the javascript call uses India time zone for some reason).

TimoGlastra (Wed, 28 Oct 2020 19:39:07 GMT):

But thanks Stephen, worldtimebuddy is definitely a good one to remember

jameshiester (Wed, 28 Oct 2020 20:42:25 GMT):

is there the ability to override the agent's label when creating a connection/issuing credentials?

swcurran (Wed, 28 Oct 2020 21:43:17 GMT):

@andrew.whitehead @ianco ^^

andrew.whitehead (Wed, 28 Oct 2020 21:56:47 GMT):

I believe the admin endpoint has an optional parameter when creating an invitation or accepting one

ianco (Wed, 28 Oct 2020 21:58:53 GMT):

You can create an alias (which is different from the label that you get from the other agent)

ianco (Wed, 28 Oct 2020 21:59:16 GMT):

However I think you can also override the label itself, just update the invitation before you send it out

jameshiester (Wed, 28 Oct 2020 22:05:59 GMT):

@andrew.whitehead I'm not seeing it in the params as of 5.4.  Has it been added recently?  I can use the override method for now.  I might suggest making both the label and the imageUrl overridable

jameshiester (Wed, 28 Oct 2020 22:05:59 GMT):

@andrew.whitehead I'm not seeing it in the params as of 5.4.  Has it been added recently?  I can use the override method for now.  I might suggest making both the label and the imageUrl overridable when creating an invitation

jameshiester (Wed, 28 Oct 2020 22:12:45 GMT):

or is it interpreted in the body and that's just missing from the swagger docs?

ianco (Wed, 28 Oct 2020 23:11:51 GMT):

When you create an invitation the label is just part of the json body that gets sent to the invitee.   You can just override the labwl value to whatever you want.

ianco (Wed, 28 Oct 2020 23:11:51 GMT):

When you create an invitation the label is just part of the json body that gets sent to the invitee.   You can just override the label value to whatever you want.

ianco (Wed, 28 Oct 2020 23:13:09 GMT):

When you accept an invitation there's a parameter called `my_label` which I think is what you use to send back, as a label

ianco (Wed, 28 Oct 2020 23:14:08 GMT):

There's also a parameter called `alias` (on create and receive invitation) which is the "local" name for the connection (as opposed to the label which is sent to the remote end of the connection)

jameshiester (Thu, 29 Oct 2020 02:22:30 GMT):

understood, it would be nice if this could be incorporated into the query params for the create invitation request so we could directly use the invitationUrl in the output without having to re-encode it with the overriden value.

lohan.spies (Thu, 29 Oct 2020 08:34:38 GMT):

That is required with Aca-Py 0.5.6. Made these changes in a new branch in the repo already

vsadriano (Thu, 29 Oct 2020 15:29:24 GMT):

Has joined the channel.

mattatkiva (Thu, 29 Oct 2020 18:36:41 GMT):

Im trying to work through issue credential "bonus points" (https://github.com/hyperledger/aries-cloudagent-python/blob/master/demo/AriesOpenAPIDemo.md#bonus-points).

The issued sends the offer: /issue-credential/send-offer
1 I get webhook call back from the issuer
2 I get webhook callback from the holder 
3 I get webhook callback from the issuer ... even though I didn't do anything....

I would have expected #3 to be blocked until I respond to #2.  Is that right?
I still have this flag set: `--auto-respond-messages` . Its the only auto-respond flag set.  does that make a different?

mgbailey (Fri, 30 Oct 2020 15:15:20 GMT):

Has joined the channel.

michawensveen (Mon, 02 Nov 2020 15:35:46 GMT):

Hi,
Via the swagger UI I try to invoke a POST /credential-definitions.
This results in 400: tails_server_base_url not configured
Am I missing something in the configuration of the agent?

wip-abramson (Mon, 02 Nov 2020 16:10:03 GMT):

Hey is there an issue tracking the work needed to extend the OOB protocol in acapy to support issuance and presentation? I couldn't spot one, but probably could work on a P.R. for it if there is. Or I could create an issue. We just implemented the python wrapper and notebook tutorial for the OOB swagger api and ran into the not implemented errors

esune (Mon, 02 Nov 2020 17:33:01 GMT):

It sounds like you are trying to create a cred_def that supports revocation. You will need to start the agent with the appropriate argument to tell it which tails server to use: https://github.com/hyperledger/aries-cloudagent-python/blob/master/aries_cloudagent/config/argparse.py#L458-L464

esune (Mon, 02 Nov 2020 17:33:56 GMT):

This? https://github.com/hyperledger/aries-cloudagent-python/issues/730

HarshMultani (Tue, 03 Nov 2020 05:36:52 GMT):

Hi all, I was experimenting with the aca-py. and I stumbled upon an error, and as I further noticed, It displayed for every indy member it is displaying that "module indy has no (PARTICULAR) member". Example for indy.crypto - it is displaying - module indy has no crypto member.. Can someone tell what is this error and how can it be fixed?

wip-abramson (Tue, 03 Nov 2020 10:57:14 GMT):

Hmm not sure. OOB works for DIDExchange for me at least, is the protocol out of date? What doesn't work are the credential-offer and request-presentation on the receive side of the protocol.

https://github.com/hyperledger/aries-cloudagent-python/blob/653a4c2c4d19e1e3a0b6b89467affcea81827434/aries_cloudagent/protocols/out_of_band/v1_0/manager.py#L258

wip-abramson (Tue, 03 Nov 2020 10:57:55 GMT):

That doesn't seem to be what the issue is referring to, but maybe I am not following correctly

bruno_santos (Tue, 03 Nov 2020 12:41:30 GMT):

Hello everyone. Did any of you try to run the aries-acapy-controllers on a OpenStack server? I'm having issues with the connection between the ALICE Controller and Agent

bruno_santos (Tue, 03 Nov 2020 12:43:29 GMT):



Clipboard - 3 de Novembro de 2020 12:43

bruno_santos (Tue, 03 Nov 2020 12:46:06 GMT):



Clipboard - 3 de Novembro de 2020 12:46

bruno_santos (Tue, 03 Nov 2020 12:46:23 GMT):



Clipboard - 3 de Novembro de 2020 12:46

bruno_santos (Tue, 03 Nov 2020 12:48:00 GMT):

Even when specifying the ALICE_AGENT_HOST env var value, i think the controller is unable to assume the passed value....

bruno_santos (Tue, 03 Nov 2020 16:06:53 GMT):

@amanji could it have anything to do with the used nginx?

amanji (Tue, 03 Nov 2020 16:47:04 GMT):

Can you paste the command used to build the controller image?

amanji (Tue, 03 Nov 2020 16:50:35 GMT):

Is it possible that you are using an old image that was built without setting the `ALICE_AGENT_HOSTNAME` provided (thus defaulting to localhost). I believe the hostname is set when the image is built not when the container runs.

bruno_santos (Tue, 03 Nov 2020 16:56:13 GMT):

@amanji sure:
ALICE_AGENT_HOST="172.31.8.237" ./ run_demo webstart

Correct, that could have been the cause, but I tried this before deleting the docker images and after, with no success....

amanji (Tue, 03 Nov 2020 16:59:21 GMT):

Ok that clarifies some things. I can look at changing the way the configurations are read in for the controller (for example, at rather than at build time) but it'll require some code changes. For now, have you tried running the demo using Play With Docker?

amanji (Tue, 03 Nov 2020 16:59:21 GMT):

Ok that clarifies some things. I can look at changing the way the configurations are read in for the controller (for example, at run time rather than at build time) but it'll require some code changes. For now, have you tried running the demo using Play With Docker?

amanji (Tue, 03 Nov 2020 16:59:49 GMT):

https://github.com/hyperledger/aries-acapy-controllers/tree/master/AliceFaberAcmeDemo#running-in-a-browser

bruno_santos (Tue, 03 Nov 2020 17:06:51 GMT):

Ok, thank you. I haven't tried running in a browser because the project I'm working on requires the usage of a company's remote server....

esune (Tue, 03 Nov 2020 17:16:30 GMT):

I must have misread then, @swcurran or @sklump should be more up-to-date about this so let's ask them

swcurran (Tue, 03 Nov 2020 23:23:48 GMT):

Almost certainly a path issue, but @ianco -- any more specific ideas?

ianco (Tue, 03 Nov 2020 23:24:25 GMT):

Either a path issue, or the pythin indy library isn't installed

ianco (Tue, 03 Nov 2020 23:24:25 GMT):

Either a path issue, or the python indy library isn't installed

bruno_santos (Wed, 04 Nov 2020 11:14:33 GMT):



Clipboard - 4 de Novembro de 2020 11:14

bruno_santos (Wed, 04 Nov 2020 11:15:13 GMT):

@amanji thank you for your assistance, but I've managed to fix it.

bruno_santos (Wed, 04 Nov 2020 11:16:01 GMT):

It was an issue with an exported system env var -> ALICE_AGENT_HOST=172.31.8.237

amanji (Wed, 04 Nov 2020 14:32:39 GMT):

Nice!

bruno_santos (Wed, 04 Nov 2020 15:30:23 GMT):

Just one question @amanji, can the ACME's proof request object be customizable?

TimoGlastra (Wed, 04 Nov 2020 16:59:07 GMT):

Hi all, I’ve also posted this in the multi-tenancy discussion of this channel, but for everyone interested I’d like some feedback on the design of adding multitenancy capabilities to ACA-Py. See: https://hackmd.io/@animo/acapy-multitenancy-design . Anyone can comment on the document, so if you have any remarks your thoughts are very welcome :)

TimoGlastra (Wed, 04 Nov 2020 17:00:12 GMT):

@swcurran could we schedule some time during the next ACA-Pug call to discuss the multitenancy design?

swcurran (Wed, 04 Nov 2020 19:48:31 GMT):

You got it -- next Wednesday's meeting.  Hope that works.

TimoGlastra (Thu, 05 Nov 2020 09:16:58 GMT):

Yes perfect

DucaDellaForcoletta (Thu, 05 Nov 2020 10:59:58 GMT):

Hi all, Is possible to customize the max size of the entity payload for the admin apis? I obtain: "Handler error with exception: Request Entity Too Large" upon free offer request. My requests exceed 1 Mb

swcurran (Thu, 05 Nov 2020 14:08:56 GMT):

@sklump @andrew.whitehead ^^^

DucaDellaForcoletta (Thu, 05 Nov 2020 14:35:22 GMT):

A custom client_max_size could be passed at this init https://github.com/hyperledger/aries-cloudagent-python/blob/653a4c2c4d19e1e3a0b6b89467affcea81827434/aries_cloudagent/admin/server.py#L288 ```
but I don't know if some side effects could occurs.
```

DucaDellaForcoletta (Thu, 05 Nov 2020 14:35:22 GMT):

A custom client_max_size could be passed at this init https://github.com/hyperledger/aries-cloudagent-python/blob/653a4c2c4d19e1e3a0b6b89467affcea81827434/aries_cloudagent/admin/server.py#L288 
but I don't know if some side effects could occurs.

sklump (Thu, 05 Nov 2020 14:49:48 GMT):

Andrew looked into this before (a month ago? six weeks?) but I can't remember what the outcome was.

lohan.spies (Fri, 06 Nov 2020 10:40:09 GMT):

We have implemented the introductions API in our AcaPy controller. However, want to ask a bit more about how it actually work as we are uncertain about the flow etc.
Would really appreciate if you could help shed some light on the intro API. @WadeBarnes

WadeBarnes (Fri, 06 Nov 2020 14:16:32 GMT):

@ianco, @esune, Are you able to provide @lohan.spies with some insight?

ianco (Fri, 06 Nov 2020 14:17:34 GMT):

Sorry I'm not familiar with introductions, I've never tried to implement this process

WadeBarnes (Fri, 06 Nov 2020 14:18:35 GMT):

Perhaps an @andrew.whitehead question.

esune (Fri, 06 Nov 2020 16:19:09 GMT):

Same as @ianco, I have never really used introductions yet - sorry.

swcurran (Fri, 06 Nov 2020 16:29:52 GMT):

The idea that I started with (and that I think was implemented) is the following.  Alice is connected to Bob and Carol, and wants to introduce one to the other.  She requests a invitation from either or both and receives a message back from one (say, Bob) that includes an invitation that Bob constructed.  Alice sends a message to Carol with the invitation from Bob embedded.  Carol process the invitation as if she received in ways we are familiar -- e.g. from scanning a QR code.

seriousm 3 (Sat, 07 Nov 2020 14:34:31 GMT):

Has joined the channel.

ankita.p17 (Sun, 08 Nov 2020 12:23:30 GMT):



postgres-error.txt

ankita.p17 (Sun, 08 Nov 2020 12:23:45 GMT):

I am trying to run the aca-py with postgres plugin. I am not able to run the agent with a non-superuser postgres user. I created a  user with superuser, createDB & createRole permission and worked on ubuntu 18.04. I am trying to run the same on AWS and it is failing with below error. 
It seems to be error with plugin.

ankita.p17 (Sun, 08 Nov 2020 12:27:22 GMT):



postgres-error.txt

ankita.p17 (Sun, 08 Nov 2020 12:27:22 GMT):



postgres-error.txt

ankita.p17 (Sun, 08 Nov 2020 12:52:09 GMT):



postgres-error.txt

ankita.p17 (Sun, 08 Nov 2020 12:57:44 GMT):



postgres-error&db.zip

ankita.p17 (Sun, 08 Nov 2020 12:57:44 GMT):



postgres-error&db.zip

ankita.p17 (Sun, 08 Nov 2020 13:01:05 GMT):

indy.libindy.native.postgres DEBUG  /home/user/.cargo/registry/src/github.com-1ecc6299db9ec823/postgres-0.15.2/src/lib.rs:901 | executing query: 
2020-11-06 19:19:15,029 indy.libindy.native.postgres DEBUG  /home/user/.cargo/registry/src/github.com-1ecc6299db9ec823/postgres-0.15.2/src/lib.rs:489 | preparing query with name ``: SELECT value FROM metadata
thread '' panicked at 'called `Result::unwrap()` on an `Err` value: Error(Db(DbError { severity: "ERROR", parsed_severity: Some(Error), code: SqlState("42P01"), message: "relation \"metadata\" does not exist", detail: None, hint: None, position: Some(Normal(19)), where_: None, schema: None, table: None, column: None, datatype: None, constraint: None, file: Some("parse_relation.c"), line: Some(1191), routine: Some("parserOpenTable") }))', src/postgres_storage.rs:1597:19
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
thread '' panicked at 'called `Result::unwrap()` on an `Err` value: "PoisonError { inner: .. }"', src/lib.rs:890:27
stack backtrace:
     0x7feedf4c1b15 - backtrace::backtrace::libunwind::trace::h396c07d2071b43af
                          at /cargo/registry/src/github.com-1ecc6299db9ec823/backtrace-0.3.46/src/backtrace/libunwind.rs:86
     0x7feedf4c1b15 - backtrace::backtrace::trace_unsynchronized::h7aa0e4bb23d9c158
                          at /cargo/registry/src/github.com-1ecc6299db9ec823/backtrace-0.3.46/src/backtrace/mod.rs:66
     0x7feedf4c1b15 - std::sys_common::backtrace::_print_fmt::hd15ac5d4adcd355b
                          at src/libstd/sys_common/backtrace.rs:78
     0x7feedf4c1b15 - ::fmt::hec5354be8ccc3ecc
                          at src/libstd/sys_common/backtrace.rs:59
     0x7feedf4e512c - core::fmt::write::h3d34909eeb4f225b
                          at src/libcore/fmt/mod.rs:1076
     0x7feedf4bd3e3 - std::io::Write::write_fmt::h1da287b3de55ed16
                          at src/libstd/io/mod.rs:1537
     0x7feedf4c4100 - std::sys_common::backtrace::_print::h4d206838e1ace354
                          at src/libstd/sys_common/backtrace.rs:62
     0x7feedf4c4100 - std::sys_common::backtrace::print::h1f778e9940ee5977
                          at src/libstd/sys_common/backtrace.rs:49
     0x7feedf4c4100 - std::panicking::default_hook::{{closure}}::h704403a56cbf5783
                          at src/libstd/panicking.rs:198
     0x7feedf4c3e4c - std::panicking::default_hook::ha4567a10dec4ef8d
                          at src/libstd/panicking.rs:218
     0x7feedf4c4737 - std::panicking::rust_panic_with_hook::h88a1f16ec8a7bb20
                          at src/libstd/panicking.rs:486
     0x7feedf4c433b - rust_begin_unwind
                          at src/libstd/panicking.rs:388
     0x7feedf4e3ac1 - core::panicking::panic_fmt::hbddb7fe6f399b81a
                          at src/libcore/panicking.rs:101
     0x7feedf4e38e3 - core::option::expect_none_failed::h60849c4323f09783
                          at src/libcore/option.rs:1272
     0x7feedf351fe0 - core::result::Result::unwrap::hb220d6d130135664
                          at /rustc/5c1f21c3b82297671ad3ae1e8c942d2ca92e84f2/src/libcore/result.rs:1005
     0x7feedf34a136 - indystrgpostgres::PostgresWallet::close::h59c6619ac2581d8b
                          at src/lib.rs:890
     0x7feedeb243b4 - ::drop::h0ab7273bcb546dcc
     0x7feedeb10910 - core::ptr::real_drop_in_place::hd8059e8b42bbf90e
     0x7feedeb14a8b - indy_wallet::WalletService::_open_storage_and_fetch_metadata::h65105f41ff19f507
     0x7feedeb12a99 - indy_wallet::WalletService::open_wallet_prepare::h1b3da47ca1b3fe43
     0x7feede7eb392 - indy::commands::wallet::WalletCommandExecutor::execute::hd589416f9ce4a3c8
     0x7feede9d89c2 - std::sys_common::backtrace::__rust_begin_short_backtrace::h78cef693d4e097b6
     0x7feedee46b9a - __rust_maybe_catch_panic
                          at src/libpanic_unwind/lib.rs:82
     0x7feede75d796 - core::ops::function::FnOnce::call_once{{vtable.shim}}::hd8bac0c1291652bf
     0x7feedee3742f -  as core::ops::function::FnOnce>::call_once::h42806b83647d4c79
                          at /rustc/eae3437dfe991621e8afdc82734f4a172d7ddf9b/src/liballoc/boxed.rs:746
     0x7feedee45fa0 -  as core::ops::function::FnOnce>::call_once::h83c921c8e826dd1d
                          at /rustc/eae3437dfe991621e8afdc82734f4a172d7ddf9b/src/liballoc/boxed.rs:746
     0x7feedee45fa0 - std::sys_common::thread::start_thread::h2613204ce513782e
                          at src/libstd/sys_common/thread.rs:13
     0x7feedee45fa0 - std::sys::unix::thread::Thread::new::thread_start::h4570080769500bcd
                          at src/libstd/sys/unix/thread.rs:79
     0x7feee90126db - start_thread
     0x7feee859671f - __clone
                0x0 - 
thread panicked while panicking. aborting.

ankita.p17 (Sun, 08 Nov 2020 13:01:59 GMT):



postgres-error.txt

ankita.p17 (Sun, 08 Nov 2020 13:02:10 GMT):



DB.png

ankita.p17 (Sun, 08 Nov 2020 13:02:33 GMT):

Any help will be appreciated.

domwoe (Mon, 09 Nov 2020 08:37:14 GMT):

Has there been any thinking about how updates of credentials should be implemented?

ankita.p17 (Mon, 09 Nov 2020 10:51:30 GMT):

Hi @andrew.whitehead @ianco @PatrikStas if you can help in this

sklump (Mon, 09 Nov 2020 11:06:23 GMT):

It is not possible to change credentials. If it were, digital signatures would be useless.

purulalwani (Mon, 09 Nov 2020 12:13:09 GMT):

Has joined the channel.

domwoe (Mon, 09 Nov 2020 12:17:25 GMT):

certainly true, but claims may change. The general approaches to handle this are (1) Expiration/Refresh (2) Revocation/Resissuance and I was wondering if there is already any discussion about such scenarios. The W3C VC data model includes properties to define validity periods and a "refresh endpoint". The indy ecosystem is more inclined towards the revocation approach and validity periods seem to be not really used

sklump (Mon, 09 Nov 2020 12:20:35 GMT):

Revocation/reissue is the general direction here but there are no specifics yet in Aries standards. Expiry is possible at application layer but any such dates would be schema attributes with semantics up to the application.

sklump (Mon, 09 Nov 2020 12:20:57 GMT):

Revocation/reissue is the general direction here but there are no specifics yet in Aries standards. Expiry is possible at application layer but any such dates would be schema attributes with semantics up to the application.

purulalwani (Mon, 09 Nov 2020 12:24:44 GMT):

Hi All, I have registered DID and Verkey on staging using selfserve portal and trying to connect the staging using aries python agent (aca-py)  but I keep seeing TAA agreement while starting the aries agent with seed which I don't see while connecting to the VON network. Can you please help me how to accept it permanently so we can do transactions without accepting again & again?

domwoe (Mon, 09 Nov 2020 12:38:05 GMT):

Yes, understood, although standardization around that would be desired

ianco (Mon, 09 Nov 2020 14:18:25 GMT):

Can you provide all the startup parameters you used?

ianco (Mon, 09 Nov 2020 14:19:02 GMT):

I suspect that because you created the database manually then the sdk thinks the wallet has been initialized, however it is erroring out when it tries to read the metadata.

ianco (Mon, 09 Nov 2020 14:20:27 GMT):

Try deleting the database user you created manually.  Then let the sdk create the wallet/database (you will need to provide the postgres admin user credentials to to this). Once the wallet is crested you should be able to run aca-py with "normal" user credentials (the admin user is only required initially to create teh wallet)

wip-abramson (Mon, 09 Nov 2020 15:05:11 GMT):

Hmm this flow makes sense, but I am still a little confused from the code. 

* Alice starts intro between Bob & Carol by asking Bob (start-introduction swagger api)
* Bob receives this as an InvitationRequest message.

I follow this in the code, but then I think some swagger apis are missing for the following:

* Bob decides to accept and respond with invite for Alice to forward to Carol. First he creates an oob connection invite (swagger: /out-of-band/create-invitation). *How does Bob then send this to Alice, no obvious api for this implemented*. Although the AgentMessages are defined.
* Then Alice receives an (introduction) Invitation message from Bob and the demo service automatically forwards this to Carol I believe.
* Carol receives the ForwardInvitation and uses connectionMgr to store it (https://github.com/hyperledger/aries-cloudagent-python/blob/653a4c2c4d19e1e3a0b6b89467affcea81827434/aries_cloudagent/protocols/introduction/v0_1/handlers/forward_invitation_handler.py) *How does Carol know this is a connection from an introduction?* Carols agent knows as they received this message but from looking at the code this information doesn't appear to bubble up to the business logic layer.

wip-abramson (Mon, 09 Nov 2020 15:06:46 GMT):

Sorry quite a long one, I was working it through as I went :) I think just one api missing. Perhaps, @lohan.spies  or I can submit a P.R.

swcurran (Mon, 09 Nov 2020 15:29:44 GMT):

I'm not to that detail in the code, so will leave to others to answer.  I suspect you are right that the implementation is not complete.  I also recall that the Introduction RFC went to quite a bit more complexity and I faded out of it.  As I recall, the Aries Go folks were using it.

bruno_santos (Mon, 09 Nov 2020 15:37:04 GMT):

Hello @swcurran, about the p_type on the requested_predicates, does it currently support <=, >=, < & > only?

swcurran (Mon, 09 Nov 2020 15:49:31 GMT):

Yes -- that's it.

daidoji (Mon, 09 Nov 2020 21:53:36 GMT):

Has joined the channel.

daidoji (Mon, 09 Nov 2020 21:54:12 GMT):

Question, if I create a local-did with `wallet/did/create` in aca-py and then try to get the endpoint `wallet/get-did-endpoint` why isn't the endpoint set in the response when I set it at wallet provisioning via the `--endpoint` argument?  I seem to be getting `null`

daidoji (Mon, 09 Nov 2020 21:54:24 GMT):

I started with `(TrustScience) daidoji@worklaptop:~/aries-course/aries-cloudagent-python/demo$ aca-py start -it http 0.0.0.0 8020 -ot http --endpoint http://localhost:8020 --admin-insecure-mode --admin 0.0.0.0 8021 --genesis-url http://localhost:9000/genesis`

sklump (Tue, 10 Nov 2020 11:22:56 GMT):

The `--endpoint` argument carries the default endpoint to use in invitations (DID docs). To set an endpoint for a particular did, use `POST wallet/set-did-endpoint`.

daidoji (Tue, 10 Nov 2020 14:24:47 GMT):

@sklump thanks.  I guess I thought that would be the default endpoint for all dids created without it being overridden.

wip-abramson (Tue, 10 Nov 2020 16:07:27 GMT):

Sure, thanks Stephen. Yep the RFC does appear more complex, perhaps I will try to dig into the go codebase aslo

wip-abramson (Tue, 10 Nov 2020 16:07:54 GMT):

We don't have a use case for it really, I just think its cool and useful and would like to demonstrate it working

lohan.spies (Tue, 10 Nov 2020 17:18:15 GMT):

@wip-abramson lets chat and see what we can do to help and maybe create a PR

purulalwani (Wed, 11 Nov 2020 06:54:47 GMT):

@swcurran @WadeBarnes - could you please help with above?

bruno_santos (Wed, 11 Nov 2020 11:21:08 GMT):

Hello @amanji, I'm trying to add an image to the navbar in the 3 controllers, however when recompiling it only adds the image to Acme and Faber's controller. Do you know what the issue can be?

bruno_santos (Wed, 11 Nov 2020 11:28:38 GMT):

Ok @swcurran thank you for clarifying. Do you have an idea if and when the '==' operation is to be implemented?

wip-abramson (Wed, 11 Nov 2020 13:38:34 GMT):

You have registered your DID (written it to the ledger) but not accepted the TAA. See https://github.com/OpenMined/PyDentity/blob/master/tutorials/aries-stagingnet/notebooks/issuer/Part%202%20-%20Writing%20a%20Public%20DID%20to%20the%20Sovrin%20StagingNet.ipynb

deas (Wed, 11 Nov 2020 14:14:22 GMT):

I can't find @swcurran's previous response (to me, when I asked the same question), but I understand that equivalence ('==') will not be implemented because it requires explicit knowledge of the data and is therefore, by definition, not zero-knowledge.

Is there a way to search this rocket chat to find that post? I didn't have any luck.

swcurran (Wed, 11 Nov 2020 14:31:01 GMT):

The trick is to request the value as a referent (explicitly requested -- since you will know the value) and use the restriction "value" to do an equality match.  No predicate needed.

swcurran (Wed, 11 Nov 2020 14:32:23 GMT):

Awesome answer, Will!

amanji (Wed, 11 Nov 2020 15:26:53 GMT):

Do you have a code snippet available for Alice?

bruno_santos (Wed, 11 Nov 2020 16:03:31 GMT):



Clipboard - 11 de Novembro de 2020 16:03

bruno_santos (Wed, 11 Nov 2020 16:04:45 GMT):

Adding this image tag on the other controllers works. I've also tried with having the image locally (assests/img/logo.jpg), to no success

amanji (Wed, 11 Nov 2020 16:11:30 GMT):

You will likely have to rebuild the Angular application image. For development purposes I’d suggest running a local instance of each of the apps and use Docker when you are ready to deploy. 

amanji (Wed, 11 Nov 2020 16:15:19 GMT):

AliceFaberAcmeDemo/controllers/alice-controller/README.md

amanji (Wed, 11 Nov 2020 16:15:19 GMT):

https://github.com/hyperledger/aries-acapy-controllers/blob/master/AliceFaberAcmeDemo/controllers/alice-controller/README.md

amanji (Wed, 11 Nov 2020 16:16:37 GMT):

Each controller can be developed independently 

bruno_santos (Wed, 11 Nov 2020 16:25:23 GMT):

For me it makes no sense, because when I changed the name of the span, saved the changes and then built a new docker image, the name in the span was altered, but the image didn't appear...

bruno_santos (Wed, 11 Nov 2020 16:27:12 GMT):

I've used the compose file that builds the controllers and the agents. After accessing locally with the changes on all three controllers, only the img tag on alice didn't load

swcurran (Wed, 11 Nov 2020 16:37:50 GMT):

Join us for the ACA-Py User Group is today, Wednesday at 11AM Pacific (19:00 UTC/20:00 CET) -- the hour before the Aries WG Call. We'll have the core maintainers on the call to answer questions. Today we'll be talking about Multi-tenancy and I'm going to be sharing some initial thoughts on getting to W3C Standard Verifiable Credentials with ZKP and Selective Disclosure -- aka BBS+.

Zoom link will be: https://zoom.us/my/hyperledger.community?pwd=STZQd0xMZU9xRVVOVnpQM3JNQ2dqZz09 ; Link to meeting agenda page: https://wiki.hyperledger.org/display/ARIES/2020-11-11+Aries+Cloud+Agent+-+Python+Users+Group+Community+Meeting

Everyone is welcome!

bruno_santos (Wed, 11 Nov 2020 16:58:30 GMT):

@amanji solved the issue, when removing the docker images, I wasn't removing the node image...

bruno_santos (Wed, 11 Nov 2020 16:59:09 GMT):

But it still doens't make sense to me, since the other changes persisted, except for the image one...

bruno_santos (Wed, 11 Nov 2020 16:59:09 GMT):

But it still doesn't make sense to me, since the other changes persisted, except for the image one...

amanji (Wed, 11 Nov 2020 17:00:22 GMT):

Could you check your network tab to see if the image is actually loading from the remote source? 

bruno_santos (Wed, 11 Nov 2020 17:00:58 GMT):

@swcurran sorry to bother, just one more question, is it possible to have something like this?

bruno_santos (Wed, 11 Nov 2020 17:01:36 GMT):

p_type": ">= && <="

amanji (Wed, 11 Nov 2020 17:02:58 GMT):

[ ](https://chat.hyperledger.org/channel/aries-cloudagent-python?msg=Kz4oQqRH82DYWeFJc)  Currently the command to run the demos doesn’t rebuild the images. Perhaps we can add another command called `build` that does that. 

bruno_santos (Wed, 11 Nov 2020 17:03:55 GMT):



Clipboard - 11 de Novembro de 2020 17:03

bruno_santos (Wed, 11 Nov 2020 17:04:02 GMT):

I believe so

swcurran (Wed, 11 Nov 2020 17:04:17 GMT):

I think you have to do that as two predicates using the same claim/attribute.

bruno_santos (Wed, 11 Nov 2020 17:07:24 GMT):

"requested_predicates": {
     "0_flag_GE_uuid": {
         "name": "flag",
         "p_type": ">=",
         "p_value": 1,
         "restrictions": [
             {
                 "cred_def_id": ""
             }
         ]
      },
      "1_flag_GE_uuid": {
         "name": "flag",
         "p_type": "<=",
         "p_value": 1,
         "restrictions": [
             {
                 "cred_def_id": ""
             }
         ]
      }
  }

bruno_santos (Wed, 11 Nov 2020 17:07:28 GMT):

Like this?

amanji (Wed, 11 Nov 2020 17:07:46 GMT):

Would it be possible to try running the app locally with the `ng cli`? Want to try and rule out any anomalies with the Docker build. 

bruno_santos (Wed, 11 Nov 2020 17:14:40 GMT):

Locally I am building all 3 controllers by acessing the compose in the docker folder

swcurran (Wed, 11 Nov 2020 17:14:42 GMT):

Likely to work -- that's what I meant.  You could also do it by adding to the restrictions a line with value:flag, "1" and then you can get rid of the second predicate entry.

bruno_santos (Wed, 11 Nov 2020 17:18:34 GMT):

"requested_predicates": {
   "0_flag_GE_uuid": {
      "name": "flag",
      "restrictions": [
         {
            "cred_def_id": "",
            "value": 1
         }
      ]
   }
}

bruno_santos (Wed, 11 Nov 2020 17:19:33 GMT):

Is the syntax correct? If so, could this value be something like:```
"value":"BzCbsNYhMrjHiqZDTUASHg"
```

swcurran (Wed, 11 Nov 2020 17:21:47 GMT):

No.. I'll have to look up -- or someone could help me?

I'll look.  Dang, we need to get this documented.

bruno_santos (Wed, 11 Nov 2020 17:22:30 GMT):

Thank you good sir :thumbsup:

swcurran (Wed, 11 Nov 2020 17:24:41 GMT):

I think what you want is:

`"attr:flag:value":"1"`

swcurran (Wed, 11 Nov 2020 17:24:41 GMT):

I think what you want is:

`"attr::flag::value":"1"`

bruno_santos (Wed, 11 Nov 2020 17:25:35 GMT):

Understood, will try that solution

bruno_santos (Wed, 11 Nov 2020 17:26:01 GMT):

To confirm:
`"requested_predicates": {
   "0_flag_GE_uuid": {
      "name": "flag",
      "restrictions": [
         {
            "cred_def_id": "",
            "attr:flag:value":"1"
         }
      ]
   }
}`

swcurran (Wed, 11 Nov 2020 17:26:12 GMT):

It may be a double `::` colons.

bruno_santos (Wed, 11 Nov 2020 17:27:43 GMT):

Ok, i'll try both

swcurran (Wed, 11 Nov 2020 17:27:55 GMT):

I'm not clear if that double colons is for escaping, or part of the syntax.

swcurran (Wed, 11 Nov 2020 17:27:57 GMT):

https://jira.hyperledger.org/browse/IS-1363

swcurran (Wed, 11 Nov 2020 17:28:03 GMT):

This has a link to the PR.

amanji (Wed, 11 Nov 2020 17:29:39 GMT):

Could you try clearing the cache on your browser?

swcurran (Wed, 11 Nov 2020 17:29:49 GMT):

Definitely double colons.

See test cases:

https://github.com/hyperledger/indy-sdk/pull/1870/files#diff-af50ab98be1388f8ba020a44575f4287f9757d3a967c573bfaa25c95f2262623R2802

amanji (Wed, 11 Nov 2020 17:30:18 GMT):

Although again if the other changes persisted I don’t see why the image wouldn’t load 

bruno_santos (Wed, 11 Nov 2020 17:30:44 GMT):

Nice, and it looks like it supports strings as well :ok_hand:

bruno_santos (Wed, 11 Nov 2020 17:31:27 GMT):

Ok, will try

bruno_santos (Wed, 11 Nov 2020 17:32:06 GMT):

It could possibly be because of the cache as you said

amanji (Wed, 11 Nov 2020 17:32:39 GMT):

Oh did a hard reload resolve it?

bruno_santos (Wed, 11 Nov 2020 17:34:47 GMT):

Yup, before building the image i've Ctrl Shift Del on Chrome

jameshiester (Wed, 11 Nov 2020 20:04:27 GMT):

is there a way to optionally request attributes in a proof request?

jameshiester (Wed, 11 Nov 2020 20:05:27 GMT):

as in there are required attributes and some additional ones that can optionally be provided.  So maybe name and email are required, but job title is optional

cam-parra (Wed, 11 Nov 2020 21:52:36 GMT):

has anyone deployed the tails server files to docker-hub? looking to reuse them or upload them to dockerhub

jameshiester (Wed, 11 Nov 2020 22:20:44 GMT):

if I use the "names" attribute for a proof request, how would I write a restriction for the value of a specific attribute?  e.g. if I have names: ['name','email'] what would it look like if I wanted to restrict the value of name to 'john doe'?

swcurran (Thu, 12 Nov 2020 00:09:33 GMT):

I believe you would just add a "restrictions" clause with:

"attr::name::value" : "john doe"

swcurran (Thu, 12 Nov 2020 00:09:53 GMT):

We really need to get a reference and FAQ about proof requests.

swcurran (Thu, 12 Nov 2020 00:10:34 GMT):

Not absolutely certain, but what we have found is that all are optional, and a proof will pass as long as what is provided is correct.

swcurran (Thu, 12 Nov 2020 00:10:34 GMT):

Not absolutely certain, but what we have found is that all are optional, and a proof will pass as long as what is provided is cryptographically correct.

swcurran (Thu, 12 Nov 2020 00:10:49 GMT):

As such, it appears that a post verification step is needed.

jcourt (Thu, 12 Nov 2020 04:15:28 GMT):

I am a little unclear on the sequence where `POST /present-proof/create-request`  would be used ?   The comment says "Creates a presentation request not bound to any proposal or existing connection".  The question is how is what it creates intended to be used ?  There is no way to retrieve this from the wallet, assuming it was saved.  Is the intention that the returned response is then somehow used in the `POST /present-proof/send-request` ?

purulalwani (Thu, 12 Nov 2020 10:05:12 GMT):

Thanks @wip-abramson, issue was docker-compose up command as it does not allow screen input but using run command I am able accept the TAA and proceed further.

jameshiester (Thu, 12 Nov 2020 13:33:20 GMT):

have there been any updates in the last month or so around the multi-tenant wallet approach?

ianco (Thu, 12 Nov 2020 13:50:15 GMT):

There's a discussion on this topic, I just added you

lohan.spies (Thu, 12 Nov 2020 14:36:29 GMT):

Please add me as well @ianco

bruno_santos (Thu, 12 Nov 2020 14:52:08 GMT):

Hello @swcurran , I've tried using the attr::name::value restriction on the attribute:

bruno_santos (Thu, 12 Nov 2020 14:52:14 GMT):

{
    "connection_id": "21d27c3f-71db-4f0c-8c57-fca587ffa9a8",
    "proof_request": {
        "name": "Proof of Ownership",
        "version": "1.0",
        "requested_attributes": {
            "0_provider_did_uuid": {
                "name": "provider_did",
                "restrictions": [
                    {
                        "cred_def_id": "FEQmM6fEfnraU4hHvVtBzC:3:CL:318:provider_default",
                        "attr::provider_did::value": "BzCbsNYhMrjHiqZDTUASHg" 
                    }
                ]
            },
            "0_self_attested_thing_uuid": {
                "name": "self_attested_thing"
            }
        },
        "requested_predicates": {}
    }
}

bruno_santos (Thu, 12 Nov 2020 14:52:34 GMT):

But it failed to verify it successfully...

ianco (Thu, 12 Nov 2020 15:59:10 GMT):

Done.  The discussion is called "Multi Tenancy" I don't know if it's discoverable by non-members or not?

ianco (Thu, 12 Nov 2020 15:59:44 GMT):

Also this is going to be a regular topic at the aca-pug meetings (every second Wednesday)

swcurran (Thu, 12 Nov 2020 16:11:01 GMT):

This is used in a connection-less proof request/proof sequence. In that, the plaintext proof request includes a service endpoint for the response (endpoint and public key for encryption). The receiver of that message generates the proof and responds to the service endpoint.

swcurran (Thu, 12 Nov 2020 16:11:01 GMT):

This is used in a connection-less proof request/proof sequence. In that, the plaintext proof request includes a service endpoint for the response (endpoint and public key for encryption). The receiver of that message generates the proof and responds to the service endpoint using a DIDComm message.

swcurran (Thu, 12 Nov 2020 16:13:20 GMT):

@ianco thoughts on the above?  Can a value restriction be on a string, or would it have to be one the enoded value -- meaning the SHA256 of the string?

daidoji (Thu, 12 Nov 2020 16:19:08 GMT):

@ianco They presented on it in the meeting just yesterday.

daidoji (Thu, 12 Nov 2020 16:19:17 GMT):

you could probably watch that recording if you want the details

ianco (Thu, 12 Nov 2020 16:19:41 GMT):

Yes I was on the call :-D

daidoji (Thu, 12 Nov 2020 16:19:46 GMT):

oh right haha

ianco (Thu, 12 Nov 2020 16:19:53 GMT):

:=P

ianco (Thu, 12 Nov 2020 16:19:53 GMT):

:-P

daidoji (Thu, 12 Nov 2020 16:19:56 GMT):

you were making a statement

ianco (Thu, 12 Nov 2020 16:20:07 GMT):

yes

daidoji (Thu, 12 Nov 2020 16:20:16 GMT):

shows how well I'm reading this morning

ianco (Thu, 12 Nov 2020 16:21:06 GMT):

Yes it can be on a string

ianco (Thu, 12 Nov 2020 16:21:49 GMT):

Looks like a syntax error in the json structure, the restriction needs to be inside the `"restrictions": []` array

ianco (Thu, 12 Nov 2020 16:22:53 GMT):

Actually scratch that ...

ianco (Thu, 12 Nov 2020 16:23:19 GMT):

... but I'm not sure "provided_did" is an attribute in the credential?

ianco (Thu, 12 Nov 2020 16:23:19 GMT):

... but I'm not sure `provider_did` is an attribute in the credential?

bruno_santos (Thu, 12 Nov 2020 16:34:20 GMT):

Hi @ianco, i've with and without [], to no success. Can confirm though that the provider_did is an attribute of the schema

EtricKombat (Fri, 13 Nov 2020 15:47:42 GMT):

Has joined the channel.

Leila_M (Fri, 13 Nov 2020 19:53:30 GMT):

Has joined the channel.

Leila_M (Fri, 13 Nov 2020 19:53:30 GMT):

Hi, is there anyone who is expert in Sovrin and has time for a short interview for a master thesis regarding this subject and self-sovereign identities? I would appreciate it.

cam-parra (Mon, 16 Nov 2020 19:43:17 GMT):

@nage ^

jcourt (Mon, 16 Nov 2020 21:54:52 GMT):

Right, got it, thanks !

kukgini (Tue, 17 Nov 2020 10:31:10 GMT):

@swcurran  could you explain why is it called connection-less? It seems like even if proof request can be sent without DIDComm channel, the response should have to establish a connection.

swcurran (Tue, 17 Nov 2020 14:42:34 GMT):

The response is set via a DIDComm channel, but the the channel used is specified with the Presentation Request message, and is not retained by either side for use beyond the response. Hence there is no "permanent" connection established for future messages.

blidd (Wed, 18 Nov 2020 00:33:30 GMT):

Hello, I am doing some development on Aries and am running into some issues that I'm hoping someone here can help me with. From one agent, I am trying to create and store a DID and verkey, then store the DID and verkey on the VON-network ledger. From the other agent, I am trying to retrieve the verkey given the same DID, but am running into a WalletItemNotFound error. If someone has time to help me with this issue, I can provide additional details/code snippets. Thanks in advance.

ultimo2020 (Wed, 18 Nov 2020 06:25:15 GMT):

Hi everyone, I had a starter question. Is anyone building, or is it possible to build a mobile wallet app with the ACApy? 

daidoji (Wed, 18 Nov 2020 14:32:00 GMT):

@ultimo2020 probably not a specific reason you couldn't if you worked really hard at it, but python on mobile has always been a hard task.  No one I've heard of is using the aries cloud agent for a mobile application (hence the name)

swcurran (Wed, 18 Nov 2020 15:46:42 GMT):

Agree on the answer.  We found an open source project that purports to enable making mobile apps using python, but it doesn't appear to have much traction and we dropped the idea.  As the name suggested, ACA-Py is for non-mobile solutions.

jameshiester (Wed, 18 Nov 2020 17:39:40 GMT):

Oh interesting.  May want to clarify that in the docs.  I think some of the wallet implementations throw an error if a field is missing, specifically trinsic

ultimo2020 (Thu, 19 Nov 2020 06:02:11 GMT):

Thanks guys. So other that build mobile wallets are building on AriesNET and Xamarin

ultimo2020 (Thu, 19 Nov 2020 06:02:11 GMT):

Thanks guys. So other that build mobile wallets are building on AriesNET and Xamarin, I guess 

swcurran (Thu, 19 Nov 2020 15:05:13 GMT):

There are a couple of react native starter kits (not sure of current status) and GlobalID has announced they are open sourcing IOS (Swift) and Android (Kotlin) Aries Frameworks.

swcurran (Thu, 19 Nov 2020 15:06:40 GMT):

Check with @Alexi on the status of those.

fhmarino (Thu, 19 Nov 2020 20:39:20 GMT):

Hi Leila!

I'm tech lead of an organization here in Brazil which is a Sovrin steward in this moment, if you'd like to talk you just need to schedule it here: https://calendly.com/fhmarino/45-minutes-meeting

Regards

TimoGlastra (Thu, 19 Nov 2020 21:11:10 GMT):

We merged a PR last week that makes it possible to use aries-framework-javascript in React Native, but it is not in a usable stable yet

thomas_kim (Fri, 20 Nov 2020 07:44:34 GMT):

You can use aries-vcx: https://github.com/hyperledger/aries-vcx
There are Android & iOS demo projects. 
https://github.com/sktston/vcx-demo-android
https://github.com/sktston/vcx-demo-ios

SamB (Mon, 23 Nov 2020 04:30:25 GMT):

Hi Team, 
I want to scale up agent generation at run time using a cloud agent. How to achieve this? and if we use Kubernetes for the same then which tool I should use?

jcourt (Mon, 23 Nov 2020 06:11:29 GMT):

Can anyone give me a pointer on what causes the following error when attempting to use the `GET
/present-proof/records/{pres_ex_id}/credentials` swagger interface.

`400: Error when constructing wallet credential query: Error: Invalid structure. Caused by: Invalid ProofRequest json has been passed. Caused by: missing field "name". CommonInvalidStructure.` 

I am only specifying a pres_ex_id parameter and the presentation exchange record has the following data: 

`{
  "trace": false,
  "role": "prover",
  "initiator": "external",
  "created_at": "2020-11-23 05:47:34.449626Z",
  "presentation_exchange_id": "76ceb879-5ba4-417b-bc4d-1a1fcbfe748b",
  "thread_id": "d8f862c4-0385-4bc7-8afd-2d77e588bd2e",
  "presentation_request": {
    "requested_attributes": {
      "DOB": {
        "name": "DOB",
        "attributeRestrictions": [
          {
            "issuer_did": "NYBvswA8j4ZfvFRhZLqnov"
          }
        ]
      },
      "name": {
        "name": "name",
        "attributeRestrictions": [
          {
            "issuer_did": "NYBvswA8j4ZfvFRhZLqnov"
          }
        ]
      },
      "address": {
        "name": "address",
        "attributeRestrictions": [
          {
            "issuer_did": "NYBvswA8j4ZfvFRhZLqnov"
          }
        ]
      },
      "license_number": {
        "name": "license_number",
        "attributeRestrictions": [
          {
            "issuer_did": "NYBvswA8j4ZfvFRhZLqnov"
          }
        ]
      }
    },
    "requested_predicates": {},
    "nonce": "587644331022340578063640"
  },
  "connection_id": "8cfdc377-8bf5-4da6-be8a-561639020fe4",
  "state": "request_received",
  "updated_at": "2020-11-23 05:47:34.449626Z"
}`

jcourt (Mon, 23 Nov 2020 06:11:29 GMT):

Can anyone give me a pointer on what causes the following error when attempting to use the 
`GET /present-proof/records/{pres_ex_id}/credentials` swagger interface.

`400: Error when constructing wallet credential query: Error: Invalid structure. Caused by: Invalid ProofRequest json has been passed. Caused by: missing field "name". CommonInvalidStructure.` 

I am only specifying a pres_ex_id parameter and the presentation exchange record has the following data: 

`{
  "trace": false,
  "role": "prover",
  "initiator": "external",
  "created_at": "2020-11-23 05:47:34.449626Z",
  "presentation_exchange_id": "76ceb879-5ba4-417b-bc4d-1a1fcbfe748b",
  "thread_id": "d8f862c4-0385-4bc7-8afd-2d77e588bd2e",
  "presentation_request": {
    "requested_attributes": {
      "DOB": {
        "name": "DOB",
        "attributeRestrictions": [
          {
            "issuer_did": "NYBvswA8j4ZfvFRhZLqnov"
          }
        ]
      },
      "name": {
        "name": "name",
        "attributeRestrictions": [
          {
            "issuer_did": "NYBvswA8j4ZfvFRhZLqnov"
          }
        ]
      },
      "address": {
        "name": "address",
        "attributeRestrictions": [
          {
            "issuer_did": "NYBvswA8j4ZfvFRhZLqnov"
          }
        ]
      },
      "license_number": {
        "name": "license_number",
        "attributeRestrictions": [
          {
            "issuer_did": "NYBvswA8j4ZfvFRhZLqnov"
          }
        ]
      }
    },
    "requested_predicates": {},
    "nonce": "587644331022340578063640"
  },
  "connection_id": "8cfdc377-8bf5-4da6-be8a-561639020fe4",
  "state": "request_received",
  "updated_at": "2020-11-23 05:47:34.449626Z"
}`

jcourt (Mon, 23 Nov 2020 06:11:29 GMT):

Can anyone give me a pointer on what causes the following error when attempting to use the 
`GET /present-proof/records/{pres_ex_id}/credentials` swagger interface.

`400: Error when constructing wallet credential query: Error: Invalid structure. Caused by: Invalid ProofRequest json has been passed. Caused by: missing field "name". CommonInvalidStructure.` 

I am only specifying a pres_ex_id parameter and the presentation exchange record has the following data: 

```{
  "trace": false,
  "role": "prover",
  "initiator": "external",
  "created_at": "2020-11-23 05:47:34.449626Z",
  "presentation_exchange_id": "76ceb879-5ba4-417b-bc4d-1a1fcbfe748b",
  "thread_id": "d8f862c4-0385-4bc7-8afd-2d77e588bd2e",
  "presentation_request": {
    "requested_attributes": {
      "DOB": {
        "name": "DOB",
        "attributeRestrictions": [
          {
            "issuer_did": "NYBvswA8j4ZfvFRhZLqnov"
          }
        ]
      },
      "name": {
        "name": "name",
        "attributeRestrictions": [
          {
            "issuer_did": "NYBvswA8j4ZfvFRhZLqnov"
          }
        ]
      },
      "address": {
        "name": "address",
        "attributeRestrictions": [
          {
            "issuer_did": "NYBvswA8j4ZfvFRhZLqnov"
          }
        ]
      },
      "license_number": {
        "name": "license_number",
        "attributeRestrictions": [
          {
            "issuer_did": "NYBvswA8j4ZfvFRhZLqnov"
          }
        ]
      }
    },
    "requested_predicates": {},
    "nonce": "587644331022340578063640"
  },
  "connection_id": "8cfdc377-8bf5-4da6-be8a-561639020fe4",
  "state": "request_received",
  "updated_at": "2020-11-23 05:47:34.449626Z"
}```

andrew.whitehead (Mon, 23 Nov 2020 06:32:26 GMT):

The presentation request has required `name` and `version` attributes (which have few restrictions I think). It should also have `ver` set to "1.0". And the property named as attributeRestrictions there should be `restrictions`

jcourt (Mon, 23 Nov 2020 06:37:36 GMT):

Interesting, I created the proof_request via `POST
/present-proof/send-request`  the model on the swagger page only showed connection_id, requested_attributes and requested_predicates as required.  Think I better go back and rely on the RFCs for checking in future.

jcourt (Mon, 23 Nov 2020 06:38:04 GMT):

Thanks.  Must be horrid late there ?

andrew.whitehead (Mon, 23 Nov 2020 06:38:59 GMT):

Yup, time for bed :)

jcourt (Mon, 23 Nov 2020 06:49:14 GMT):

Yup that was it, "name" confused me as I though it meant the attribute "name" field.  Should have gone to the RFC to double check.

WadeBarnes (Mon, 23 Nov 2020 13:52:50 GMT):

We, the BC DTS (British Columbia [Canada] Digital Trust Services) team,  host our applications in OpenShift.  We have our agent containers auto-scaling from 2 to 21 instances in one environment to handle bulk issuance of credentials into https://orgbook.gov.bc.ca

You can find the build and deployment configurations here:
- https://github.com/bcgov/von-bc-registries-agent-configurations
- https://github.com/bcgov/orgbook-configurations

Those repositories contain links and references to the related application repositories.

SamB (Mon, 23 Nov 2020 13:54:25 GMT):

@WadeBarnes Thank you for your response and help.

ishaanh (Mon, 23 Nov 2020 19:24:20 GMT):

Has joined the channel.

TimoGlastra (Mon, 23 Nov 2020 21:57:49 GMT):

I heard the Aries WG call is canceled this week due to thanksgiving. Is the ACA-Pug call also canceled?

jcourt (Mon, 23 Nov 2020 21:59:18 GMT):

Actually double checking the RFC0037 I don't actually see 'name' or 'version' as required in the request.  I also however don't see ACA-py  listed as supporting RFC0037.  Is there any guidance on what ACA-py might be targeting for conformance on proof presentation ?  Maybe RFC0454 in future ?

swcurran (Mon, 23 Nov 2020 22:00:03 GMT):

No - we're planning to have it.

swcurran (Mon, 23 Nov 2020 22:00:19 GMT):

Much to talk about.

andrew.whitehead (Mon, 23 Nov 2020 22:48:44 GMT):

The RFC basically delegates to whatever the formal presentation format is, which is embedded within the messages that are used to exchange it. In this case (and all we currently support) it's an Indy proof request. I'm not sure where that format is documented except on this page in the comments: https://hyperledger-indy.readthedocs.io/projects/sdk/en/latest/docs/design/002-anoncreds/README.html?highlight=indy_prover_create_proof#api

jcourt (Mon, 23 Nov 2020 22:52:50 GMT):

I will read through that to get a better understanding of the background

andrew.whitehead (Mon, 23 Nov 2020 22:54:27 GMT):

It's about 3/4 down the page, can't see how to make a direct link

jcourt (Mon, 23 Nov 2020 22:56:15 GMT):

Thats fine I should probably pay more attention to the Indy background than I have. Assuming you can be contextually accurate in an evolving standards environment without understanding the lower layers is probably a mistake :-)

jcourt (Tue, 24 Nov 2020 02:42:32 GMT):

The other kind of odd thing is that the swagger definition for `GET
/present-proof/records/{pres_ex_id}/credentials` doesn't contain any model details so no type information gets generated by Codegen.

jcourt (Tue, 24 Nov 2020 02:42:32 GMT):

The other kind of odd thing is that the swagger definition for 
`GET /present-proof/records/{pres_ex_id}/credentials` 
doesn't contain any model details so no type information gets generated by Codegen.

bruno_santos (Tue, 24 Nov 2020 17:11:41 GMT):

Hello channel, on the Preparing to issue a Credential section of the cloudagent python docs (https://github.com/hyperledger/aries-cloudagent-python/blob/master/demo/AriesOpenAPIDemo.md#preparing-to-issue-a-credential), there's a To-Do sentence refering to the manual registration of a DID on the Indy public ledger. Is there an update on this? Or does anyone know what are the required steps?

esune (Tue, 24 Nov 2020 17:29:49 GMT):

The demo does not require you to register the did, as everything is prepared so that it should work out-of-the-box.

In a real-life scenario, though, you would have to register your did following the governance procedures for the specific ledger you will be using.

For Sovrin BuilderNet and StagingNet you can co to https://selfserve.sovrin.org

esune (Tue, 24 Nov 2020 17:29:49 GMT):

The demo does not require you to register the did, as everything is prepared so that it should work out-of-the-box.

In a real-life scenario, though, you would have to register your did following the governance procedures for the specific ledger you will be using.

For Sovrin BuilderNet and StagingNet (development ledgers, not to be used for production purposes) you can co to https://selfserve.sovrin.org

bruno_santos (Tue, 24 Nov 2020 17:36:34 GMT):

Ok, understood. I would like to dive into faber's code level and know how this registration is done, because I'm trying to apply this at a "real-life" scenario

bruno_santos (Tue, 24 Nov 2020 17:37:19 GMT):

Is the DID and verkey established by us? What are the limitations for these fields?

bruno_santos (Tue, 24 Nov 2020 17:39:37 GMT):

I'm running the project on an OpenStack server

bruno_santos (Tue, 24 Nov 2020 17:39:47 GMT):

Thank you in advance @esune

esune (Tue, 24 Nov 2020 17:42:47 GMT):

I will defer to someone with deeper technical knowledge about the specifics of how the did and verkey are geerated and what the limitations are.

That being said, you will usually provide a wallet seed and a wallt key to your agent when you start it up. It will use those parameters to generate a did and associated verkey and store them in its wallet, with some additional cryptographic data you shuold not really care about unless you're working on it.

You can use the agent admin REST API to query for its public DID(s) and associated verkey, and use those to register on the ledger.

sklump (Tue, 24 Nov 2020 19:52:45 GMT):

In summary, the proof request needs "version": "1.0" and  "name": "something like proof request" at the top level. For your other odd thing, I'm up to here in problems right now and I'm going to ask you to submit the PR you want to see.

sklump (Tue, 24 Nov 2020 19:52:45 GMT):

In summary, the proof request needs "version": "1.0" and  "name": "something like proof request" at the top level. For your other odd thing, I'm up to here in problems right now and I'm going to ask you to submit the PR you want to see. Or else send me a message in a couple of days.

sklump (Tue, 24 Nov 2020 19:52:45 GMT):

In summary, the proof request needs "version": "1.0" and  "name": "something like proof request" at the top level. For your other odd thing, I'll make a note of it and get to it soon.

sklump (Tue, 24 Nov 2020 19:52:45 GMT):

In summary, the proof request needs "version": "1.0" and  "name": "something like proof request" at the top level. For your other odd thing, see PR#802 https://github.com/hyperledger/aries-cloudagent-python/pull/802

YukiB (Tue, 24 Nov 2020 21:45:56 GMT):

Hello all.  I keep getting this error with the demo app in `vc-authn-oidc`: `The current path, vc/connect/authorize, didn't match any of these.`

YukiB (Tue, 24 Nov 2020 21:46:43 GMT):

This error occurs when I click the `authenticate` button from the demo oidc django demo page

YukiB (Tue, 24 Nov 2020 21:47:18 GMT):

I have examined the urs.py and settings.py and nothing seems to be out of the ordinary

YukiB (Tue, 24 Nov 2020 21:47:36 GMT):

I also don't see anything in the documentation that suggest an adjustment

YukiB (Tue, 24 Nov 2020 21:48:02 GMT):

Can anyone familiar with a solution please help

swcurran (Tue, 24 Nov 2020 22:06:20 GMT):

@esune ^^^^

esune (Tue, 24 Nov 2020 22:11:25 GMT):

Did the builds for the `django-oidc` demo app complete successfully? I built and tested this just last night without issues. Try running a `./manage build` command again in the `/demo/docker` folder, executing `./manage rm` to clear current containers and restart again.

YukiB (Tue, 24 Nov 2020 22:12:16 GMT):

The builds complete successfully

YukiB (Tue, 24 Nov 2020 22:12:35 GMT):

The only changes I make is to update appsettings.json with NGROK endpoints

YukiB (Tue, 24 Nov 2020 22:12:47 GMT):

I will try a fresh clone and build again

YukiB (Tue, 24 Nov 2020 22:13:06 GMT):

@esune @swcurran Thanks so far for your speedy response

YukiB (Tue, 24 Nov 2020 22:13:57 GMT):

The builds complete successfully
The only changes I make is to update appsettings.json with NGROK endpoints
I will try a fresh clone and build again
esune swcurran Thanks so far for your speedy response

esune (Tue, 24 Nov 2020 22:15:06 GMT):

If you run in demo mode (`./manage start-demo`) the script will look for apropriate environment variables and/or check `ngrok` is running to get the endpoints - you should not need to update `appsettings.json` manually unless you are trying something more advanced than just the demo.

YukiB (Tue, 24 Nov 2020 22:16:43 GMT):

I take your point, however I am running 4 endpoints on NGROK because I build / dev using google cloudshell

YukiB (Tue, 24 Nov 2020 22:18:39 GMT):

google cloudshell makes localhost enpoints tricky to work with so all settings in appsettings.json that references localhost, I have replaced with NGROK endpoints

esune (Tue, 24 Nov 2020 22:23:41 GMT):

I see, I am not familiar with Google Cloudshell, but I think I understand your point.

YukiB (Tue, 24 Nov 2020 22:46:05 GMT):

@esune I have just rebuilt from a fresh clone

YukiB (Tue, 24 Nov 2020 22:46:15 GMT):

Now I am getting a redirect error

YukiB (Tue, 24 Nov 2020 22:46:43 GMT):

Sry I think I know what I did wrong

swcurran (Wed, 25 Nov 2020 00:40:52 GMT):

Join us for the ACA-Py User Group is tomorrow, Wednesday at 11AM Pacific (19:00 UTC/20:00 CET) -- ~the hour before the Aries WG Call~ (Aries WG call is cancelled this week).

We'll have the core maintainers on the call to answer questions. We'll be talking about Multi-tenancy, Mediator and a new effort starting on persistent queues.

Zoom link is: https://zoom.us/my/hyperledger.community?pwd=STZQd0xMZU9xRVVOVnpQM3JNQ2dqZz09
Link to meeting agenda page: https://wiki.hyperledger.org/display/ARIES/2020-11-25+Aries+Cloud+Agent+-+Python+Users+Group+Community+Meeting

Everyone is welcome!

jcourt (Wed, 25 Nov 2020 06:31:44 GMT):

Thanks will pull master and regenerate !

ianco (Wed, 25 Nov 2020 14:32:01 GMT):

User User_1 added by ianco.

GuilhermeFunchal (Wed, 25 Nov 2020 14:35:05 GMT):

Hello

GuilhermeFunchal (Wed, 25 Nov 2020 14:37:52 GMT):

Im trying to use ACA-Py version 0.5.6 with Django to start the revogation feature

GuilhermeFunchal (Wed, 25 Nov 2020 14:38:50 GMT):

When the system tries to create the credential I get the following error:

GuilhermeFunchal (Wed, 25 Nov 2020 14:38:51 GMT):

ries-django_1      | Stderr o_faber_college: 2020-11-25 14:16:02,905 aries_cloudagent.transport.outbound.manager ERROR >>> Error when posting to: http://aries-django:8000/agent_cb/HGUKE5OGJJL4714KXJH7/topic/revocation_registry/; Error: (, ClientConnectorError(ConnectionKey(host='aries-django', port=8000, is_ssl=False, ssl=None, proxy=None, proxy_auth=None, proxy_headers_hash=None), ConnectionRefusedError(111, "Connect call failed ('192.168.112.3', 8000)")), ); Re-queue failed message ...
aries-django_1      | Stderr o_faber_college: 2020-11-25 14:16:03,261 aries_cloudagent.transport.outbound.manager ERROR >>> Error when posting to: http://aries-django:8000/agent_cb/HGUKE5OGJJL4714KXJH7/topic/revocation_registry/; Error: (, ClientConnectorError(ConnectionKey(host='aries-django', port=8000, is_ssl=False, ssl=None, proxy=None, proxy_auth=None, proxy_headers_hash=None), ConnectionRefusedError(111, "Connect call failed ('192.168.112.3', 8000)")), ); Re-queue failed message ...
aries-django_1      | Stderr o_faber_college: 2020-11-25 14:16:05,928 aries_cloudagent.transport.outbound.manager ERROR >>> Error when posting to: http://aries-django:8000/agent_cb/HGUKE5OGJJL4714KXJH7/topic/revocation_registry/; Error: (, ClientConnectorError(ConnectionKey(host='aries-django', port=8000, is_ssl=False, ssl=None, proxy=None, proxy_auth=None, proxy_headers_hash=None), ConnectionRefusedError(111, "Connect call failed ('192.168.112.3', 8000)")), ); Re-queue failed message ...
aries-django_1      | Stderr o_faber_college: 2020-11-25 14:16:08,957 aries_cloudagent.transport.outbound.manager ERROR >>> Error when posting to: http://aries-django:8000/agent_cb/HGUKE5OGJJL4714KXJH7/topic/revocation_registry/; Error: (, ClientConnectorError(ConnectionKey(host='aries-django', port=8000, is_ssl=False, ssl=None, proxy=None, proxy_auth=None, proxy_headers_hash=None), ConnectionRefusedError(111, "Connect call failed ('192.168.112.3', 8000)")), ); Re-queue failed message ...
aries-django_1      | Stderr o_faber_college: 2020-11-25 14:16:08,957 aries_cloudagent.transport.outbound.manager ERROR >>> Error when posting to: http://aries-django:8000/agent_cb/HGUKE5OGJJL4714KXJH7/topic/revocation_registry/; Error: (, ClientConnectorError(ConnectionKey(host='aries-django', port=8000, is_ssl=False, ssl=None, proxy=None, proxy_auth=None, proxy_headers_hash=None), ConnectionRefusedError(111, "Connect call failed ('192.168.112.3', 8000)")), ); Re-queue failed message ...
aries-django_1      | Stderr o_faber_college: 2020-11-25 14:16:09,207 aries_cloudagent.transport.outbound.manager ERROR >>> Error when posting to: http://aries-django:8000/agent_cb/HGUKE5OGJJL4714KXJH7/topic/revocation_registry/; Error: (, ClientConnectorError(ConnectionKey(host='aries-django', port=8000, is_ssl=False, ssl=None, proxy=None, proxy_auth=None, proxy_headers_hash=None), ConnectionRefusedError(111, "Connect call failed ('192.168.112.3', 8000)")), ); Re-queue failed message ...

GuilhermeFunchal (Wed, 25 Nov 2020 14:40:03 GMT):

I already tested with the demo with the option --revocation --tails-server-base-url and works perfectly

GuilhermeFunchal (Wed, 25 Nov 2020 14:40:45 GMT):

I'm using ACA-Py with Django

GuilhermeFunchal (Wed, 25 Nov 2020 14:41:31 GMT):

Everything works perfectly connecting, sending and receiving credentials and proofs

GuilhermeFunchal (Wed, 25 Nov 2020 14:42:47 GMT):

Im starting ACA-PY Agent with --tails-server-base-url to ngrok local address

GuilhermeFunchal (Wed, 25 Nov 2020 14:44:07 GMT):

in the python class for creating the credential I'm using:

GuilhermeFunchal (Wed, 25 Nov 2020 14:44:21 GMT):

if test == True:
            cred_def_request = {
                "revocation_registry_size": 100,
                "schema_id": indy_schema.ledger_schema_id,
                "support_revocation": True,
            }
        else:
            cred_def_request = {"schema_id": indy_schema.ledger_schema_id}

        response = agent_post_with_retry(
            agent.admin_endpoint + "/credential-definitions",
            json.dumps(cred_def_request),
            headers=get_ADMIN_REQUEST_HEADERS(agent),
        )

GuilhermeFunchal (Wed, 25 Nov 2020 14:45:16 GMT):

To tails-server Im using version docker from https://github.com/bcgov/indy-tails-server

GuilhermeFunchal (Wed, 25 Nov 2020 14:47:51 GMT):

The error seems to be between ACA-PY and aiohttp but I can't debug

GuilhermeFunchal (Wed, 25 Nov 2020 14:49:28 GMT):

Im looking in /tmp/tails-server of tails-server conteiner and I can see one file

GuilhermeFunchal (Wed, 25 Nov 2020 14:49:47 GMT):

The log of tails-server is ->

GuilhermeFunchal (Wed, 25 Nov 2020 14:50:02 GMT):

2020-11-25 14:16:09,890 aiohttp.access INFO 192.168.80.2 [25/Nov/2020:14:16:09 +0000] "PUT /U4mQRtGc7nURTidnkGGZTG:4:U4mQRtGc7nURTidnkGGZTG:3:CL:16:default:CL_ACCUM:bdad5ccc-961e-42d0-a90d-81e5fcf7991e HTTP/1.1" 200 195 "-" "Python/3.6 aiohttp/3.6.2

GuilhermeFunchal (Wed, 25 Nov 2020 14:51:03 GMT):

When I test the demo version of ACA-PY two files are sent

GuilhermeFunchal (Wed, 25 Nov 2020 14:53:50 GMT):

tails-server_1        | 2020-11-25 14:53:32,531 aiohttp.access INFO 192.168.80.2 [25/Nov/2020:14:53:32 +0000] "PUT /E4hL2qQo5cxz87pspB7Yx6:4:E4hL2qQo5cxz87pspB7Yx6:3:CL:23:default:CL_ACCUM:6de92fed-c6ec-4e6e-a69e-9460879ae97d HTTP/1.1" 200 194 "-" "Python/3.6 aiohttp/3.6.2"
tails-server_1        | 2020-11-25 14:53:38,352 aiohttp.access INFO 192.168.80.2 [25/Nov/2020:14:53:38 +0000] "PUT /E4hL2qQo5cxz87pspB7Yx6:4:E4hL2qQo5cxz87pspB7Yx6:3:CL:23:default:CL_ACCUM:ed50b2c9-4b88-488b-9e09-c7b57aaa0e68 HTTP/1.1" 200 195 "-" "Python/3.6 aiohttp/3.6.2"

GuilhermeFunchal (Wed, 25 Nov 2020 14:55:41 GMT):

How can I debug ACA-Py with  aiohttp ?

GuilhermeFunchal (Wed, 25 Nov 2020 14:56:38 GMT):

How can I use --tails-server-base-url  to tails-server:6543 directly?

GuilhermeFunchal (Wed, 25 Nov 2020 16:47:41 GMT):

aries-django_1      | Stderr o_faber_college: --- Logging error ---
aries-django_1      | Stderr o_faber_college: Traceback (most recent call last):
aries-django_1      | Stderr o_faber_college:   File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/logging/__init__.py", line 994, in emit
aries-django_1      | Stderr o_faber_college:     msg = self.format(record)
aries-django_1      | Stderr o_faber_college:   File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/logging/__init__.py", line 840, in format
aries-django_1      | Stderr o_faber_college:     return fmt.format(record)
aries-django_1      | Stderr o_faber_college:   File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/logging/__init__.py", line 577, in format
aries-django_1      | Stderr o_faber_college:     record.message = record.getMessage()
aries-django_1      | Stderr o_faber_college:   File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/logging/__init__.py", line 338, in getMessage
aries-django_1      | Stderr o_faber_college:     msg = msg % self.args
aries-django_1      | Stderr o_faber_college: TypeError: not all arguments converted during string formatting
aries-django_1      | Stderr o_faber_college: Call stack:
aries-django_1      | Stderr o_faber_college:   File "/home/indy/.pyenv/versions/3.6.9/bin/aca-py", line 49, in 
aries-django_1      | Stderr o_faber_college:     run_command(command, args)
aries-django_1      | Stderr o_faber_college:   File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aries_cloudagent/commands/__init__.py", line 34, in run_command
aries-django_1      | Stderr o_faber_college:     module.execute(argv)
aries-django_1      | Stderr o_faber_college:   File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aries_cloudagent/commands/start.py", line 68, in execute
aries-django_1      | Stderr o_faber_college:     run_loop(start_app(conductor), shutdown_app(conductor))
aries-django_1      | Stderr o_faber_college:   File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aries_cloudagent/commands/start.py", line 102, in run_loop
aries-django_1      | Stderr o_faber_college:     loop.run_forever()
aries-django_1      | Stderr o_faber_college:   File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/asyncio/base_events.py", line 438, in run_forever
aries-django_1      | Stderr o_faber_college:     self._run_once()
aries-django_1      | Stderr o_faber_college:   File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/asyncio/base_events.py", line 1451, in _run_once
aries-django_1      | Stderr o_faber_college:     handle._run()
aries-django_1      | Stderr o_faber_college:   File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/asyncio/events.py", line 145, in _run
aries-django_1      | Stderr o_faber_college:     self._callback(*self._args)
aries-django_1      | Stderr o_faber_college:   File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aries_cloudagent/revocation/models/issuer_rev_reg_record.py", line 152, in generate_registry
aries-django_1      | Stderr o_faber_college:     LOGGER.debug("create revocation registry with size:", self.max_cred_num)

GuilhermeFunchal (Wed, 25 Nov 2020 16:48:00 GMT):

cred_def_request = {
"revocation_registry_size": 100,
"schema_id": indy_schema.ledger_schema_id,
"support_revocation": True,
}

esune (Wed, 25 Nov 2020 17:11:17 GMT):

> aries-django_1 | Stderr o_faber_college: TypeError: not all arguments converted during string formatting

Are you trying to print something that is not serializing correctly and throwing an exception?

esune (Wed, 25 Nov 2020 17:13:07 GMT):

This looks like you may have something misconfigured in your docker network, and the host `aries-django` may be unreachable from the agent.

esune (Wed, 25 Nov 2020 17:13:07 GMT):

This looks like you may have something misconfigured in your docker network, and the host `aries-django` (or the `agent_cb` endpoint) may be unreachable from the agent.

GuilhermeFunchal (Wed, 25 Nov 2020 17:59:20 GMT):

No...

GuilhermeFunchal (Wed, 25 Nov 2020 17:59:24 GMT):

credential_definition_body = {"schema_id": indy_schema.ledger_schema_id,
                                          "support_revocation": support_revocation,
                                          "revocation_registry_size": revocation_registry_size}

GuilhermeFunchal (Wed, 25 Nov 2020 17:59:36 GMT):

response = agent_post_with_retry(
            agent.admin_endpoint + "/credential-definitions",
            json.dumps(credential_definition_body),
            headers=get_ADMIN_REQUEST_HEADERS(agent),
        )

GuilhermeFunchal (Wed, 25 Nov 2020 18:01:56 GMT):

This error occurs only in debug mode

GuilhermeFunchal (Wed, 25 Nov 2020 18:02:47 GMT):

Aries-django_1 | Stderr o_faber_college: 2020-11-25 14:16:02,905 aries_cloudagent.transport.outbound.manager ERROR >>> Error when posting to: http://aries-django:8000/agent_cb/HGUKE5OGJJL4714KXJH7/topic/revocation_registry/; Error: (,

GuilhermeFunchal (Wed, 25 Nov 2020 18:02:55 GMT):

without using debug mode

GuilhermeFunchal (Wed, 25 Nov 2020 18:52:13 GMT):

No...just post in credential-definitions

jcourt (Wed, 25 Nov 2020 21:20:14 GMT):

So the code gen still gets empty definitions for the types of IndyCredPrecisCredInfo and IndyCredPrecisInterval ? on the : `GET /present-proof/records/{pres_ex_id}/credentials` 
response ?

jcourt (Wed, 25 Nov 2020 21:24:52 GMT):

In the output openapi.json these fields are IndyCredPrecis_cred_info and IndyCredPrecis_interval respectively and just have a type of "object"

jcourt (Wed, 25 Nov 2020 21:24:52 GMT):

In the output openapi.json these fields are IndyCredPrecis_cred_info and IndyCredPrecis_interval respectively and just have a type of "object" with no "properties" defined.

sklump (Thu, 26 Nov 2020 11:25:44 GMT):



openapi.png

sklump (Thu, 26 Nov 2020 11:25:44 GMT):

@jcourt I get

openapi.png

sklump (Thu, 26 Nov 2020 11:25:44 GMT):

@jcourt I get (under definitions)

openapi.png

VitalijReicherdt (Thu, 26 Nov 2020 12:24:24 GMT):

Has joined the channel.

SubhadeepBanerjee (Thu, 26 Nov 2020 14:46:20 GMT):

Has joined the channel.

SubhadeepBanerjee (Thu, 26 Nov 2020 14:49:58 GMT):

A bit misleading in the picture is the implication that edge agents connect to the public ledger through cloud agents. In fact, (almost) all agents connect directly to the ledger network.

SubhadeepBanerjee (Thu, 26 Nov 2020 15:33:29 GMT):

Hey all, I am currently taking the "Becoming a Hyperledger Aries Developer", edx course....
Here's a question on Chapter 2: Exploring Aries and Aries Agents / An Aries Ecosystem

"A bit misleading in the picture is the implication that edge agents connect to the public ledger through cloud agents. 
In fact, (almost) all agents connect directly to the ledger network."

Can someone tell what almost means here, I mean is there any exception where the agents connect in a different way to the ledger network. ??

swcurran (Thu, 26 Nov 2020 16:13:34 GMT):

Interesting catch.  I wrote that and like you I'm not finding it easy to come up with solid examples.  Here is the rational for the statement.

First, the most obvious point is that agents don't have to talk to ledgers at all - they can be used for messaging only. For example, a mediator might never have to deal with a verifiable credential and so might never need to use the ledger for issuing, holding or verifying. Even if they do have to resolve DIDs, they could do so via a DID resolver (such as uniresolver.io) suing HTTPS.  IOT devices might fit that category as well, where their connectivity and resource constraints might limit their role to secure messaging.

A more general thought is that with agents, exceptions to absolute statements can always be found and I was leaving room for that.

esune (Thu, 26 Nov 2020 16:56:43 GMT):

I would be surprised if using debug mode caused an issue, you are probably just seeing more details on the error.

You can try specifying the tails URL using the internal docker network (e.g.: tails-server-service:1234), however you need a publicy addressable tails server in order for other agents to be able to query it and download the tails file relevant to the cred_def they will be using

esune (Thu, 26 Nov 2020 16:59:57 GMT):

Based on your stack trace, I would check that `revocation_registry_size` actually has a value, and that this value is a number.

esune (Thu, 26 Nov 2020 17:00:22 GMT):

Sorry, but I think that is as far as I can get without debugging the code myself :sweat_smile:

esune (Thu, 26 Nov 2020 17:01:49 GMT):

The issue is thrown by line 152 in `revocation/models/issuer_rev_reg_record.py`, which is the statement `LOGGER.debug("create revocation registry with size:", self.max_cred_num)`,so the string error I mentioned before still applies I think

swcurran (Thu, 26 Nov 2020 17:03:24 GMT):

There was a recent fix in the code done because of bad handling of the size parameter.  Are you on the latest code?

GuilhermeFunchal (Thu, 26 Nov 2020 17:46:05 GMT):

Hello guys, to use the revocation just add --tails-server-base-url when calling aca-py and creating the credential definition in "credential-definitions" including the attributes  : 
                                          credential_definition_body = {"schema_id": indy_schema.ledger_schema_id,
                                          "support_revocation": support_revocation,
                                          "revocation_registry_size": revocation_registry_size,}credential_definition_body = {"schema_id": indy_schema.ledger_schema_id,
                                          "support_revocation": support_revocation,
                                          "revocation_registry_size": revocation_registry_size,}

GuilhermeFunchal (Thu, 26 Nov 2020 17:46:13 GMT):

???

GuilhermeFunchal (Thu, 26 Nov 2020 17:47:37 GMT):

For example : {'schema_id': 'JGm22KSeapYEa8syXsE41a:2:Transcript:65.23.11', 'support_revocation': True, 'revocation_registry_size': 100}

GuilhermeFunchal (Thu, 26 Nov 2020 17:48:25 GMT):

I'm getting this error:

GuilhermeFunchal (Thu, 26 Nov 2020 17:48:27 GMT):

Stderr o_faber_college: 2020-11-26 17:45:15,647 aries_cloudagent.transport.outbound.manager ERROR >>> Error when posting to: http://aries-django:8000/agent_cb/BO6BFMBNEV5DD0L2TXXU/topic/revocation_registry/; Error: (, ClientConnectorError(ConnectionKey(host='aries-django', port=8000, is_ssl=False, ssl=None, proxy=None, proxy_auth=None, proxy_headers_hash=None), ConnectionRefusedError(111, "Connect call failed ('172.24.0.4', 8000)")), ); Re-queue failed message ...

GuilhermeFunchal (Thu, 26 Nov 2020 17:49:42 GMT):

Log of tails-server is -> tails-server_1        | 2020-11-26 17:45:16,277 aiohttp.access INFO 172.22.0.2 [26/Nov/2020:17:45:16 +0000] "PUT /U4mQRtGc7nURTidnkGGZTG:4:U4mQRtGc7nURTidnkGGZTG:3:CL:8:default:CL_ACCUM:ba4b0cfe-ab7e-48f5-b561-efdf6582c4be HTTP/1.1" 200 195 "-" "Python/3.6 aiohttp/3.6.2"

GuilhermeFunchal (Thu, 26 Nov 2020 17:50:51 GMT):

Apparently it creates the record but does not activate on the tails-server

GuilhermeFunchal (Thu, 26 Nov 2020 17:51:33 GMT):

When I simulate revocation with ACA-Py demo

GuilhermeFunchal (Thu, 26 Nov 2020 17:56:08 GMT):

tails-server_1        | 2020-11-26 17:55:39,342 aiohttp.access INFO 172.22.0.2 [26/Nov/2020:17:55:38 +0000] "PUT /XYjLe2EXkKhe5iS7Durr99:4:XYjLe2EXkKhe5iS7Durr99:3:CL:17:default:CL_ACCUM:452d45fd-b7b4-43de-b694-7f85254c0dde HTTP/1.1" 200 195 "-" "Python/3.6 aiohttp/3.6.2"
ngrok-tails-server_1  | t=2020-11-26T17:55:45+0000 lvl=info msg="join connections" obj=join id=bade2901e13f l=172.22.0.3:6543 r=191.35.214.12:42200
tails-server_1        | 2020-11-26 17:55:45,767 aiohttp.access INFO 172.22.0.2 [26/Nov/2020:17:55:45 +0000] "PUT /XYjLe2EXkKhe5iS7Durr99:4:XYjLe2EXkKhe5iS7Durr99:3:CL:17:default:CL_ACCUM:3f31ffbb-b03b-402a-ad6c-3b01de91e263 HTTP/1.1" 200 195 "-" "Python/3.6 aiohttp/3.6.2"

GuilhermeFunchal (Thu, 26 Nov 2020 17:56:24 GMT):

It's works..

GuilhermeFunchal (Thu, 26 Nov 2020 18:09:28 GMT):

Apparently when I run via demo, it slows down but it finishes

esune (Thu, 26 Nov 2020 18:59:05 GMT):

It looks like aries-django is your own service, correct?
Make sure it is on a docker network that is shared with the agent, otherwise the agent will NOT be able to resolve the address `aries-django:8000`.

GuilhermeFunchal (Thu, 26 Nov 2020 19:06:04 GMT):

Its same network

GuilhermeFunchal (Thu, 26 Nov 2020 19:12:52 GMT):

It looks like it worked ...I had to insert a time.sleep between requests...

GuilhermeFunchal (Thu, 26 Nov 2020 19:12:54 GMT):

I will do more tests

GuilhermeFunchal (Thu, 26 Nov 2020 19:13:11 GMT):

Thank you for your help

GuilhermeFunchal (Thu, 26 Nov 2020 19:14:11 GMT):

How do I decode the file generated by ngrok?

esune (Thu, 26 Nov 2020 19:17:33 GMT):

Not sure what this means

GuilhermeFunchal (Thu, 26 Nov 2020 19:26:25 GMT):

in /tmp/tails-server in the tails-server docker container some files are generated

esune (Thu, 26 Nov 2020 19:34:41 GMT):

You don't decode the tails file, I do not know exactly what is stored in there and how, but it's cryptographic data that would likely not be humanly comprehensible. You just trust it is there and holds the revocation information.

andrew.whitehead (Thu, 26 Nov 2020 21:01:20 GMT):

It’s a series of big random prime numbers

GuilhermeFunchal (Thu, 26 Nov 2020 21:45:33 GMT):

Thanks guys

GuilhermeFunchal (Thu, 26 Nov 2020 21:50:14 GMT):

Anyone know of an APP with open source in VueJS or Angle for the ACA-Py to collaborate?

esune (Thu, 26 Nov 2020 21:52:30 GMT):

https://github.com/bcgov/issuer-kit is a set of apps that can be used to issue credentials. The agent does not talk directly to the webapp though, requests are proxied through an API in NodeJS

GuilhermeFunchal (Thu, 26 Nov 2020 21:55:17 GMT):

Thanks

jcourt (Thu, 26 Nov 2020 22:50:49 GMT):

Ok let me look into that in greater detail

jcourt (Thu, 26 Nov 2020 23:05:19 GMT):

Looks like I might have fallen foul to picking up a stale docker image from my AWS repo.  Will make sure and update the #802 issue when I am convinced.  Sorry for the possible fire drill.

jcourt (Thu, 26 Nov 2020 23:44:13 GMT):

Updated 802, it was my fault.

GuilhermeFunchal (Fri, 27 Nov 2020 00:43:01 GMT):

Is it correct to send data from a revoked credential?

sklump (Fri, 27 Nov 2020 11:58:47 GMT):

Sure, but a proof on it won't verify as true.

sklump (Fri, 27 Nov 2020 11:58:47 GMT):

Sure, but a proof on it won't verify as true if using aca-py as the verifier.

It is possible to get a True result from a pure indy-sdk implementation if the proof request does not specify a non-revocation interval.

I'm currently simmering an RFC on best practices with edge cases like this for revocation, with an aca-py reference implementation. It's the next priority for me after RFC 23 (did exchange) protocol.

GuilhermeFunchal (Fri, 27 Nov 2020 12:07:53 GMT):

I don't know how do this implementation in indy-sdk, do you have some documentation?

sklump (Fri, 27 Nov 2020 12:14:42 GMT):

Start here, good luck
https://github.com/hyperledger/indy-sdk/tree/master/wrappers/python/tests/interation/

GuilhermeFunchal (Fri, 27 Nov 2020 12:24:04 GMT):

Thanks a lot for the help

GuilhermeFunchal (Fri, 27 Nov 2020 15:02:16 GMT):

I can use the Indy with Fabric ?

adamsc64 (Fri, 27 Nov 2020 17:00:23 GMT):

Has joined the channel.

adamsc64 (Fri, 27 Nov 2020 17:00:23 GMT):

Hi folks, just wanting to introduce myself. Will be doing some development on the agent for the next few months. I've been asked by @swcurran first thing to look at adding persistence to queues. Please do DM me if you want to be in contact about that feature! I don't have any opinions yet as I need to review the current implementation.

adamsc64 (Fri, 27 Nov 2020 17:00:23 GMT):

Hi folks, just wanting to introduce myself. Will be doing some development on the agent for the next few months. I've been asked by @swcurran, as a first thing, to look at adding persistence to queues. Please do DM me if you want to be in contact about that feature! I don't have any opinions yet as I need to review the current implementation.

wadeking98 (Fri, 27 Nov 2020 19:55:06 GMT):

Has joined the channel.

wadeking98 (Fri, 27 Nov 2020 20:30:53 GMT):

Hi everyone, I'm having a bit on trouble starting my aca-py agent with postgres storage. I have VON running and an exposted docker container running postgres on my local machine. Currently I'm trying to run it by the following command

wadeking98 (Fri, 27 Nov 2020 20:38:21 GMT):

Hi everyone. Please let me know if this is the wrong channel to ask for help. I'm having a bit of trouble starting my aca-py agent with postgres storage. I have VON running and an exposted docker container running postgres on my local machine. Currently I'm trying to run aca-py by the following command
`/home/wade/.local/bin/aca-py start --inbound-transport http 0.0.0.0 8001 --outbound-transport http --endpoint http 0.0.0.0 8001 --genesis-url http://localhost:9000/genesis --admin-insecure-mode --admin localhost 8889 --auto-accept-invites --auto-accept-requests --seed 00000000000000000000000000000001 --wallet-name alice --wallet-type indy --wallet-key pswd --wallet-storage-type postgres_storage --wallet-storage-config "{\"url\":\"127.0.0.1:5432\", \"max_connections\":5, \"connection_timeout\":10}" --wallet-storage-creds "{\"account\":\"postgres\",\"password\":\"docker\",\"admin_account\":\"postgres\",\"admin_password\":\"docker\"}" --label alice`
which produces the following error:
`OSError: libindy.so: cannot open shared object file: No such file or directory`
I've already installed all the requirements, including python3_indy so I'm not sure why I'm missing this .so file.
I have run the command both as user and as root but I get the same error.
NOTE: aca-py runs fine if I don't provide any --wallet tags, it's only when it tries to do something with postgres that it crashes.

wadeking98 (Fri, 27 Nov 2020 20:38:21 GMT):

Hi everyone. Please let me know if this is the wrong channel to ask for help. I'm having a bit of trouble starting my aca-py agent with postgres storage. I have VON running and an exposted docker container running postgres on my local machine. Currently I'm trying to run aca-py by the following command
```/home/wade/.local/bin/aca-py start --inbound-transport http 0.0.0.0 8001 --outbound-transport http --endpoint http 0.0.0.0 8001 --genesis-url http://localhost:9000/genesis --admin-insecure-mode --admin localhost 8889 --auto-accept-invites --auto-accept-requests --seed 00000000000000000000000000000001 --wallet-name alice --wallet-type indy --wallet-key pswd --wallet-storage-type postgres_storage --wallet-storage-config "{\"url\":\"127.0.0.1:5432\", \"max_connections\":5, \"connection_timeout\":10}" --wallet-storage-creds "{\"account\":\"postgres\",\"password\":\"docker\",\"admin_account\":\"postgres\",\"admin_password\":\"docker\"}" --label alice```
which produces the following error:
`OSError: libindy.so: cannot open shared object file: No such file or directory`
I've already installed all the requirements, including python3_indy so I'm not sure why I'm missing this .so file.
I have run the command both as user and as root but I get the same error.
NOTE: aca-py runs fine if I don't provide any --wallet tags, it's only when it tries to do something with postgres that it crashes.

GuilhermeFunchal (Fri, 27 Nov 2020 20:52:20 GMT):

I had same problem. I needed recompiled indy and save libindy.so in /usr/lib/pyrhon3 

sklump (Fri, 27 Nov 2020 20:53:14 GMT):

Copy it to /usr/lib or anywhere in $LD_LIBRARY_PATH. If using revocation, you want to cargo build --release: tails files take ages to build otherwise

sklump (Fri, 27 Nov 2020 20:53:14 GMT):

Copy it to /usr/lib or anywhere in $LD_LIBRARY_PATH. If using revocation, you want to `cargo build --release`: tails files take ages to build otherwise

esune (Fri, 27 Nov 2020 20:58:03 GMT):

If you're using Windows this may help: https://github.com/hyperledger/indy-sdk#windows

swcurran (Fri, 27 Nov 2020 21:27:09 GMT):

And another - always use docker so you don't get into this mess.

Also -- where do we need to fix the docs so this is clear?

swcurran (Fri, 27 Nov 2020 21:27:09 GMT):

And another - always use docker so you don't get into this mess. :-)

Also -- where do we need to fix the docs so this is clear?

esune (Fri, 27 Nov 2020 21:30:15 GMT):

+1 to what @swcurran said. You can attach a debugger to the agent runing in docker so it should be more than enough to develop and troubleshoot

wadeking98 (Fri, 27 Nov 2020 22:20:06 GMT):

sounds good, I should have been using docker from the start lol

wadeking98 (Fri, 27 Nov 2020 22:20:06 GMT):

sounds good, I should have been using docker from the start lol. Thanks!

swcurran (Fri, 27 Nov 2020 22:38:45 GMT):

Hmm...more docs ooportunity. Have we covered well enough how to attach a debugger when using docker?

wadeking98 (Fri, 27 Nov 2020 23:23:48 GMT):

I see a bit of info in the help message but I can't find anything in the quickstart README

esune (Fri, 27 Nov 2020 23:26:30 GMT):

I believe it uses the "standard" python debugger. When passing `--debug` to the command line the debugger should be activated and exposed on port 5678 (see https://github.com/hyperledger/aries-cloudagent-python/blob/master/scripts/run_docker#L12-L21)

wadeking98 (Fri, 27 Nov 2020 23:54:45 GMT):

ls

wadeking98 (Sat, 28 Nov 2020 00:05:07 GMT):

if I'm running aca-py through docker, don't I have to specify the ports to expose through an environment variable?

esune (Sat, 28 Nov 2020 00:09:52 GMT):

If you use the `run_docker` script, you specify the ports to be exposed as PORTS="5000:5000 5001:5001" and they get exposed on the container. You can then use them in the startup arguments, the same way you do when running natively (the commands are passed through to the container and appended to the container CMD)

esune (Sat, 28 Nov 2020 00:10:17 GMT):

Example: `PORTS="5001:5001 1001:1001" ./scripts/run_docker start --inbound-transport http 0.0.0.0 10001 --outbound-transport http --admin 0.0.0.0 5001 --admin-insecure-mode --log-level DEBUG`

wadeking98 (Sat, 28 Nov 2020 01:21:09 GMT):

awesome thanks!

jcourt (Mon, 30 Nov 2020 01:13:00 GMT):

Should there be a mechanism to send a problem report if a Verifier isn't happy with the values revealed in a Proof Presentation  ?  There is one in the credential issuance section but not in the proofs section ?

marc0olo (Mon, 30 Nov 2020 04:50:22 GMT):

Has joined the channel.

abhaypsoni (Mon, 30 Nov 2020 05:56:55 GMT):

Has joined the channel.

rocky_2020 (Mon, 30 Nov 2020 06:24:05 GMT):

Has joined the channel.

rocky_2020 (Mon, 30 Nov 2020 06:41:19 GMT):

Are agents proportional to numbers of users? Do we need n number of agents for n number of users in a network?

GuilhermeFunchal (Mon, 30 Nov 2020 12:58:18 GMT):

Can I use Aries and ACA-PY with Fabric ?

SubhadeepBanerjee (Mon, 30 Nov 2020 14:21:21 GMT):

Hii can anyone tell me some good sites where I can learn more about hyperledger Aries, apart from edx? Thank you

marc0olo (Mon, 30 Nov 2020 14:34:00 GMT):

do you know the official Wiki? https://wiki.hyperledger.org/display/aries

cmendoza (Mon, 30 Nov 2020 19:44:45 GMT):

Has joined the channel.

SubhadeepBanerjee (Tue, 01 Dec 2020 07:30:01 GMT):

I did not know, thank you for telling me

wip-abramson (Tue, 01 Dec 2020 11:07:31 GMT):

If you know docker and want to get into the code, I put together this repo with a few others. It contains a bunch jupyter notebook tutorials demonstrating using ACA-Py https://github.com/OpenMined/PyDentity

thomas_kim (Wed, 02 Dec 2020 06:44:47 GMT):

Hi, community. Play with VON (http://play-with-von.vonx.io) is not working anymore... Is it a known issue?

thomas_kim (Wed, 02 Dec 2020 06:44:47 GMT):

Hi, community. Play with VON (http://play-with-von.vonx.io) is not working anymore... Is it a known issue? I can't create an instance.

andrew.whitehead (Wed, 02 Dec 2020 06:55:48 GMT):

I think it can run out of memory sometimes, @WadeBarnes will probably restart it in his morning

thomas_kim (Wed, 02 Dec 2020 07:28:18 GMT):

Thanks :)

WadeBarnes (Wed, 02 Dec 2020 14:32:17 GMT):

looking

swcurran (Wed, 02 Dec 2020 14:36:00 GMT):

Play with Docker is generally working, so you can use that.  https://labs.play-with-docker.com/

swcurran (Wed, 02 Dec 2020 14:36:34 GMT):

Play with VON is used mostly when we do labs and need to supersize the environment.  We crashed Play with Docker at our first big lab :-)

WadeBarnes (Wed, 02 Dec 2020 15:08:32 GMT):

All fixed.  On-line again.

WadeBarnes (Wed, 02 Dec 2020 15:08:41 GMT):

Lots of orphaned containers.

jameshiester (Thu, 03 Dec 2020 14:33:11 GMT):

It seems like as of 5.4, when using the /present-proof/send-request endpoint, the comment does not get included on the recipient side?  Is this expected?

jameshiester (Thu, 03 Dec 2020 14:49:05 GMT):

connection_id,
        trace: false,
        comment:
          'ACME Bank requests your government id in order to comply with KYC regulations',
        proof_request: {
          name: 'Government ID Request',
          version: '1.0',
          requested_predicates: {},
          requested_attributes: {
            given_name: {
              name: 'given_name',
              restrictions: [
                {
                  cred_def_id: credentialSchema.id,
                },
              ],
            },
            family_name: {
              name: 'family_name',
              restrictions: [
                {
                  cred_def_id: credentialSchema.id,
                },
              ],
            },
            country: {
              name: 'country',
              restrictions: [
                {
                  cred_def_id: credentialSchema.id,
                },
              ],
            },
            birthdate: {
              name: 'birthdate',
              restrictions: [
                {
                  cred_def_id: credentialSchema.id,
                },
              ],
            },
            government_id: {
              name: 'government_id',
              restrictions: [
                {
                  cred_def_id: credentialSchema.id,
                },
              ],
            },
            expires: {
              name: 'expires',
              restrictions: [
                {
                  cred_def_id: credentialSchema.id,
                },
              ],
            },
            locality: {
              name: 'locality',
              restrictions: [
                {
                  cred_def_id: credentialSchema.id,
                },
              ],
            },
            street_address: {
              name: 'street_address',
              restrictions: [
                {
                  cred_def_id: credentialSchema.id,
                },
              ],
            },
            region: {
              name: 'region',
              restrictions: [
                {
                  cred_def_id: credentialSchema.id,
                },
              ],
            },
            postal_code: {
              name: 'postal_code',
              restrictions: [
                {
                  cred_def_id: credentialSchema.id,
                },
              ],
            },
          },
        },
      });

bruno_santos (Thu, 03 Dec 2020 16:23:33 GMT):

Hello canal, regarding the did ledger registration:

bruno_santos (Thu, 03 Dec 2020 16:23:43 GMT):



Clipboard - 3 de Dezembro de 2020 16:23

bruno_santos (Thu, 03 Dec 2020 16:24:02 GMT):

Do you know what this error could be?

sklump (Thu, 03 Dec 2020 17:19:06 GMT):

I'll look into it

sklump (Thu, 03 Dec 2020 18:27:09 GMT):

https://github.com/hyperledger/aries-cloudagent-python/pull/815
Comment propagages through `presentation_request_dict.get("comment")` in prover presentation exchange record, as it is part of the Aries presentation request message.

sklump (Thu, 03 Dec 2020 18:27:09 GMT):

https://github.com/hyperledger/aries-cloudagent-python/pull/815
Comment propagates through `presentation_request_dict.get("comment")` in prover presentation exchange record, as it is part of the Aries presentation request message.

esune (Thu, 03 Dec 2020 18:53:00 GMT):

If you have not yet registered your did/verkey using the ledger's selfserve dashboard (or similar) your agent won't be able to write anything to the ledger.

If you look at the agent logs you may get more details on the error (e.g.: a stack trace).

jameshiester (Thu, 03 Dec 2020 20:56:57 GMT):

It doesn't look like the endpoint returns the presentation_request_dict

jameshiester (Thu, 03 Dec 2020 20:59:34 GMT):

{
  "presentation_exchange_id": "e9894f03-e2a8-42ba-a256-895aaf3ec997",
  "thread_id": "eed12ace-e0ec-4eaf-bfac-6bba94869ea6",
  "initiator": "external",
  "connection_id": "72cf87e0-efa1-4f18-9e10-967f89aa9008",
  "role": "prover",
  "created_at": "2020-12-03 20:54:08.805249Z",
  "trace": false,
  "presentation_request": {
    "name": "Government ID Request",
    "version": "1.0",
    "requested_predicates": {},
    "requested_attributes": {
      "given_name": {
        "name": "given_name",
        "restrictions": [
          {
            "cred_def_id": "B5dLnqorjbrYMx4QNdoSoS:3:CL:513:default"
          }
        ]
      },
      "family_name": {
        "name": "family_name",
        "restrictions": [
          {
            "cred_def_id": "B5dLnqorjbrYMx4QNdoSoS:3:CL:513:default"
          }
        ]
      },
      "country": {
        "name": "country",
        "restrictions": [
          {
            "cred_def_id": "B5dLnqorjbrYMx4QNdoSoS:3:CL:513:default"
          }
        ]
      },
      "birthdate": {
        "name": "birthdate",
        "restrictions": [
          {
            "cred_def_id": "B5dLnqorjbrYMx4QNdoSoS:3:CL:513:default"
          }
        ]
      },
      "government_id": {
        "name": "government_id",
        "restrictions": [
          {
            "cred_def_id": "B5dLnqorjbrYMx4QNdoSoS:3:CL:513:default"
          }
        ]
      },
      "expires": {
        "name": "expires",
        "restrictions": [
          {
            "cred_def_id": "B5dLnqorjbrYMx4QNdoSoS:3:CL:513:default"
          }
        ]
      },
      "locality": {
        "name": "locality",
        "restrictions": [
          {
            "cred_def_id": "B5dLnqorjbrYMx4QNdoSoS:3:CL:513:default"
          }
        ]
      },
      "street_address": {
        "name": "street_address",
        "restrictions": [
          {
            "cred_def_id": "B5dLnqorjbrYMx4QNdoSoS:3:CL:513:default"
          }
        ]
      },
      "region": {
        "name": "region",
        "restrictions": [
          {
            "cred_def_id": "B5dLnqorjbrYMx4QNdoSoS:3:CL:513:default"
          }
        ]
      },
      "postal_code": {
        "name": "postal_code",
        "restrictions": [
          {
            "cred_def_id": "B5dLnqorjbrYMx4QNdoSoS:3:CL:513:default"
          }
        ]
      }
    },
    "nonce": "922996421144700442939642"
  },
  "updated_at": "2020-12-03 20:54:08.805249Z",
  "state": "request_received"
}

AryamaI (Fri, 04 Dec 2020 11:30:53 GMT):

Has joined the channel.

ultimo2020 (Sat, 05 Dec 2020 19:20:09 GMT):

Greetings everyone. I wanted to explore the ACAPy (have played before with Aries) and I hope this is the right place to start: https://github.com/hyperledger/aries-cloudagent-python#resources   My question also would be , if we create a wallet (a cloud one, we could call it a custodian wallet) and I would like to link it with a biometric hash from a biometric device, would be there a possibility to add more security? For an example to separate the private keys from the VCs , in case someone hacks the wallet but then could not sign the transactions , since the private keys would be on a separate location? I was thinking to link a biometric hash with the wallet via a VC that has an attribute type like #hashname ? Also maybe a possibility to name a wallet like the biometric hash, that can be lookuped easily later ?

sklump (Mon, 07 Dec 2020 12:31:04 GMT):

It's in the pres ex record.

sklump (Mon, 07 Dec 2020 12:58:08 GMT):



lookit.png

swcurran (Mon, 07 Dec 2020 14:27:54 GMT):

^^^ @andrew.whitehead

rocky_2020 (Mon, 07 Dec 2020 14:39:29 GMT):

I am looking for private key path location. Where exactly we can find it?

AryamaI (Tue, 08 Dec 2020 09:35:59 GMT):



Clipboard - December 8, 2020 3:05 PM

AryamaI (Tue, 08 Dec 2020 09:36:01 GMT):

Hello , I am trying to deploy the aries cloudagent python on Kubernetes. I was successfully able to deloy the faber and acme docker containers in a pod. But the alice container is giving me the following error

AryamaI (Tue, 08 Dec 2020 09:37:24 GMT):



Clipboard - December 8, 2020 3:06 PM

AryamaI (Tue, 08 Dec 2020 09:37:24 GMT):



Clipboard - December 8, 2020 3:06 PM

AryamaI (Tue, 08 Dec 2020 09:37:24 GMT):



Clipboard - December 8, 2020 3:06 PM

AryamaI (Tue, 08 Dec 2020 09:37:24 GMT):



Clipboard - December 8, 2020 3:06 PM

ianco (Tue, 08 Dec 2020 14:48:41 GMT):

Probably an issue opening a reader in a kubernetes pod

ianco (Tue, 08 Dec 2020 14:51:13 GMT):

not sure the fix but something around terminal settings

swcurran (Tue, 08 Dec 2020 18:48:18 GMT):

Join us for the ACA-Py User Group is tomorrow, Wednesday at 11AM Pacific (19:00 UTC/20:00 CET) -- the hour before the Aries WG Call

Zoom link is: https://zoom.us/my/hyperledger.community?pwd=STZQd0xMZU9xRVVOVnpQM3JNQ2dqZz09
Link to meeting agenda page: https://wiki.hyperledger.org/display/ARIES/2020-11-25+Aries+Cloud+Agent+-+Python+Users+Group+Community+Meeting

- Business Partner Agent - https://github.com/hyperledger-labs/business-partner-agent
- Aries Agent Test Harness Reporting Dashboard
- Aries Cloud Agent Python using Aries Shared components

swcurran (Tue, 08 Dec 2020 18:48:18 GMT):

Join us for the ACA-Py User Group is tomorrow, Wednesday at 11AM Pacific (19:00 UTC/20:00 CET) -- the hour before the Aries WG Call

Zoom link is: https://zoom.us/my/hyperledger.community?pwd=STZQd0xMZU9xRVVOVnpQM3JNQ2dqZz09
Link to meeting agenda page: https://wiki.hyperledger.org/display/ARIES/2020-11-25+Aries+Cloud+Agent+-+Python+Users+Group+Community+Meeting

Busy and super interesting agenda for the meeting:

- Business Partner Agent - https://github.com/hyperledger-labs/business-partner-agent
- Aries Agent Test Harness Reporting Dashboard
- Aries Cloud Agent Python using Aries Shared components

Everyone is welcome!

AryamaI (Tue, 08 Dec 2020 20:50:17 GMT):

Not sure on it @ianco. @swcurran can you help here and shed some light on running the aries agent on kubernetes cluster 

AryamaI (Tue, 08 Dec 2020 20:50:17 GMT):

Not sure on it @ianco . @swcurran can you help here and shed some light on running the aries agent on kubernetes cluster 

ianco (Tue, 08 Dec 2020 21:02:28 GMT):

From the stack trace, the error is occurring in the alice demo, not the aca-py agent.  The error is getting raised when prompting the user to enter the invitation (via "prompt_toolkit")

AryamaI (Tue, 08 Dec 2020 21:08:28 GMT):

Yes. That's what I understand.  But I don't understand why it would work in docker but not in kubernetes pods. Couldnt find any possible explanation 

AryamaI (Tue, 08 Dec 2020 21:51:30 GMT):

Yes. I understand that. But what I don't understand is the prompt functionality works fine when run in docker container outside of kubernetes. When run in a pod in kubernetes giving this issue . Couldnt find any possible explanations for it

ianco (Tue, 08 Dec 2020 22:09:41 GMT):

I think there is a terminal setting you need to set

AryamaI (Wed, 09 Dec 2020 04:53:45 GMT):

@ianco  can u tell what terminal settings that need to be explicitly.

AryamaI (Wed, 09 Dec 2020 04:53:45 GMT):

@ianco  can u tell what terminal settings that need to be set explicitly that you are referring about.

AryamaI (Wed, 09 Dec 2020 08:25:07 GMT):

@ianco its resolved, needed to enable tty and stdin mode for the container in the settings. Thanks for the help

jameshiester (Wed, 09 Dec 2020 13:25:40 GMT):

did the yaml config changes in 5.5 mean we can no longer use the startup args?  I'm having some issues upgrading directly from 5.4 to 5.5

ianco (Wed, 09 Dec 2020 13:55:35 GMT):

:+1:

swcurran (Wed, 09 Dec 2020 14:14:34 GMT):

No -- they should work.  I don't think args changed, but you can check the usage vs. what you are doing.  And you should go to 0.5.6 as a small issue was fixed after 0.5.5.  But that was not in start up as I recall.

st (Wed, 09 Dec 2020 16:08:30 GMT):

Has joined the channel.

neilbts (Wed, 09 Dec 2020 16:58:04 GMT):

Has joined the channel.

wip-abramson (Wed, 09 Dec 2020 17:08:23 GMT):

Hey, anyone clued into how the send proposal flow is implemented in ACA-Py? I think there is a minor bug in the swagger checks for the method to respond to a proposal https://github.com/hyperledger/aries-cloudagent-python/blob/eba6c4ae9f573c3e0b4edd46f6b1e283baf0a907/aries_cloudagent/protocols/present_proof/v1_0/routes.py#L876.

It wants you to enter in a full presentation request object, when actually all it generates a presentation request from the proposal. It only uses the request body to access the connection_id. So confusingly the requester must enter in a valid presentation request object that essentially gets ignored. At least thats how I am reading it

dbluhm (Wed, 09 Dec 2020 23:34:47 GMT):

Had a question that I intended to bring up during the user group meeting today but it slipped my mind:

Back when we started off on the toolbox and toolbox plugin for ACA-Py, we (in retrospect) incorrectly utilized the `role` attribute of connection records as more of a permissions "role." Recent updates to the connection records have since made it obvious that its intended use is to mark the role the agent is filling in the protocol but nonetheless we've got a problem now in the toolbox plugin where we check whether is a connection is authorized to use the admin protocols by checking if it has the "admin" role.

We think that an attribute in the connection record (or an attribute otherwise associated with a connection record by joining with another record, I suppose, though directly on the record would be convenient) that indicates some form of internal group designation is desirable. Would there be any objections to a PR that introduced such an attribute and, likely, a config parameter to assign the invitation generated with `--invite` to a specific group?

dbluhm (Wed, 09 Dec 2020 23:34:47 GMT):

Had a question that I intended to bring up during the user group meeting today but it slipped my mind:

Back when we started off on the toolbox and toolbox plugin for ACA-Py, we (in retrospect) incorrectly utilized the `role` attribute of connection records as more of a permissions "role." Recent updates to the connection records have since made it obvious that its intended use is to mark the role the agent is filling in the protocol but nonetheless we've got a problem now in the toolbox plugin where we check whether a connection is authorized to use the admin protocols by checking if it has the "admin" role.

We think that an attribute in the connection record (or an attribute otherwise associated with a connection record by joining with another record, I suppose, though directly on the record would be convenient) that indicates some form of internal group designation is desirable. Would there be any objections to a PR that introduced such an attribute and, likely, a config parameter to assign the invitation generated with `--invite` to a specific group?

ianco (Wed, 09 Dec 2020 23:48:42 GMT):

@dbluhm we had a similar requirement related to this PR for an endorser protocol:  https://github.com/hyperledger/aries-cloudagent-python/pull/799  ...  we have to identify a connection as either an "endorser" (for authors, who need to track their endorsers), or "author" (for endorsers, to track the connections for which they were willing to endorse transactions).  The decision was to add a *new* endpoint that would add roles to a connection record as an attachment (to try to keep this requirement separate from the connection protocol itself).

ianco (Wed, 09 Dec 2020 23:48:59 GMT):

(note that the PR is a w.i.p. and doesn't necessarily yet reflect this design decision)

andrew.whitehead (Thu, 10 Dec 2020 00:10:32 GMT):

It would probably be helpful to have a generic way to get and set custom metadata for a connection record (or at least related to one)

dbluhm (Thu, 10 Dec 2020 00:11:16 GMT):

I was starting to think along the same lines after reading through the comments on the PR @ianco linked to

dbluhm (Thu, 10 Dec 2020 01:09:41 GMT):

@ianco @andrew.whitehead put this together, since it was an obvious option for setting custom metadata, to get the conversation started at least: https://github.com/hyperledger/aries-cloudagent-python/pull/836

ultimo2020 (Thu, 10 Dec 2020 07:58:28 GMT):

@andrew.whitehead Hi. Could I bring an off topic maybe? Why do we use a database(postgre) in aries-askar https://github.com/andrewwhitehead/aries-askar/blob/main/src/postgres/ isn't this an insecure dependency? 

kapster (Thu, 10 Dec 2020 10:09:54 GMT):

Has joined the channel.

sklump (Thu, 10 Dec 2020 13:02:15 GMT):

I can look into it later today and into next week. At the very least the comment is misleading.

wip-abramson (Thu, 10 Dec 2020 13:36:20 GMT):

I would also be happy to push a P.R. Not sure what the process is but interested to learn

daidoji (Thu, 10 Dec 2020 14:57:19 GMT):

Is the reason `:latest` isn't supported for https://hub.docker.com/r/bcgovimages/aries-cloudagent/tags?page=1&ordering=last_updated a security nudge?  Or is there another reason?

sklump (Thu, 10 Dec 2020 15:52:50 GMT):

The idea here is that the verifier can respond to a proposal with a proof request, which might not match the proposal as the prover sends. The prover can then decide whether to respond with a presentation or a new proposal. Anyway, I can take care of it.

wip-abramson (Thu, 10 Dec 2020 15:59:38 GMT):

Hmm if that is the idea then I think more code needs to change. Currently the proof_request is completely ignored. I thought if the Verifier wishes to request a different proof they would initiate a new proof request through the send_request api.

wip-abramson (Thu, 10 Dec 2020 16:00:19 GMT):

Negotiation continues until both sides are happy. Verifier accepts a proposal from holder, or holder accepts and responds to request from verifier

sklump (Thu, 10 Dec 2020 16:02:48 GMT):

That looks right. In which case the bound-request can just take the pres ex id and work from there. Like I said, I'll take care of it.

wip-abramson (Thu, 10 Dec 2020 16:03:25 GMT):

Cool

sklump (Thu, 10 Dec 2020 16:03:34 GMT):

I'm not keen on going through the whole DCO experience, which always wrecks people the first time through, just before I'm off for Christmas and having that hanging over me for the holidays.

sklump (Thu, 10 Dec 2020 16:03:53 GMT):

But I'm looking forward to your contributions in the new year.

wip-abramson (Thu, 10 Dec 2020 16:04:25 GMT):

Makes sense! Thanks

andrew.whitehead (Thu, 10 Dec 2020 17:06:01 GMT):

Why would that be insecure?

sklump (Thu, 10 Dec 2020 17:31:28 GMT):

https://github.com/hyperledger/aries-cloudagent-python/pull/839

ultimo2020 (Thu, 10 Dec 2020 18:36:14 GMT):

Hi Andrew. Thanks for the fast reply. I did not take a deep look in the architecture document, if there is any, but my point was that with integrating postgres as dependency you get also the upcoming security issues (CVEs) that come regulary to the game. 

andrew.whitehead (Thu, 10 Dec 2020 18:41:32 GMT):

It's only a postgres client that's integrated, the database itself would have to be run separately

ultimo2020 (Thu, 10 Dec 2020 18:49:19 GMT):

Thanks Andrew. That is why I asked, since I did not see any architecture high level diagram, and still do not know why there has to be a database somewhere. How could I help out, since I am also the opinion that cloud wallets need a secure storage 

andrew.whitehead (Thu, 10 Dec 2020 22:48:42 GMT):

Contributions are welcome but there's very little documentation at the moment. The repo will move into the bcgov organization soon and additional documentation will be added then. There's a demo of the currently supported Python API  here: https://github.com/andrewwhitehead/aries-askar/blob/main/wrappers/python/demo/test.py

kapster (Fri, 11 Dec 2020 09:12:57 GMT):

hu guys, is it already possible to use ACA-Py as a mediator agent?

ianco (Fri, 11 Dec 2020 15:01:12 GMT):

This work is in progress!

swcurran (Fri, 11 Dec 2020 15:17:39 GMT):

In progress as in the code to use ACA-Py as a mediator has been merged.  The ability to use ACA-Py as a client of an ACA-Py mediator has not been done yet, and I think the docs are light (although I haven't checked :-) ).

kaijuneer (Mon, 14 Dec 2020 11:31:10 GMT):

Has joined the channel.

ankita.p17 (Mon, 14 Dec 2020 14:07:46 GMT):

Hi, I am trying to register nym-transaction from a steward agent using aca-py version 0.5.6 on the local network. It is returning an error for DID verkey not found in the wallet every time. This DID verkey is of another agent that will not be in this agent. Error says - 

aries_cloudagent.admin.server ERROR Handler error with exception: Registered NYM for DID T5XADvfw7MoCtykk1Tuym6 on ledger but could not replace metadata in wallet: Unknown DID: T5XADvfw7MoCtykk1Tuym6

ankita.p17 (Mon, 14 Dec 2020 14:10:23 GMT):

@andrew.whitehead  @ianco Is it a change of expected behaviour in the latest version? Since the DID Verkey does not belong to steward it will never be found in his wallet. Also, this was not happening in older versions.

sklump (Mon, 14 Dec 2020 15:47:38 GMT):

That behaviour has been there for 4 months. What do you think it should do?

sklump (Mon, 14 Dec 2020 15:47:38 GMT):

That behaviour has been there for 4 months. What do you think it should do? This item has come up in the past and we decided to keep it, to flag the case where an agent tries to change its own DID but the operation fails on the wallet: the op does what it can on the ledger and reports any trouble it encounters. At present the strategy is to anticipate this error and filter it out.

sklump (Mon, 14 Dec 2020 15:47:49 GMT):

I think maybe you should put up an issue for this.

andrew.whitehead (Mon, 14 Dec 2020 16:50:35 GMT):

It looks like it was updated a few months ago to set the 'posted' flag on that DID in the wallet. Maybe it needs a flag to disable that behaviour?  @sklump

sklump (Mon, 14 Dec 2020 16:51:48 GMT):

That could work, I can look into it later today

devexplore2020 (Mon, 14 Dec 2020 17:24:26 GMT):

Has joined the channel.

devexplore2020 (Mon, 14 Dec 2020 17:27:25 GMT):

Greetings everyone. I have downloaded the Aries https://github.com/hyperledger/aries-cloudagent-python and wanted to get starting on building a small cloud-wallet-agent app for simple VC exchanging. I was wondering if there are some pointers from the experienced ones. I understand python and use it on daily basis for infrastructure as code. Is is best to start a local Indy network with those 4 docker VMs and where could I find a starting guide for simple VC issuing and storing them in a cloud wallet ?

marc0olo (Tue, 15 Dec 2020 01:20:22 GMT):

@andrew.whitehead I have currently 2 instances of ACA-Py running and I am trying to achieve a connection using the new introduced didexchange protocol. can you tell me what steps need to be done in the controller? I am stuck after creating the out-of-band invitation which I want to make use of. I don't even know whether the out-of-bound invitation I created is correct and can be used to perform a didexchange. the create-invitation response looks like this:
```
{
  "auto_accept": false,
  "multi_use": false,
  "invi_msg_id": "dc01ec65-d1b7-4af0-86cd-33af3f2fb84f",
  "trace": false,
  "invitation_id": "635a981a-b073-4214-80bb-de122959c058",
  "invitation_url": "http://localhost:8001?oob=eyJAdHlwZSI6ICJkaWQ6c292OkJ6Q2JzTlloTXJqSGlxWkRUVUFTSGc7c3BlYy9vdXQtb2YtYmFuZC8xLjAvaW52aXRhdGlvbiIsICJAaWQiOiAiZGMwMWVjNjUtZDFiNy00YWYwLTg2Y2QtMzNhZjNmMmZiODRmIiwgImxhYmVsIjogIkFyaWVzIENsb3VkIEFnZW50IiwgImhhbmRzaGFrZV9wcm90b2NvbHMiOiBbImRpZDpzb3Y6QnpDYnNOWWhNcmpIaXFaRFRVQVNIZztzcGVjL291dC1vZi1iYW5kLzEuMC9pbnZpdGF0aW9uIl0sICJzZXJ2aWNlIjogW3siaWQiOiAiI2lubGluZSIsICJ0eXBlIjogImRpZC1jb21tdW5pY2F0aW9uIiwgInJlY2lwaWVudEtleXMiOiBbImRpZDprZXk6ejZNa2VVNkZScWZ3N1gzbmFyYkx2c2lVdHFUUGhiTVpHck1mZGpOM21rWEFoZzdZIl0sICJzZXJ2aWNlRW5kcG9pbnQiOiAiaHR0cDovL2xvY2FsaG9zdDo4MDAxIn1dfQ==",
  "created_at": "2020-12-15 01:13:33.517182Z",
  "state": "initial",
  "updated_at": "2020-12-15 01:13:33.517182Z",
  "invitation": {
    "@type": "did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/out-of-band/1.0/invitation",
    "@id": "dc01ec65-d1b7-4af0-86cd-33af3f2fb84f",
    "label": "Aries Cloud Agent",
    "handshake_protocols": [
      "did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/out-of-band/1.0/invitation"
    ],
    "service": [
      {
        "id": "#inline",
        "type": "did-communication",
        "recipientKeys": [
          "did:key:z6MkeU6FRqfw7X3narbLvsiUtqTPhbMZGrMfdjN3mkXAhg7Y"
        ],
        "serviceEndpoint": "http://localhost:8001"
      }
    ]
  }
}
```

marc0olo (Tue, 15 Dec 2020 01:20:22 GMT):

@andrew.whitehead I have currently 2 instances of ACA-Py running and I am trying to achieve a connection using the new introduced didexchange protocol. can you tell me what steps need to be done in the controller api of the two instances? I am stuck after creating the out-of-band invitation which I want to make use of. I don't even know whether the out-of-bound invitation I created is correct and can be used to perform a didexchange. the create-invitation response looks like this:
```
{
  "auto_accept": false,
  "multi_use": false,
  "invi_msg_id": "dc01ec65-d1b7-4af0-86cd-33af3f2fb84f",
  "trace": false,
  "invitation_id": "635a981a-b073-4214-80bb-de122959c058",
  "invitation_url": "http://localhost:8001?oob=eyJAdHlwZSI6ICJkaWQ6c292OkJ6Q2JzTlloTXJqSGlxWkRUVUFTSGc7c3BlYy9vdXQtb2YtYmFuZC8xLjAvaW52aXRhdGlvbiIsICJAaWQiOiAiZGMwMWVjNjUtZDFiNy00YWYwLTg2Y2QtMzNhZjNmMmZiODRmIiwgImxhYmVsIjogIkFyaWVzIENsb3VkIEFnZW50IiwgImhhbmRzaGFrZV9wcm90b2NvbHMiOiBbImRpZDpzb3Y6QnpDYnNOWWhNcmpIaXFaRFRVQVNIZztzcGVjL291dC1vZi1iYW5kLzEuMC9pbnZpdGF0aW9uIl0sICJzZXJ2aWNlIjogW3siaWQiOiAiI2lubGluZSIsICJ0eXBlIjogImRpZC1jb21tdW5pY2F0aW9uIiwgInJlY2lwaWVudEtleXMiOiBbImRpZDprZXk6ejZNa2VVNkZScWZ3N1gzbmFyYkx2c2lVdHFUUGhiTVpHck1mZGpOM21rWEFoZzdZIl0sICJzZXJ2aWNlRW5kcG9pbnQiOiAiaHR0cDovL2xvY2FsaG9zdDo4MDAxIn1dfQ==",
  "created_at": "2020-12-15 01:13:33.517182Z",
  "state": "initial",
  "updated_at": "2020-12-15 01:13:33.517182Z",
  "invitation": {
    "@type": "did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/out-of-band/1.0/invitation",
    "@id": "dc01ec65-d1b7-4af0-86cd-33af3f2fb84f",
    "label": "Aries Cloud Agent",
    "handshake_protocols": [
      "did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/out-of-band/1.0/invitation"
    ],
    "service": [
      {
        "id": "#inline",
        "type": "did-communication",
        "recipientKeys": [
          "did:key:z6MkeU6FRqfw7X3narbLvsiUtqTPhbMZGrMfdjN3mkXAhg7Y"
        ],
        "serviceEndpoint": "http://localhost:8001"
      }
    ]
  }
}
```

swcurran (Tue, 15 Dec 2020 04:17:05 GMT):

For sure they `handshake_protocols` entry is not right.  It should be DID Exchange, as that is what you want to use to establish the connection.

andrew.whitehead (Tue, 15 Dec 2020 06:16:23 GMT):

Yup, not sure how that handshake protocol got in there but otherwise you can just submit the contents of the "invitation" block to `/did-exchange/receive-invitation` on the second agent I believe

marc0olo (Tue, 15 Dec 2020 09:33:05 GMT):

ok that's interesting - I will check this out. but how can I use the out-of-band "create-invitation" so that it includes the did-exchange in the `handshake_protocols` ?

marc0olo (Tue, 15 Dec 2020 09:33:30 GMT):

currently I am only playing around with the open API endpoints of both agents

sklump (Tue, 15 Dec 2020 11:41:51 GMT):



handshake.png

sklump (Tue, 15 Dec 2020 11:41:59 GMT):

set `include_handshake=true` in the request body:

sklump (Tue, 15 Dec 2020 11:42:41 GMT):



handshake.png

marc0olo (Tue, 15 Dec 2020 11:46:38 GMT):

yes - but it doesn't include the didexchange invitation then. just wondering if it is desired to have that included.

marc0olo (Tue, 15 Dec 2020 11:46:38 GMT):

yes - but it doesn't include the didexchange invitation protocol then. just wondering if it is desired to have that included.

sklump (Tue, 15 Dec 2020 11:47:23 GMT):

Is it ever supposed to be `...;spec/out-of-band/1.0/invitation`? Right now that's what aca-py produces. Should it always be did-exchange instead of out-of-band?

sklump (Tue, 15 Dec 2020 11:47:23 GMT):

Is it ever supposed to be `...;spec/out-of-band/1.0/invitation`? Right now that's what aca-py produces. @andrew.whitehead Should it always be did-exchange instead of out-of-band?

sklump (Tue, 15 Dec 2020 11:47:23 GMT):

Is it ever supposed to be `...;spec/out-of-band/1.0/invitation`? Right now that's what aca-py produces. @andrew.whitehead Should it always be `...;spec/didexchange/...` instead of `...;spec/out-of-band/...`?

sklump (Tue, 15 Dec 2020 11:49:04 GMT):

I'm leaning toward yes.

sklump (Tue, 15 Dec 2020 11:49:04 GMT):

I'm leaning toward yes-ish?

rocky_2020 (Tue, 15 Dec 2020 12:05:57 GMT):

Can anyone let me know the location where private & Public key stored in the mobile agent?

marc0olo (Tue, 15 Dec 2020 12:07:36 GMT):

I would think so. I think I am facing another problem when trying to get the didexchange between two aca-py instances running. first I played around with the open API endpoints and I finally managed to get an active connection. but somehow the connection was only active on bob's side and for alice it seemed to be gone.

when performing another try using the auto-accept flag on both sides I am running in an error where there the message couldnt be unpacked due to `aries_cloudagent.wallet.error.WalletError: Private key not found for verkey: CB8q7cfU3kRFwyx7ifXSUaNQv2kF3hQbVWVuLtTAkZ6o`

I need to say that I am running the instances in mode `--no-leder`

devexplore2020 (Tue, 15 Dec 2020 12:51:01 GMT):

Hi everyone. I have cloned the repo and I trying to start the /manage start in the docker folder

devexplore2020 (Tue, 15 Dec 2020 12:51:07 GMT):

I am getting this error: Step 7/14 : RUN pip3 install --no-cache-dir -r requirements.txt -r requirements.dev.txt
 ---> Running in a5e721493c48
/bin/sh: 1: pip3: not found
The command '/bin/sh -c pip3 install --no-cache-dir -r requirements.txt -r requirements.dev.txt' returned a non-zero code: 127

devexplore2020 (Tue, 15 Dec 2020 12:52:12 GMT):

tryied to check some workarounds in dockerrun file, on my local ubuntu 16.04lts I have python 3.8, should not be an issues , I manage to upgrade the RUN pip3 install --upgrade pip==20.3.1  but it seems it does not want to play further with the requirements, will check further

marc0olo (Tue, 15 Dec 2020 13:22:23 GMT):

my observations are as follows:
- the error mentioned above (private key net found) occurs on alice's instance when trying to accept the request for the connection of the invitation. the connection-state of alice switches to "response"
- the state of the connection on bob's side is "request" after accepting the invitation. when trying to accept the request I get an error `404: Record not found.`

marc0olo (Tue, 15 Dec 2020 13:22:23 GMT):

my observations are as follows:

- the error mentioned above (private key net found) occurs on alice's instance when trying to accept the request for the connection of the invitation. the connection-state of alice switches to "response"

- the state of the connection on bob's side is "request" after accepting the invitation. when trying to accept the request I get an error `404: Record not found.`

ankita.p17 (Tue, 15 Dec 2020 14:11:08 GMT):

Okay, but then agent throws an error and not just a warning and controller breaks too. Also, we agent needs to replace it's local did metadata after registering the nym?

sklump (Tue, 15 Dec 2020 14:18:40 GMT):

Yeah, the steward can't set the public DID in the other user's wallet.

sklump (Tue, 15 Dec 2020 14:19:47 GMT):

I'll put something up this morning in on a branch local to my github account and ask you to see if it's good.

ankita.p17 (Tue, 15 Dec 2020 14:20:55 GMT):

Sure. Thanks. Meanwhile we'll see to handle it in controller.

ankita.p17 (Tue, 15 Dec 2020 14:21:16 GMT):

Does it need an issue on repository?

ankita.p17 (Tue, 15 Dec 2020 14:21:16 GMT):

Does it need an issue to be created on repository?

sklump (Tue, 15 Dec 2020 14:21:28 GMT):

no, that's fine, I'm on it

ankita.p17 (Tue, 15 Dec 2020 14:21:34 GMT):

Okay. Thanks

devexplore2020 (Tue, 15 Dec 2020 16:18:12 GMT):

Hi, I have managed to add to the Dockerfile.run the additions:

devexplore2020 (Tue, 15 Dec 2020 16:18:12 GMT):

USER root
RUN echo "indy ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers
#RUN apt-get update
#RUN apt-get install python3-pip
RUN apt-get update
RUN apt-get upgrade -y
RUN apt-get install -y python3-pip

devexplore2020 (Tue, 15 Dec 2020 16:18:28 GMT):

so I managed to go trough the installations, added the indy user as sudo

devexplore2020 (Tue, 15 Dec 2020 16:18:47 GMT):

now when I rung ./scripts/run_docker start --inbound-transport http 0.0.0.0 10000 --outbound-transport http --debug --log-level DEBUG -e http://0.0.0.0

devexplore2020 (Tue, 15 Dec 2020 16:19:47 GMT):

I get the following error: ptvsd library was not found
 File "/home/indy/aries_cloudagent/config/argparse.py", line 560, in get_settings
    + "explicitely configure aca-py to run with no ledger)."
aries_cloudagent.config.error.ArgsParseError: One of --genesis-url --genesis-file or --genesis-transactions must be specified (unless --no-ledger is specified to explicitely configure aca-py to run with no ledger).

sklump (Tue, 15 Dec 2020 16:38:04 GMT):

Who is the requester? Who is the responder (=inviter)?

andrew.whitehead (Tue, 15 Dec 2020 16:42:45 GMT):

For aca-py it should probably include both protocols in the handshake options - did-exchange and then connections

andrew.whitehead (Tue, 15 Dec 2020 16:45:20 GMT):

The error on Bob's side might mean that you're looking at an out-dated state for the connection. The endpoint will return the current state ('request') but if the auto-accept options are on, it continues with the connection in the background

swcurran (Tue, 15 Dec 2020 16:49:45 GMT):

Are you running a local ledger -- e.g. an instance of VON Network?

devexplore2020 (Tue, 15 Dec 2020 17:28:49 GMT):

Hi. I did not start any ledger. Is there a best practice to start a local Indy one in docker and then connect? Could not find in the repo guidelines? 

devexplore2020 (Tue, 15 Dec 2020 17:29:38 GMT):

Or I could connect to Sovrin staging net or local Indy for testing would be best I guess? 

swcurran (Tue, 15 Dec 2020 17:46:15 GMT):

Best practices for local runs and tests is to use VON Network. The messaging you are getting is because lacking other instruction (e.g. a genesis file for another ledger), ACA-Py assumes you are running a VON Network ledger.  As noted in the error, you can explicitly say "No Ledger", but that leaves you with...no ledger -- limiting what you can do.  But it does work, and there are use cases for it.

mattatkiva (Tue, 15 Dec 2020 17:50:06 GMT):

I generated a DID/verkey pair using indy sdk.   Then I called POST /wallet/did/public on acapy.  I got this error: `'Value vPjtqVtxpTfEdNkVBFMV is not an indy decentralized identifier (DID)'`   can I use indysdk generated dids or do I need to get did another way?

devexplore2020 (Tue, 15 Dec 2020 17:50:26 GMT):

Thanks. Is there a best guide for Indy ledger? Would like to stay later on Sovrin 

sklump (Tue, 15 Dec 2020 17:52:22 GMT):

it's too short - did you miss a mouse-copy end?

mattatkiva (Tue, 15 Dec 2020 17:52:55 GMT):

yeah. thats a highly likely possibility.  how long should it be?

swcurran (Tue, 15 Dec 2020 17:55:07 GMT):

https://github.com/bcgov/von-network is good and makes for a pretty transition to Sovrin

swcurran (Tue, 15 Dec 2020 17:55:47 GMT):

In the ACA-Py `/demos`, there a bunch of examples and most use von-network

devexplore2020 (Tue, 15 Dec 2020 17:57:19 GMT):

Thanks @swcurran I will check out the demos. I will also see to run a local indy ledger and connect there. Have seen others were doing also the same. I will also add my 2 cents during the testing and provide feedback.

marc0olo (Tue, 15 Dec 2020 18:05:55 GMT):

have you got it working on your end? I also tried to execute the didexchange with auto-accept. but then I face the same problem on alice's side with the `Private key not found`

marc0olo (Tue, 15 Dec 2020 18:06:24 GMT):

@sklump the requester is `Bob` and the responder is `Alice` in my testscenario

mattatkiva (Tue, 15 Dec 2020 18:14:01 GMT):

Part 2:  I generated a DID/verkey pair using indy sdk. Then I called POST /wallet/did/public on acapy. I got this error: ' DID vPjtqVtxpTfEdNkVBFMVK is not public'.   Can I use indysdk generated dids or do I need to get did another way?

mattatkiva (Tue, 15 Dec 2020 18:14:01 GMT):

Part 2:  I generated a DID/verkey pair using indy sdk. Then I called POST /wallet/did/public on acapy. I got this error: '`DID vPjtqVtxpTfEdNkVBFMVK is not public'.   Can I use indysdk generated dids or do I need to get did another way?

mattatkiva (Tue, 15 Dec 2020 18:14:01 GMT):

Part 2:  I generated a DID/verkey pair using indy sdk. Then I called POST /wallet/did/public on acapy. I got this error: `DID vPjtqVtxpTfEdNkVBFMVK is not public'.   Can I use indysdk generated dids or do I need to get did another way?

mattatkiva (Tue, 15 Dec 2020 18:14:01 GMT):

Part 2:  I generated a DID/verkey pair using indy sdk. Then I called POST /wallet/did/public on acapy. I got this error: `DID vPjtqVtxpTfEdNkVBFMVK is not public`.   Can I use indysdk generated dids or do I need to get did another way?

ianco (Tue, 15 Dec 2020 18:15:39 GMT):

You need to write the DID to the ledger, aca-py doesn't do that

mattatkiva (Tue, 15 Dec 2020 18:17:00 GMT):

what is the easiest way to generate a did that will work?

sklump (Tue, 15 Dec 2020 18:22:05 GMT):

@andrew.whitehead RFC160 invitation is fundamentall different from RFC434 invitation and at aca-py doesn't support RFC160 anymore: including RFC160 connection in the handshake protocols would be incorrect without more stuff that I can't get in before Christmas. For now I plan to fix the handshake protocol to include didexchange and punt any additional protocol support to 2021.

sklump (Tue, 15 Dec 2020 18:22:05 GMT):

@andrew.whitehead RFC160 invitation is fundamentally different from RFC434 invitation and at aca-py doesn't support RFC160 anymore: including RFC160 connection in the handshake protocols would be incorrect without more stuff that I can't get in before Christmas. For now I plan to fix the handshake protocol to include didexchange and punt any additional protocol support to 2021.

sklump (Tue, 15 Dec 2020 18:22:05 GMT):

@andrew.whitehead RFC160 invitation is fundamentally different from RFC434 invitation and at aca-py doesn't support RFC160 anymore in this way: including RFC160 connection in the handshake protocols would be incorrect without more stuff that I can't get in before Christmas. For now I plan to fix the handshake protocol to include didexchange and punt any additional protocol support to 2021.

sklump (Tue, 15 Dec 2020 18:57:04 GMT):

@marc0olo Try https://github.com/hyperledger/aries-cloudagent-python/pull/853 and see how far it gets

sklump (Tue, 15 Dec 2020 18:57:04 GMT):

@marc0olo Track https://github.com/hyperledger/aries-cloudagent-python/pull/853 and see how far it gets after merge into master

sklump (Tue, 15 Dec 2020 18:57:33 GMT):

I suspect it won't do anything about the follow-on problem

sklump (Tue, 15 Dec 2020 19:11:15 GMT):

I can try to reproduce that tomorrow.

marc0olo (Tue, 15 Dec 2020 19:17:29 GMT):

Thanks. I will also give it another try.

marc0olo (Tue, 15 Dec 2020 19:17:29 GMT):

Thanks. I will also give it another try. Maybe I am doing sth wrong. But would be good to get statement from somebody that also tried to get didexchange working between two aca-py instances 👍🏻

marc0olo (Tue, 15 Dec 2020 19:17:29 GMT):

Thanks. I will also give it another try. Maybe I am doing sth wrong. But would be good to get a statement from somebody that also tried to get didexchange working between two aca-py instances 👍🏻

swcurran (Tue, 15 Dec 2020 19:43:46 GMT):

Thanks. For what it's worth, we discourage spinning up an Indy network on bare-metal vs. von-network as there is not a lot to learn that you will need to apply in doing that.  Better to focus on the Agent you are working with as you learn, as that's what you will be starting with.  We also encourage using docker for that as well, but that's us :-)

devexplore2020 (Tue, 15 Dec 2020 20:05:21 GMT):

Thanks @swcurran I managed to get the wallet connected with Sovrin Buildernet, and I have started native on the Linux VPS since I am not see always happy with docker because of dependencies, but I will see to test further. Now I guess I need to go over DevReadMe.md to see how to explore the APIs and other  dev possibilities 

sauveergoel (Tue, 15 Dec 2020 20:29:53 GMT):

Has joined the channel.

sauveergoel (Tue, 15 Dec 2020 20:29:54 GMT):

Hi guys,
I was searching a solution for InvalidClientTaaAcceptanceError error
my issue is that I am deploying the Aries agent on kubernetes and I cannot login into a running container to accept the TAA
is there anyway to auto-accept TAA?
I was trying out StaggingNet with Aries
I am trying to run the demo runners with staggingnet

andrew.whitehead (Tue, 15 Dec 2020 20:40:05 GMT):

It works with the alice and faber demo agents, when faber is started with `--did-exchange`

esune (Tue, 15 Dec 2020 20:43:15 GMT):

Have you accepted the TAA using a wrong method, or do you still need to accept it?

sauveergoel (Tue, 15 Dec 2020 20:43:41 GMT):

i havent been able to accept it

sauveergoel (Tue, 15 Dec 2020 20:44:06 GMT):

i get the error when faber agent tries to register a schema

esune (Tue, 15 Dec 2020 20:45:08 GMT):

Is this runing one of the demos, or your own agent?

esune (Tue, 15 Dec 2020 20:45:08 GMT):

Is this runing one of the demos, or your own provisioned agent?

sauveergoel (Tue, 15 Dec 2020 20:45:24 GMT):

OpenAPI Demo

esune (Tue, 15 Dec 2020 20:49:04 GMT):

You will need to manually register your did/verkey on StagingNet using https://selfserve.sovrin.org before you can write to the ledger - whether that is accepting the TAA (which should come before you do anything else) or register schemas/cred_defs

sauveergoel (Tue, 15 Dec 2020 20:49:30 GMT):

yes, thats already done

sauveergoel (Tue, 15 Dec 2020 20:50:11 GMT):

I am using the same seed i used to generate did,verkey pair to register it in stagingnet

esune (Tue, 15 Dec 2020 20:50:52 GMT):

Okay, then you should be good from that point of view. The admin api has some endpoints to get and accept the TAA under the `/ledger` endpoint I believe

esune (Tue, 15 Dec 2020 20:50:52 GMT):

Okay, then you should be good from that point of view. The admin api has some endpoints to get and accept the TAA under the `/ledger` namespace I believe

andrew.whitehead (Tue, 15 Dec 2020 20:50:55 GMT):

You would need to run the `provision` command interactively against the pod or use the admin endpoint to accept the TAA

andrew.whitehead (Tue, 15 Dec 2020 20:52:02 GMT):

I haven't tried that personally, maybe @WadeBarnes has a good way of doing it

esune (Tue, 15 Dec 2020 20:53:28 GMT):

I have not used the `provision` command either, generally I use the admin API and restart the agent after accepting the TAA as it appears that it needs to pick up the changes (but restarting may not be required, not sure about that)

sauveergoel (Tue, 15 Dec 2020 20:55:18 GMT):

I found some endpoint to accept TAA `/ledger/taa/accept` but the inputs are not much clear. can you help with what should be going where? `{
  "text": "string",
  "version": "string",
  "mechanism": "string"
}`

esune (Tue, 15 Dec 2020 20:57:03 GMT):

You should first use GET `/ledger/taa` to fetch the current TAA information, the info you need for the body of the POST `/ledger/taa/accept` is there

sauveergoel (Tue, 15 Dec 2020 20:57:33 GMT):

i couldnt find mechanism

esune (Tue, 15 Dec 2020 20:57:37 GMT):

`text` is the whole text of the TAA, specifically the `taa_record.text` property in what the GET request returns you

esune (Tue, 15 Dec 2020 20:57:54 GMT):

`version` is the value of `taa_record.version`

esune (Tue, 15 Dec 2020 20:58:33 GMT):

`mechanism` is the value of one of the keys in `aml_record.aml` (e.g.: `at_submission`)

sauveergoel (Tue, 15 Dec 2020 20:58:58 GMT):

ohh ok..let me try

esune (Tue, 15 Dec 2020 20:59:19 GMT):

I am not sure on whether there is documentation on this, I agree it is a bit obscure unless you know what to look for and what to do - c.c. @swcurran

andrew.whitehead (Tue, 15 Dec 2020 21:00:38 GMT):

I suppose one thing we could do for openshift is look for the hash of the TAA and the acceptance method in environment variables, that might be explicit enough

andrew.whitehead (Tue, 15 Dec 2020 21:01:14 GMT):

Would need another tool to prepare that information

sauveergoel (Tue, 15 Dec 2020 21:02:22 GMT):

it worked!...which makes me curious regarding one thing here, I instantiated the Acme agent and was able to reach the `/ledger` endpoint, but when i tried out Faber, since the script has a schema registration, there is no time left to accept the agreement. any suggestion as to how to deal with faber?

esune (Tue, 15 Dec 2020 21:03:11 GMT):

@andrew.whitehead  That could work. If it was not necessary to restart the agent after accepting it (again, I think it is, but not sure) we could try and script things as well - I started on that a while back and haven't looked at it more tbh

esune (Tue, 15 Dec 2020 21:05:02 GMT):

@sauveergoel I think you would have to start the agent, it will fail publishing the schema, youwould accept the TAA and then restart the agent and it should try to publish the schema again and succeed this time

sauveergoel (Tue, 15 Dec 2020 21:06:33 GMT):

sure, we can probably try that or maybe modify the faber code a little bit to ensure before making ledger reqs the taa is accepted

esune (Tue, 15 Dec 2020 21:09:47 GMT):

The demos target BCovrin Test because that ledger does not require a TAA acceptance, but you have a good point in case someone else wants to try with a different ledger

sauveergoel (Tue, 15 Dec 2020 21:18:36 GMT):

yes. Thank you for the help

sauveergoel (Tue, 15 Dec 2020 21:22:11 GMT):

@esune can you help create a ticket for the same? maybe I can try and contribute towards this issue/enhancement

esune (Tue, 15 Dec 2020 21:33:12 GMT):

You could open an issue in the repository about the need/possibility of enhancing the demo for ledgers that require a TAA. I am not maintaining the demos directly so it may be better to have some input/feedback from the people who do as well. A PR with changes addressing the issue is also welcome, of course

swcurran (Tue, 15 Dec 2020 21:35:00 GMT):

Add the issue here: https://gtihub.com/hyperledger/aries-cloudagent-python

sauveergoel (Tue, 15 Dec 2020 22:04:03 GMT):

https://github.com/hyperledger/aries-cloudagent-python/issues/855

marc0olo (Wed, 16 Dec 2020 12:15:17 GMT):

@andrew.whitehead I can confirm that didexchange works when running the alice faber demo on a local von-network.

however, when trying to perform a didexchange using the controller api of two different agents which are running in `--no-ledger` mode, I get the error mentioned above (Private key not found) when trying to accept the request on the responder (inviter) side

sklump (Wed, 16 Dec 2020 12:36:07 GMT):

What command-line parameters start the agents?

marc0olo (Wed, 16 Dec 2020 12:37:53 GMT):

I have built an image with `Dockerfile.run` and I am starting both agents with following command:
`start -it http 0.0.0.0 8000 -e http://acapy-alice:8000 -ot http --log-level DEBUG --admin-insecure-mode --admin 0.0.0.0 9000 --no-ledger`

marc0olo (Wed, 16 Dec 2020 12:38:21 GMT):

ahhh OMG, I put in the wrong endpoint for bob due to copy paste

sklump (Wed, 16 Dec 2020 12:38:51 GMT):

Let's see if it makes a difference. No-ledger could well be exotic enough to generate some whammies.

marc0olo (Wed, 16 Dec 2020 12:45:22 GMT):

ok I have an active connection. now the error message with the missing private key finally makes sense :D - alice tried to unpack a message that was targeted to bob.

but I observed that the connection state on bob's side is now `response` while the state on alice's side is `active`. is this the expected behavior? I'd expect it to be active on bob's side, too.

I am also wondering about the state transitions generally. is there a reason that they aren't exactly like described in rfc `0023` ?

sklump (Wed, 16 Dec 2020 12:47:25 GMT):

Connection records have to serve for both RFC-160 and RFC-23 generated connections, and RFC-160 was there first.

sklump (Wed, 16 Dec 2020 12:48:20 GMT):

A connection record state and knowledge of the role maps to an RFC 23 state.

marc0olo (Wed, 16 Dec 2020 12:51:03 GMT):

ok, we were a little bit confused about that. thanks

marc0olo (Wed, 16 Dec 2020 12:52:21 GMT):

one last question about this => why is ACA-Py still using the `did:sov:...` instead of `https://didcomm....` in the @type definition and the handshake_protocols values?

sklump (Wed, 16 Dec 2020 12:54:09 GMT):

You can choose otherwise with parameter `--emit-new-didcomm-prefix`

sklump (Wed, 16 Dec 2020 12:54:33 GMT):

We have dependents who still rely on the old one

sklump (Wed, 16 Dec 2020 12:55:01 GMT):

but ask S Curran on the state of that, if it's still true and whether it's time to migrate

marc0olo (Wed, 16 Dec 2020 12:55:03 GMT):

alright. but I would expect it the other way round for the "newbies"

sklump (Wed, 16 Dec 2020 12:55:23 GMT):

That's how it was implemented originally but we blew up a client or two

sklump (Wed, 16 Dec 2020 12:55:23 GMT):

That's how I implemented it originally but we blew up a client or two

sklump (Wed, 16 Dec 2020 12:55:23 GMT):

That's how I implemented it originally but it blew up a client or two

sklump (Wed, 16 Dec 2020 12:56:24 GMT):

_notice how it's "I" for progress but "we" for consequences_

marc0olo (Wed, 16 Dec 2020 12:57:17 GMT):

I understand, thanks. if it will be dropped / migrated at some point in the future it's fine. otherwise I would expect "new-didcomm-prefix" be standard and "old-did-prefix" the param

marc0olo (Wed, 16 Dec 2020 12:58:11 GMT):

thanks for answering me all those questions! helps me a lot

sklump (Wed, 16 Dec 2020 12:58:27 GMT):

Expectations are fine, but it is what it is. We had our reasons to change to the current pragma, but I don't remember the details.

Here is the state equivalence between RFC 160 and RFC 23:
https://github.com/hyperledger/aries-cloudagent-python/blob/cb98dfebdf2154cdc374aacd4a849c784178de11/aries_cloudagent/connections/models/conn_record.py#L74

sklump (Wed, 16 Dec 2020 13:00:24 GMT):

Then, the connection record Role https://github.com/hyperledger/aries-cloudagent-python/blob/cb98dfebdf2154cdc374aacd4a849c784178de11/aries_cloudagent/connections/models/conn_record.py#L35
maps the state to `...-received` or `-sent` accordingly where applicable.

marc0olo (Wed, 16 Dec 2020 13:08:53 GMT):

ok. so for a specific connection I need to know the protocol which was used in order the map to the "correct" state right?

marc0olo (Wed, 16 Dec 2020 13:10:39 GMT):

here an example of my active connection of alice and bob.

alice:
```
{
      "request_id": "0f1f0c14-2fe7-45a8-879a-41b45f69e6c5",
      "accept": "manual",
      "their_label": "Aries Cloud Agent",
      "their_role": "invitee",
      "updated_at": "2020-12-16 13:05:41.353319Z",
      "invitation_mode": "once",
      "state": "active",
      "invitation_key": "ADdggbfuVtvUw4N89CQE6aqZdJhxbGNcaS1VmuXSF4TY",
      "their_did": "PytoZr5x2bV2zRVeEovNw7",
      "connection_id": "72a66cb0-1781-4377-b26c-2d017e471778",
      "created_at": "2020-12-16 13:03:32.012648Z",
      "my_did": "DWSeZcoVN5kCkAT96sUhLR",
      "routing_state": "none"
    }
```

bob:
```
{
      "connection_id": "ca2b895b-46e8-4056-b012-dbed84ca82fb",
      "invitation_mode": "once",
      "state": "response",
      "invitation_key": "did:key:z6MkoftjGqvLqSQx3ZCppmN4wgPZSsyp19cyGSvRcBVTAHEv",
      "their_role": "inviter",
      "accept": "manual",
      "their_label": "Aries Cloud Agent",
      "routing_state": "none",
      "request_id": "0f1f0c14-2fe7-45a8-879a-41b45f69e6c5",
      "updated_at": "2020-12-16 13:05:41.327447Z",
      "my_did": "PytoZr5x2bV2zRVeEovNw7",
      "their_did": "DWSeZcoVN5kCkAT96sUhLR",
      "created_at": "2020-12-16 13:03:47.280444Z"
    }
```

I am somehow wondering why the state on bob's side remains "response" although the request was accepted by alice and I have an active connection

sklump (Wed, 16 Dec 2020 13:11:18 GMT):

No. For example, if the connection record role is `Role.REQUESTER` and the state is `State.INVITATION` then the RFC 23 state is `invitation-received` necessarily. Because the `Role.RESPONDER` doesn't receive the invitation, he sends it.

sklump (Wed, 16 Dec 2020 13:11:18 GMT):

No. For example, if the connection record their-role is `Role.REQUESTER` and the state is `State.INVITATION` then the RFC 23 state is `invitation-sent` necessarily. Because the `Role.REQUESTER` doesn't send the invitation, he receives it.

marc0olo (Wed, 16 Dec 2020 13:11:19 GMT):

I am able to send messages from alice to bob and the other way round

sklump (Wed, 16 Dec 2020 13:13:03 GMT):

That might be a bug for Bob's side

marc0olo (Wed, 16 Dec 2020 13:13:18 GMT):

shall I create an issue on github?

sklump (Wed, 16 Dec 2020 13:13:29 GMT):

Please

marc0olo (Wed, 16 Dec 2020 13:17:06 GMT):

ok really one last question about the states in regards to the role and the protocol. as far as I understood it is being mapped accordingly. I am just wondering why the rest API doesn't deliver the mapped state when requesting a connection

marc0olo (Wed, 16 Dec 2020 13:29:07 GMT):

https://github.com/hyperledger/aries-cloudagent-python/issues/857

sklump (Wed, 16 Dec 2020 13:31:21 GMT):

What do you wish it was? Feel free to code it up and submit it

marc0olo (Wed, 16 Dec 2020 13:31:47 GMT):

do you mean the final state transition or the API response?

sklump (Wed, 16 Dec 2020 13:32:02 GMT):

I mean what you mean, if I knew what you meant

marc0olo (Wed, 16 Dec 2020 13:32:44 GMT):

now I am confused :sweat_smile:

sklump (Wed, 16 Dec 2020 13:32:54 GMT):

What do you want from me exactly here?

marc0olo (Wed, 16 Dec 2020 13:33:03 GMT):

in the issue?

sklump (Wed, 16 Dec 2020 13:33:54 GMT):

"ok really one last question ...": I don't know what you want from there on

sklump (Wed, 16 Dec 2020 13:34:35 GMT):

Which API call?

sklump (Wed, 16 Dec 2020 13:34:39 GMT):

For starters

sklump (Wed, 16 Dec 2020 13:34:49 GMT):

There are hundreds of them.

marc0olo (Wed, 16 Dec 2020 13:37:04 GMT):

yes, there I mean the response-object (`ConnRecord`) for a connection. specifically the attribute `state`. I am wondering whether it wouldn't be better to return the state according to the protocol and role ( e.g. `invitation-sent` or `request-received`)

marc0olo (Wed, 16 Dec 2020 13:37:31 GMT):

according to the code you linked above

sklump (Wed, 16 Dec 2020 13:43:32 GMT):

What API call?

sklump (Wed, 16 Dec 2020 13:44:54 GMT):

No, because RFC 23 isn't the only game in town. RFC 160 is still the protocol of choice for most of our clients. The connection record retains state for aca-py state machine, not for an external standard: map it how you like

mattatkiva (Wed, 16 Dec 2020 15:18:18 GMT):

looking at acpy api, I see this `ledger/register-nym`.   That will put my did on the ledger.  but that doesn't make it steward does it?   I need to be able to create schemas and cred defs.

sklump (Wed, 16 Dec 2020 15:21:22 GMT):

ENDORSER (=trust-anchor) is good enough for that. STEWARDs register nyms onto the ledger. TRUSTEEs can do that and more.
https://github.com/hyperledger/indy-node/blob/master/docs/source/auth_rules.md

mattatkiva (Wed, 16 Dec 2020 15:24:00 GMT):

awesome.  thank you

daidoji (Wed, 16 Dec 2020 15:46:27 GMT):

Are there any branches or examples of https://github.com/hyperledger/aries-rfcs/blob/master/concepts/0104-chained-credentials/README.md#privacy-considerations in acapy?

daidoji (Wed, 16 Dec 2020 15:46:27 GMT):

Are there any branches or examples of https://github.com/hyperledger/aries-rfcs/blob/master/concepts/0104-chained-credentials/README.md in acapy?

swcurran (Wed, 16 Dec 2020 16:03:30 GMT):

No -- there are no examples of that of which I'm aware.

swcurran (Wed, 16 Dec 2020 16:04:21 GMT):

Super interesting exercise!  We're very interested, but just haven't had the time.

daidoji (Wed, 16 Dec 2020 16:05:04 GMT):

@swcurran oh whoops, I just cross-posted to #aries thanks for getting back to me.  What are the steps one would need to take to make that happen?

swcurran (Wed, 16 Dec 2020 16:07:10 GMT):

I was thinking about that as I typed that. I've not looked at the spec for awhile.  I think, having a claim that is a proof when issuing, but I'm not certain.  `@danielhardman` would be a good person to ask.

daidoji (Wed, 16 Dec 2020 16:09:20 GMT):

cool, thanks

bruno_santos (Thu, 17 Dec 2020 13:53:15 GMT):

Hello everyone, is this RFC supported by ARIES? https://github.com/hyperledger/aries-rfcs/tree/master/features/0067-didcomm-diddoc-conventions

swcurran (Thu, 17 Dec 2020 15:54:34 GMT):

Yes it is.

bruno_santos (Thu, 17 Dec 2020 15:57:54 GMT):

Ok, @swcurran how can I interact with these DIDDocuments on Aries?

swcurran (Thu, 17 Dec 2020 16:08:53 GMT):

It's implementation dependent (e.g. which framework).  And I'm on the far edge of my knowledge on this :-).

I believe in ACA-Py that information is maintained in the connection object that is persisted as connections between agents are established.

daidoji (Thu, 17 Dec 2020 16:27:11 GMT):

In https://github.com/hyperledger/aries-rfcs/blob/master/features/0036-issue-credential/README.md it states in the diagram that the holder can begin the exchange with `request-credential` but in acapy I can't quite figure out how to do that (`send-request` seems to take a `cred_ex_id`).  What's the right incantation to support this path or is it not possible?  Also, in `send-proposal` is the `credential_proposal` section necessary or optional?  Shouldn't we be able to derive that from the `cred_def_id`?

andrew.whitehead (Thu, 17 Dec 2020 16:38:37 GMT):

For Indy credentials it's not possible to start with a request - you need a credential offer first

andrew.whitehead (Thu, 17 Dec 2020 16:41:06 GMT):

It looks like the credential_proposal is optional in send-proposal

daidoji (Thu, 17 Dec 2020 16:41:59 GMT):

@andrew.whitehead so is that a limitation in Indy that doesn't exist in the RFC basically?  

Also, how did you determine that it was optional (so I don't have to bug you again in the future :D)?

andrew.whitehead (Thu, 17 Dec 2020 16:52:20 GMT):

Yes I think the RFC is intentionally more broad

andrew.whitehead (Thu, 17 Dec 2020 16:52:27 GMT):

I looked at the code

andrew.whitehead (Thu, 17 Dec 2020 16:53:29 GMT):

It's optional in the schema, so it should show as optional on the swagger UI

daidoji (Thu, 17 Dec 2020 18:07:43 GMT):

Cool :+1: .  Hmm, in the swagger profile I'm not seeing it.  I just see that it takes that in the body.

andrew.whitehead (Thu, 17 Dec 2020 18:53:39 GMT):

Okay, yes I guess that only applies to query parameters not the JSON body

marc0olo (Thu, 17 Dec 2020 18:56:45 GMT):

I am currently looking into this and the ACA-Py provides an API `/wallet/set-did-endpoint` which allows to set different services. it seems like currently "only" the types `Endpoint`, `Profile` and `LinkedDomains` are supported:

```
"DIDEndpointWithType" : {
      "type" : "object",
      "required" : [ "did" ],
      "properties" : {
        "did" : {
          "type" : "string",
          "example" : "WgWxqztrNooG92RXvxSTWv",
          "description" : "DID of interest",
          "pattern" : "^(did:sov:)?[123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz]{21,22}$"
        },
        "endpoint" : {
          "type" : "string",
          "example" : "https://myhost:8021",
          "description" : "Endpoint to set (omit to delete)",
          "pattern" : "^[A-Za-z0-9\\.\\-\\+]+://([A-Za-z0-9][.A-Za-z0-9-]+[A-Za-z0-9])+(:[1-9][0-9]*)?(/[^?&#]+)?$"
        },
        "endpoint_type" : {
          "type" : "string",
          "example" : "Endpoint",
          "description" : "Endpoint type to set (default 'Endpoint'); affects only public or posted DIDs",
          "enum" : [ "Endpoint", "Profile", "LinkedDomains" ]
        }
      }
    }
```

I am wondering how to set the service type `did-communication` and how to provide required attributes like `recipientKeys` using the ACA-Py implementation. Currently it doesn't seem to be possible.

daidoji (Thu, 17 Dec 2020 19:00:42 GMT):

ahhh right, fair enough.

swcurran (Thu, 17 Dec 2020 19:44:30 GMT):

^^^ @andrew.whitehead @ianco

andrew.whitehead (Thu, 17 Dec 2020 19:53:46 GMT):

That publishes an endpoint attribute on the Indy-Node ledger. Handing of DID documents on there is a whole separate topic. You seem to be describing a whole service entry, not just an endpoint

daidoji (Thu, 17 Dec 2020 20:15:30 GMT):

in acapy is it possible to use a cred def that an agent didn't originate?  If I create a credential and schema with faber and then try to issue credentials with acme I get `400: Issuer has no operable cred def for proposal spec` I can see where I can retrieve a cred def from the ledger but how can I store and issue credentials using this def?

andrew.whitehead (Thu, 17 Dec 2020 20:16:54 GMT):

You can only issue credentials for a cred def you've created. There are private keys associated with it that aren't published.

daidoji (Thu, 17 Dec 2020 20:18:39 GMT):

but why do I need those private keys?  Isn't the signature on the def just to manage the integrity of the definition itself and not credentials issued with that definition?

daidoji (Thu, 17 Dec 2020 20:19:13 GMT):

maybe I'm misunderstanding what a cred def is supposed to accomplish.  I assumed it was a combination of schemas for a verifiable statement of what a credential can provide.

daidoji (Thu, 17 Dec 2020 20:19:45 GMT):

like a signed manifest is the impression I was operating under

andrew.whitehead (Thu, 17 Dec 2020 20:24:57 GMT):

The credential signature is verified against the public keys in the cred def, which ties it to both the schema and the issuer of the credential

daidoji (Thu, 17 Dec 2020 20:26:16 GMT):

so an instance of a credential, a cred def, and a schema are all tightly coupled?

andrew.whitehead (Thu, 17 Dec 2020 20:31:02 GMT):

Yep

andrew.whitehead (Thu, 17 Dec 2020 20:31:02 GMT):

Yep (and potentially a revocation registry)

daidoji (Thu, 17 Dec 2020 20:35:15 GMT):

hmm, so that's a big misunderstanding of mine.  So like what's the point of them then?  I assumed that schemas were pieces of cred_defs and cred_defs were manifests of credential instances and that schemas and cred_defs could be swapped in an out.  If I have to control the issuer of all three and can't really mix and match then why seperate them all out and post to the ledger?

andrew.whitehead (Thu, 17 Dec 2020 20:36:05 GMT):

The schema issuer can be different from the cred def issuer

andrew.whitehead (Thu, 17 Dec 2020 20:36:39 GMT):

They are published to the ledger so that the issuer doesn't need to be contacted (and isn't) every time a credential is verified, which supports the privacy of the credential holder

daidoji (Thu, 17 Dec 2020 20:37:33 GMT):

Oh so schema [iss 1] as part of cred def [iss 2] is fine.

daidoji (Thu, 17 Dec 2020 20:38:12 GMT):

but issuer[a] can't issue credentials in cred_def[issuer b]

andrew.whitehead (Thu, 17 Dec 2020 20:38:21 GMT):

Right

daidoji (Thu, 17 Dec 2020 20:38:46 GMT):

okay thanks.  Appreciate it.

andrew.whitehead (Thu, 17 Dec 2020 20:41:13 GMT):

No problem!

marc0olo (Thu, 17 Dec 2020 21:13:39 GMT):

that's true :D - is it expected to publish a service entry with logic outside of aca-py?

andrew.whitehead (Thu, 17 Dec 2020 21:17:48 GMT):

By service entry I'm referring to an entry in the service block of a DID document. You could create and publish a DID document that pointed to an aca-py agent, it can't do that automatically at the moment. Generally it would just register a DID on an Indy ledger, which can be resolved to a DID document using a DID resolver

proteche (Fri, 18 Dec 2020 08:56:59 GMT):

Has joined the channel.

proteche (Fri, 18 Dec 2020 08:57:00 GMT):

is there any default values for --wallet-name & --wallet-key ? i am passing --wallet-type as indy then above flags are expecting some value. i passed some random value but its throwing error as wallet  not present

proteche (Fri, 18 Dec 2020 09:49:38 GMT):

okay this works wallet-type: indy
wallet-name: testwallet

ianco (Fri, 18 Dec 2020 14:36:16 GMT):

I think you need to add `--auto-provision` to tell aca-py to create the wallet

ianco (Fri, 18 Dec 2020 14:36:31 GMT):

(and no there are no defaults for these parameters)

VitalijReicherdt (Fri, 18 Dec 2020 17:28:39 GMT):

Hello ACA-Py community,
is there any support for a proxy in aca-py? I am trying to deploy the agent behind a proxy and connect it to a publi

proteche (Sat, 19 Dec 2020 08:21:07 GMT):

yes thanks, i also found later about scripts/run_docker provision command

proteche (Sat, 19 Dec 2020 08:21:07 GMT):

yes thanks, i also found later about `scripts/run_docker provision `command

proteche (Sat, 19 Dec 2020 08:28:36 GMT):

can someone tel me about this flag `--open-mediation` ?  is this something to do with mediator? any possible usecase?

RazaDen (Sat, 19 Dec 2020 10:40:06 GMT):

Has joined the channel.

dbluhm (Sat, 19 Dec 2020 15:43:15 GMT):

This flag is related to the Mediator Coordination RFC and protocol. It specifies that the agent should automatically grant incoming mediation requests.

dbluhm (Sat, 19 Dec 2020 15:47:18 GMT):

Mediation in ACA-Py is actively being worked on so, at the moment, an Admin API to send and manage mediation requests has not yet been merged. Infrastructure is largely in place (hence the flag) but, out of the box, it's still missing a few pieces to actually use it. Keep an eye out for a PR with the Admin API in the very near future!

jameshiester (Sat, 19 Dec 2020 16:00:48 GMT):

is there an example of the yml config?

ianco (Sat, 19 Dec 2020 16:59:37 GMT):

https://github.com/hyperledger/aries-cloudagent-python/blob/master/demo/local-indy-args.yaml

ianco (Sat, 19 Dec 2020 16:59:49 GMT):

https://github.com/hyperledger/aries-cloudagent-python/blob/master/demo/demo-args.yaml

jameshiester (Sat, 19 Dec 2020 19:04:48 GMT):

can you use a combination?

ianco (Sat, 19 Dec 2020 19:20:25 GMT):

These are just examples, you can use any combination of parameters in a yaml file

jameshiester (Sat, 19 Dec 2020 19:21:48 GMT):

no i mean a combination of yaml and command args

ianco (Sat, 19 Dec 2020 19:25:46 GMT):

Yes, I can't remember what takes precedence over what, but you can specify a combination of command line, yaml and environment args

jameshiester (Sat, 19 Dec 2020 21:52:52 GMT):

when using the postgres storage I see an error in the database container "testwallet" does not exist, where testwallet is the name of the wallet in --wallet-name.  Is this expected?  I don't see an error on the aca-py container

ianco (Sat, 19 Dec 2020 23:02:50 GMT):

If I recall aca-py tries to first open the wallet before it creates it, if not found then it creates it (that's why there is an error message)

AryamaI (Mon, 21 Dec 2020 09:14:30 GMT):

Hello, Can someone please confirm that the aca-py cloudagent demo Alice-Faber-Acme example only works when all the containers are in the same host machine. If we wanna try to achieve the demo with Faber on one public Ip and Alice on other, it is not working because faber always try to connect to Alice at localhost:8030 only. What needs to be done, to test out the when each container is present in a different machine?

AryamaI (Mon, 21 Dec 2020 09:14:30 GMT):

Hello, Can someone please confirm that the ACA-py cloud agent demo Alice-Faber-Acme example only works when all the containers are in the same host machine? If we wanna try to achieve the demo with Faber on one public Ip and Alice on the other, it is not working because Faber always try to connect to Alice at localhost:8030 only. What needs to be done, to test out the demo when each container is present on a different machine?

devexplore2020 (Tue, 22 Dec 2020 06:54:37 GMT):

Hi everyone. I have connected one aca-py instance running in a VPS to the Sovrin buildernet. I wanted to explore the Admin API. I could register a schema on the Ledger, but I couldn't write a NYM, got 403 unaotharized error. I have first created a wallet did and took this did/verkey to write a NYM. Have I missed something? 

devexplore2020 (Tue, 22 Dec 2020 06:54:37 GMT):

Hi everyone. I have connected one aca-py instance running in a VPS to the Sovrin buildernet. I wanted to explore the Admin API. I could register a schema on the Ledger, but I couldn't write a NYM, got 403 unaotharized error. I have first created a wallet did and took this did/verkey to write a NYM. Have I missed something? How do I also create wallets and put credentials inside? 

TimoGlastra (Tue, 22 Dec 2020 10:04:59 GMT):

@swcurran can you block some time to discuss integration testing for the ACA-Pug call tomorrow?

devexplore2020 (Tue, 22 Dec 2020 12:47:35 GMT):

Hi everyone. Has there been some production implementation of ACApy with GDPR compliance. For an example , secure storage, custodian wallets, separation of keys. I have seen there has been some work around aries-askar? Per default indy wallet inside ACApy has a sqlite db construct. Is there something more robust planned in future iterations ?

swcurran (Tue, 22 Dec 2020 15:40:52 GMT):

Hi @devexplore2020 --- there have been questions around the writing of NYMs that I've not followed.  Generally we have done creating a NYM offline and then deployed with that created. Perhaps others on the team might be able to help @ianco .

Wallets are created automatically if needed at startup if specified in the command line parameters.  Credentials are stored in the wallet on receipt either automatically (based on a command line param) or based on the actions of the controller using the Admin API.

swcurran (Tue, 22 Dec 2020 15:43:11 GMT):

Not quite sure what you mean -- perhaps multi-tenant wallets?  If so, that was actually merged yesterday (yay!!) into the Master branch.

As to the database, ACA-Py supports postgres and the database implementation is pluggable, so others can be added.

ianco (Tue, 22 Dec 2020 15:44:09 GMT):

It sounds like the DID you have registered on Sovrin doesn't have privileges to write a new NYM

swcurran (Tue, 22 Dec 2020 15:44:13 GMT):

We're having an ACA-Pug (User Group) meeting tomorrow at 11AM Pacific if you can join to talk to the team.

devexplore2020 (Tue, 22 Dec 2020 16:17:48 GMT):

Hi @swcurran thanks for the fast reply. I am trying to find some docs on the multi-tenant wallets and their benefits. https://github.com/ianco/aries-cloudagent-python/tree/agency-multitenant-shared
The marrying of biometric hashes and cloud wallets should comply with GDRP. Let us say , using cloud HSMs, separate private keys from the wallet storage to avoid hacking. Maybe askar as wallet storage would be also a good way to go , to avoid a database to be used, since dbs are also prone to security issues. Some other key:value storage is also great to have. I will for sure explore more.

devexplore2020 (Tue, 22 Dec 2020 16:20:25 GMT):

hi @ianco thanks replying. I have registered the DID using selfserve on sovrin and then used it as parameters with verkey to start the ACApy instance on builder net. Not sure if that DID can write other NYMs on the ledger, I see using the admin API that I have the endorser role.

devexplore2020 (Tue, 22 Dec 2020 16:23:29 GMT):

@swcurran thanks for the wallets reply. What would be a best practice , for an example that one organization (as ACApy agent instance) creates many wallets for other users (I see here an issue of compromising the admin api key and taking control of all wallets) , or should an acapy instance be spinned for every user interacting with the fronted system (which maybe sounds like an overkill) ?

ianco (Tue, 22 Dec 2020 16:32:34 GMT):

Multitenancy functionality was just merged into the aca-py master branch yesterday (documentation to follow soon!)

ianco (Tue, 22 Dec 2020 16:33:04 GMT):

You can get a preview by running the alice/faber demo with a `--multitenant` parameter

ianco (Tue, 22 Dec 2020 16:33:30 GMT):

(note this is still work in progress and some features are still in development)

devexplore2020 (Tue, 22 Dec 2020 16:50:28 GMT):

Thanks @ianco I will wait for the documentation. Great work by the way.

swcurran (Tue, 22 Dec 2020 19:17:07 GMT):

Join us for the ACA-Py User Group tomorrow, Wednesday at 11AM Pacific (19:00 UTC/20:00 CET) for the last meeting of the year.

Zoom link is: https://zoom.us/my/hyperledger.community?pwd=STZQd0xMZU9xRVVOVnpQM3JNQ2dqZz09
Link to meeting agenda page: https://wiki.hyperledger.org/display/ARIES/2020-12-13+Aries+Cloud+Agent+-+Python+Users+Group+Community+Meeting

Topic for the Meeting:

* Recent Merges – Mediator, Multi-Tenancy, DID Exchange, Shared Components
* ACA-Py Integration Testing
* ACA-Py Custodial Wallets Use Case

Everyone is welcome!

swcurran (Tue, 22 Dec 2020 21:53:51 GMT):

Hey folks -- BC Gov has launched a Code With Us (open source bounty) for adding W3C Standard VCs with ZKP and Selective Disclosure using BBS+ to ACA-Py.  Please share this with folks you know that might be interested in applying for this work.

https://digital.gov.bc.ca/marketplace/opportunities/code-with-us/3f9f0e86-b8bf-47ee-9f3d-5b272f9ec845

rpobulic (Wed, 23 Dec 2020 08:05:58 GMT):

Has joined the channel.

BrianRichter (Wed, 23 Dec 2020 22:10:44 GMT):

is there a chance the recent merges to master have broken the ledger functionality? Am now receiving "invalid signature" problems

BrianRichter (Wed, 23 Dec 2020 22:11:06 GMT):

^ on a create schema request

BrianRichter (Wed, 23 Dec 2020 22:11:52 GMT):

hmm seems as if admin api is still working so might be a false alarm here

RazaDen (Thu, 24 Dec 2020 09:23:26 GMT):

Hello everyone! Can we use ACA-Py as a message queue for mobile agents (that maintain their own edge wallets)? I am familiar with your ongoing work regarding persistent queues and the mediator protocol (saw the recent PR for that - awesome!). Basically, we are trying to figure out if we can combine the Xamarin mobile agent framework with ACA-Py for this functionality. Ideally we are wondering if we can use one instance of ACA-Py (one process) that multiple Xamarin mobile agents can use for this purpose.

TimoGlastra (Thu, 24 Dec 2020 16:50:35 GMT):

Hi @RazaDen, with the new mediation features merged in ACA-Py you'll be able to use a single ACA-Py instance to mediate multiple mobile agents. However AFAIK Aries Framework .NET and the Xamarin mobile agent don't support the mediator coordination protocol atm. So you'll either need to implement those in the .NET framework, or you'll need a way to setup the mediation between the two agents in another way. The .NET framework currently makes use of a public `.well-known` agent configuration that is hosted on the mediator agent and downloaded by the edge agent (https://github.com/hyperledger/aries-framework-dotnet/blob/a18bef91e5b9e4a1892818df7408e2383c642dfa/src/Hyperledger.Aries.Routing.Edge/EdgeClientService.cs#L97). This contains an invitation and the required parameters to indicate messages should be routed via that agent (https://github.com/hyperledger/aries-framework-dotnet/blob/074dd0c14ee1bf50613523c55c3c2031a9046a21/src/Hyperledger.Aries.Routing/AgentPublicConfiguration.cs). If you want to go this route you'd need to modify ACA-Py to support this behaviour. However this is not the "standard" way to configure mediation between agents, so I think it would make more sense to update Aries Framework .NET to support the mediator coordination protocol

RazaDen (Thu, 24 Dec 2020 17:57:55 GMT):

Hello Timo, thank you very much for your elaborate response. I believe that the best route is what you suggested, i.e., implementing the mediator protocol in the .NET framework. To this end, is it "safe" for us to use the mediator code in ACA-Py as a reference point? Basically what I am asking is whether it's better for us to use the Mediator RFC (will this be changed in the immediate future?), or the code already in ACA-Py. Since you are more experienced than us, what do you think it would be best for us to use as a starting point?

RazaDen (Thu, 24 Dec 2020 17:57:55 GMT):

Hello @TimoGlastra , thank you very much for your elaborate response. I believe that the best route is what you suggested, i.e., implementing the mediator protocol in the .NET framework. To this end, is it "safe" for us to use the mediator code in ACA-Py as a reference point? Basically what I am asking is whether it's better for us to use the Mediator RFC (will this be changed in the immediate future?), or the code already in ACA-Py. Since you are more experienced than us, what do you think it would be best for us to use as a starting point?

devexplore2020 (Thu, 24 Dec 2020 20:00:30 GMT):

Hi everyone. There was a question how to start the aca-py start - - admin with https. Default is http. So let us say we create local ssl certificates for the Ubuntu server, what parameters/settings we need to pass over to ACApy to have the Swagger working only in https secure mode? 

esune (Thu, 24 Dec 2020 20:13:43 GMT):

I am not sure aca-py supports https natively, what can however be done to support `https` (we - BCGov team - do it in our k8s deployments) is to have a reverse proxy that uses SSL and routes requests (internally) to the agent so that you effectively have an HTTPs transport from the outside to the edge of your network, and then internally the transport becomes HTTP.

esune (Thu, 24 Dec 2020 20:13:43 GMT):

I am not sure aca-py has https support built-in, what can however be done to support `https` (we - BCGov team - do it in our k8s deployments) is to have a reverse proxy that uses SSL and routes requests (internally) to the agent so that you effectively have an HTTPs transport from the outside to the edge of your network, and then internally the transport becomes HTTP.

esune (Thu, 24 Dec 2020 20:13:43 GMT):

I am not sure aca-py has `https` support built-in, what can however be done (we - BCGov team - do this in our k8s deployments) is to put a reverse proxy using SSL in front of it and route requests (internally) to the agent so that you effectively have an HTTPs transport from the outside to the edge of your network, and then internally the transport becomes HTTP.

devexplore2020 (Fri, 25 Dec 2020 06:05:47 GMT):

Thanks for the fast reply. I think to activate https in swagger api by default and avoid unnecessary proxy ssl services would be a great benefit for the ACApy out of the box

devexplore2020 (Fri, 25 Dec 2020 06:11:07 GMT):

I have found some guidance here: https://app.swaggerhub.com/help/enterprise/config/ssl/certificate 

kaijuneer (Sun, 27 Dec 2020 18:07:42 GMT):

Hi everyone! I ran into some problem when trying to start the agent. So basically I am running a local ledger using VON network (https://github.com/bcgov/von-network/) and the ledger is running on localhost:9000. Then I try to start an aries agent using the command `scripts/run_docker provision --genesis-url http://localhost:9000/genesis`. However, I receive an error saying "ries_cloudagent.config.error.ArgsParseError: -e/--endpoint is required". I am wondering what value should I pass to the endpoint argument?

AryamaI (Mon, 28 Dec 2020 05:35:51 GMT):

Hello Everyone, Can somebody help me understand, in AliceFaberAcme demo when running using Docker, why is the Host Ip(172.17.0.1) being used as Endpoint instead of container's localhost. I want to achieve a scenario where I can spin up multiple Alice containers on the same machine, but don't want to expose the servuce on localhost and have the communication between Alice Faber and Acme based on container Ports. Can this be achieved using the current AliceFaberAcme Example?

AryamaI (Mon, 28 Dec 2020 05:35:51 GMT):

Hello Everyone, Can somebody help me understand, in AliceFaberAcme demo when running using Docker, why is the Host Ip(172.17.0.1) being used as Endpoint instead of container's localhost. I want to achieve a scenario where I can spin up multiple Alice containers on the same machine, but don't want to expose the service on localhost and have the communication between Alice Faber and Acme based on container Ports. Can this be achieved using the current AliceFaberAcme Example?

AryamaI (Mon, 28 Dec 2020 05:35:51 GMT):

Hello Everyone, Can somebody help me understand, in AliceFaberAcme demo when running using Docker, why is the Host Ip(172.17.0.1) being used as Endpoint instead of container's localhost. I want to achieve a scenario where I can spin up multiple Alice containers on the same machine, but don't want to expose the service on localhost and have the communication between Alice, Faber, and Acme based on container Ports. Can this be achieved using the current AliceFaberAcme Example?

AryamaI (Mon, 28 Dec 2020 05:35:51 GMT):

Hello Everyone, Can somebody help me understand, in AliceFaberAcme demo when running using Docker, why is the Host Ip(172.17.0.1) being used as Endpoint instead of container's localhost because the container port is already mapped to localhost port, then why are we specifying DOCKERHOST=172.17.0.1. I want to achieve a scenario where I can spin up multiple Alice containers on the same machine, but don't want to expose the service on localhost and have the communication between Alice, Faber, and Acme based on container Ports. Can this be achieved using the current AliceFaberAcme Example?

AryamaI (Mon, 28 Dec 2020 05:35:51 GMT):

Hello Everyone, Can somebody help me understand, in AliceFaberAcme demo when running using Docker, why is the Host Ip(172.17.0.1) being used as Endpoint instead of container's localhost because the container port is already mapped to localhost port, then why are we specifying DOCKERHOST=172.17.0.1.

AryamaI (Mon, 28 Dec 2020 05:35:51 GMT):

Hello Everyone, Can somebody help me understand, in AliceFaberAcme demo when running using Docker, why is the Host Ip(172.17.0.1) being used as Endpoint instead of container's localhost because the container port is already mapped to localhost port, then why are we specifying DOCKERHOST=172.17.0.1?

AryamaI (Mon, 28 Dec 2020 07:07:56 GMT):

@andrew.whitehead @swcurran  can you help me understand this here

andrew.whitehead (Mon, 28 Dec 2020 07:09:56 GMT):

Because localhost can’t be resolved between docker containers, it needs the explicit IP address in that case

AryamaI (Mon, 28 Dec 2020 07:30:46 GMT):

@andrew.whitehead, then please help me understand this, I am taking this setup to Kubernetes. I create two pods with faber and alice agent in each. Now, when I try to do a create invitation from faber, and give the invitation object to Alice agent, , I am specifying the pod/service ip of faber. Both pods can be deployed on different machines. But as per aca-py code it always reads DOCKERHOST=172.17.0.1. So, the Alice Agent is always trying to connect with the Faber on its VM Machine, how can I overcome this issue then,?

AryamaI (Mon, 28 Dec 2020 07:30:46 GMT):

@andrew.whitehead, then please help me understand this, I am taking this setup to Kubernetes. I create two pods with faber and alice agent in each. Now, when I try to do a create invitation from faber, and give the invitation object to Alice agent, I am specifying the pod/service ip of faber in the servicendpoint. Both pods can be deployed on different machines. But as per aca-py code it always reads DOCKERHOST=172.17.0.1. So, the Alice Agent is always trying to connect with the Faber on its VM Machine rather than the endpoint specified in invitationobject, how can I overcome this issue then?

AkashSingh26 (Mon, 28 Dec 2020 07:34:25 GMT):

Has joined the channel.

andrew.whitehead (Mon, 28 Dec 2020 07:48:06 GMT):

These are demo agents, they were never designed for that kind of environment. There are additional examples of agent controllers using different languages here: https://github.com/hyperledger/aries-acapy-controllers/tree/master/AliceFaberAcmeDemo/controllers

AryamaI (Mon, 28 Dec 2020 08:13:22 GMT):

Ohk, I see. Thank you. So, the current setup cant be used for pod to pod communication. Is there anything with regards to aries agents which was developed for such environment then  @andrew.whitehead

AryamaI (Mon, 28 Dec 2020 08:13:22 GMT):

Ohk, I see. Thank you @andrew.whitehead

swcurran (Mon, 28 Dec 2020 16:10:48 GMT):

We also have a lot of configurations for using ACA-Py and controllers in an OpenShift environment -- Red Hat's Kubernetes distribution.

AryamaI (Mon, 28 Dec 2020 18:11:35 GMT):

Thank you @swcurran .

dbluhm (Mon, 28 Dec 2020 19:49:27 GMT):

As a heads up, just marked [pull 883](https://github.com/hyperledger/aries-cloudagent-python/pull/883) as ready for review. This brings everything added for mediation so far together to make it fully usable from a controller now through the admin API. We've got a few more things planned (OOB/DID Exchange mediation support, general docs, etc.) but this marks the completion of usable mediation support :slight_smile:

newdev42 (Tue, 29 Dec 2020 02:55:26 GMT):

Has joined the channel.

proteche (Tue, 29 Dec 2020 12:01:54 GMT):

any suggestions on, how to keep agent storage and ledger in sync

sukalpomitra (Tue, 29 Dec 2020 15:19:06 GMT):

I have not been so much engaged in these projects for a long time. But I had built a similar kind of feature, single ACA-Py and multiple Xamarin mobile agents long time back when I was researching about SSI. here is a video on how I did it - https://www.youtube.com/watch?v=ZkPG_iKsDh4 and this is the approach I used - https://github.com/hyperledger/aries-rfcs/tree/master/concepts/0346-didcomm-between-two-mobile-agents

sukalpomitra (Tue, 29 Dec 2020 15:19:06 GMT):

I have not been so much engaged in these projects for a long time. But I had built a similar kind of feature, single ACA-Py and multiple Xamarin mobile agents long time back when I was researching about SSI. here is a video on how 2 mobile agents communicate through ACA-py - https://www.youtube.com/watch?v=ZkPG_iKsDh4 and this is the approach I used - https://github.com/hyperledger/aries-rfcs/tree/master/concepts/0346-didcomm-between-two-mobile-agents

devexplore2020 (Tue, 29 Dec 2020 21:00:06 GMT):

Hi everyone. I have connected two acapy instances (latest git pull) and I have made a simple test schema on sovrin buildernet. I am getting an error when issuing a credential: aries_cloudagent.protocols.issue_credential.v1_0.manager.CredentialManagerError: Preview attributes {'Last', 'Status', 'First'} mismatch corresponding schema attributes {'First, Last, Status'}
The attributes are also simply defined in the swagger:

devexplore2020 (Tue, 29 Dec 2020 21:00:06 GMT):

Hi everyone. I have connected two acapy instances (latest git pull) and I have made a simple test schema on sovrin buildernet. I am getting an error when issuing a credential: aries_cloudagent.protocols.issue_credential.v1_0.manager.CredentialManagerError: Preview attributes {'Last', 'Status', 'First'} mismatch corresponding schema attributes {'First, Last, Status'}
The attributes are also simply defined in the swagger:                                                             "credential_proposal": {
    "@type": "did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/issue-credential/1.0/credential-preview",
    "attributes": [
      {"name": "First", "value": "Tom"},
	  {"name": "Last", "value": "Tomas"},
	  {"name": "Status", "value": "Test"}
    ]

devexplore2020 (Tue, 29 Dec 2020 21:00:06 GMT):

Hi everyone. I have connected two acapy instances (latest git pull) and I have made a simple test schema on sovrin buildernet. I am getting an error when issuing a credential: aries_cloudagent.protocols.issue_credential.v1_0.manager.CredentialManagerError: Preview attributes {'Last', 'Status', 'First'} mismatch corresponding schema attributes {'First, Last, Status'}
The attributes are also simply defined in the swagger:                                                             "credential_proposal": {
    "@type": "did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/issue-credential/1.0/credential-preview",
    "attributes": [
      {"name": "First", "value": "Tom"},
	  {"name": "Last", "value": "Tomas"},
	  {"name": "Status", "value": "Test"}
    ]                                                                                                                                                                         
 Am I missing something here ?

TimoGlastra (Wed, 30 Dec 2020 09:40:57 GMT):

I think you can use both as a reference. Generally the implementations should follow the RFCs, and if that's not the case one of them should probably be changed. When implementing I usually take the RFC as leading, and look at the different implementations to see how they translate the spec to code

esune (Fri, 01 Jan 2021 21:53:14 GMT):

It looks like you may have published your schema with only one attribute named `First, Last, Status` (see quotes in the error message).

devexplore2020 (Sat, 02 Jan 2021 12:39:31 GMT):

Thanks a lot @esune I also saw this yesterday, totally overlooked it, probably I parsed the JSON to the aca-py API not the right way. Thanks a lot.

YukiB (Sat, 02 Jan 2021 18:47:24 GMT):

Hello all,

YukiB (Sat, 02 Jan 2021 18:48:55 GMT):

In vc-authn.  I have am trying to connect an existing app that used auth0 for authentication

YukiB (Sat, 02 Jan 2021 18:49:44 GMT):

However, my calls to authentication endpoint always results in the following error:

YukiB (Sat, 02 Jan 2021 18:49:50 GMT):

`"System.InvalidOperationException: sub claim is missing`

YukiB (Sat, 02 Jan 2021 18:51:51 GMT):

I found a similar error by a user on [stackoverflow](https://stackoverflow.com/questions/46884549/identityserver4-sub-claim-is-missing)

YukiB (Sat, 02 Jan 2021 18:54:20 GMT):

One of the suggested resolution there is to add `services.AddIdentityServer()` to the Startup.cs code

YukiB (Sat, 02 Jan 2021 18:55:15 GMT):

I am reluctant to add anything yet because my assumption is that `vc-authn-oidc` is preconfigured to work out of the box

YukiB (Sat, 02 Jan 2021 18:56:04 GMT):

If anyone have any insight / suggestion that can help me resolve this issue, I will appreciate it

swcurran (Sat, 02 Jan 2021 19:27:21 GMT):

@esune is the right person to ask, but he will probably not be online before Monday in Canada.  I would agree that it is probably not needed, but not sure.

YukiB (Sat, 02 Jan 2021 20:11:57 GMT):

@swcurran I will wait for him

YukiB (Sat, 02 Jan 2021 22:39:13 GMT):

@swcurran , @esune As it turns out the error was being generated due to a peculiar configuration that I will explain briefly

YukiB (Sat, 02 Jan 2021 22:43:20 GMT):

When using an oidc client, like `oidc-client-js` for example there is typically an auto discovery feature that retrieves useful information from the `.well-known/openid-configuration` endpoint

YukiB (Sat, 02 Jan 2021 22:45:45 GMT):

The problem is that the endpoints returned are incorrect

YukiB (Sat, 02 Jan 2021 22:47:50 GMT):

eg, authorize_endpoint: "https://xxxx.ngrok.io/`connect`/authorize"

YukiB (Sat, 02 Jan 2021 22:48:44 GMT):

corrected authorize_endpoint: "https://xxxx.ngrok.io/`vc`/connect/authorize"

YukiB (Sat, 02 Jan 2021 22:48:44 GMT):

corrected authorize_endpoint: "https://xxxx.ngrok.io/`vc/connect`/authorize"

YukiB (Sat, 02 Jan 2021 22:50:03 GMT):

Why this will throw a `sub claim is missing` error is something I don't know

vosrey (Sun, 03 Jan 2021 03:16:27 GMT):

Has joined the channel.

GuilhermeFunchal (Mon, 04 Jan 2021 13:12:01 GMT):

Hello

GuilhermeFunchal (Mon, 04 Jan 2021 13:12:53 GMT):

Error whem Im try to start demo version with --multitenant

GuilhermeFunchal (Mon, 04 Jan 2021 13:12:53 GMT):

Error whem Im try to start demo version with --multitenant after the response invite of Alice : 
waiting for connection...
Base.Agent | 2021-01-04 12:55:38,329 aries_cloudagent.transport.outbound.manager ERROR >>> Error when posting to: http://ad0d4278d48e.ngrok.io; Error: (, OutboundTransportError('Unexpected response status 404, caused by: Not Found',), ); Re-queue failed message ...
Base.Agent | 2021-01-04 12:55:48,742 aries_cloudagent.transport.outbound.manager ERROR >>> Error when posting to: http://ad0d4278d48e.ngrok.io; Error: (, OutboundTransportError('Unexpected response status 404, caused by: Not Found',), ); Re-queue failed message ...
Base.Agent | 2021-01-04 12:55:59,115 aries_cloudagent.transport.outbound.manager ERROR >>> Error when posting to: http://ad0d4278d48e.ngrok.io; Error: (, OutboundTransportError('Unexpected response status 404, caused by: Not Found',), ); Re-queue failed message ...
Base.Agent | 2021-01-04 12:56:09,482 aries_cloudagent.transport.outbound.manager ERROR >>> Error when posting to: http://ad0d4278d48e.ngrok.io; Error: (, OutboundTransportError('Unexpected response status 404, caused by: Not Found',), ); Re-queue failed message ...
Base.Agent | 2021-01-04 12:56:20,108 aries_cloudagent.transport.outbound.manager ERROR >>> Outbound message failed to deliver, NOT Re-queued.
Base.Agent | Traceback (most recent call last):
Base.Agent |   File "/home/indy/aries_cloudagent/transport/outbound/http.py", line 72, in handle_message
Base.Agent |     f"Unexpected response status {response.status}, "
Base.Agent | aries_cloudagent.transport.outbound.base.OutboundTransportError: Unexpected response status 404, caused by: Not Found
Base.Agent | 2021-01-04 12:56:20,109 aries_cloudagent.transport.outbound.manager ERROR Outbound message could not be delivered to http://ad0d4278d48e.ngrok.io
Base.Agent | Traceback (most recent call last):
Base.Agent |   File "/home/indy/aries_cloudagent/transport/outbound/http.py", line 72, in handle_message
Base.Agent |     f"Unexpected response status {response.status}, "
Base.Agent | aries_cloudagent.transport.outbound.base.OutboundTransportError: Unexpected response status 404, caused by: Not Found

esune (Mon, 04 Jan 2021 17:51:14 GMT):

Hi there and sorry for the delay in responding, I am glad you were able to figure this out. The endpoints used by the VC IdP are slightly different than the ones used by the underlying IdentityServer4 framework, this was something that I believe was deliberate in the initial implementation as the functionality builds on top of IdentityServer4 rather than replacing it, but I agree this can be misleading. 

esune (Mon, 04 Jan 2021 17:52:12 GMT):

I think I have an item in the backlog (that I have not gotten to) to get and validate whether this can be tweaked - I will double check that it is logged, or that it was maybe closed with more details.

YukiB (Mon, 04 Jan 2021 18:49:26 GMT):

Thanks for your response @esune

YukiB (Mon, 04 Jan 2021 18:49:56 GMT):

Please also consider adding this slight discrepancy to the configuration guide

YukiB (Mon, 04 Jan 2021 18:50:30 GMT):

In my experience, most people will use the auto discovery feature to get their endpoints

esune (Mon, 04 Jan 2021 18:52:20 GMT):

Agreed. I'll try and figure out a way of making it more evident/explicit, so far the use-cases were mostly Keycloak related so I figured following those instructions and adapting them would work, but explicitly pointing out the endpoints seems like it could be a good idea based on your feedback - thanks!

YukiB (Mon, 04 Jan 2021 18:52:58 GMT):

No thank you for the work you do

swcurran (Tue, 05 Jan 2021 00:57:21 GMT):

Hey folks -- a reminder that applications for this open source bounty close this Friday.

BC Gov has launched a Code With Us (open source bounty) for adding W3C Standard VCs with ZKP and Selective Disclosure using BBS+ to ACA-Py for $60k CDN. Please apply if you are interested and share this with folks you know that might be interested in applying for this work.

https://digital.gov.bc.ca/marketplace/opportunities/code-with-us/3f9f0e86-b8bf-47ee-9f3d-5b272f9ec845

Shweta1 (Tue, 05 Jan 2021 06:57:38 GMT):

Has joined the channel.

GuilhermeFunchal (Tue, 05 Jan 2021 12:34:21 GMT):

Hello, Is anyone already using the multitenant version? I'm trying to know the version to develop a frontend in Vue.js. 
I'm trying to use swagger to test the multitenant version, but everything returns "401: Unauthorized"


does anyone know how to test on Swagger ?

TimoGlastra (Tue, 05 Jan 2021 12:50:15 GMT):

Hi @GuilhermeFunchal, when multitenant is enabled, most operations are restricted for the base wallet. This is a design decision we made along the way, to keep a more clear hierarchical separation between base and subwallets. You can create new wallets from the admin api (and swagger) in the `multitenancy` topic. This will return a `token` that you can use in an auhtorization header to authorize for that subwallet (`Authorization: Bearer {token}`). You can set this in the swagger ui using the `Authorize` button

TimoGlastra (Tue, 05 Jan 2021 12:50:55 GMT):



Clipboard - January 5, 2021 1:50 PM

TimoGlastra (Tue, 05 Jan 2021 12:51:11 GMT):



Clipboard - January 5, 2021 1:51 PM

Shweta1 (Tue, 05 Jan 2021 12:54:48 GMT):

Hi Team,I am trying to create mediator aries cloudagent.I have taken latest code of aca-py and i can see mediatator api.but how will i get mediatator Id.Kindly help.I can't see any docs.

GuilhermeFunchal (Tue, 05 Jan 2021 12:57:58 GMT):

I can't see this button

GuilhermeFunchal (Tue, 05 Jan 2021 12:58:53 GMT):



swagger.png

GuilhermeFunchal (Tue, 05 Jan 2021 12:59:33 GMT):

What do I need to do to make him appear?

GuilhermeFunchal (Tue, 05 Jan 2021 13:06:03 GMT):



swagger2.png

GuilhermeFunchal (Tue, 05 Jan 2021 13:06:51 GMT):

Are you using version 0.6?

TimoGlastra (Tue, 05 Jan 2021 13:07:36 GMT):

are you using both `--admin-api-key` and `--multitenant`? I see it has some complications when both  are used (it seems like swagger doesn't support multiple). But you should at least see the button

GuilhermeFunchal (Tue, 05 Jan 2021 13:08:25 GMT):

I'm just use --multitenant

GuilhermeFunchal (Tue, 05 Jan 2021 13:08:44 GMT):

I'm start the demo version

TimoGlastra (Tue, 05 Jan 2021 13:09:08 GMT):

Are you running the alice/faber demo?

TimoGlastra (Tue, 05 Jan 2021 13:09:24 GMT):

can you post your exact startup params for the setup?

GuilhermeFunchal (Tue, 05 Jan 2021 13:10:21 GMT):

./run_demo faber --multitenant
./run_demo alice --multitenant

GuilhermeFunchal (Tue, 05 Jan 2021 13:11:11 GMT):

I'm using version 0.5.6 branch multitenant

GuilhermeFunchal (Tue, 05 Jan 2021 13:11:38 GMT):

is this right?

TimoGlastra (Tue, 05 Jan 2021 13:12:17 GMT):

No I don't think that is right. Multitenancy was just merged into master. So latest master should work

TimoGlastra (Tue, 05 Jan 2021 13:12:26 GMT):

That is what I'm using

GuilhermeFunchal (Tue, 05 Jan 2021 13:13:01 GMT):

OK I will try

GuilhermeFunchal (Tue, 05 Jan 2021 13:17:05 GMT):

Its works!

GuilhermeFunchal (Tue, 05 Jan 2021 13:17:45 GMT):

Where I can get Bearer {token} ?

TimoGlastra (Tue, 05 Jan 2021 13:18:22 GMT):

From the response of creating a wallet. `POST /multitenancy/wallet` and then use the `token` from the response

TimoGlastra (Tue, 05 Jan 2021 13:18:45 GMT):



Clipboard - January 5, 2021 2:18 PM

GuilhermeFunchal (Tue, 05 Jan 2021 13:22:36 GMT):

Faber      | Headers: {'Authorization': 'Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ3YWxsZXRfaWQiOiJjYTZiOWM1Mi02Njc1LTQ5MTctOTcxMi1iN2YwZjE4Zjg5MWEifQ.wS9fuMVHwiPpsXsgKjU14Sv3_S-i-JSuaARlkCxz_TI'}
Bearer is correct ?

TimoGlastra (Tue, 05 Jan 2021 13:22:59 GMT):

Yes

GuilhermeFunchal (Tue, 05 Jan 2021 13:26:04 GMT):

Is there a function that I can execute with minimum parameters to make sure it is working?

TimoGlastra (Tue, 05 Jan 2021 13:26:44 GMT):

I'm not 100% sure what you mean. What do you want to make sure is working?

GuilhermeFunchal (Tue, 05 Jan 2021 13:30:30 GMT):

sorry...I'm from Brazil...When I can try to create a wallet inside Swagger

GuilhermeFunchal (Tue, 05 Jan 2021 13:30:30 GMT):

sorry...I'm from Brazil...When I try to create a wallet inside Swagger

GuilhermeFunchal (Tue, 05 Jan 2021 13:30:40 GMT):



swagger3.png

GuilhermeFunchal (Tue, 05 Jan 2021 13:34:28 GMT):



swagger4.png

TimoGlastra (Tue, 05 Jan 2021 13:46:27 GMT):

Ah I see the problem. I'm sorry, I should have made it more clear (and write some documentation on this!). The base wallet (not using an `Authorization` header) can create and manage wallets (everything in the `/multitenancy` endpoint group). Subwallets can do all other actions. So you should call `POST /multitenancy/wallet` WITHOUT the `Authorization` header, and call all other endpoint groups WITH the Authorization header

TimoGlastra (Tue, 05 Jan 2021 13:46:31 GMT):

Does this make sense?

TimoGlastra (Tue, 05 Jan 2021 13:48:08 GMT):

So base wallet creates new subwallet 'MyWallet' by calling `/multitenancy/wallet`. Response to that call returns `token` that can be included in `Authorization` header. All calls made with that `Authorization` header are made within the context of that new wallet `MyWallet`

GuilhermeFunchal (Tue, 05 Jan 2021 13:49:50 GMT):

Whem I'm try to send message from alice to faber in swagger :

GuilhermeFunchal (Tue, 05 Jan 2021 13:50:00 GMT):



swagger5.png

TimoGlastra (Tue, 05 Jan 2021 13:50:40 GMT):

You're missing the `Bearer ` prefix. It should be `Authorization: Bearer {token}`

GuilhermeFunchal (Tue, 05 Jan 2021 13:51:29 GMT):

I'm using the swagger interface suggestion

TimoGlastra (Tue, 05 Jan 2021 13:52:16 GMT):

Swagger doesn't allow you to prepend the `Bearer ` part. So you should manually input `Bearer {token}`

TimoGlastra (Tue, 05 Jan 2021 13:52:25 GMT):

and replace `{token}` with your token

GuilhermeFunchal (Tue, 05 Jan 2021 13:54:41 GMT):

I will need to do this directly at the terminal

GuilhermeFunchal (Tue, 05 Jan 2021 13:57:11 GMT):

curl -X POST "http://172.17.0.1:8021/connections/ba316123-9d6d-4939-9107-fa508b5d6b9a/send-message" -H "accept: application/json" -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ3YWxsZXRfaWQiOiI2MDEwNjJjMC03YTAyLTQyMDQtODc4Yi00YjM1YzkyY2JkOTEifQ.ePmtrBprzg6lhgBFMia7pswFKNz-XHRUez2cNBneImE" -H "Content-Type: application/json" -d "{ \"content\": \"Hello\"}"

401: Unauthorized

TimoGlastra (Tue, 05 Jan 2021 14:01:24 GMT):

Works on my side

TimoGlastra (Tue, 05 Jan 2021 14:03:21 GMT):

1. `./run_demo faber --multitenant`
2. `./run_demo alice --multitenant`
3. copy invitation from to alice and connect
4. send message (option 3) through demo. 
5. extract token and connection id from the logs and replace them in the curl post from you above

TimoGlastra (Tue, 05 Jan 2021 14:03:21 GMT):

1. `./run_demo faber --multitenant`
2. `./run_demo alice --multitenant`
3. copy invitation from faber to alice and connect
4. send message (option 3) through demo. 
5. extract token and connection id from the logs and replace them in the curl post from you above

GuilhermeFunchal (Tue, 05 Jan 2021 14:07:11 GMT):



Captura de tela de 2021-01-05 11-06-50.png

GuilhermeFunchal (Tue, 05 Jan 2021 14:08:18 GMT):

curl -X POST "http://172.17.0.1:8021/connections/ba316123-9d6d-4939-9107-fa508b5d6b9a/send-message" -H "accept: application/json" -H "Authorization: Bearer eyJ0eXAiOiBearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ3YWxsZXRfaWQiOiI0ZjQ4NzRiMS1hY2IxLTRhODUtODE1Ny03YjBiNDgzNzJiZTAifQ.eCQcaIwaJYoAcG-xJ901U5DSJDyvJJiRoRF8FTVTBF8" -H "Content-Type: application/json" -d "{ \"content\": \"Hello\"}"

401: Unauthorized

GuilhermeFunchal (Tue, 05 Jan 2021 14:09:58 GMT):

curl -X POST "http://172.17.0.1:8021/connections/ba316123-9d6d-4939-9107-fa508b5d6b9a/send-message" -H "accept: application/json" -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ3YWxsZXRfaWQiOiI0ZjQ4NzRiMS1hY2IxLTRhODUtODE1Ny03YjBiNDgzNzJiZTAifQ.eCQcaIwaJYoAcG-xJ901U5DSJDyvJJiRoRF8FTVTBF8" -H "Content-Type: application/json" -d "{ \"content\": \"Hello\"}"
401: Unauthorize

TimoGlastra (Tue, 05 Jan 2021 14:12:10 GMT):

You're using the connection id and token from the alice agent on the faber api endpoint I believe

TimoGlastra (Tue, 05 Jan 2021 14:12:33 GMT):

So instead of `172.17.0.1:8021` could you try `172.17.0.1:8031`?

GuilhermeFunchal (Tue, 05 Jan 2021 14:16:33 GMT):

Its works 

curl -X POST "http://172.17.0.1:8031/connections/d199d2d6-c164-46a1-b7bb-6062a2371573/send-message" -H "accept: application/json" -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ3YWxsZXRfaWQiOiI0ZjQ4NzRiMS1hY2IxLTRhODUtODE1Ny03YjBiNDgzNzJiZTAifQ.eCQcaIwaJYoAcG-xJ901U5DSJDyvJJiRoRF8FTVTBF8" -H "Content-Type: application/json" -d "{ \"content\": \"Hello2\"}

GuilhermeFunchal (Tue, 05 Jan 2021 14:17:05 GMT):

Thank you very much for all your help

GuilhermeFunchal (Tue, 05 Jan 2021 14:17:54 GMT):

Now I will be able to test and implement the client in Vue.js

TimoGlastra (Tue, 05 Jan 2021 14:34:31 GMT):

No problem! Glad it is working now :)

daidoji (Tue, 05 Jan 2021 14:57:10 GMT):

@danielhardman its a new year and hopefully your holidays were well :), would love to help implement this if it (chained credentials) still doesn't exist but would need some hand holding to walk me through the process. :)

dbluhm (Tue, 05 Jan 2021 15:57:06 GMT):

The general flow for mediation is as follows:
1. Connect to your mediator agent
2. Send a mediation request to the mediator agent (this step will create the mediation id)
3. Mediator sends a grant message (done automatically if using the `--open-mediation` flag, otherwise it must be granted through the Admin API; listing requests on the Mediator side will show a mediation request in `requested` state until granted)
4. Send keys to your mediator to be mediated. When the mediator receives a forward message with one of these keys in the `to` field, it will forward the message on to your agent. This is done automatically during the connection protocol if you create an invitation with a mediation id or if you receive/accept an invitation with a mediation id. Support for DID Exchange and OOB is still pending so you'll have to use the connection protocol for now.

GuilhermeFunchal (Tue, 05 Jan 2021 19:04:28 GMT):

I have another question, How many aca-py do I need to run? One for each user?

Shweta1 (Wed, 06 Jan 2021 12:47:32 GMT):

Thanks dbluhm!! In my use case,100 mobile agents and 1 organisation agent.i have created 1 mediator agent.I want to design this mediator in between end user mobile agent and organization agent.for this i am doing following.

Shweta1 (Wed, 06 Jan 2021 12:55:15 GMT):

Thanks dbluhm!! In my use case,I have 100  agents and 1 organisation agent.i have created 1 mediator user agent.I want to design this mediator in between  user agent and organization agent.for this i am using aca-py.
1. Created connection between organisation and mediator user agent.
2. Organisation user create mediator_id with using step 1 connection id.
3. mediator user agent grant mediator request from organisation.
4. Create connection between organisation and end user agent using above mediator id.

But step 4 is not working.Connection id is not created for organisation.Pls let me correct.

Let me correct,if organzation sending credential to end user agent throgh mediator,the credential is secured from mediator.

Shweta1 (Wed, 06 Jan 2021 12:55:15 GMT):

Thanks dbluhm!! In my use case,I have 100  agents and 1 organisation agent.i have created 1 mediator user agent.I want to design this mediator in between  user agent and organization agent.for this i am using aca-py.
1. Created connection between organisation and mediator user agent.
2. Organisation user create mediator_id with using step 1 connection id.
3. mediator user agent grant mediator request from organisation.
4. Create connection between organisation and end user agent using above mediator id.

But step 4 is not working.Connection id is not created for organisation.Pls let me correct.

if organzation sending credential to end user agent throgh mediator,the credential is secured from mediator.

Shweta1 (Wed, 06 Jan 2021 12:55:15 GMT):

Thanks dbluhm!!I think I am doing wrong.Trying to make connection in between mediator agent and end user agent which is wrong. I am little bit confused.I am explaining my use case below and let me correct if anything wrong.

I have one Organisation agent,a  Mediator  and  100 end users.All are aries cloudagent.
1. Organisation agent is like faber and Mediator is alice.Created connection between them.
2. Using above connection id,mediator id is created by Organisation agent.
3. Mediator agent grant above mediator request.

Now Organisation agent wants to send credential using this mediator to end user.How I execute this step.
Because there must be some connection between mediator and end user.

etschelp (Wed, 06 Jan 2021 14:20:40 GMT):

Hey, I’m currently looking at the multi tenancy features in the main branch, and I have an observation and a couple of questions concerning this.

First it is not possible any more to receive an invitation by did only. E.g. with version 0.5.6 this is possible:

/connections/receive-invitation

`{"did": "JTWwhv1L3ZBtX8WWBPJMRy"}`

If I do this on the main branch I see the following in the logs:

`  File "/home/indy/aries_cloudagent/protocols/connections/v1_0/routes.py", line 519, in connections_receive_invitation
    invitation, auto_accept=auto_accept, alias=alias, mediation_id=mediation_id
  File "/home/indy/aries_cloudagent/protocols/connections/v1_0/manager.py", line 303, in receive_invitation
    invitation_key=invitation.recipient_keys[0],
TypeError: 'NoneType' object is not subscriptable`

My guess is that a fully initialized invitation object is needed, because if I do a create/receive invitation it works.

My questions:

1.	Can the webhooks (--webhook-url) identify the sub wallet, or are webhooks in combination with a multi-tenant agent a bad idea? 
2.	How does the base agent route the messages to the sub wallets? Does this happen via the keys? Because if I manually register a public did and a endpoint for a sub wallet I’m having difficulty creating a connection. If I do the create/receive invite combo mentioned above it works like a charm.

swcurran (Wed, 06 Jan 2021 14:26:58 GMT):

Demo: From essif-lab, an Aries playground using our own ledger without the toolbox for prototype purpose
Discussion: When is ACA-Py 0.6.0 "Done"
ACA-Py Roadmap

swcurran (Wed, 06 Jan 2021 14:26:58 GMT):

Join us for the ACA-Py User Group today, Wednesday at 11AM Pacific (19:00 UTC/20:00 CET) for the first meeting of the new and much better year.

Zoom link is: https://zoom.us/my/hyperledger.community?pwd=STZQd0xMZU9xRVVOVnpQM3JNQ2dqZz09
Link to meeting agenda page: https://wiki.hyperledger.org/display/ARIES/2021-01-06+Aries+Cloud+Agent+-+Python+Users+Group+Community+Meeting

Topic for the Meeting:

* Demo: From essif-lab, an Aries playground using our own ledger without the toolbox for prototype purpose
* Discussion: When is ACA-Py 0.6.0 "Done"
* ACA-Py Roadmap

Everyone is welcome!

TimoGlastra (Wed, 06 Jan 2021 14:28:40 GMT):

Hey @etschelp, seems like your first issue is not related to multitenancy but a regression introduced with the new mediator changes. It seems like this commit removed a check: https://github.com/hyperledger/aries-cloudagent-python/commit/4dee240281ba6eb3d297ce51ba1ac8acb1fe984d#diff-c13236a8e9a1165f73ea9bf45c26e5c2151f285a40df27defd916aeb08cb08b2L278-R277. @dbluhm seems like you made the change, is there a specific you made this change?

TimoGlastra (Wed, 06 Jan 2021 14:28:40 GMT):

Hey @etschelp, seems like your first issue is not related to multitenancy but a regression introduced with the new mediator changes. It seems like this commit removed a check: https://github.com/hyperledger/aries-cloudagent-python/commit/4dee240281ba6eb3d297ce51ba1ac8acb1fe984d#diff-c13236a8e9a1165f73ea9bf45c26e5c2151f285a40df27defd916aeb08cb08b2L278-R277. @dbluhm seems like you made the change, is there a specific reason you made this change?

TimoGlastra (Wed, 06 Jan 2021 14:35:17 GMT):

To answer your other questions:
1. subwallets are currently identified by adding a `x-wallet-id` header to each webhook request sent by ACA-Py. We're currently working on a way to set the webhook urls to be used per wallet: https://github.com/hyperledger/aries-cloudagent-python/pull/884
2. The base wallet acts as a relay and indeed routes the messages based on the keys. We're currently working on integration with the mediator functionalities. It's interesting you bring this up, because I ran into your use case yesterday and wasn't exactly sure how to handle all cases. Currently whenever a local/public did is created for connections, or an already existing did is used for creating an invitation it will be registered to route the key. However when you manually create a did and then use that as an implicit invitation ACA-Py won't know which wallet to route the message to. So maybe we should change that behaviour to be that all keys that are created for subwallets are registered to be routed to the specific subwallet.

TimoGlastra (Wed, 06 Jan 2021 14:40:05 GMT):

I think routing all keys for public dids to subwallets, even if there is no invitation associated with the did will solve your problem. Do you use implicit invitations only for public DIDs?

etschelp (Wed, 06 Jan 2021 14:49:32 GMT):

Yes, only for public did's, so at least keys associated with a public did should be routable.

dbluhm (Wed, 06 Jan 2021 14:52:05 GMT):

I'll need a little more detail on your step 4 to help place where the problem is. Can you step through in more detail each step you're taking to create the connection and what errors or unexpected behavior you're seeing?

dbluhm (Wed, 06 Jan 2021 14:54:59 GMT):

@TimoGlastra looks like just a mistake on my part, sorry about that. I'll do a quick PR to fix that and look at adding a unit test to validate the fix and prevent future regression

TimoGlastra (Wed, 06 Jan 2021 15:00:06 GMT):

Cool, thanks @dbluhm

TimoGlastra (Wed, 06 Jan 2021 15:00:57 GMT):

@etschelp that should be doable. I'll look into it in the coming week

etschelp (Wed, 06 Jan 2021 15:02:49 GMT):

Nice, looking forward to it.

gagepoulson (Wed, 06 Jan 2021 15:29:58 GMT):

Has joined the channel.

TimoGlastra (Wed, 06 Jan 2021 16:47:22 GMT):

@etschelp I think this PR fixes your issue: https://github.com/hyperledger/aries-cloudagent-python/pull/895. Could you verify it works as intended?

dbluhm (Wed, 06 Jan 2021 18:39:05 GMT):

@etschelp @TimoGlastra PR with the fix for the regression I introduced: https://github.com/hyperledger/aries-cloudagent-python/pull/897

adamsc64 (Wed, 06 Jan 2021 19:05:12 GMT):

I'm trying to run through the Alice-Faber demo again as documented here [https://github.com/hyperledger/aries-cloudagent-python/blob/master/demo/AriesOpenAPIDemo.md]. I'm using Docker Playground to run docker.

When I'm at the step to POST to create an invitation on Faber using the swagger interface, I get an HTTP 500 error in response from Faber caused by exception `aries_cloudagent.storage.error.StorageNotFoundError: mediation_requests record not found`. I checked out the most recent tagged release from October, and this doesn't seem to happen, so I don't know if this means this was introduced in the mean time. Here is the full stacktrace from the Faber log in a comment thread to this message.

adamsc64 (Wed, 06 Jan 2021 19:05:46 GMT):

I'm trying to run through the Alice-Faber demo again as documented here [https://github.com/hyperledger/aries-cloudagent-python/blob/master/demo/AriesOpenAPIDemo.md]. I'm using Docker Playground to run docker.

When I'm at the step to POST to create an invitation on Faber using the swagger interface, I get an HTTP 500 error in response from Faber caused by exception `aries_cloudagent.storage.error.StorageNotFoundError: mediation_requests record not found`. I checked out the most recent tagged release from October, and this doesn't seem to happen, so I don't know if this means this was introduced in the mean time. Here is the full stacktrace from the Faber log in a comment thread to this message.
cc @ianco

adamsc64 (Wed, 06 Jan 2021 19:06:11 GMT):



adamsc64 - Wed Jan 06 2021 14:06:09 GMT-0500 (Eastern Standard Time).txt

ianco (Wed, 06 Jan 2021 19:09:04 GMT):

I suspect this is related to the latest mediator code, @dbluhm @burdettadam

burdettadam (Wed, 06 Jan 2021 19:09:04 GMT):

Has joined the channel.

dbluhm (Wed, 06 Jan 2021 19:14:55 GMT):

When using the swagger API UI, an example mediation ID is included by default when you click on `try it out`. This got me a few times, any chance this is the case here?

TimoGlastra (Wed, 06 Jan 2021 20:59:02 GMT):

Question about the new mediator features. Does it queue messages that cannot be immediately sent to the receiving agent? E.g. a mobile agent that has no endpoint is offline. Or should the receiving agent be online at the time a message is received by the mediator agent?

dbluhm (Wed, 06 Jan 2021 21:28:35 GMT):

This is something ACA-Py already handled so no new additions were made with mediation that changed this behavior

dbluhm (Wed, 06 Jan 2021 21:29:44 GMT):

The persistent queues work is highly relevant to this question

TimoGlastra (Wed, 06 Jan 2021 21:46:25 GMT):

Thanks. I was mainly curious because I don't see any support for something like `didcomm:transport/queue`, but looking at aries-toolbox it just uses an empty string for the serviceEndpoint

Shweta1 (Thu, 07 Jan 2021 04:33:01 GMT):

yes mediatation_id present in latest json for connection invitation.If you are not using mediator,you can remove mediator_id from json and then post.

Shweta1 (Thu, 07 Jan 2021 07:28:03 GMT):

I think my step 4 is wrong.I am trying to connect Mediator agent with end user agent which is not possible.

Shweta1 (Thu, 07 Jan 2021 07:29:10 GMT):

Thanks dbluhm!!I think I am doing wrong.Trying to make connection in between mediator agent and end user agent which is wrong. I am little bit confused.I am explaining my use case below and let me correct if anything wrong.

I have one Organisation agent,a  Mediator  and  100 end users.All are aries cloudagent.
1. Organisation agent is like faber and Mediator is alice.Created connection between them.
2. Using above connection id,mediator id is created by Organisation agent.
3. Mediator agent grant above mediator request.

Now Organisation agent wants to send credential using this mediator to end user.How I execute this step.
Because there must be some connection between mediator and end user.

etschelp (Thu, 07 Jan 2021 10:57:12 GMT):

@TimoGlastra This works fine now. I tested this with a v0.5.6 agent and a agent build from your pull request. It is now possible to connect to a public did of a sub wallet. One thing that I noticed was that when I assign the public did: POST /wallet/did/public. GET /wallet/get-did-endpoint still returns null for the endpoint, but the endpoint is already on the ledger. I have to do a set-did-endpoint for this to change. But nevertheless other agents can connect fine without doing the second step.

proteche (Thu, 07 Jan 2021 11:44:22 GMT):

how to do backup of indy node? i checked there are multiple storage components(seq_no_db,etc)  which is present at docker volumes. but if it gets down, how can i recover from same point? is it as simple to just pointing to the backup folder?

adamsc64 (Thu, 07 Jan 2021 16:00:16 GMT):

Possibly. That confuses me too. Maybe they should use more obvious sample values like `SAMPLE_ID`. But even if that's it, should it result in HTTP 500?

dbluhm (Thu, 07 Jan 2021 16:01:31 GMT):

The organization agent and the end user agents need to connect to each other before the credential can be issued. This can happen with either party initiating the interaction. If the organization agent creates an invitation to send to the end user agent, specify the mediation id in the create invite call through the admin api. The organization agent will complete all steps for the resulting connection to be mediated when the end user responds to the invitation. If the end user creates the invitation, the organization must specify a mediation id on receive invitation (or accept invitation if `auto-accept` is not used in the receive invitation call) which will similarly cause the resulting connect to be mediated.

dbluhm (Thu, 07 Jan 2021 16:03:03 GMT):

Once the organization and end user agents are connected, there is no obvious indication the the message was mediated at the message level and so the credential issuance protocol would behave exactly as it would if the two agents were directly connected.

dbluhm (Thu, 07 Jan 2021 16:04:48 GMT):

Good point, a 404 would be more appropriate

dbluhm (Thu, 07 Jan 2021 16:05:12 GMT):

With more graceful error handling in the background, of course

adamsc64 (Thu, 07 Jan 2021 16:05:29 GMT):

Something in the `4xx` range definitely

adamsc64 (Thu, 07 Jan 2021 16:06:04 GMT):

I sometimes see 404 reserved for "this URL is invalid," versus other 4xx range errors for specific semantic or data problems

adamsc64 (Thu, 07 Jan 2021 16:06:16 GMT):

I don't have more context on the current practices however

adamsc64 (Thu, 07 Jan 2021 16:06:16 GMT):

I don't have more context on the current practices in ACApy however

dbluhm (Thu, 07 Jan 2021 16:08:39 GMT):

I'll have to double check how "storage not found errors" are translated to HTTP error codes elsewhere in ACA-Py. I know I have seen 404s used before but those may have been used more specifically on record retrieval requests rather than in the middle of completing another option getting a "storage not found" error

dbluhm (Thu, 07 Jan 2021 16:35:39 GMT):

https://github.com/hyperledger/aries-cloudagent-python/pull/901

TimoGlastra (Thu, 07 Jan 2021 16:51:36 GMT):

Thanks for testing @etschelp! I'll take a look at the other issue you mentioned

bruno_santos (Fri, 08 Jan 2021 17:12:36 GMT):

Hello everyone. About the agent roles in the Alice-Faber-Acme demo, are the 3 of them able to act as endorsers? Or is one of them without this configuration?

ianco (Fri, 08 Jan 2021 17:16:11 GMT):

This demo does not yet support any endorser functionality

swcurran (Fri, 08 Jan 2021 18:52:29 GMT):

The DID for Faber must be set up as an endorser if using an Indy network enforcing authorizations, as it is the only one that is writing to the ledger.

jameshiester (Fri, 08 Jan 2021 18:52:53 GMT):

would there be any way to get notified from a verifiers perspective when a credential is revoked?

jameshiester (Fri, 08 Jan 2021 18:55:01 GMT):

e.g. let's say I verified a presentation some time ago, is there a way for me to check that an underlying credential hasn't been revoked without communicating with the original holder?  I'm assuming this isn't available just by subscribing to the tails file?

discoverer (Sat, 09 Jan 2021 02:48:17 GMT):

In Alice-Faber demo using Aca-py
1. Faber issues a certificate to Alice
2. Alice saves the certificate in the wallet

Question  - now Faber wants to see what certificate they issued to Alice, how can Faber see that using Aca-py?

devexplore2020 (Sat, 09 Jan 2021 13:23:29 GMT):

@TimoGlastra could I add a small question to this thread. So for us to test the multitenancy, we start the ACApy instances only with - - multitenant switch (without - - api--api--key) and then in multitenancy topic we POST for a subwallet and then get a Bearer key? Would this not be seen as a security issue if someone could just bark in without a token an make POST calls? 

TimoGlastra (Sat, 09 Jan 2021 13:42:39 GMT):

Yes you should always use `--api-key` in production. The base

TimoGlastra (Sat, 09 Jan 2021 13:43:42 GMT):

Yes you should always use `--api-key` in production. The base wallet only required the api key, but subwallets also require an JWT token. See this issue for more context why this is the case: https://github.com/hyperledger/aries-cloudagent-python/pull/890

devexplore2020 (Sat, 09 Jan 2021 13:49:02 GMT):

Thanks @TimoGlastra will take a look. Are there maybe some docs on multitenancy or still work in progress? 

TimoGlastra (Sat, 09 Jan 2021 13:50:22 GMT):

That's still work in progress. It's on my todo list for this week

devexplore2020 (Sat, 09 Jan 2021 16:06:13 GMT):

Good luck Timo. In the meantime I will do some testing and provide some feedback 

devexplore2020 (Sat, 09 Jan 2021 16:59:53 GMT):

@TimoGlastra could I maybe understand more the create wallet(was and is available before multitenancy) and create subwallet(in the multitenancy) in Indy terms? With create subwallet, we do not register another set of verkey/publicDID but we use the one from base wallet I used to endorse on Sovrin. Or the one multitenancy instance of ACApy hosts many Agency many subwallets (with private keys), the question is where would the public keys then used for ledger/didcomm interaction be stored/backuped for disaster recovery? Some key pointers of the low-high architecture would be fine to check out. 

ianco (Sat, 09 Jan 2021 17:04:00 GMT):

Faber can's see what's in Alice wallet, so Faber has to keep track themselves (outside of aca-py) what credentials they have issued

devexplore2020 (Sat, 09 Jan 2021 17:06:25 GMT):

I assume these are all topics for the docs, like this question also: 

devexplore2020 (Sat, 09 Jan 2021 17:06:31 GMT):

how do you get the keys to encrypt and decypt the data per wallet?

devexplore2020 (Sat, 09 Jan 2021 17:07:13 GMT):

Is there a database behind multitenancy ACApy instances, I hope not :) 

devexplore2020 (Sat, 09 Jan 2021 17:58:10 GMT):

@TimoGlastra - can I bug you once more with the multitenancy question. I have spinned up the acapy instance with --multitenant --jtw-secret testsecret --multitenant-admin and --admin-api-key testkey     I am trying now to experiment. I have got now a new window with Bearer authorization where I should also prepend Bearer {token} , but I only know my jwt-secret I defined , I cannot find my JSON web token ( I assume for every wallet context one will be generated?) And know (before it worked without multitenancy) if I try any rest call like get connection (with the api key I used also before , without authorization bearer) I get the 401 Unauthorized . I suppose,since I am not using the Alice-Faber demo, I wanted to understand more on low level, how the indy storage is working of the wallets, how are they backuped, how are the keys managed etc. , the flow has changed how I can use the adminapi then before multitenancy release ?

devexplore2020 (Sat, 09 Jan 2021 18:08:04 GMT):

Hi @TimoGlastra I have managed to hit now the POST /create/wallet and I got the TOKEN. I suppose know I can use it in the authorization. Nicely  done by the way. This would mean that the base API login creates the wallet and every wallet gets a JSON token , which then switches the context of every wallet to perform actions there. This would mean from the , if a person/or_biometric_device would like to make actions with one sub-wallet, it would need to know the json web token and prepend it to make calls (for every single wallet separately) ? I think I am asking to much , probably those details will come in the docs, on the higher-lower level to understand , how are the keys managed . Every subwallet has a unique ID (can this ID be changed for a biometric hash of a device) or could we separate the storage of the private keys. Those concerns I have are more in a security context ( like also backups and custodianship ...)

devexplore2020 (Sat, 09 Jan 2021 18:10:58 GMT):

For an example, one security question would be , if one compromises the API key, he can delete/control every single sub-wallet without the consent of the end user/device. Then the Base wallet API key works like an agency and if this is compromised , than it could be bigger issue for all of the wallets.

devexplore2020 (Sat, 09 Jan 2021 18:18:36 GMT):

But as I am testing more, I think I understood the design. With the base API key, I can only manage to create sub-wallets in /multitenancy topic and for every new wallet I get a JSON Bearer token. Then I use this token (in context of every wallet) to make connection/issue credentials/make_proofs for every wallet represented via that bearer token. The base walllet I created as an endorser works more/less like a mediator with the Public DID and I can see it as an Agency that manages multiple walllet. I think a second production question would be the scalability and redundancy if this one acapy instance crashes, can the wallets be re-located/restarted/moved automatically on another working "standby" acapy instance ? What about high availibilly storage and etc. ?

devexplore2020 (Sat, 09 Jan 2021 18:38:51 GMT):

For an example, if I have started two ACApy multitenant instances, I suppose I can exchange messages between wallets from both instance domains and make proofs. Or are the sub-wallets limited to a communication within their acapy instance domain only ?

TimoGlastra (Sat, 09 Jan 2021 19:32:37 GMT):

There is not much difference between the base wallets and subwallets. They are both indy wallets and have their own storage, keys, credentials, etc... Subwallets do not use the public did of the base wallet. They should either register their own public did, or they can't do any operations that require a public did. So the keys to do ledger/didcomm interactions are stored in a separate wallet. This wallet is either a postgres database (using the indy postgres plugin) or a local sqlite database. The keys to unlock a wallet are stored in the base wallet. This is for the 'managed' mode. in 'unmanaged' mode the keys are not stored in the base wallet, but must be provided periodically to the agent. For now using a JWT token, but we'd like to make this pluggable eventually. So yes there is a database behind multitenancy ACAPy instances (either local sqlite or remote postgres) but this is also the case with non multitenancy. I'll try to cover everything in the documentation

TimoGlastra (Sat, 09 Jan 2021 19:38:49 GMT):

Regarding the scalability and redundancy, this is not specific to multitenancy I think. BCGov has multitple ACA-Py instances running next to each other, all using the same wallets under the hood. This allows for horizontal scaling. All wallet data is stored encrypted in an postgres database. If one agent shuts down, other agents could resume the tasks. With multitenancy you can do the same. you could start 10 aca-py instances in parallel (e.g. using openshift) and expose a single endpoint. Openshift will divide the requests between the different aca-py instance. So a single agent to the outside world are actually multiple agents

TimoGlastra (Sat, 09 Jan 2021 19:39:02 GMT):

Subwallets can communicate with other agents

devexplore2020 (Sat, 09 Jan 2021 19:49:53 GMT):

Thanks @TimoGlastra for the great explanation. From my past Indy experience, I have created a Steward wallet and connected it to Sovrin and created a NYM with public did. In my case of ACApy this is the base wallet, with which I start an instance. I suppose in multitenancy mode of ACApy this wallet creates the schema and performs ledger operations? I was wondering when I create a sub-wallet, it does not create automatically a public DID on the Ledger-Sovrin (like I tested before with Indy wallets and did.create_and_store_my_did). Am I missing some rest calls here or the subwallets cannot get an endorser role on the Sovrin Ledger (in managed mode)? Probably you will put this in docs, but I hope I am helping out the faq section :) 

devexplore2020 (Sat, 09 Jan 2021 20:16:46 GMT):

For every managed wallet the keys are stored in a local sqlite db? This is Indy by the default design? Can this be changed into some other form of key store not to have the dependency of sqlite which needs further patches in future because of security? 

devexplore2020 (Sat, 09 Jan 2021 20:17:30 GMT):

Thanks Timo

devexplore2020 (Sat, 09 Jan 2021 20:18:58 GMT):

I was thinking on a production system without depending on Openshift and docker container 

GuilhermeFunchal (Sun, 10 Jan 2021 11:51:45 GMT):

does anyone know of any updated references to the aca-py initialization parameters?

GuilhermeFunchal (Sun, 10 Jan 2021 11:58:01 GMT):

Hello, to solve error 401 I needed to put "Bearer" in Autorization, for example :

H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ3YWxsZXRfaWQiOiI1MWY1MzAwYS1hZTNkLTQyNjktOGNjMC05MmU5Njc3OGQzMGYifQ.v38pl0TbiKQc_wTkrID1ljJoXkGS-Wm3f7j82LIaDI0"

Thanks @TimoGlastra for your help.

da3v21 (Sun, 10 Jan 2021 12:05:44 GMT):

Has joined the channel.

da3v21 (Sun, 10 Jan 2021 12:07:28 GMT):

Is the option to verify unrevealed attributes implemented in ACA-PY yet?. The verification fails everytime when the revealed is set to false in the /send-presentation/ api.

da3v21 (Sun, 10 Jan 2021 12:07:28 GMT):

Is the option to verify unrevealed attributes implemented in ACA-PY yet?. The verification fails everytime when the revealed is set to false in the /send-presentation/ api in present-proof

da3v21 (Sun, 10 Jan 2021 12:10:04 GMT):

How did trinsic ID implement connection less verification , is it implemented in ACA-PY. Is the outofband protocol related to this. They mentioned in their documentation that they have used a temporary connection DIDcomm protocol, I believe it is using static peer DIDs how can this be implemented in ACA-PY.

jcourt (Sun, 10 Jan 2021 22:10:49 GMT):

I think that would be against some of the DI principles to be able to be "notified" but is there anything stopping someone from storing the original "presentation" and just re-running the "verify" step on it periodically ?

alvaradojl (Mon, 11 Jan 2021 10:33:13 GMT):

Has joined the channel.

bruno_santos (Mon, 11 Jan 2021 12:36:32 GMT):

Hello everyone, how can I access the records database of the demo?

GuilhermeFunchal (Mon, 11 Jan 2021 13:43:48 GMT):

Hello, how I can test "mediation" features in ACA-Py ?

swcurran (Mon, 11 Jan 2021 15:19:21 GMT):

A way to always get the latest start up parameters is to run `./scripts/run_docker start --help`.  You can also run `./scripts/run_docker provision --help` to see the parameters applicable when provisioning resources.

dbluhm (Mon, 11 Jan 2021 17:31:01 GMT):

At a very high level and using Alice, Bob, and Mediator agents as an example:
1. Establish a connection between Alice and Mediator
2. Alice sends mediation request to Mediator
3. Mediator grants mediation request for Alice.
4. Alice specifies a mediation id when creating invitations or receiving invitations to have the resulting connection be mediated. For instance, Alice creates a new connection invitation with the mediation ID created for Mediator. Alice gives this invitation to Bob. Bob uses the invitation as normal. Alice completes the connection protocol flow while informing Mediator of the new public keys that should be routed to her when the mediator receives messages for them.

dbluhm (Mon, 11 Jan 2021 17:32:45 GMT):

ACA-Py provides admin APIs for each of these operations

dbluhm (Mon, 11 Jan 2021 17:33:27 GMT):

With the connection protocol key list updates sent to the mediator being handled automatically for invitations created or received with a mediation ID.

TimoGlastra (Mon, 11 Jan 2021 20:43:16 GMT):

@etschelp this pr should fix the issue your described above: https://github.com/hyperledger/aries-cloudagent-python/pull/906

GuilhermeFunchal (Tue, 12 Jan 2021 01:27:01 GMT):

How I can use /connections/{conn_id}/establish-inbound/{ref_id} ? where I find ref_id ?

da3v21 (Tue, 12 Jan 2021 11:44:21 GMT):

Hello! , I created a credential at a epoch time t1, and revoked at time t2, now If I give the timestamp as t1 in the send-presentation and proof request, it should be verified right, but the verification fails.

da3v21 (Tue, 12 Jan 2021 11:48:23 GMT):

There should be an option from the holder to verify his credential revocation status

sklump (Tue, 12 Jan 2021 12:09:13 GMT):

`GET /credential/revoked/{credential_id}`

sklump (Tue, 12 Jan 2021 12:10:19 GMT):

This has been tested extensively. We can work through your problems but I need more data than this.

sklump (Tue, 12 Jan 2021 12:11:39 GMT):

Starting with the timestamp of issue, the timestamp of the revocation transaction on the ledger, and the proof request.

bruno_santos (Tue, 12 Jan 2021 14:46:30 GMT):

[ ](https://chat.hyperledger.org/channel/aries-cloudagent-python?msg=nj5vatonT4CegKF2W) When running a local instance of the demo, can I access the database locally through pgadmin?

dbluhm (Tue, 12 Jan 2021 14:57:00 GMT):

Generally, records are encrypted using the wallet key, I believe. You should be able to view the database but I'm not sure how much information you'd really be able to see. You'll likely have more success inspecting your agent's state by using the admin api and its record retrieval calls

etschelp (Tue, 12 Jan 2021 15:24:03 GMT):

If memory serves right this endpoint is used to route messages over another connection. So the first parameter is the connection id you want to reroute and the ref-id is the connection id of the mediating agent.

bruno_santos (Tue, 12 Jan 2021 15:27:28 GMT):

Ok, do you the process to access it?

dbluhm (Tue, 12 Jan 2021 15:39:35 GMT):

The Admin API? This tutorial takes you through a demo of it: https://github.com/hyperledger/aries-cloudagent-python/blob/master/demo/AriesOpenAPIDemo.md

For non-demo agents, the `--admin` related flags will make sure the api starts up for you. Use `aca-py start --help` or `aca-py provision --help` for more info on those args.

bruno_santos (Tue, 12 Jan 2021 15:54:49 GMT):

My question would be related to this: https://github.com/hyperledger/aries-cloudagent-python/tree/master/demo#run-a-local-postgres-instance```
Since I'm running locally with docker, I wanted to know if I can access the database where the events are stored
```

swcurran (Tue, 12 Jan 2021 16:01:19 GMT):

You can access the database by using a postgres client, but there is not much to see because everything is encrypted.  I believe in the new work being done on aries-askar (new storage library) there is a dev mode that uses null encryption but with what is there today, there is nothing to see.

swcurran (Tue, 12 Jan 2021 16:02:06 GMT):

You can see the two tables -- items and tags if I remember correctly, each name/value columns, but all the data is encrypted.

GuilhermeFunchal (Tue, 12 Jan 2021 16:14:16 GMT):

Thanks, I'm  try to test. I didn't find anything about ref_id.

George_Sujarae (Tue, 12 Jan 2021 16:27:45 GMT):

Has joined the channel.

George_Sujarae (Tue, 12 Jan 2021 16:27:46 GMT):

Hi all, not sure of this is the right channel to ask as I have a quick question regrading revocation in VC context. That is, as I understand, in order for the revocation to properly work, a tails file (residing in issuer's tail server) is needed. If this is the case, wouldn't this setup prone to a single point of failure (unreachable of tail server) and what would be the consequence of such failure?

swcurran (Tue, 12 Jan 2021 16:32:35 GMT):

The tails file is needed by the holder/prover to create a proof of non-revocation.  The tails file is a static (non-changing) file generated by the issuer and used by all holder/provers and so can be published on redundent servers and cached by the holder/prover at the time of issuance.

That said, the whole idea of the tails file sucks :-) and work is ongoing to define a different way to do revocation that does not include a tails file.  There is an extremely good mechanism that has been proposed and that (last I checked) was being reviewed by the cryptographer community.

George_Sujarae (Tue, 12 Jan 2021 16:36:58 GMT):

so if somehow the tails file cannot be retrieved, holder/provers will not be able to create a proof of non-revocation?

swcurran (Tue, 12 Jan 2021 16:51:44 GMT):

Correct.  They also have to do a ledger query to create the proof.

George_Sujarae (Tue, 12 Jan 2021 16:52:12 GMT):

clear now...thanks

jameshiester (Tue, 12 Jan 2021 17:22:26 GMT):

Ah so I can run verify at a later time to check if the credential has still not been revoked?

jcourt (Tue, 12 Jan 2021 23:36:23 GMT):

I am guessing but can't see how it couldn't work right ?  The verification step is independent and not time sensitive unless I am missing something ?  The only way a "replay" verification couldn't work is if there is some way the witness calculation process bakes in the timestamp of the presentation to restrict "non-revoked" to the specific point in time of the presentation.  If it did then you could only re-verify it wasn't revoked at the time of presentation.  Maybe someone with more knowledge can correct me on this.

bruno_santos (Wed, 13 Jan 2021 09:47:20 GMT):

Hello channel, considering that I have 2 openstack instances (each running an Aries agent aca.py instance and Von-Network) connnected to the same network, would it be possible, using the docker demo, to perform credential issuing and validation from one to another?

da3v21 (Wed, 13 Jan 2021 10:19:17 GMT):

Thanks, I did a complete testing again, it works on 0.5.6 version, but the non_revoked interval doesn't work on 0.5.2 version agents

sklump (Wed, 13 Jan 2021 11:41:53 GMT):

0.5.2 is ages and ages ago, in aca-py terms. Also, see https://github.com/hyperledger/aries-rfcs/tree/master/concepts/0441-present-proof-best-practices, to which only 0.5.6 and above adhere.

jugma (Wed, 13 Jan 2021 16:42:33 GMT):

Has joined the channel.

jugma (Wed, 13 Jan 2021 16:42:33 GMT):

The latest Von Network is running Indy version 1.12.3. Please could you let me know when the Von Network will be upgraded to Indy version 1.12.4. Thank you.

WadeBarnes (Thu, 14 Jan 2021 13:34:23 GMT):

@andrew.whitehead, When you have a moment can you build/push a node 1.12.4 version of `von-image` for this please.

WadeBarnes (Thu, 14 Jan 2021 13:34:23 GMT):

@andrew.whitehead, When you have a moment can you build/push a node 1.12.4 version of `von-image` for this please?

andrew.whitehead (Thu, 14 Jan 2021 18:00:00 GMT):

Sure I'll have a look, I know @ianco  was looking at updating that related to the indy-sdk release as well

ianco (Thu, 14 Jan 2021 18:02:45 GMT):

I was trying to build the node image with the new indy-sdk but have not yet been successful.  I tried to build the existing node image on my local and haven't been able to do that either.  I'd be interested if you can get it to work ...

esune (Thu, 14 Jan 2021 18:24:16 GMT):

Can image building/pushing be automated at all when a new version is released?

andrew.whitehead (Thu, 14 Jan 2021 18:25:09 GMT):

The current version has a shim to use ursa when it's looking for indy-crypto, I think that can probably be removed

andrew.whitehead (Thu, 14 Jan 2021 18:26:35 GMT):

It could make sense to split von-image-node into a separate project at some point and set up CI, not sure if it's worth the effort

andrew.whitehead (Thu, 14 Jan 2021 18:31:44 GMT):

Hm, nope looks like indy-plenum 1.12.4 still depends on indy-crypto

devexplore2020 (Sun, 17 Jan 2021 06:10:27 GMT):

Hi everyone. When running multiple ACApy instances, a good thing would be to cumulative the webhooks. I have seen there is a parameter to send the webhooks from every instance to a particular server to manage it. Are you maybe using any python tools for that? 

devexplore2020 (Sun, 17 Jan 2021 06:10:27 GMT):

Hi everyone. When running multiple ACApy instances, a good thing would be to cumulate the webhooks. I have seen there is a parameter to send the webhooks from every instance to a particular server to manage it. Are you maybe using any python tools for that? 

Shweta1 (Mon, 18 Jan 2021 11:30:41 GMT):

I am exploring mediator and read this url "https://github.com/hyperledger/aries-rfcs/tree/master/concepts/0046-mediators-and-relays".
I have following scenario.
1. Alice direct connects to faber.(No Mediator)
2. Alice first connects to her mediator and mediator will forward to faber.so for this, every end mobile users have his/her mediator.(n mobile agent- n mediator)
3. Alice  connect to mediator(aries cloudagent) and then mediator will forward to faber.so this mediator are used for muli user.
If my end user(mobile agent) uses xamrin app,so which scenario will be the best approach. This use case have n number of mobile agent.

lijiachuan (Tue, 19 Jan 2021 14:59:13 GMT):

Hi Team, I would like to have your suggestion about how to use ACA-Py to implement a multi-tenancy agent, which I expect to create separate wallet for each entity(Company/Individual/Thing). Is there any existing guideline about this? Thanks a lot.

TimoGlastra (Tue, 19 Jan 2021 15:04:20 GMT):

I'm writing the documentation as we speak. I should have a PR before the end of the day. I will get back to you once ready

swcurran (Tue, 19 Jan 2021 15:05:47 GMT):

And the documentation is being written because the work is already done to support that...

lijiachuan (Tue, 19 Jan 2021 15:07:42 GMT):

Great to know that :)

lijiachuan (Tue, 19 Jan 2021 16:24:43 GMT):

Whether current we must provision a wallet before start an agent?

lijiachuan (Tue, 19 Jan 2021 16:29:07 GMT):

May I know where can I find a correct agent start command?

TimoGlastra (Tue, 19 Jan 2021 18:51:09 GMT):

@lijiachuan https://github.com/hyperledger/aries-cloudagent-python/pull/917

TimoGlastra (Tue, 19 Jan 2021 18:51:09 GMT):

@lijiachuan  multi-tenancy documentation. Let me know if you're missing anything 
https://github.com/hyperledger/aries-cloudagent-python/pull/917

TimoGlastra (Tue, 19 Jan 2021 18:51:44 GMT):

This issue contains some good example configurations: https://github.com/hyperledger/aries-cloudagent-python/issues/910

GuilhermeFunchal (Tue, 19 Jan 2021 19:32:59 GMT):

Hello, does anyone have load tests scripts for ACA-Py and Indy to share?

swcurran (Wed, 20 Jan 2021 00:42:28 GMT):

Join us for the ACA-Py User Group is Wednesday at 11AM Pacific (19:00 UTC/20:00 CET).

Zoom link is: https://zoom.us/my/hyperledger.community?pwd=STZQd0xMZU9xRVVOVnpQM3JNQ2dqZz09
Link to meeting agenda page: https://wiki.hyperledger.org/display/ARIES/2021-01-20+Aries+Cloud+Agent+-+Python+Users+Group+Community+Meeting

Topic for the Meeting:

* Demo/discussion: First cut of persistent queues
* ACA-Py Roadmap

Everyone is welcome!

lijiachuan (Wed, 20 Jan 2021 03:28:03 GMT):

Hi @TimoGlastra, is there a document about start a new single cloud agent? not for the multi-tenancy

lijiachuan (Wed, 20 Jan 2021 04:06:11 GMT):

Hi, I encountered an error when I start a new agent, I used below command after download the ACA-Py code:
```
PORTS="8080:8080 8000:8000" \
scripts/run_docker start \
-l CorpReg \
--inbound-transport http 0.0.0.0 8000 \
--outbound-transport http \
--admin 0.0.0.0 8080 \
--admin-insecure-mode \
--endpoint http://AgentVMIP:8000 \
--genesis-url http://IndyNetworkIP/genesis \
--wallet-type indy \
--wallet-name mywallet \
--wallet-key welldone \
--seed 0000000000000000000000000CorpReg \
--log-level 'info'  \
--auto-accept-invites \
--auto-accept-requests \
--auto-ping-connection \
--auto-respond-credential-offer \
--auto-respond-credential-request \
--auto-store-credential \
--auto-verify-presentation
```

And I received below error:
```
aries_cloudagent.core.error.ProfileNotFoundError: Wallet 'mywallet' not found: Error: Wallet not found
  Caused by: No wallet database exists
```

So there is no such wallet, I am not sure whether this is a new change for start a new agent, I used this previously several month ago, would like to get some help here. Thanks a lot.

andrew.whitehead (Wed, 20 Jan 2021 04:19:47 GMT):

Unless you need something from master I suggest using 0.5.6. That said for master you probably want the `—auto-provision` flag 

Shweta1 (Wed, 20 Jan 2021 05:06:13 GMT):

I am trying to enable webhook event with following configuration.

===========================================

General
label: Alice
endpoint: http://localhost:3000
inbound-transport:

[http, 0.0.0.0, 3000]
outbound-transport: http
no-ledger: true
genesis-url: http://localhost:9000/genesis
Admin
admin: [0.0.0.0, 3001]
admin-insecure-mode: true

Connections
debug-connections: true
auto-accept-invites: true
auto-accept-requests: true
webhook: [localhost, 3002]
log-level: debug
webhook-url: http://localhost:3002/webhooks

============================

Getting this error :Error: (, ClientConnectorError(ConnectionKey(host='localhost', port=3002, is_ssl=False, ssl=None, proxy=None, proxy_auth=None, proxy_headers_hash=None), ConnectionRefusedError(111, "Connect call failed ('127.0.0.1', 3002)")), ); Payload: {"accept": "auto", "created_at": "2021-01-19 13:54:59.802130Z", "invitation_key": "H3C2AVvLMv6gmMNam3uVAjZpfkcJCwDwnZn6z3wXmqPV", "state": "invitation", "their_role": "invitee", "updated_at": "2021-01-19 13:54:59.802130Z", "invitation_mode": "once", "routing_state": "none", "connection_id": "89a16408-7b39-4db9-ab5d-e65683bc753c"}; Re-queue failed message .

Kindly suggest.

lijiachuan (Wed, 20 Jan 2021 05:22:48 GMT):

ok, let me check it

wip-abramson (Wed, 20 Jan 2021 11:07:29 GMT):

It looks to me like you have enabled the webook. The agent posts to the url you configure, but there is no server running there to receive the request

Shweta1 (Wed, 20 Jan 2021 13:29:47 GMT):

Thanks abramson.I want to write all  webhook events in container log or how I can check all the events listen.so what is the purpose of webhook-url.

RounakGhosh (Wed, 20 Jan 2021 14:25:18 GMT):

Hello, everyone. I have one question regarding creating credential_definition_id from schema_id. In my mobile wallet, I have not created schema_id , but the schema_id is available in the indy ledger. At, that time I could not create credential_definition_id from the available schema_id from indy ledger. Please let me know. Thanks.

bruno_santos (Wed, 20 Jan 2021 14:48:30 GMT):

Hello channel. I have 2 machines, with each running their instance of the von-network. On one I have a Faber Agent (connected to the machine's von), and in the other a Alice Agent (with its von respectively). Should it still be possible for Faber to issue a credential to Alice?

wip-abramson (Wed, 20 Jan 2021 14:59:35 GMT):

I am not fully sure what you are asking here. However this might be useful https://github.com/OpenMined/PyDentity/blob/master/tutorials/aries-basic-controller/notebooks/alice/Part%202%20-%20Aries%20Basic%20Controller.ipynb

wip-abramson (Wed, 20 Jan 2021 14:59:40 GMT):

especially the section Understanding the Aries Basic Controller Listeners

daidoji (Wed, 20 Jan 2021 15:01:44 GMT):

bruno_santos, issuing should be fine, verifying though will need access to the ledger (von-network connected to faber)

andrew.whitehead (Wed, 20 Jan 2021 17:03:45 GMT):

No, they need to share a ledger instance (von-network in this case)

bruno_santos (Wed, 20 Jan 2021 17:06:28 GMT):

Ok, for this case, should I set the GENESIS_URL on one of the agents to fetch the URL of the other agent's genesis?

andrew.whitehead (Wed, 20 Jan 2021 17:21:52 GMT):

Yes, that should work 

sauveergoel (Wed, 20 Jan 2021 18:38:52 GMT):

can someone help with the following error: 
> OSError: libindystrgpostgres.so: cannot open shared object file: No such file or directory

neilbts (Wed, 20 Jan 2021 19:32:36 GMT):

Does anyone know if it is possible to send a presentation reject (per present proof rfc)? It seems like it is not implemented yet but maybe there's some field in a model that marks the presentation request as rejected?

sklump (Wed, 20 Jan 2021 20:09:06 GMT):

At present we only mark the presentation exchange record with verified=False on failure to verify.

neilbts (Wed, 20 Jan 2021 20:40:15 GMT):

Ok that will work, thanks!

Shweta1 (Thu, 21 Jan 2021 08:05:03 GMT):

thanks abramason.I created a server for webhook which receives request.

kenty (Fri, 22 Jan 2021 11:37:13 GMT):

Has joined the channel.

kostasmoschou (Fri, 22 Jan 2021 14:10:25 GMT):

Has joined the channel.

cam-parra (Fri, 22 Jan 2021 17:30:36 GMT):

Where can I find  a von image with the latest aca-py?

swcurran (Fri, 22 Jan 2021 18:22:36 GMT):

We publish images to: https://hub.docker.com/search?q=bcgovimages&type=image

swcurran (Fri, 22 Jan 2021 18:23:04 GMT):

I'm not sure there is a pre-release one out yet, if you are looking for mediator/multi-tasking support.

swcurran (Fri, 22 Jan 2021 18:23:15 GMT):

@andrew.whitehead would probably know.

andrew.whitehead (Fri, 22 Jan 2021 18:29:47 GMT):

There isn't a 0.6 prerelease, just the latest 0.5.6. We might want to do a 0.5.6 on indy 1.16.0 as well

lijiachuan (Sat, 23 Jan 2021 13:39:26 GMT):

Hi all, good day! I have one question want to confirm, currently when I initialize a new agent, it's DID must be registered in the Indy ledger firstly, then it can be provisioned, is this a new change for agent provisioning? Previously I didn't need to register the DID. Kindly confirm. Thanks.

lijiachuan (Sat, 23 Jan 2021 13:39:26 GMT):

Hi all, good day! I have one question want to confirm, currently when I initialize a new agent, it's DID must be registered in the Indy ledger firstly, then it can be provisioned, is this a new change for agent provisioning? Previously I didn't need to register the DID. Kindly confirm. 

Another help I need is, I can get the sample from [https://github.com/hyperledger/aries-cloudagent-python/blob/master/demo/AriesOpenAPIDemo.md#requestingpresenting-a-proof](https://github.com/hyperledger/aries-cloudagent-python/blob/master/demo/AriesOpenAPIDemo.md#requestingpresenting-a-proof) about proof request for a specific connection, but I want to initialize a new proof request which is not related to any connection, I think I need to use `/present-proof/create-request` service, but how the holder can get this request, is there any sample code about this example? .

Thanks.

swcurran (Sun, 24 Jan 2021 18:51:37 GMT):

@ianco -- you can probably provide the best answers for these...

cam-parra (Tue, 26 Jan 2021 00:13:43 GMT):

thank you all for the reponses

cam-parra (Tue, 26 Jan 2021 00:14:17 GMT):

I have another question has anyone encountered this error before? and how have you gone to handle it?

cam-parra (Tue, 26 Jan 2021 00:14:38 GMT):

```Registered NYM for DID X on ledger but could not replace metadata in wallet: Unknown DID: X```

esune (Tue, 26 Jan 2021 01:00:42 GMT):

@lijiachuan to convey a proof-request to a party that has not established a connection with you you would use a service decorator. An example is in `vc-authn-oidc`, see here: https://github.com/bcgov/vc-authn-oidc/blob/master/oidc-controller/src/VCAuthn/Models/PresentationRequestMessage.cs

esune (Tue, 26 Jan 2021 01:00:42 GMT):

@lijiachuan to convey a proof-request to a party that has not established a connection with you you would use a service decorator. An example is in `vc-authn-oidc`, see here for the model: https://github.com/bcgov/vc-authn-oidc/blob/master/oidc-controller/src/VCAuthn/Models/PresentationRequestMessage.cs

esune (Tue, 26 Jan 2021 01:01:24 GMT):

This would generate a connection-less proof request, so a connection is not going to be established even after presenting your proof.

esune (Tue, 26 Jan 2021 01:02:29 GMT):

If you want a connection to be established you would need to create a connection invitation first (I believe right now the recommended way is to use OOB) and then push the proof-request on the connection that has been established.

esune (Tue, 26 Jan 2021 01:04:43 GMT):

For the agent's DID: in order to join the ledger with write privileges you need to have a DID recorded on the ledger - I believe it has been this way for a couple of ACA-Py releases.
If you do not need write privileges, you can start ACA-Py in read-only mode by using the `--read-only-ledger` startup parameter (see [here](https://github.com/hyperledger/aries-cloudagent-python/blob/master/aries_cloudagent/config/argparse.py#L460-L466)).

esune (Tue, 26 Jan 2021 01:05:26 GMT):

I also believe this is due to change in 0.6.0 due to the decoupling between provision and start commands - @andrew.whitehead and @ianco should know better.

RazaDen (Tue, 26 Jan 2021 01:54:58 GMT):

Hi @TimoGlastra , revisiting this topic a little bit after we have looked a little bit more into it. Actually, it's not possible to even do the connection protocol, which is a prerequisite step to the mediator protocol, from a mobile agent to an ACA-Py instance. The connection protocol will simply never finish as ACA-Py won't be able to reach the mobile agent ever. Is there something that I am missing here? It seems you need a public endpoint to act as a queue as a prerequisite which, in a sense, defeats the purpose of the mediator protocol (at least for mobile/edge agents).

RazaDen (Tue, 26 Jan 2021 01:56:38 GMT):

It seems that what @sukalpomitra is a fix to the problem by including an endpoint that you can query for messages, but then again this seems like a chicken-egg situation to me. If we need to assume access to a public endpoint for mobile/edge agents, then we don't really need the mediator protocol, right?

RazaDen (Tue, 26 Jan 2021 01:56:38 GMT):

It seems that what @sukalpomitra suggest is a fix to the problem by including an endpoint that you can query for messages, but then again this seems like a chicken-egg situation to me. If we need to assume access to a public endpoint for mobile/edge agents, then we don't really need the mediator protocol, right?

TimoGlastra (Tue, 26 Jan 2021 09:25:50 GMT):

Hi @RazaDen, How are you creating a connection from the mobile agent? Are you using an existing mobile agent? You can create a connection with ACA-Py without a public endpoint. Aries Toolbox is an example (https://github.com/hyperledger/aries-toolbox). It sends an empty string `""` as endpoint to ACA-Py and can receive messages over either http or websockets by making use of the return route decorator (https://github.com/hyperledger/aries-rfcs/blob/master/features/0092-transport-return-route/README.md). I've written out the flow a while ago for aries-framework-javascript, maybe that can help: https://github.com/hyperledger/aries-framework-javascript/issues/40

RazaDen (Tue, 26 Jan 2021 09:49:22 GMT):

Hello @TimoGlastra , thank you again for your prompt response, it's very much appreciated! Well, we are looking into using the Xamarin agent, which employs the .NET sdk. What we want to do is to basically decouple the "builtin" mediator that it has and do everything with ACA-Py instead. We are actively looking on what modifications we have to do in the code base for this, but this is our general plan. To your point, we thought of using the standard connection protocol flow, i.e., mobile agent scans the connection invitation message (e.g., as is provided in the public indicio mediator), and then you know we do the entire flow, which obviously without a public endpoint is not possible. I've seen the transport return route decorator in the RFC and I've seen that it's implemented in ACA-Py but what I don't understand is how we can enable it. Ok, so basically an edge agent that has no public endpoint, sends a connection request message to the (soon to be) mediator ACA-Py and leaves the endpoint as an empty string "". Then ACA-Py will respond synchronously (in the same HTTP call context) with the connection response message or we need to query some other endpoint of ACA-Py (at whatever future time) to get the response? Apologies if I'm asking really dumb questions and thank you again for your help!

sklump (Tue, 26 Jan 2021 12:09:30 GMT):

What version are you running?

TimoGlastra (Tue, 26 Jan 2021 13:10:32 GMT):

This is enabled by default in ACA-Py, to use it you need to include the return route decorator on the mobile side. .NET has a `SendAndReceive` method that adds this decorator (https://github.com/hyperledger/aries-framework-dotnet/blob/2004f677b09c16582207e9f528afee9da6460160/src/Hyperledger.Aries/Agents/Transport/DefaultMessageService.cs#L103). ACA-Py will then respond with a message in response to the http request

lijiachuan (Tue, 26 Jan 2021 14:00:35 GMT):

Hi all, there is one question of VON, as the credentials are issued to OrgBook itself, so how is the process that verify a credential on OrgBook's website, seems like OrgBook is both the credential holder and verifier?

ianco (Tue, 26 Jan 2021 14:10:26 GMT):

Yes for OrgBook that is correct

lijiachuan (Tue, 26 Jan 2021 14:11:17 GMT):

thanks @ianco , so the "correct" you mean is OrgBook is both the credential holder/prover and credential verifier?

ianco (Tue, 26 Jan 2021 14:13:14 GMT):

Yes that's right.  However you an independently verify that the proof cryptographically verifies (just copy the proof from the verify page and plug it into indy-sdk)

lijiachuan (Tue, 26 Jan 2021 14:15:16 GMT):

so for example, whether OrgBook initialize a new proof request and send to itself? Then it response the credential back to itself?

ianco (Tue, 26 Jan 2021 14:19:18 GMT):

Yes

ianco (Tue, 26 Jan 2021 14:19:46 GMT):

There is an aca-py agent in the background, it sends itself a proof request and then responds with a proof

lijiachuan (Tue, 26 Jan 2021 14:19:49 GMT):

em, is this a proof request which doesn't need a connection?

ianco (Tue, 26 Jan 2021 14:20:01 GMT):

the aca-py agent has a connection to itself

lijiachuan (Tue, 26 Jan 2021 14:20:29 GMT):

ok, so a connection between itself

ianco (Tue, 26 Jan 2021 14:20:35 GMT):

yes

lijiachuan (Tue, 26 Jan 2021 14:27:34 GMT):

interesting :)

cam-parra (Tue, 26 Jan 2021 15:14:15 GMT):

I am running 5.6

cam-parra (Tue, 26 Jan 2021 15:16:24 GMT):

this happened after upgrading from 5.4 to 5.6

sklump (Tue, 26 Jan 2021 17:10:17 GMT):

Ping me tomorrow and we'll work it out

cam-parra (Tue, 26 Jan 2021 17:17:48 GMT):

Thank  you! I will

sklump (Tue, 26 Jan 2021 17:34:06 GMT):

It appears current master ought to fix this.
Cause: registering a NYM always tries to update its metadata in the wallet so that the drapes match the carpets. But if a steward is registering a nym for another user, of course it won't find it in its own wallet and hence it bails after (updating the ledger). In current master, the operation updates the ledger and then checks for the presence of the DID in the wallet: if it isn't there, it assumes it's for someone else and silently returns.

cam-parra (Tue, 26 Jan 2021 17:35:01 GMT):

ahh okay. Will that master be released soon so we can consume it?

sklump (Tue, 26 Jan 2021 17:55:44 GMT):

I don't make that call. 0.6.0 is coming "soon" but we are working on a lot of stuff. In the meantime you can swap this routine https://github.com/hyperledger/aries-cloudagent-python/blob/d3895f6394a5f24a895731bcf6fb672e0d84804e/aries_cloudagent/ledger/indy.py#L869 into your own fork if you like.

dbluhm (Wed, 27 Jan 2021 15:31:16 GMT):

Today at 12PM EST Indicio is hosting a Meetup event on Mediation and the Coordinate Mediation Protocol. This is a deep dive into the concepts and messages that Indicio in collaboration with SICPA have added to Aries Cloud Agent - Python to support mediation. All are welcome! Feel free to bring questions :slight_smile: 
You can register for the zoom room here: https://us02web.zoom.us/meeting/register/tZwscu-przotEtWCV-ZYqz06x2sy4SnCsNM5

ianco (Wed, 27 Jan 2021 16:00:16 GMT):

FYI mediator support has been added to the alice/faber demo but it is not merged yet:  https://github.com/hyperledger/aries-cloudagent-python/pull/921

lijiachuan (Wed, 27 Jan 2021 17:04:04 GMT):

Hi everyone, may I know where can I find the guideline about use PostgreSQL as the wallet database? Thanks.

RazaDen (Thu, 28 Jan 2021 13:22:50 GMT):

Hi @dbluhm unfortunately I was not able to join this meeting due to other engagements. Did you by any chance record it? I am very interested in the content. Thank you very much!

cam-parra (Thu, 28 Jan 2021 15:59:17 GMT):

Do we have a timeline for the release of the current code in master of aca-py? We would be really grateful for the inclusion of the multi tenancy support in the next release :) it would unblock us

dbluhm (Thu, 28 Jan 2021 18:40:39 GMT):

You can find a recording on Indicio's youtube channel here: https://www.youtube.com/watch?v=jXsELfUYrGM

RazaDen (Thu, 28 Jan 2021 18:41:42 GMT):

Awesome! Much appreciated.

andrew.whitehead (Thu, 28 Jan 2021 18:44:26 GMT):

We have a few more updates in progress but I think the end of next week is possible

lohan.spies (Thu, 28 Jan 2021 19:10:01 GMT):

:star_struck:

devexplore2020 (Fri, 29 Jan 2021 17:08:18 GMT):

Hi everyone. Would it be possible to run multiple ACApy instances in a docker container which is orchestrated via Kubernetes, to achieve high availability, and if then how? I imagine we can start multiple ACApy agents that use the same DID and Endpoint IP Adress and load balance the API requests? In case one instance crashes it should not be noticeable 

swcurran (Sat, 30 Jan 2021 21:34:05 GMT):

We do this all the time.  We run on OpenShift, which is Red Hat's k8s implementation.  We have a single endpoint and Kubernetes provides a service to load balance across instances.  We use scaling to increase/decrease the number of instances running.

This repo has the oepnshift configs (yaml files) for deploying services for ACA-Py (agent) and OrgBook (controller).

https://github.com/bcgov/orgbook-configurations

lijiachuan (Sun, 31 Jan 2021 14:51:03 GMT):

Hi everyone, when I initially register an agent's DID in the ACA-Py test network, I did that in the test network portal, and from there I only can specify the seed value for the wallet, but if I still want to specify this agent/company's name, logo, address, etc(which are general information for this company), what is the common practice to implement this? Kindly advise. Thanks.

swcurran (Mon, 01 Feb 2021 00:41:07 GMT):

There has not been any common practice around that.  DIDs don't have a standard representation for that, particularly because all of the information would be self-asserted, and not verifiable.

swcurran (Mon, 01 Feb 2021 00:41:47 GMT):

The DID spec does have an "also known as" field that might be useful for that, but I've not been part of the detailed discussions around that.

lijiachuan (Mon, 01 Feb 2021 00:53:12 GMT):

Thanks @swcurran  for your reply, so what value we will put into that "also known as" field depends on our own design, right?

swcurran (Mon, 01 Feb 2021 00:53:53 GMT):

Yup.  For that one in particular -- check the latest DID Core spec.

lijiachuan (Mon, 01 Feb 2021 00:55:44 GMT):

So if I want to do this with ACA-Py agent, whether that means, firstly I need to register this agent's default wallet DID in the Indy test network(VON), then use the agent to issue a new DID with this "also known as" as the public DID which this company wants to everyone know?

lijiachuan (Mon, 01 Feb 2021 00:57:39 GMT):

This sounds like a "self-issued" identity, but I think this make sense as this will be mostly used to verify who is this

swcurran (Mon, 01 Feb 2021 01:00:42 GMT):

No -- first, Indy doesn't support all of the new DIDDoc properties.  Once if does, you will be able to set the property for the DID itself.

Also known as is intended for things like domain name.

swcurran (Mon, 01 Feb 2021 01:00:42 GMT):

No -- first, Indy doesn't support all of the new DIDDoc properties.  Once it does, you will be able to set the property for the DID itself.

Also known as is intended for things like domain name.

swcurran (Mon, 01 Feb 2021 01:01:15 GMT):

With ACA-Py and Aries in general right now, there is no standard way to do that.

lijiachuan (Mon, 01 Feb 2021 01:03:10 GMT):

ok, so for now, for ACA-Py, only a general DID information(DID with verkey) can be generated and registered in the ledger, there is no other type of fields/property can be added currently. Correct?

da3v21 (Mon, 01 Feb 2021 12:02:54 GMT):

Hi Everyone, I created a connectionless proof request in 0.5.6v acapy using the *post/present-proof/create-request *, and modified the response (by adding a service decorator etc.) and converted into a QR code ( first converted it into a base64 url), I scanned it using the trinsic app. The trinsic agent received the proof request and fetched credentials which matched the request and when I click on present to send the presentation, acapy agent doesn't respond and the state of the pres_ex_id remains in *invitation*. How will an acapy agent verify a connectionless proof presentation, is there any protocol which acapy should use to respond? Has it been implemented?, should i use the latest outofband protocol for connectionless protocols?

da3v21 (Mon, 01 Feb 2021 12:02:54 GMT):

Hi Everyone, I created a connectionless proof request in 0.5.6v acapy using the *post/present-proof/create-request *, and modified the response (by adding a service decorator etc.) and converted into a QR code ( first converted it into a base64 url), I scanned it using the trinsic app. The trinsic agent received the proof request and fetched credentials from thee wallet which matched the request and when I click on present to send the presentation, acapy agent doesn't respond and the state of the pres_ex_id remains in *invitation*. How will an acapy agent verify a connectionless proof presentation, is there any protocol which acapy should use to respond? Has it been implemented?, should i use the latest outofband protocol for connectionless protocols?

da3v21 (Mon, 01 Feb 2021 12:02:54 GMT):

Hi Everyone, I created a connectionless proof request in 0.5.6v acapy using the *post/present-proof/create-request *, and modified the response (by adding a service decorator etc.) and converted into a QR code (by following the outofband documentation), I scanned it using the trinsic app. The trinsic agent received the proof request and fetched credentials from thee wallet which matched the request and when I click on present to send the presentation, acapy agent doesn't respond and the state of the pres_ex_id remains in *invitation*. How will an acapy agent verify a connectionless proof presentation, is there any protocol which acapy should use to respond? Has it been implemented?, should i use the latest outofband protocol for connectionless protocols?

da3v21 (Mon, 01 Feb 2021 12:02:54 GMT):

.

swcurran (Mon, 01 Feb 2021 14:01:25 GMT):

Correct

WadeBarnes (Mon, 01 Feb 2021 14:41:09 GMT):

Based on direction from the Hyperledger TSC we will be renaming the default branches of the [Hyperledger](https://github.com/hyperledger) repositories to `main`.

We're starting with [hyperledger/aries-cloudagent-python](https://github.com/hyperledger/aries-cloudagent-python) to assess the process and impact.

**When will this be happening:**
- February 02, 2021 @ 13:00 UTC (Tomorrow)

**Impact to you as a developer:**
- [Updating a local clone after a branch name changes](https://docs.github.com/en/github/administering-a-repository/renaming-a-branch#updating-a-local-clone-after-a-branch-name-changes)

**Other resources:**
- [Renaming the default branch from master](https://github.com/github/renaming)
- [Renaming a branch](https://docs.github.com/en/github/administering-a-repository/renaming-a-branch)

WadeBarnes (Mon, 01 Feb 2021 14:41:09 GMT):

========================================================================================================
Based on direction from the Hyperledger TSC we will be renaming the default branches of the [Hyperledger](https://github.com/hyperledger) repositories to `main`.

We're starting with [hyperledger/aries-cloudagent-python](https://github.com/hyperledger/aries-cloudagent-python) to assess the process and impact.

**When will this be happening:**
- February 02, 2021 @ 13:00 UTC (Tomorrow)

**Impact to you as a developer:**
- [Updating a local clone after a branch name changes](https://docs.github.com/en/github/administering-a-repository/renaming-a-branch#updating-a-local-clone-after-a-branch-name-changes)

**Other resources:**
- [Renaming the default branch from master](https://github.com/github/renaming)
- [Renaming a branch](https://docs.github.com/en/github/administering-a-repository/renaming-a-branch)
========================================================================================================

bruno_santos (Mon, 01 Feb 2021 16:18:02 GMT):

Hello everyone, does aries-cloudagent-python currently support credential issuing requests by the holder agent to the issuer agent? And if so, what are the steps to perform said request on the holder side, and to subscribe to that request on the issuer side?

swcurran (Mon, 01 Feb 2021 16:22:10 GMT):

The holder should ( :-) ) be able to send a "issue_proposal" message to the issuer to trigger the start of an "issue_credential" protocol.  Assuming the proposal is appropriate, the issuer would respond with an offer, and the rest of the flow would happen as does with the offer being the first message.

swcurran (Mon, 01 Feb 2021 16:22:21 GMT):

Pretty sure that is supported.

sklump (Mon, 01 Feb 2021 17:12:57 GMT):

Yes - via https://github.com/sklump/aries-rfcs/tree/master/features/0037-present-proof

sklump (Mon, 01 Feb 2021 17:12:57 GMT):

Yes - via https://github.com/hyperledger/aries-rfcs/tree/master/features/0036-issue-credential

paul.bastian (Mon, 01 Feb 2021 21:52:09 GMT):

Has joined the channel.

RounakGhosh (Tue, 02 Feb 2021 10:27:52 GMT):

Hello Channel, we have set up a mobile wallet in hyperledger indy and also a web services which is also using hyperledger indy. We have used Django to set up the web services. Some times when the server is slow, I am getting multiple proof request sent in my wallet. Can anyone guide what might be the issue.?? Thanks

WadeBarnes (Tue, 02 Feb 2021 13:00:02 GMT):

[ ](https://chat.hyperledger.org/channel/aries-cloudagent-python?msg=7o3QSXrvn2upbeoyr) The branch renaming is complete.

bruno_santos (Tue, 02 Feb 2021 13:08:21 GMT):

So in this case, on the holder agent I would access the _/issue-credential/send-proposal_ endpoint to request a credential. What would then be the next steps on the issuer agent?

lijiachuan (Tue, 02 Feb 2021 13:40:50 GMT):

Hi everyone, I would like to confirm one expected implementation with ACA-Py about the consent. It always talk about user needs to have the ability to provide the consent to share his/her information to others, and user should also be able to revoke this consent to stop sharing it any more, so in ACA-Py or in Aries, how should we implement this consent process? Any suggestion?

lijiachuan (Tue, 02 Feb 2021 13:40:50 GMT):

Hi everyone, I would like to confirm one expected implementation with ACA-Py about the consent. It always talk about user needs to have the ability to provide the consent to share his/her information to others, and user should also be able to revoke this consent to stop sharing it any more, so in ACA-Py or in Aries, how should we implement this consent process? Any suggestion? Thanks.

bruno_santos (Tue, 02 Feb 2021 13:41:42 GMT):

@sklump @swcurran sorry forgot to tag

lijiachuan (Tue, 02 Feb 2021 13:53:55 GMT):

And is there any guideline about how to use webhook with ACA-Py? Thanks.

swcurran (Tue, 02 Feb 2021 18:43:00 GMT):

The issuer agent would (likely) respond with a credential offer message.  On receipt of the proposal message, I think the protocol state object would be created by ACA-Py and then the controller notified by a webhook about the proposal. The controller would then decide what to do -- e.g. send an "offer" message to continue the issue flow.  The controller uses the business logic based on the use case, so presumably there would be some sort of checking that an issuance should happen following the proposal.   If the proposal was not "normal" -- the controller could choose to ignore the message, send a problem report or send a credential offer for an entirely different credential type.  It all depends...

swcurran (Tue, 02 Feb 2021 21:40:08 GMT):

Join us for the ACA-Py User Group is Wednesday at 11AM Pacific (19:00 UTC/20:00 CET).

Zoom link is: https://zoom.us/my/hyperledger.community?pwd=STZQd0xMZU9xRVVOVnpQM3JNQ2dqZz09
Link to meeting agenda page: https://wiki.hyperledger.org/display/ARIES/2021-02-03+Aries+Cloud+Agent+-+Python+Users+Group+Community+Meeting

Topic for the Meeting:

* Release 0.6.0 - Breaking Changes, Including, Active Work Not Included
* Any other topics people want to discuss?

Everyone is welcome!

swcurran (Tue, 02 Feb 2021 21:45:05 GMT):

That is the role of the controller -- the application business logic.  ACA-Py is the framework that does the actions related to DIDComm, protocols, verifiable credentials and so on.  It has a couple of places that it "auto-" processes some steps -- e.g. in handling a connection, or in handling all the messages in an "issue-credential" process. However, other than those few cases (and some might not be used for other than testing) the expectation is that those decisions are left to the controller -- the business logic.  ACA-Py allows the controller to initiate an action, and notifies the controller when an event occurs (e.g. a message from another agent).  The expectation is that ACA-Py will just sit there until the controller tells ACA-Py what to do next.

swcurran (Tue, 02 Feb 2021 21:45:32 GMT):

So, consent to share information would be an issue for the controller, not for ACA-Py.

swcurran (Tue, 02 Feb 2021 21:46:46 GMT):

Further, the controller software might (or might not) activate a user interface to ask a human "Hey, what do you want to do?"  Note that because ACA-Py is often used in enterprise apps, it may not ask a human, but just execute some business rules that result in a decision about what to do next.

swcurran (Tue, 02 Feb 2021 21:48:16 GMT):

At it's simplest, the controller just provides an HTTP endpoint that ACA-Py can use to send the WebHook info. If you run the Alice-Faber demo with the webhooks activated, you will see all the messages.   I confess that I'm sure of the state of the docs on the exact content of all the webhooks in all scenarios.

swcurran (Tue, 02 Feb 2021 21:58:06 GMT):

@adamsc64 -- do you want to provide an update or discuss the latest on Persistent Queues on the ACA-Pug call?

lijiachuan (Wed, 03 Feb 2021 01:39:33 GMT):

Thanks @swcurran for your feedback, clear now.

da3v21 (Wed, 03 Feb 2021 09:27:21 GMT):



Clipboard - February 3, 2021 2:57 PM

da3v21 (Wed, 03 Feb 2021 09:27:21 GMT):

I am trying the mediator workflow, what is the connection key in this step? I can only find the invitation key in the connection record

Clipboard - February 3, 2021 2:57 PM

ianco (Wed, 03 Feb 2021 16:38:44 GMT):

Not sure of the specifics but you can check the code in the alice/faber demo, which implements mediation (run with `--mediation` parameter)

dbluhm (Wed, 03 Feb 2021 20:02:57 GMT):

The connection key is the verkey corresponding to the created DID so I believe it's not directly viewable in the connection record since it's stored in the wallet with the DID

devexplore2020 (Thu, 04 Feb 2021 07:41:50 GMT):

Thanks @swcurran will check them out for sure

jameshiester (Thu, 04 Feb 2021 23:55:45 GMT):

is there a doc showing an example vc format?

sumit0042 (Fri, 05 Feb 2021 04:31:26 GMT):



Clipboard - February 5, 2021 10:01 AM

sumit0042 (Fri, 05 Feb 2021 04:32:32 GMT):

Has joined the channel.

sumit0042 (Fri, 05 Feb 2021 04:32:33 GMT):

I am trying the mediator workflow. I have successfully tested it with 3 public agents (having public IPs as endpoints). My agents are Alice, Mediator and Bob.
But I guess it is intended to work if one of Alice or Bob is behind a firewall.
Is it possible to connect Alice and Bob through mediator if one of them is on localhost, non public IP?

sumit0042 (Fri, 05 Feb 2021 04:32:33 GMT):

I am trying the mediator workflow. I have successfully tested it with 3 public agents (having public IPs as endpoints). My agents are Alice, Mediator and Bob.
But I guess it is intended to work if one of Alice or Bob is behind a firewall.
How to connect Alice and Bob through mediator if one of them is on localhost, non public IP?

dbluhm (Fri, 05 Feb 2021 14:33:19 GMT):

Supposing Alice is the one behind a firewall or is otherwise unreachable directly, Bob would send messages to the Mediator endpoint and then the Mediator temporarily holds messages for Alice until she comes and retrieves them. Alice them connects to her mediator, sends a message triggering message retrieval, and processes the message as normal. Because ACA-Py is oriented toward being a *Cloud* Agent and assumes it will receive messages to its endpoint without taking its own action first, it currently does not have any facilities for performing that message retrieval step.

dbluhm (Fri, 05 Feb 2021 14:33:19 GMT):

Supposing Alice is the one behind a firewall or is otherwise unreachable directly, Bob would send messages to the Mediator endpoint and then the Mediator temporarily holds messages for Alice until she comes and retrieves them. Alice then connects (as in websocket, TCP, etc., they are already "connected" in the DIDComm sense) to her mediator, sends a message triggering message retrieval, and processes the message as normal. Because ACA-Py is oriented toward being a *Cloud* Agent and assumes it will receive messages to its endpoint without taking its own action first, it currently does not have any facilities for performing that message retrieval step.

dbluhm (Fri, 05 Feb 2021 14:35:59 GMT):

This is an item of work that would be required to have ACA-Py reachable behind a firewall.

dbluhm (Fri, 05 Feb 2021 14:38:08 GMT):

Agents that are built to work at the "Edge" are likely better oriented toward this operation mode. The Aries Toolbox, for instance, does not report an endpoint when it connects to agents and opens web sockets (when possible) and attempts to retrieve messages on a regular interval.

RicardoPeixoto (Fri, 05 Feb 2021 22:16:41 GMT):

Hi all, is it possible to use zero knowledge proofs on strings and decimals or it is restricted to integers?

swcurran (Fri, 05 Feb 2021 23:10:37 GMT):

It's restricted to integers as currently deployed.  With more standardizations on encodings it could be used with other data types -- and we'd REALLY love to have it working on human-readable dates, but that's not working today.

swcurran (Fri, 05 Feb 2021 23:11:52 GMT):

Ultimately, the predicates must be integers, so encoding the data such that it works on strings is possible, but tricky.  For example, an arbitrary string would have to be encoded into a sorted sequence for ZKP predicates to work.

RicardoPeixoto (Fri, 05 Feb 2021 23:37:12 GMT):

Yeah, that is the use case that i was wondering if it was possible. Thank you for letting me know :)

swcurran (Fri, 05 Feb 2021 23:39:03 GMT):

Yup -- to do it today, you have to have the date claim in Linux epoch format so it is an integer.  The problem with that is that's not human readable.  How do we (a) indicate the fields a date and (b) have the wallets display the date as a date?

RazaDen (Sat, 06 Feb 2021 04:01:13 GMT):

Hello everyone, ACA-Py's Admin Api provides two ways for requesting credentials presentation proofs: 1)`/present-proof/send-request`, which requires a pre-established connection and, 2) `present-proof/create-request`, which is for connection-less cases. For (2), is there a standard/agreed upon way that we can use to encode it as a QR code? Do we just take the entire JSON response from ACA-Py and use the same encoding process as in, e.g., connection invitations? Although in the connection invitations case, ACA-Py does the job for you and gives you the `?c_i=`

RazaDen (Sat, 06 Feb 2021 04:01:13 GMT):

Hello everyone, ACA-Py's Admin Api provides two ways for requesting credentials presentation proofs: 1)`/present-proof/send-request`, which requires a pre-established connection and, 2) `present-proof/create-request`, which is for connection-less cases. For (2), is there a standard/agreed upon way that we can use to encode it as a QR code? Do we just take the entire JSON response from ACA-Py and use the same encoding process as in, e.g., connection invitations? Although in the connection invitations case, ACA-Py does the job for you and gives you the `?c_i=`, just wandering if it's the same concept. Thank you!

da3v21 (Sat, 06 Feb 2021 09:59:17 GMT):

Hi everyone I am unable to verify a proof presentation which was sent from outofband protocol, I am able to get it from the proof records, but when I use the verif

da3v21 (Sat, 06 Feb 2021 09:59:17 GMT):

Hi everyone I am unable to verify a proof presentation which was sent from outofband protocol,
I am able to get it from the proof records 
But when I use the verify presentation api, it displays the error Record ID not found. The verify presentation works when I send the prorof request without the outofband protocol. Any reasons for this?

da3v21 (Sat, 06 Feb 2021 09:59:17 GMT):

Hi everyone I am unable to verify a proof presentation which was sent from outofband protocol,
I am able to get it from the proof records 
But when I use the verify presentation api, it displays the error Record ID not found. The verify presentation works when I send the proof request without the outofband protocol. Any reasons for this?

da3v21 (Sat, 06 Feb 2021 09:59:17 GMT):

Hi everyone I am unable to verify a proof presentation which was sent from outofband protocol,
I am able to get it from the proof records 
But when I use the verify presentation api, it displays the `error 401: Record ID not provided.` The verify presentation works when I send the proof request without the outofband protocol. Any reasons for this?

devexplore2020 (Sun, 07 Feb 2021 06:32:00 GMT):

Hi everyone. Are there some online examples of code of a mobile agent (iOS or Android) that interacts with Acapy? Is anyone working on this part maybe? 

lijiachuan (Sun, 07 Feb 2021 09:05:49 GMT):

Hi all, I had an issue when I want to retrieve related schema details for a credential definition, because when I use `/credential-definitions/{cred_def_id}` to retrieve the definition details, the schema information it returned is schema's ledger sequence id which as `"schemaId": "20"`, I am not sure why this schema ID is not the real schema ID instead of the sequence ID, and currently in ACA-Py openAPI, I didn't find one approach to retrieve the schema details(such as the properties/claims) based on schema's sequence ID. So does anyone know about:
- The reason why get defintiona's service returned a schema's sequence ID instead of the real schema ID
- How can retrieve a schema details based on its sequence ID

Thanks a lot.

lijiachuan (Sun, 07 Feb 2021 10:26:56 GMT):

Hi, can anyone help on this? Thanks.

lijiachuan (Sun, 07 Feb 2021 10:26:56 GMT):

Hi, can anyone help on this? :h-aries: Thanks.

swcurran (Sun, 07 Feb 2021 17:36:42 GMT):

Most of the mobile agents that are in use today are proprietary.  Several (Trinsic, esatus, LISSI) are built on Aries Framework Go, but above that layer are closed source.

The Aries Mobile Agent Xamarin is a fully open sourced version of that same stack, but no one (AFAIK) is actively developing or contributing to that.

There are other efforts in the community to open source full mobile agents -- particularly global.id ( @Alexi might have details) and AyanWorks ( @ajayjadhav ) might have details.

All Aries AIP 1.0 mobile wallets should be able to interact with ACA-Py.

da3v21 (Mon, 08 Feb 2021 07:15:19 GMT):

The OOB proof verification works when the `--auto-verify` flag is enabled. Without that when I manually use the verify-presentation api I get the error mentioned above. But we should be able to manually verify it too!

TimoGlastra (Mon, 08 Feb 2021 10:32:37 GMT):

We're working on an open source mobile agent build on top of Aries Framework JavaScript. However it is not completed with all basic features yet, and I don't have the time to work on it at the moment. Here is small demo of a React Native app interacting with ACA-Py: https://www.youtube.com/watch?v=mmFSgSR5yPA. The code can be found here: https://github.com/animo/aries-mobile-agent-react-native

sklump (Mon, 08 Feb 2021 11:19:04 GMT):

It's historical, from indy. The sequence number is unambiguous on the ledger: there could be duelling cred def entries otherwise, perhaps from a vandal.

You can get the schema by transaction number with `GET /schemas/{schema_id}`; it will take a sequence number as the id here.

RazaDen (Mon, 08 Feb 2021 11:52:03 GMT):

We are working on a mobile agent based on the .NET framework. We are currently working on actually establishing a connection with ACA-Py as part of "provisioning" a mediator for the mobile agent. But we are experiencing some issues. We are currently debugging the connection-request step to figure out why ACA-Py is rejecting it and what we are doing wrong.

RazaDen (Mon, 08 Feb 2021 11:52:03 GMT):

We are working on a mobile agent based on the .NET framework. We are currently working on actually establishing a connection with ACA-Py as part of "provisioning" a mediator for the mobile agent. But we are experiencing some issues. We are currently debugging the connection-request step to figure out why ACA-Py is rejecting it and what we are doing wrong.
We are getting this as a response from ACA-Py:
`{"@type": "did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/notification/1.0/problem-report", "@id": "0f179855-ec0d-4604-b25f-3ad917110068", "~thread": {"thid": "cb590e65-063f-470f-9357-166533fae4cf"}, "explain-ltxt": "Error deserializing message: ConnectionRequest schema validation failed"}`
We suspect that the DIDDoc conventions are not fully supported by the .NET framework, whilst in ACA-Py they are, but not sure...

TimoGlastra (Mon, 08 Feb 2021 12:00:20 GMT):

Do you see anything in the ACA-Py logs? When doing interoperability testing between .NET and ACA-Py I encountered multiple issues. Two things I can remember that were an issue:
1. You need to provide an agent label in the .NET framework (as is done here: https://github.com/hyperledger/aries-agent-test-harness/blob/master/aries-backchannels/dotnet/server/Startup.cs#L50)
2. You need to provide a comment when connecting. .NET sends `null` if no comment is provided, while ACA-Py only accepts string or the key not existing. However this was fixed in https://github.com/hyperledger/aries-cloudagent-python/pull/649 so shouldn't be an issue

RazaDen (Mon, 08 Feb 2021 12:03:07 GMT):

Thank you @TimoGlastra for your prompt response. I have communicated the info internally. If you wish, I can get back to you on this thread or in private, whichever you prefer, once we've made progress (or if we are still stuck) :)

TimoGlastra (Mon, 08 Feb 2021 12:04:17 GMT):

Acutally 2. is for the issue credential protocol. Connection protocol doesn't include comments

TimoGlastra (Mon, 08 Feb 2021 12:04:21 GMT):

Sure let me know if it works out

RazaDen (Mon, 08 Feb 2021 12:16:58 GMT):

It was an issue with the agent label, thank you very much @TimoGlastra for the feedback :) Onwards w/ TrustPing to make the connection active and with the Mediator protocol implementation!

sumit0042 (Mon, 08 Feb 2021 12:19:40 GMT):



Clipboard - February 8, 2021 5:48 PM

sumit0042 (Mon, 08 Feb 2021 12:19:40 GMT):



Clipboard - February 8, 2021 5:48 PM

sumit0042 (Mon, 08 Feb 2021 12:23:33 GMT):

Thank you! This helped in the understanding (Y)

kostasmoschou (Mon, 08 Feb 2021 13:19:11 GMT):

Hi all, I have an issue when I use the *trinsic wallet as the holder* role and an *aca-py instance as the issuer and verifier*. The issue is regarding the present-proof. When I send a proof request for a non-revoked credential, everything is fine but when I revoke the credentials and then send a proof request, the presentation that I receive has a *"verified": "true"* field, instead of *false*. I use the POST */present-proof/send-request* service from the aca-py using as a body the following object:
{
    "connection_id": "35cbd581-e465-4c1a-a62b-d6881498069f",
    "proof_request": {
        "name": "Proof of Drink",
        "version": "1.0",
        "requested_attributes": {
            "0_drink_uuid": {
                "name": "drink",
                "non_revoked": {
                    "to": 1612772088
                },
                "restrictions": [
                    {
                        "cred_def_id": "DPvobytTtKvmyeRTJZYjsg:3:CL:31:default"
                    }
                ]
            }
        },
        "requested_predicates": {}
    }
}
Any idea why is this happening??

TimoGlastra (Mon, 08 Feb 2021 13:50:04 GMT):

The wallet key is only needed in unmanaged mode. Currently only managed mode is supported. See https://github.com/hyperledger/aries-cloudagent-python/blob/main/Multitenancy.md#managed-vs-unmanaged-mode for the difference. This should throw an error stating the wallet key is not needed for managed wallets

TimoGlastra (Mon, 08 Feb 2021 14:12:24 GMT):

You can fix it by not providing a wallet key. I've created a PR that will throw an error to make this more clear: https://github.com/hyperledger/aries-cloudagent-python/pull/948

bruno_santos (Mon, 08 Feb 2021 15:59:48 GMT):

Hello channel, is there a way to setup a webhook (https://github.com/hyperledger/aries-cloudagent-python/blob/main/AdminAPI.md#administration-api-webhooks) whilst using the docker ./run_demo agents?

paul8 (Mon, 08 Feb 2021 16:50:41 GMT):

Has joined the channel.

paul.bastian (Mon, 08 Feb 2021 17:18:41 GMT):

Hi everyone,

paul.bastian (Mon, 08 Feb 2021 17:29:57 GMT):

hi everyone,
as the SSI ecosystem grows, we feel there is a growing need for a standardized wallet security ecosystem and therefore a working group called "Wallet Security" is to be launched under DIF umbrella.
In particular we think that:
- we should get a common understanding, terminology about wallet security in the community
- talk about wallet security architectures to analyze similarities
- create a specification and interface to communicate about wallet capabilities, security, regulation-conformance and other points of interoperability
- define mechanism to enable wallet security assertions, certification and ways to prove them
- define specifications about wallet user authentication, ways how to ensure them and how to communicate them to issuers/verifiers

If you are interested about this topic and like to comment, participate, criticize:
- please review the Wallet Security WG Charter: https://docs.google.com/document/d/18H2hVjHZEBjbnzod8tLogJIEzySdecbk9d-QBJaqHP0/edit
- subscribe to the mailing list: https://lists.identity.foundation/g/wallet-security

After gathering initial feedback, we will have an open discussion meeting soon.

I hope this is in the best interests of the community and will get the necessary feedback to make an impact.
Best regards,
Paul Bastian

RazaDen (Tue, 09 Feb 2021 12:25:36 GMT):

Hi guys, can you help us a little bit with this point? Maybe we are missing something about the semantics of the proof request as it's implemented? The strange thing is that if we use the eSatus wallet, the proof does not get verified, but if the proof request comes from the Trinsic wallet, then ACA-Py sees it as valid, when it is not. Maybe we always need to add the "non_revoked" current timestamp on the top level JSON of the proof request?

RazaDen (Tue, 09 Feb 2021 12:25:36 GMT):

Hi guys, can you help us a little bit with this point? Maybe we are missing something about the semantics of the proof request as it's implemented? The strange thing is that if we use the eSatus wallet, the proof does not get verified, but if the proof comes from the Trinsic wallet, then ACA-Py sees it as valid, when it is not. Maybe we always need to add the "non_revoked" current timestamp on the top level JSON of the proof request?

sauveergoel (Tue, 09 Feb 2021 16:46:44 GMT):

I have two aries agents running as pods in a k8s cluster, when try to establish a connection between them, everything goes fine till the accept-request part, when i execute the accept-request, the connection stage gets stuck to "response" from "request". Any idea on why is the happening?

WadeBarnes (Tue, 09 Feb 2021 16:50:16 GMT):

First step would be to confirm the agent's endpoint registration is their externally accessible url, and that is routed correctly to the pods.

sauveergoel (Tue, 09 Feb 2021 16:50:50 GMT):

yes the endpoint is externally accessible

sauveergoel (Tue, 09 Feb 2021 16:51:00 GMT):



Clipboard - February 9, 2021 10:20 PM

sauveergoel (Tue, 09 Feb 2021 16:51:39 GMT):



Clipboard - February 9, 2021 10:21 PM

WadeBarnes (Tue, 09 Feb 2021 16:53:51 GMT):

and port 15073 is routing to the agent correctly.

WadeBarnes (Tue, 09 Feb 2021 16:53:51 GMT):

and port 15073 is routing to the agent correctly?

WadeBarnes (Tue, 09 Feb 2021 16:54:29 GMT):

What have the agent's registered on the ledger for their endpoints?

sauveergoel (Tue, 09 Feb 2021 16:54:30 GMT):

it will be right to say that the endpoints is working if the invitee when accepted the invitation, the invitor got a different connectio n with invitation state with a different connection_id and same invitation key??

WadeBarnes (Tue, 09 Feb 2021 16:55:21 GMT):

@ianco, @andrew.whitehead ^

sauveergoel (Tue, 09 Feb 2021 16:56:14 GMT):

> *What have the agent's registered on the ledger for their endpoints?*

i didnt understand this part?

sauveergoel (Tue, 09 Feb 2021 16:56:40 GMT):

let me check the ledger

sauveergoel (Tue, 09 Feb 2021 16:58:28 GMT):

@WadeBarnes it is the same on the ledger too

sauveergoel (Tue, 09 Feb 2021 16:58:31 GMT):



Clipboard - February 9, 2021 10:28 PM

sauveergoel (Tue, 09 Feb 2021 16:59:38 GMT):



Clipboard - February 9, 2021 10:29 PM

WadeBarnes (Tue, 09 Feb 2021 17:00:43 GMT):

That looks correct.

WadeBarnes (Tue, 09 Feb 2021 17:01:52 GMT):

We'll see if @esune, @ianco, or @andrew.whitehead can help from here.

sauveergoel (Tue, 09 Feb 2021 17:02:42 GMT):

sure, it will be of great help

esune (Tue, 09 Feb 2021 17:03:43 GMT):

Did you try sending a message (trustping or other) on the new connection and see if the state changes?

sauveergoel (Tue, 09 Feb 2021 17:04:10 GMT):

sure, i ll try and let you know

esune (Tue, 09 Feb 2021 17:04:19 GMT):

`response` is usually the initial state when the connection was established, but nothing was exchanged using it

sauveergoel (Tue, 09 Feb 2021 17:09:32 GMT):



Clipboard - February 9, 2021 10:39 PM

sauveergoel (Tue, 09 Feb 2021 17:09:52 GMT):



Clipboard - February 9, 2021 10:39 PM

sauveergoel (Tue, 09 Feb 2021 17:10:01 GMT):

it worked

esune (Tue, 09 Feb 2021 17:10:37 GMT):

`response` just means that the connection has not been "used" yet, but it is in a valid state to perform requests

sauveergoel (Tue, 09 Feb 2021 17:10:39 GMT):



Clipboard - February 9, 2021 10:40 PM

sauveergoel (Tue, 09 Feb 2021 17:11:27 GMT):

so after the acceptor accepts the request we need to do a trust ping to get the connection active?

esune (Tue, 09 Feb 2021 17:11:40 GMT):

No, you can use it right away

esune (Tue, 09 Feb 2021 17:12:00 GMT):

It will become active once you start using it

sauveergoel (Tue, 09 Feb 2021 17:12:20 GMT):

ohh great, thanks a ton, @esune @WadeBarnes @ianco

Shweta1 (Wed, 10 Feb 2021 06:30:12 GMT):

Hi All,if verifier sending proof-request,then either schemaid or credential def required for sending proof request, how verifier will get issuer'schema id.is schema's need to be saved in offchain or any alternative.Pls suggest.

Shweta1 (Wed, 10 Feb 2021 06:30:12 GMT):

Hi All,if verifier sends proof-request,then either schemaid or credential def required for sending proof request, how verifier will get issuer'schema id.is schema's need to be saved in offchain or any alternative.Pls suggest.

Shweta1 (Wed, 10 Feb 2021 06:30:12 GMT):

Hi All ,aries cloudagent register to indy pool network and they have only public did.How verifier know about the issuer schema/cred def id so that verifier sends proof request to holder.

Yunxi 3 (Wed, 10 Feb 2021 11:31:57 GMT):

Has joined the channel.

Yunxi 3 (Wed, 10 Feb 2021 11:31:57 GMT):

Hello all, i'm looking at the multi-tenancy section in ACA-py in this link: https://github.com/hyperledger/aries-cloudagent-python/blob/main/Multitenancy.md. I see this statement -"⚠ Although support for unmanaged mode is mostly in place, the receiving of messages from other agents in unmanaged mode is not supported yet. This means unmanaged mode can not be used yet.", and I wonder whether the "unmanaged mode" as a feature is still not available?

Yunxi 3 (Wed, 10 Feb 2021 11:32:59 GMT):

Hello all. When i looked at this link: https://github.com/hyperledger/aries-cloudagent-python/blob/main/demo/AriesOpenAPIDemo.md, in the "Establishment a Connection" section, it shows how 1st-time connection is established between two agents as an example. I see a user will have to manually generate an invitation in the Faber agent and then copy and paste this invitation in the Alice agent. I also see this message in the page: "A key observation to make here. The "copy and paste" we are doing here from Faber's agent to Alice's agent is what is called an "out of band" message. Because we don't yet have a DIDComm connection between the two agents, we have to convey the invitation in plaintext (we can't encrypt it - no channel) using some other mechanism than DIDComm. With mobile agents, that's where QR codes often come in. Once we have the invitation in the receivers agent, we can get back to using DIDComm." So I wonder if steps for "out of band message" can't be automated?

Yunxi 3 (Wed, 10 Feb 2021 11:33:42 GMT):

hello all, i'm looking at the multi-tenancy section in ACA-py in this link: https://github.com/hyperledger/aries-cloudagent-python/blob/main/Multitenancy.md. I see this statement -"⚠ Although support for unmanaged mode is mostly in place, the receiving of messages from other agents in unmanaged mode is not supported yet. This means unmanaged mode can not be used yet.", and I wonder whether the "unmanaged mode" as a feature is still not available?

TimoGlastra (Wed, 10 Feb 2021 12:45:59 GMT):

Correct, unmanaged mode is not available yet. There is work going on with persistent queues at the moment that needs to be finished before we can add support for unmanaged mode

Yunxi 3 (Wed, 10 Feb 2021 15:40:35 GMT):

Hello all, after going through this doc: https://github.com/hyperledger/aries-rfcs/blob/master/concepts/0046-mediators-and-relays/README.md, I see mediator provides a relay function and adds a level of complexity of requiring a sender to add an extra envelope, but not clear how to select one to use. Can anyone explain in what scenarios a mediator or relay approach should be selected as appropriate?

Yunxi 3 (Wed, 10 Feb 2021 15:40:55 GMT):

Thanks for confirming this  @TimoGlastra

swcurran (Wed, 10 Feb 2021 16:03:01 GMT):

The most obvious place for a mediator is as a persistent end point for a mobile agent, since a mobile agent doesn't have an address nor is it always online.

Beyond that, the next most obvious might be as a proxy -- the mediator (or relay) is outside a firewall and the actual targets are inside.

"Hiding in the crowd" is possible -- many agents use the same address, so no one from outside can see the sender and receiver in the same transmission. The message goes from sender to the mediator and from the mediator to the receiver, mixed in with thousands/millions of other messages.

Another would be an "agent service", where cloud wallets are operated for many users and a mediator sits in front.

dbluhm (Wed, 10 Feb 2021 16:23:16 GMT):

My personal view on Mediators and Relays is that Mediators are the more intelligent of the two. Mediators are where we would want to put support for forwarding to many clients whereas a relay is a simple pass along from one point to another point, perhaps statically configured. With the introduction of the coordinate mediation protocol, as Stephen said, the mediator is the clear choice for providing persistent endpoints for mobile or other agents that are not directly reachable at an endpoint.

swcurran (Wed, 10 Feb 2021 16:26:16 GMT):

It may have to do with the interval. Have you explicitly set the "from" to "0"? There had been an issue with that in the Trinsic wallet in the past and I'm not sure the current state.  Intervals in Proof Requests and how they get handled by the holder has been a point of confusion.

Yunxi 3 (Wed, 10 Feb 2021 18:14:55 GMT):

Thanks for your answers @swcurran  and @dbluhm . Since I dont have the right tech knowledge on mediators/relay, i conclude the below features based on your answers, could you help verify if they are correct or not? Thanks!          ```

``` Relay should be used in scenarios:
	1. Receiver has a static IP address(does IP has to be permanent) and always online
	2. The relay has to be in the same network with the receiver?
	3. "Hiding in the crowd" is not a concern
	4. Only route messages to one receiver


Mediator should be used in scenarios:
	1. Receiver doesn't have a static IP address and can go offline 
	2. The mediator will have to sit outside the receiver's network 
	3. "Hiding in the crowd" is a concern
4. Need to forward messages to multi receivers

swcurran (Wed, 10 Feb 2021 18:59:47 GMT):

Reasonable summary.  A big difference is that the receiver tells the sender(s) about a mediator, and they have to wrap the message accordingly, whereas a relay is only known to the receiver, and the sender doesn't know it is there.

jcourt (Wed, 10 Feb 2021 21:29:52 GMT):

hmm whilst I understand the benefits of envelopes and the concept of "hiding in a crowd".  I am at odds that a Relay can't provide some of these benefits.  If a relay supports a population of and clients sets up a seperate endpoint for each peer-peer connection created by a Mobile Client there is some traffic monitoring protection provided (i.e. only a single connections traffic passes to a single endpoint).  Since peer to peer DIDs don't ever make it onto the ledger they don't incur any cost.  The complexity of chaining mediators and how that will operate in real world situations (i.e. reliability and diagnosability) sometimes concerns me.

jcourt (Wed, 10 Feb 2021 21:29:52 GMT):

hmm whilst I understand the benefits of envelopes and the concept of "hiding in a crowd".  I am at odds that a Relay can't provide some of these benefits.  If a relay supports a population of clients sets up a seperate endpoint for each peer-peer connection created by a Mobile Client there is some traffic monitoring protection provided (i.e. only a single connections traffic passes to a single endpoint).  Since peer to peer DIDs don't ever make it onto the ledger they don't incur any cost.  The complexity of chaining mediators and how that will operate in real world situations (i.e. reliability and diagnosability) sometimes concerns me.

swcurran (Wed, 10 Feb 2021 21:31:30 GMT):

Agreed.  That's why both are proposed -- a receiver can decide the best approach for their use case

jcourt (Wed, 10 Feb 2021 21:32:00 GMT):

@swcurran Yep happy with that view

dbluhm (Wed, 10 Feb 2021 21:32:23 GMT):

My thoughts as well. @jcourt I agree that a lot of uses cases can be serviced by either role.

rileyphughes (Wed, 10 Feb 2021 21:38:23 GMT):

Hi Raza, Riley from Trinsic here. This was an issue within the Aries .NET framework that should be fixed with a recent PR. The reason it worked in the esatus wallet is because they fixed this at the application layer, not at the open source layer. At any rate, it is fixed in Aries .NET and so we will release a fix to our mobile app in our next release.

dbluhm (Wed, 10 Feb 2021 21:39:48 GMT):

On the subject of separate endpoints for each client, in a relay scenario, there is no additional leak of metadata if, for example, the recipient key of the messages received at the endpoint were the same as the endpoint info. If a mediator is used, the recipient key remains hidden in transport and unifying multiple clients under one endpoint prevents additional metadata leak

dbluhm (Wed, 10 Feb 2021 21:40:24 GMT):

It's a small amount of data in either case but worth considering

RazaDen (Wed, 10 Feb 2021 21:45:06 GMT):

Hi @rileyphughes thank you for your response. I believe you are referring to this particular [PR](https://github.com/hyperledger/aries-framework-dotnet/commit/2004f677b09c16582207e9f528afee9da6460160). I believe though that whatever the prover gives you (in this case the app), the verifier should not be "tricked", strictly from a security point of view. But again, we might have missed something in the proof request that we issue from ACA-Py that allows for this to take place.
One final note Riley, we have successfully connected and performed the mediation coordination protocol with ACA-Py.  Maybe that's of interest to you. Once we have a "good" working version of our edge agent, we'll do a PR in the .NET repo.

RazaDen (Wed, 10 Feb 2021 21:45:06 GMT):

Hi @rileyphughes thank you for your response. I believe you are referring to this particular [PR - ProofRequest missing parameters for revocation check](https://github.com/hyperledger/aries-framework-dotnet/commit/2004f677b09c16582207e9f528afee9da6460160). I believe though that whatever the prover gives you (in this case the app), the verifier should not be "tricked", strictly from a security point of view. But again, we might have missed something in the proof request that we issue from ACA-Py that allows for this to take place.
One final note Riley, we have successfully connected and performed the mediation coordination protocol with ACA-Py.  Maybe that's of interest to you. Once we have a "good" working version of our edge agent, we'll do a PR in the .NET repo.

Yunxi 3 (Thu, 11 Feb 2021 09:36:14 GMT):

Thanks for sharing your views guys. Based on your answers, my understanding is both relay and mediations can help achieve "hiding in the crowd" purpose, is this correct? Apart from this point, regarding the other 3 points I put for each approach, are they also correct?

Yunxi 3 (Thu, 11 Feb 2021 09:36:34 GMT):

Hello all. When i looked at this link: https://github.com/hyperledger/aries-cloudagent-python/blob/main/demo/AriesOpenAPIDemo.md, in the "Establishment a Connection" section, it shows how 1st-time connection is established between two agents as an example. I see a user will have to manually generate an invitation in the Faber agent and then copy and paste this invitation in the Alice agent. I also see this message in the page: "A key observation to make here. The "copy and paste" we are doing here from Faber's agent to Alice's agent is what is called an "out of band" message. Because we don't yet have a DIDComm connection between the two agents, we have to convey the invitation in plaintext (we can't encrypt it - no channel) using some other mechanism than DIDComm. With mobile agents, that's where QR codes often come in. Once we have the invitation in the receivers agent, we can get back to using DIDComm." So I wonder if steps for "out of band message" can't be automated?

devexplore2020 (Thu, 11 Feb 2021 11:13:54 GMT):

Hi everyone. Is there a way and if then how, to use ACApy as multitenant but yet allow sub-wallets to write public DIDs and DID Documents on the ledger? 

bruno_santos (Thu, 11 Feb 2021 13:04:36 GMT):

[ ](https://chat.hyperledger.org/channel/aries-cloudagent-python?msg=EEZsCBuyubumvW9sY) Hello, I've tried running the docker agents with an TRACE_TARGET_URL var to send the logs to a webhook. I was expecting however that the sent info would be similar to the one present in the /topic/ endpoints. The result I've got was this:

bruno_santos (Thu, 11 Feb 2021 13:05:05 GMT):



Clipboard - 11 de Fevereiro de 2021 13:05

bruno_santos (Thu, 11 Feb 2021 13:07:20 GMT):

How can I receive the same webhook info that is sent when using _aca-py start --webhook-url_, but instead running the agents with ./run_demo?

bruno_santos (Thu, 11 Feb 2021 13:08:21 GMT):



Clipboard - 11 de Fevereiro de 2021 13:08

bruno_santos (Thu, 11 Feb 2021 13:08:44 GMT):

Something like this, but for the docker agents

TimoGlastra (Thu, 11 Feb 2021 13:27:11 GMT):

That's possible, however it requires some steps as you can't pass a `seed` value to the create wallet endpoint.
1. Create sub wallet in ACA-Py
2. Create did in ACA-Py (`POST /wallet/did/create`)
3. Register new did on indy ledger
4. Promote did to public in ACA-Py (` POST /wallet/did/public`)
5. Victory!

TimoGlastra (Thu, 11 Feb 2021 13:27:50 GMT):

We should probably add that to the docs

TimoGlastra (Thu, 11 Feb 2021 13:29:34 GMT):

Now that I reread it I may misunderstood what you were asking. Do you mean that the ACA-Py instance registers the DIDs on the ledger or just using public DIDs with sub wallets?

sumit0042 (Thu, 11 Feb 2021 15:17:46 GMT):

When I create a connection invitation, I receive a connection exchange record and an invitation object. When later on I query the connections I receive only the connection exchange record and not the invitation object (the one containing serviceEndpoint, routingKeys, receipientKeys etc). Is there an endpoint I can use to get this invitation object later on, say by querying all connections or connection Id?

swcurran (Thu, 11 Feb 2021 15:33:07 GMT):

I'm reading them more carefully now.  Don't think any of them are hard and fast rules.  I think:

- Receiver doesn't have a static IP address and can go offline

Means that there must be either a relay or a mediator. Beyond that, as long as the mediator/relay and the receiver can communicate (e.g. no firewalls prevent communications), there are no requirements for having either.

You would choose a mediator to hide some metadata from that component.

The rest of the scenarios for mediators/relays are based on network topology and so on.

cam-parra (Thu, 11 Feb 2021 17:41:22 GMT):

Hey team! Any updates on the release of .6?

ianco (Thu, 11 Feb 2021 17:47:43 GMT):

We're doing internal testing of a 0.6.0 release candidate right now

ianco (Thu, 11 Feb 2021 17:48:20 GMT):

We're planning to publish an RC release before the "official" 0.6.0 release

cam-parra (Thu, 11 Feb 2021 17:49:30 GMT):

ah okay. and can I ask what commit you're making tagging as RC?

cam-parra (Thu, 11 Feb 2021 17:50:04 GMT):

we are needing the code thats currently on master that solves an issue with accessing someone elses wallet

ianco (Thu, 11 Feb 2021 17:50:32 GMT):

at this point I think it's just `main`, @andrew.whitehead ?

cam-parra (Thu, 11 Feb 2021 17:51:57 GMT):

https://chat.hyperledger.org/channel/aries-cloudagent-python?msg=LdkRhxLfmyT9Ttwsg

cam-parra (Thu, 11 Feb 2021 17:52:12 GMT):

specifically referring this thread

andrew.whitehead (Thu, 11 Feb 2021 17:54:39 GMT):

Yes I think everything's on main now

andrew.whitehead (Thu, 11 Feb 2021 17:55:00 GMT):

Although we'd have to change the version again if it goes out as an RC

cam-parra (Thu, 11 Feb 2021 17:55:34 GMT):

awesome! Will the RC be released as a docker image?

andrew.whitehead (Thu, 11 Feb 2021 17:55:53 GMT):

Yes

devexplore2020 (Thu, 11 Feb 2021 22:13:39 GMT):

Thanks. I meant using public DIDs with the sub-wallets. With mediation and private DIDs (private did and private verkey and did doc stored in the Indy Sub-wallet storage) is also a good way with interacting with subwallets. But I was wondering if sub-wallets could write public DIDs to the Ledger and update did docs 

devexplore2020 (Thu, 11 Feb 2021 22:22:24 GMT):

Really cool discussion guys. Would be cool to know in real world scenario how the high availability of multitenant ACApy mediator could be setup. Which switches need to be turned on, to start multiple ACApy instances under one endpoint, or we make internal routing (not sure how aca-py communicates internally between instances in one context) in let us say Kubernetes and expose internal network to a public endpoint IP

swcurran (Thu, 11 Feb 2021 23:45:23 GMT):

We do that all the time in BC Gov in an OpenShift (Red Hat's K8S distro).  We have a repo that has the details -- https://github.com/bcgov/orgbook-configurations

Yunxi 3 (Fri, 12 Feb 2021 11:22:52 GMT):

Hello all, when looking at the "Authentication" section in this doc: https://github.com/hyperledger/aries-cloudagent-python/blob/main/Multitenancy.md, it says getting a token, api calls to "/multitenancy" will happen. Imagine a scenario, we switch on the mulit-tenancy feature in ACA-Py, Alice logins to a web application, calling a controller to access her own sub wallet in the agent, how does this getting token process fit in to this process? In addition, if we want to use Azure B2C AD as the Identity management service for end users. After Alice successfully passes the authentication/authorisation and logs in to the web app, can Alice use the same toke to access the sub wallet? In other words, can we use Azure B2C AD to issue token for Alice to access her sub wallet?

Shweta1 (Fri, 12 Feb 2021 14:12:53 GMT):

Hi All ,aries cloudagent register to indy pool network and they have only public did.How verifier know about the issuer schema/cred def id so that verifier sends proof request to holder.

cam-parra (Fri, 12 Feb 2021 15:55:25 GMT):

@andrew.whitehead do you know when the RC will be released into stable? Or how long it usually takes. Just trying to plan out our timelines 

daidoji (Fri, 12 Feb 2021 16:28:08 GMT):

I think the general pattern is 
1. Make Connection between the verifying agent and holding agent
2. Send-proof or proof-proposal depending on whether the holding agent is offering a proof or the verifier is asking for a specific proof

daidoji (Fri, 12 Feb 2021 16:30:35 GMT):

The schema and cred def are either requested or presented.  Not quite sure how negotiation or discovery of cred def ids or schema ids are done in the wild, they are tied to the public did though.

andrew.whitehead (Fri, 12 Feb 2021 17:47:28 GMT):

I don't think we've had an RC release before, this is just a larger update than usual. We're just working on one more issue and then that should be out. It will be tagged as stable once all our services are running the latest and no critical issues have been raised by the community

devexplore2020 (Fri, 12 Feb 2021 20:36:07 GMT):

Thanks a lot @swcurran 

lijiachuan (Sun, 14 Feb 2021 07:27:34 GMT):

hi everyone, may I know is there a guideline about the credential revoke process, related services from ACA-Py? Thanks a lot.

sauveergoel (Mon, 15 Feb 2021 14:06:16 GMT):

when we do a basic-msg or trust-ping, the endpoint available are only for sending them, how do I check if they got recieved, i mean is there any recieve-msg or recieve-ping? @andrew.whitehead @esune

sauveergoel (Mon, 15 Feb 2021 14:06:16 GMT):

when we do a basic-msg or trust-ping, the endpoint available are only for sending them, how do I check if they got recieved, i mean is there any recieve-msg or recieve-ping, that can list such messages? @andrew.whitehead @esune

wip-abramson (Mon, 15 Feb 2021 14:17:41 GMT):

We put together a set of notebooks on this that should help
* Alice the issuer, revoker and verifier - https://github.com/OpenMined/PyDentity/blob/master/tutorials/aries-basic-controller/notebooks/alice/Part%2010%20-%20Revocation.ipynb
* Bob the holder - https://github.com/OpenMined/PyDentity/blob/master/tutorials/aries-basic-controller/notebooks/bob/Part%2010%20-%20Revocation.ipynb

Should be pretty straightforward to run through them. Give us a shout if you have any questions

RazaDen (Mon, 15 Feb 2021 15:09:11 GMT):

@wip-abramson Thank you for sharing this, it is extremely useful.

swcurran (Mon, 15 Feb 2021 19:51:09 GMT):

Check the definition of the RFCs in this repo: 

https://github.com/hyperledger/aries-rfcs

For sure basic message does not return anything.  I'm pretty sure trust-ping returns a "pong", but you can verify that by reading the RFC and list of messages.

rileyphughes (Tue, 16 Feb 2021 02:54:19 GMT):

Hi all, for those interested we have an upcoming webinar/workshop covering building SSI solutions using ACA-py & Trinsic, and showing how they are interoperable. Courtesy of @mboyd and @dbluhm. Here's a link for anyone who is interested: https://trinsic.id/interoperability-between-aca-py-and-trinsic/

mboyd (Tue, 16 Feb 2021 02:54:20 GMT):

Has joined the channel.

Yunxi 3 (Tue, 16 Feb 2021 11:21:12 GMT):

Hello all, the edx course entitled "Introduction to Hyperledger Sovereign Identity Blockchain Solutions: Indy, Aries & Ursa" mentions "At a low level, an Aries KMS is wrapper code around a standard database for storing DIDs, keys, connections, credentials and any other information the agent tracks." Does anyone know how long it took the team (team size) to develop the wrapper code in the "aries-cloudagent-python" to support Postgresql? The purpose here is to understand if I want to use a different DB(e.g. nosql) in my project, how long it would take us to build the wrapper code for a different DB? Thanks!

sauveergoel (Tue, 16 Feb 2021 11:46:33 GMT):

my question is more towards the where are these messages stored, e.g. say Agent A sends a trust-ping request to Agent B and receives a thread_id upon successful completion of the request, now where can I use this thread ID to fetch what I sent to Agent B?

sauveergoel (Tue, 16 Feb 2021 11:46:42 GMT):

@swcurran

swcurran (Tue, 16 Feb 2021 16:40:25 GMT):

@ianco did the Postgres driver in the indy-sdk and @andrew.whitehead  implemented a similiar wallet.  They could provide insight into what it would take to implement a new plugin alternative to in-memory, SQLite and Postgres that are supported today.

esune (Tue, 16 Feb 2021 16:51:55 GMT):

I don't believe there is a way - at least currently - to have something like a "delivery receipt" in the protocol: you send something and then it is up to the other party to send something back, if required by your workflow.

For basic message and trust ping I don't believe the payloads are stored either, but I may be wrong as it has been a while since I looked at or used those endpoints.

swcurran (Tue, 16 Feb 2021 16:52:48 GMT):

In general, the expectation is that the controller will take care of any persistence that is needed.  ACA-Py will keep the protocol state while the protocol is executing, but once completed, will delete the protocol state record, assuming that the controller has kept whatever information from the protocol is needed.  Note that the controller could store the data in the ACA-Py storage, or could use a separate database, depending on the use case.

However, I think there may be for Basic Message a startup option to keep the protocol state around after completion. I know there are a couple of options for credential issuance storage.

ianco (Tue, 16 Feb 2021 16:52:50 GMT):

I would guess 2-4 weeks to build a new plug-in for indy sdk.  There has been some refactoring/updates of the sdk since we wrote the postgres plug-in that would make writing the new plug-in a bit easier than is was before.  Depends on your level of comfort with Rust and your DB of choice of course.

Yunxi 3 (Tue, 16 Feb 2021 17:19:29 GMT):

Thanks for the answers. @swcurran  and @ianco , regarding the wallet function(using the SQLite and Postgres), is it actually implemented in Indy-sdk instead of "aries-cloudagent-python"?

swcurran (Tue, 16 Feb 2021 17:20:57 GMT):

The current version of ACA-Py (main branch) uses that.  There is a new storage mechanism (https://github.com/hyperledger/aries-askar) that should soon replace the indy-sdk for storage that has a comparable plugin persistence mechanism.

swcurran (Tue, 16 Feb 2021 17:20:57 GMT):

The current version of ACA-Py (main branch) uses the indy-sdk for storage.  There is a new storage mechanism (https://github.com/hyperledger/aries-askar) that should soon replace the indy-sdk for storage that has a comparable plugin persistence mechanism.

Yunxi 3 (Tue, 16 Feb 2021 17:27:56 GMT):

@swcurran , in an execution environment, is the storage code in indy-sdk in the ACA-py's code base, or is ACA-py calling this storage code in  indy-skd?

swcurran (Tue, 16 Feb 2021 17:30:15 GMT):

Currently, the indy-sdk is a dependency loaded into ACA-Py, so the storage is within ACA-Py (vs. an external component).  That dependency is configured via ACA-Py startup options to use one of the indy-sdk plugins for storage (SQLite, Postgres).

Does that answer the question?

daidoji (Tue, 16 Feb 2021 18:39:38 GMT):

Is there any way to query for the endpoints within a connection id?

daidoji (Tue, 16 Feb 2021 18:43:48 GMT):

I see I can query the agent's dids in their wallet via the `wallet` methods but I can't seem to do the same for `their` did in a connection_id nor do any of the `connection-id` methods seem to have that information

swcurran (Tue, 16 Feb 2021 18:54:58 GMT):

Join us for the ACA-Py User Group is Wednesday at 11AM Pacific (19:00 UTC/20:00 CET). Everyone is welcome!

Zoom link is: https://zoom.us/my/hyperledger.community?pwd=STZQd0xMZU9xRVVOVnpQM3JNQ2dqZz09
Link to meeting agenda page: https://wiki.hyperledger.org/display/ARIES/2021-02-03+Aries+Cloud+Agent+-+Python+Users+Group+Community+Meeting

Topics for the Meeting:

- 0.6.0 Release Status
- Status of Persistent Queues Work
- Status of Signed Transactions / Endorser Protocol
- Update on W3C Standard Verifiable Credentials with ZKP and Selective Disclosure in ACA-Py

swcurran (Tue, 16 Feb 2021 20:09:25 GMT):

Join us for the ACA-Py User Group is Wednesday at 11AM Pacific (19:00 UTC/20:00 CET). Everyone is welcome!

Zoom link is: https://zoom.us/my/hyperledger.community?pwd=STZQd0xMZU9xRVVOVnpQM3JNQ2dqZz09
Link to meeting agenda page: https://wiki.hyperledger.org/display/ARIES/2021-02-17+Aries+Cloud+Agent+-+Python+Users+Group+Community+Meeting

Topics for the Meeting:

- 0.6.0 Release Status
- Status of Persistent Queues Work
- Status of Signed Transactions / Endorser Protocol
- Update on W3C Standard Verifiable Credentials with ZKP and Selective Disclosure in ACA-Py

swcurran (Tue, 16 Feb 2021 22:50:46 GMT):

FYI: Aries Cloud Agent - Python Release Candidate 0.6.0-RC0 has been tagged and posted to PyPi. Release notes are not yet available, just the tag here - https://github.com/hyperledger/aries-cloudagent-python/releases/tag/0.6.0-rc0. An new docker image has been posted here -- https://hub.docker.com/r/bcgovimages/aries-cloudagent/tags?page=1&ordering=last_updated

This is a very large release with lots added, hence the "Release Candidate" approach to make sure we've got as much as we can right.  Please test out the new release for your use cases if you have a chance.  Things included:

* Breaking changes - adjustments to startup options and changes to plugin integrations.
* Multi-tenancy support
* Mediator Support
* Flexible Webhooks handling support for controllers
* DID Exchange and OOB support
* Issuer Credential V2 Support
* Various fixes...

Code reference documentation has been generated to ReadTheDocs - https://aries-cloud-agent-python.readthedocs.io/en/0.6.0-rc0/

swcurran (Tue, 16 Feb 2021 22:50:46 GMT):

FYI: Aries Cloud Agent - Python Release Candidate 0.6.0-RC0 has been tagged and posted to PyPi. Release notes are not yet available, just the tag here - https://github.com/hyperledger/aries-cloudagent-python/releases/tag/0.6.0-rc0. A new docker image has been posted here -- https://hub.docker.com/r/bcgovimages/aries-cloudagent/tags?page=1&ordering=last_updated

This is a very large release with lots added, hence the "Release Candidate" approach to make sure we've got as much as we can right.  Please test out the new release for your use cases if you have a chance.  Things included:

* Breaking changes - adjustments to startup options and changes to plugin integrations.
* Multi-tenancy support
* Mediator Support
* Flexible Webhooks handling support for controllers
* DID Exchange and OOB support
* Issuer Credential V2 Support
* Various fixes...

Code reference documentation has been generated to ReadTheDocs - https://aries-cloud-agent-python.readthedocs.io/en/0.6.0-rc0/

Yunxi 3 (Wed, 17 Feb 2021 10:12:49 GMT):

Yes, @swcurran , it's clear, thanks

Yunxi 3 (Wed, 17 Feb 2021 10:12:49 GMT):

Yes, @swcurran , it's clear for the indy-sdk bit. Regarding the aries-askar, how soon will it be out? Will it also support both Postgres and SQLite as well? What are the main benefits of this askar compared to Indy-sdk for storage?

Yunxi 3 (Wed, 17 Feb 2021 10:12:49 GMT):

Yes, @swcurran , it's clear for the indy-sdk bit. Regarding the aries-askar, how soon will it be out? Will it also support both Postgres and SQLite? What are the main benefits of this askar compared to Indy-sdk for storage?

Shweta1 (Wed, 17 Feb 2021 13:03:03 GMT):

Hi Team,
I have some doubt on multitenancy and mediator.
Like mediator can be aries cloud agent who delivers message from one agent to another agent and multiteancy features provide multiple tenant uses same cloud agent instance.
Basically mediator is required for mobile agent. In case if mobile agent is not reachable, mediator can keep credential and once mobile agent comes online, mediator delivered message. so the question is 
Q1. *If faber sends credential to mobile agent using mediator cloud agent,what information keep mediator?is credetial safe from mediator.*
Q2.Moblie agent can directly connect to cloud agent or require mediator.
Q3. Multitenant web agent user can connect to 
  issuer/verifier using mediator.
Let me clarify.

Shweta1 (Wed, 17 Feb 2021 13:03:03 GMT):

Hi Team,
I have some doubt on *multitenancy and mediator*.
Like mediator can be aries cloud agent who delivers message from one agent to another agent and multiteancy features provide multiple tenant uses same cloud agent instance.
Basically mediator is required for mobile agent. In case if mobile agent is not reachable, mediator can keep credential and once mobile agent comes online, mediator delivered message. so the question is 
Q1. *If faber sends credential to mobile agent using mediator cloud agent,what information keep mediator?is credetial safe from mediator.*
Q2.Moblie agent can directly connect to cloud agent or require mediator.
Q3. *Multitenant web agent user can connect to 
  issuer/verifier using mediator.*
Let me clarify.

Shweta1 (Wed, 17 Feb 2021 13:03:03 GMT):

Hi Team,
I have some doubt on *multitenancy and mediator*.
Like mediator can be aries cloud agent who delivers message from one agent to another agent and multiteancy features provide multiple tenant uses same cloud agent instance.
Basically mediator is required for mobile agent. In case if mobile agent is not reachable, mediator can keep credential and once mobile agent comes online, mediator delivered message. so the question is 
Q1. *If faber sends credential to mobile agent using mediator cloud agent,what information keep mediator?is credetial safe from mediator.*
Q2.*Moblie agent can directly connect to cloud agent or require mediator.*
Q3. **Multitenant web agent user can connect to 
  issuer/verifier using mediator.**
Let me clarify.

Shweta1 (Wed, 17 Feb 2021 13:03:03 GMT):

Hi Team,
I have some doubt on *multitenancy and mediator*.
Like mediator can be aries cloud agent who delivers message from one agent to another agent and multiteancy features provide multiple tenant uses same cloud agent instance.
Basically mediator is required for mobile agent. In case if mobile agent is not reachable, mediator can keep credential and once mobile agent comes online, mediator delivered message. so the question is 
Q1. *If faber sends credential to mobile agent using mediator cloud agent,what information keep mediator?is credetial safe from mediator.*
Q2.*Moblie agent can directly connect to cloud agent or require mediator.*
Q3. ***Multitenant web agent user can connect to 
  issuer/verifier using mediator.***
Let me clarify.

Shweta1 (Wed, 17 Feb 2021 13:03:03 GMT):

Hi Team,
I have some doubt on *multitenancy and mediator*.
Like mediator can be aries cloud agent who delivers message from one agent to another agent and multiteancy features provide multiple tenant uses same cloud agent instance.
Basically mediator is required for mobile agent. In case if mobile agent is not reachable, mediator can keep credential and once mobile agent comes online, mediator delivered message. so the question is 
Q1. *If faber sends credential to mobile agent using mediator cloud agent,what information keep mediator?is credetial safe from mediator.*
Q2.*Moblie agent can directly connect to cloud agent or require mediator.*
Q3. *Multitenant web agent user can connect to 
  issuer/verifier using mediator.*
Let me clarify.

wip-abramson (Wed, 17 Feb 2021 14:40:24 GMT):

Cool! Flexible webhooks sound interesting, could you point me to any docs on this? I couldn't obviously spot it in the ReadTheDocs

sklump (Wed, 17 Feb 2021 15:00:07 GMT):

`GET /wallet/get-did-endpoint`

sklump (Wed, 17 Feb 2021 15:00:07 GMT):

`GET /wallet/get-did-endpoint` and specify their DID - which must be in the wallet if you have a connection to them

daidoji (Wed, 17 Feb 2021 15:02:05 GMT):

sklump, well I tried that and `their` did didn't return from that query with any results

daidoji (Wed, 17 Feb 2021 15:07:12 GMT):

which is what prompted the question, my intuition was the same as what you recommended and I was wondering if I had done anything wrong.

swcurran (Wed, 17 Feb 2021 15:45:09 GMT):

Look at the startup options.  You can have multiple listeners, and the feature is integrated with multitenancy, allowing for different webhooks per wallet.

swcurran (Wed, 17 Feb 2021 15:45:31 GMT):

We'll have to look into the docs to see where it ought to be...  :-(

wip-abramson (Wed, 17 Feb 2021 15:47:05 GMT):

Nice, hoped it would be that

swcurran (Wed, 17 Feb 2021 15:48:42 GMT):

Q1 -- the DIDComm messaging protocol and it's approach to mediators (and relays) ensures that the data for the receipient is not accessible to the mediator -- it just sees an encrypted payload and has info to know where to send it.

Q2  Not sure the question.  The mobile agent sends requests to the mediator and receives DIDComm messages back in the response.

lijiachuan (Wed, 17 Feb 2021 15:49:00 GMT):

Hi @sklump, thanks for your reply, but the `{schema_id}` in this service is using the id like `PCgXpt1X4MMEtoGT2RMpq9:2:Test123:1.0` instead of the sequence id, am I correct?

swcurran (Wed, 17 Feb 2021 15:53:09 GMT):

Aries-Askar is out, but not yet in use.  https://github.com/hyperledger/aries-askar

There is a branch in ACA-Py that uses it and once 0.6.0 is out, we'll merge that into main to make it a command line option.

It supports in-memory, SQLite and Postgres now and other implementations are possible.

The major benefits include that it is separate from the indy-sdk, so not subject to the central queue in the indy-sdk, and that it is fully async, allowing all the concurrency to be handled in the database vs. queues in the access layer.

dgt1nsty (Wed, 17 Feb 2021 17:52:08 GMT):

Has joined the channel.

ascatox (Thu, 18 Feb 2021 08:47:06 GMT):

Has joined the channel.

ascatox (Thu, 18 Feb 2021 10:45:55 GMT):

Hi All, I'm having great problems, launching the ACAPy using docker, Someone can suggest me a simple combination of arguments to try the Agent? Thanks in advance.

TimoGlastra (Thu, 18 Feb 2021 10:48:12 GMT):

Are you running from within the git repository or using the docker hub image?

ascatox (Thu, 18 Feb 2021 10:49:06 GMT):

I'm using  the run_docker command in the scripts folder of the git repo.

ascatox (Thu, 18 Feb 2021 10:49:32 GMT):

I'm using the run_docker command in the scripts folder of the git repo.

TimoGlastra (Thu, 18 Feb 2021 11:08:00 GMT):

```
PORTS="20000:20000 20001:20001 20002:20002" ./scripts/run_docker start --endpoint http://192.168.65.3:20000 --inbound-transport http 0.0.0.0 20000 --seed SEED_000000000000000000000000001 --admin 0.0.0.0 20001 --admin-insecure-mode --outbound-transport http  --genesis-url http://test.bcovrin.vonx.io/genesis --wallet-key "test" --wallet-name "base" --wallet-type indy   --auto-provision --recreate-wallet 
```

For debugging add: `--log-level DEBUG --debug-connections --debug-credentials --debug-presentations`
For multitenancy add: `--multitenant --multitenant-admin --jwt-secret very_secret_secret`
for auto accepting message add: `--auto-accept-invites --auto-accept-requests --auto-respond-messages --auto-respond-credential-proposal --auto-respond-credential-offer --auto-respond-credential-request --auto-respond-presentation-proposal --auto-respond-presentation-request --auto-store-credential --auto-verify-presentation`
To enable webhook add (but customize to your url): `--webhook-url http://192.168.65.3:1080`

TimoGlastra (Thu, 18 Feb 2021 11:08:29 GMT):

The command above should work. I've added a few optional add-ons that you could add

sklump (Thu, 18 Feb 2021 11:26:52 GMT):

It takes either way: https://github.com/hyperledger/aries-cloudagent-python/blob/db5330211d4d61ad2e71da1d6184700b9d954b76/aries_cloudagent/messaging/schemas/routes.py#L98

sklump (Thu, 18 Feb 2021 11:27:40 GMT):

OK, I will try to reproduce it

sklump (Thu, 18 Feb 2021 11:46:55 GMT):

I can add this to the connections protocol Friday or Monday

sklump (Thu, 18 Feb 2021 11:47:30 GMT):

Could you write it up as an issue here please:
https://github.com/hyperledger/aries-cloudagent-python/issues
?

daidoji (Thu, 18 Feb 2021 13:32:08 GMT):

Sure.  So this is an issue?  I can come up with a reproducible case for you sure.  I was just wasn't sure if that was intended or not.

sumit0042 (Thu, 18 Feb 2021 14:47:59 GMT):

Hi, I can see that we can start acapy with an image-url argument and this will be publicized out of band from connection invitation.
So in this way the invitee gets the image_url of inviter. 
How can inviter have the image url of invitee? Is there anything for this currently?

sumit0042 (Thu, 18 Feb 2021 14:47:59 GMT):

Hi, I can see that we can start acapy with an image-url argument and this will be publicized out of band from connection invitation.
So in this way the invitee gets the image_url of inviter. 
How can inviter get the image url of invitee? Is there anything for this currently?

daidoji (Thu, 18 Feb 2021 14:50:31 GMT):

@sklump here you go. 
 Let me know if you need more from me on the issue if I wasn't clear enough. 
 https://github.com/hyperledger/aries-cloudagent-python/issues/975

lijiachuan (Thu, 18 Feb 2021 14:53:57 GMT):

Hi Everyone, I am practicing the revocation feature, and I have one question would like to have your suggestion, is about the `non_revoked` property in the proof request object, from OpenAPI's model description, it says `Timestamp of interest for non-revocation proof`, but I am not sure what does this mean, why we put one timestamp here for, and how it will be used for revocation verify of the proof. Can anyone help on this? Thanks.

daidoji (Thu, 18 Feb 2021 15:14:59 GMT):

In regards to the awesome W3C VC work being done by Animo that was demoed yesterday, is there anything we can contribute to push that along faster?  We have a business use case that we're working on with the vanilla acapy agent but it would be much better if we also supported W3C VCs.  Should our controller code mostly work against the new W3C work?

sklump (Thu, 18 Feb 2021 16:32:56 GMT):

https://github.com/hyperledger/aries-cloudagent-python/pull/976

lijiachuan (Thu, 18 Feb 2021 16:56:28 GMT):

Hi everyone, I could get the credential revocation status for the issuer side, but when I tried to use `/revocation/credential-record` to check the revocation status for a credential for the holder side, with `cred_rev_id` and `rev_reg_id`, the service returned below error 
```
404: IssuerCredRevRecord record not found for {'rev_reg_id': 'PCgXpt1X4MMEtoGT2RMpq9:4:PCgXpt1X4MMEtoGT2RMpq9:3:CL:55:definition0219rev:CL_ACCUM:f03aea30-e4e7-47d9-b9b6-c99c84beb63d'}, {'cred_rev_id': '1'}.
```

Does anyone encounter this error before?

esune (Thu, 18 Feb 2021 17:08:28 GMT):

The holder does not have that information - `cred_rev_id` and `rev_reg_id` - as far as I now. I think the only way to self-check if a credential was revoked would be to perform a proof-request to self, specifying a non-revocation interval.
Knowing you hold a valid credential and are providing a valid credential to the proof, the only (?) reason why the proof would fail is if the credential was revoked. Unfortunately currently there is no information bubbling up from indy specifying why the proof-request failed, just that it did - that's why I say "you know you hold a valid credential".

esune (Thu, 18 Feb 2021 17:09:14 GMT):

@sklump @andrew.whitehead to confirm this is not something that changed recently and I am providing a misleading answer.

andrew.whitehead (Thu, 18 Feb 2021 17:13:19 GMT):

There is a relatively new endpoint to check this at the holder, `/credential/revoked/{credential_id}`

esune (Thu, 18 Feb 2021 17:13:45 GMT):

There you go, thanks Andrew :)

daidoji (Thu, 18 Feb 2021 18:00:06 GMT):

@sklump oh wow, that was quick.  Thanks!

dbluhm (Thu, 18 Feb 2021 21:50:52 GMT):

In ACA-Py with multi-tenancy change, we now have four different objects that hold "context" in some form: `RequestContext`, `AdminRequestContext`, `Profile`, and `ProfileSession`. Exactly when each should be used in new code is still somewhat fuzzy for me (should my new manager hold a profile or a session? Or take the whole context from the caller?). I have noticed, however, that the injection context held by `Profile` differs (frequently) from the injection contexts held by `RequestContext` and sessions created from `RequestContext`: the `AdminResponder` given by injecting `BaseResponder` on the `Profile` is apparently incapable of packing messages to wire format whereas `RequestContext`'s `DispatcherResponder` and even the `AdminResponder` retrieved from `AdminRequestContext`s are fine. I haven't been able to puzzle out the exact flow that is resulting in this difference yet

dbluhm (Thu, 18 Feb 2021 21:50:52 GMT):

In ACA-Py with multi-tenancy changes, we now have four different objects that hold "context" in some form: `RequestContext`, `AdminRequestContext`, `Profile`, and `ProfileSession`. Exactly when each should be used in new code is still somewhat fuzzy for me (should my new manager hold a profile or a session? Or take the whole context from the caller?). I have noticed, however, that the injection context held by `Profile` differs (frequently) from the injection contexts held by `RequestContext` and sessions created from `RequestContext`: the `AdminResponder` given by injecting `BaseResponder` on the `Profile` is apparently incapable of packing messages to wire format whereas `RequestContext`'s `DispatcherResponder` and even the `AdminResponder` retrieved from `AdminRequestContext`s are fine. I haven't been able to puzzle out the exact flow that is resulting in this difference yet

dbluhm (Thu, 18 Feb 2021 21:50:52 GMT):

In ACA-Py with multi-tenancy changes, we now have four different objects that hold "context" in some form: `RequestContext`, `AdminRequestContext`, `Profile`, and `ProfileSession`. Exactly when each should be used in new code is still somewhat fuzzy for me (should my new manager hold a profile or a session? Or take the whole context from the caller?). I have noticed, however, that the injection context held by `Profile` differs (frequently) from the injection contexts held by `RequestContext` and sessions created from `RequestContext`: the `AdminResponder` given by injecting `BaseResponder` on the `Profile` is apparently incapable of packing messages to wire format whereas `RequestContext`'s `DispatcherResponder` and even the `AdminResponder` retrieved from `AdminRequestContext`s are fine. I haven't been able to puzzle out the exact flow that is resulting in this difference yet.

I take it this isn't intentional? Or am I missing something?

Yunxi 3 (Thu, 18 Feb 2021 22:19:29 GMT):

Hello all, i'm trying to run my acapy agent by using the command "./run_docker", and below is my command: ./run_docker start  \
--label issuer \
  --inbound-transport http 0.0.0.0 8000 \
  --outbound-transport http \
  --admin 0.0.0.0 11000 \
  --admin-insecure-mode \
  --genesis-url http://localhost:9000/genesis \
  --seed yunxi000000000000000000000000000 \
  --wallet-type indy \
  --wallet-name yunxi \
  --wallet-key yunxisecret \
  --endpoint http://localhost:8000/ \
  --webhook-url http://localhost:4455/webhooks \
  --public-invites \
  --auto-provision \
  --auto-accept-invites \
  --auto-accept-requests \
  --auto-ping-connection \
  --monitor-ping \
  --debug-connections
, but keep getting errors, see attached file. I'm using the main branch of acapy and the code is up to date. Can anyone give a help here? Thanks!

Yunxi 3 (Thu, 18 Feb 2021 22:20:16 GMT):



error.txt

jcourt (Thu, 18 Feb 2021 22:26:08 GMT):

To me it looks like it is failing to get the genesis file which you have specified as being on `http://localhost:9000/genesis`. are you running a VON network on your localhost before you try and start ACA-py ?

lijiachuan (Fri, 19 Feb 2021 01:10:12 GMT):

Thanks for your reply, I will check this.

Yunxi 3 (Fri, 19 Feb 2021 09:56:15 GMT):

yes, the VON network was up and running

Yunxi 3 (Fri, 19 Feb 2021 09:56:24 GMT):



Clipboard - February 19, 2021 9:56 AM

Yunxi 3 (Fri, 19 Feb 2021 09:59:21 GMT):



Clipboard - February 19, 2021 9:59 AM

sklump (Fri, 19 Feb 2021 13:10:59 GMT):

Note that this endpoint does not validate anything cryptographically: it effectively parses ledger entries as a revocation list without proof/verification. But if the ledger is cryptographically broken, then there are bigger problems anyway.

sklump (Fri, 19 Feb 2021 13:10:59 GMT):

Note that this endpoint does not validate anything cryptographically: it effectively parses ledger entries as a revocation list without proof/verification, and it hinges on the fact that indy does not support reinstatement of revoked credentials.

sklump (Fri, 19 Feb 2021 13:10:59 GMT):

Note that this endpoint does not validate anything cryptographically: it effectively parses ledger entries as a revocation list without proof/verification, and it hinges on the (feature) that indy does not support reinstatement of revoked credentials.

daidoji (Fri, 19 Feb 2021 14:56:21 GMT):

[ ](https://chat.hyperledger.org/channel/aries-cloudagent-python?msg=L7GCiZnn3Rjiir69r) Maybe my message got lost in the chatter.  Our group would like to contribute to this effort, would that be possible?

swcurran (Fri, 19 Feb 2021 15:42:38 GMT):

Awesome to hear from you.  @TimoGlastra -- I don't know if it would be faster to bring more people on. That could slow things down, but maybe there are things that could be done.

Animo is working in this branch of this repo: https://github.com/animo/aries-cloudagent-python/tree/cwu-bbs  so you can at least see what they are doing.  I believe they are using issues in that repo to track day-to-day progress.

The HackMD document that shows their direction can be found here: https://hackmd.io/@animo/acapy-bbs-2

swcurran (Fri, 19 Feb 2021 15:42:38 GMT):

Awesome to hear from you.  @TimoGlastra -- I don't know if it would be faster to bring more people on. That could slow things down, but maybe there are things that could be worked on by others.

Animo is working in this branch of this repo: https://github.com/animo/aries-cloudagent-python/tree/cwu-bbs  so you can at least see what they are doing.  I believe they are using issues in that repo to track day-to-day progress.

The HackMD document that shows their direction can be found here: https://hackmd.io/@animo/acapy-bbs-2

daidoji (Fri, 19 Feb 2021 15:44:01 GMT):

Awesome, yeah I looked at this and we even tested on that branch and our code still looks pretty good.  If there are little pieces we can do to help move it along we'd love to do so.

Really excited about this work.

daidoji (Fri, 19 Feb 2021 15:44:30 GMT):

Just trying to make contact to see if that's appropriate.

Yunxi 3 (Fri, 19 Feb 2021 15:48:45 GMT):



Clipboard - February 19, 2021 3:48 PM

Yunxi 3 (Fri, 19 Feb 2021 15:49:44 GMT):

hello all, i need to run von network on an EC2 instance, due to the security policy, i have to change the ports (e.g. 9701) as defined in the docker compose file by default to some other ports, but even i've done it, when checking the logs of each von node, i still find the original ports (9701) as shown in the screenshot are still used in the containers. Where should change these ports?

Yunxi 3 (Fri, 19 Feb 2021 15:49:44 GMT):

hello all, i need to run a von network on an EC2 instance, due to the security policy, i have to change the ports (e.g. 9701) as defined in the docker compose file by default to some other ports, but even i've done it, when checking the logs of each von node, i still find the original ports (9701) as shown in the screenshot are still used in the containers. Where should change these ports?

Yunxi 3 (Fri, 19 Feb 2021 15:50:18 GMT):



Clipboard - February 19, 2021 3:49 PM

swcurran (Fri, 19 Feb 2021 15:51:27 GMT):

I'm sure @WadeBarnes will have much better info, but just wanted to be sure you looked at these EC2 notes in the readme:

https://github.com/bcgov/von-network#aws-ec2-security-considerations

Yunxi 3 (Fri, 19 Feb 2021 15:52:10 GMT):

yes, i've updated the security groups for my EC2, otherwise, the von node containers will kill themselves after mins

Yunxi 3 (Fri, 19 Feb 2021 15:52:10 GMT):

yes, im aware of that info, and i've updated the security groups for my EC2 accordingly, otherwise, the von node containers will kill themselves after mins

Yunxi 3 (Fri, 19 Feb 2021 15:52:10 GMT):

yes, im aware of that info, and i've updated the security groups for my EC2 accordingly, otherwise, the von node containers will kill themselves after mins. just unfortunately, ports in the range from 9001 - 9999 are not allowed in my case, that's why i changed them in the docker compose file

Yunxi 3 (Fri, 19 Feb 2021 15:58:01 GMT):

yes, im aware of that info, and i've updated the security groups for my EC2 accordingly, otherwise, the von node containers will kill themselves after mins. just unfortunately, ports in the range from 9001 - 9999 are not allowed in my case, that's why i changed them in the docker compose file

TimoGlastra (Fri, 19 Feb 2021 17:26:49 GMT):

Hi @daidoji, sorry I missed your message, but really great to hear you want to help :) There is a lot that needs to be done, so we can definitely use your help. Just need to look if we can find something so we won’t be getting in each others way. I think it would be good to setup a call and see where to go from there. I’ll message you in private 

dbluhm (Fri, 19 Feb 2021 17:40:53 GMT):

Figured out the issue. I was being thrown for a bit of a wild goose chase with the differences in the responder when the real issue was that in the context I was attempting to send a message from, I wanted the message to be sent to a session but also needed to provide the appropriate connection info normally provided by the `DispatcherResponder` which, as it turns out, wasn't possible without adding `reply_from_verkey` to the send/create_outbound methods.

WadeBarnes (Fri, 19 Feb 2021 18:19:22 GMT):

What are you changing the ports to?  Indy supports ports 9700 to 9799.  If you're trying to use something outside that range it's likely not going to work.

daidoji (Sun, 21 Feb 2021 22:48:31 GMT):



Clipboard - February 21, 2021 5:48 PM

daidoji (Sun, 21 Feb 2021 22:49:21 GMT):

Hello, sorry for cross-posting (also asked this in #aries) but in the openapi example for `/present-proof/send-request` spec we see this, but in the RFC I don't see any mention of passing a `names` array.  It just mentions `name`.  Is this an issue with the RFC or the openapi example?

swcurran (Sun, 21 Feb 2021 23:02:31 GMT):

The RFC only talks about the protocols and the use of attachments that depend on the format of the credentials. In the case you are looking, the format is AnonCreds, so the issue of "name" and "names" is to do with the Indy Proof Request format.  AnonCreds initially only supported "name" and there were restrictions on each data element (claim) to be proven. Later they added "names" which meant that the named claims must come from the same credential and the credential must meet the given restrictions.

daidoji (Sun, 21 Feb 2021 23:03:27 GMT):

oh I see, so the answer to my question would have been in the anoncred doc.  Thanks!

michawensveen (Mon, 22 Feb 2021 07:51:41 GMT):

Localhost won't work when you run the aca-py inside a docker, because the container will be the localhost. Use the name of the docker container running the von webserver

bruno_santos (Mon, 22 Feb 2021 10:49:54 GMT):

Hello channel, when running the docker demo project, using the POST /present-proof/send-request endpoint, shouldn't it verify the presentation and update the status accordingly?

bruno_santos (Mon, 22 Feb 2021 10:49:54 GMT):

Hello channel, when running the docker demo project, using the POST /present-proof/send-request endpoint, shouldn't it automatically verify the presentation and update the status accordingly?

Yunxi 3 (Mon, 22 Feb 2021 16:38:06 GMT):



Clipboard - February 22, 2021 4:37 PM

Yunxi 3 (Mon, 22 Feb 2021 16:39:21 GMT):

Hello all, i've running two acapy agents and a von on the same server. I've used acapy command to manually set up two agents and trying to manually simulate this tutorial: https://github.com/hyperledger/aries-cloudagent-python/blob/main/demo/AriesOpenAPIDemo.md on how two agents can establish the one-time connection between them. When going through process, my agent A can send an invite to agent B, and Agent B can receive an invite successfully. However, when I triggered the api to Agent B to accept an invite, Agent A's terminal shows errors attached. Can anyone give me some help to explain what the error "ConnRecord record not found for {'invitation_key': 'Gb....', 'their role': 'invite'}" mean here? Thanks

Yunxi 3 (Mon, 22 Feb 2021 16:39:21 GMT):

Hello all, i've running two acapy agents and a von on the same server. I've used acapy command to manually set up two agents and trying to manually simulate this tutorial: https://github.com/hyperledger/aries-cloudagent-python/blob/main/demo/AriesOpenAPIDemo.md on how two agents can establish the one-time connection between them. When going through process, my agent A can send an invite to agent B, and Agent B can receive an invite successfully. However, when I triggered the api to Agent B to accept an invite, Agent A's terminal shows errors attached. Can anyone give me some help to explain what the error "ConnRecord record not found for {'invitation_key': 'Gb....', 'their role': 'invite'}" means here? Thanks

Yunxi 3 (Mon, 22 Feb 2021 16:39:21 GMT):

Hello all, i'm running two acapy agents and a von on the same server. I've used acapy command to manually set up two agents and trying to manually simulate this tutorial: https://github.com/hyperledger/aries-cloudagent-python/blob/main/demo/AriesOpenAPIDemo.md on how two agents can establish the one-time connection between them. When going through process, my agent A can send an invite to agent B, and Agent B can receive an invite successfully. However, when I triggered the api to Agent B to accept an invite, Agent A's terminal shows errors attached. Can anyone give me some help to explain what the error "ConnRecord record not found for {'invitation_key': 'Gb....', 'their role': 'invite'}" means here? Thanks

Yunxi 3 (Mon, 22 Feb 2021 16:39:21 GMT):

Hello all, i'm running two acapy agents and a von on the same server. I've used acapy command to manually set up two agents and trying to simulate steps in this tutorial: https://github.com/hyperledger/aries-cloudagent-python/blob/main/demo/AriesOpenAPIDemo.md on how two agents can establish the one-time connection. When going through process, my agent A can send an invite to agent B, and Agent B can receive an invite successfully. However, when I triggered the api to Agent B to accept an invite, Agent A's terminal shows errors attached. Can anyone give me some help to explain what the error "ConnRecord record not found for {'invitation_key': 'Gb....', 'their role': 'invite'}" means here? Thanks

Yunxi 3 (Mon, 22 Feb 2021 16:39:21 GMT):

Hello all, i'm running two acapy agents and a von on the same server. I've used acapy command to manually set up two agents and trying to simulate steps in this tutorial: https://github.com/hyperledger/aries-cloudagent-python/blob/main/demo/AriesOpenAPIDemo.md on how two agents can establish the one-time connection. When going through process, my agent A can send an invite to agent B, and Agent B can receive an invite successfully. However, when I triggered the api to Agent B to accept an invite, Agent A's terminal shows errors attached. After googling the error aries_cloudagent.storage.error.StorageNotFoundError: ConnRecord record not found for {'invitation_key':"} , i've found it might imply the wallet storage is not available. How can i verify if a wallet is provisioned with my agent?

Yunxi 3 (Mon, 22 Feb 2021 16:39:21 GMT):

Hello all, i'm running two acapy agents and a von on the same server. I've used acapy command to manually set up two agents and trying to simulate steps in this tutorial: https://github.com/hyperledger/aries-cloudagent-python/blob/main/demo/AriesOpenAPIDemo.md on how two agents can establish the one-time connection. When going through process, my agent A can send an invite to agent B, and Agent B can receive an invite successfully. However, when I triggered the api to Agent B to accept an invite, Agent A's terminal shows errors attached. After googling the error aries_cloudagent.storage.error.StorageNotFoundError: ConnRecord record not found for {'invitation_key':"} , i've found it might imply the wallet storage is not available. How can i verify if a wallet is provisioned with my agent? btw, when i run acapy command, i did put --auto-provision  as  an attribute, and i understand this attribute should help my agent create a new wallet?

Yunxi 3 (Mon, 22 Feb 2021 16:42:19 GMT):



Clipboard - February 22, 2021 4:42 PM

Yunxi 3 (Mon, 22 Feb 2021 16:43:02 GMT):

btw, in the Swagger for Agent 1,  i can see the invitation_key is listed in the response, which shows the right value in the error above

Yunxi 3 (Mon, 22 Feb 2021 16:48:59 GMT):

Thanks for confirming this, @WadeBarnes. Looks like the this port range is hardcoded in the von docker image somehow? Basically, my corporate doesn't allow to use port range from 9001 - 9999 in the cloud, so i was wondering if could manually change all the ports used in the von to other port ranges that are allowed.

Yunxi 3 (Mon, 22 Feb 2021 16:52:27 GMT):

@michawensveen, could you explain a bit more how and where to use "the name of the container running the von webserver"?

michawensveen (Mon, 22 Feb 2021 16:57:28 GMT):

You start the aries cloud agent  with the ./run_docker start command.

michawensveen (Mon, 22 Feb 2021 16:58:01 GMT):

And you supply the genenis-url as http://localhost:9000/genisis.

michawensveen (Mon, 22 Feb 2021 16:58:34 GMT):

here localhost is the aries-clout-agent docker.

michawensveen (Mon, 22 Feb 2021 16:59:28 GMT):

You have to change the genisis url to  http://von_webserver_1:9000/genesis

michawensveen (Mon, 22 Feb 2021 17:00:52 GMT):

And make sure that both the aca and local von-network run in the same docker network.  You can do this by  changing aries-cloudagent-python/scripts/run_docker script

michawensveen (Mon, 22 Feb 2021 17:01:54 GMT):

add --network von_von to the last row.  It should look like this

michawensveen (Mon, 22 Feb 2021 17:01:56 GMT):

--network von_von

michawensveen (Mon, 22 Feb 2021 17:01:56 GMT):

$DOCKER run --network von_von -d --name "aries-cloudagent-runner" $ARGS aries-cloudagent-run "$@"

michawensveen (Mon, 22 Feb 2021 17:03:48 GMT):

Now the aca docker can connect to the von-webserver_1 docker by its name (ie dns resolving in the docker network).

sklump (Mon, 22 Feb 2021 17:11:13 GMT):

Note that the demo agents run with `--auto-accept-invites` as a default, and so the documentation here is wrong. The agent doesn't need to accept the invitation manually. I'm not sure what happens to the invitation key vs. the connection record in detail, but manually accepting it creates a double-tap that spits an admittedly weird error message.
Feel free to write it up as an issue.

WadeBarnes (Mon, 22 Feb 2021 17:14:06 GMT):

Are you trying to expose an instance of `von-network` running from inside your corporate network to the outside world, or trying to use a instance of `von-network` internally on your corporate network?

Yunxi 3 (Mon, 22 Feb 2021 17:14:20 GMT):

@sklump , I did put "-auto-accept-invites" as another attribute before running my agents. With this attribute, does it mean, I only need to run Agent A to send an invite to Agent B and then for the rest of the process, it will all auto happen?

sklump (Mon, 22 Feb 2021 17:16:04 GMT):

That's correct: note that here
https://github.com/hyperledger/aries-cloudagent-python/blob/39ccdf8e5b1b909fbe59fa984361935d6f8b658d/demo/runners/alice.py#L49
(and similarly for Faber), it is a default for demo purposes.

Actually please do write up an issue here for us and put it into the queue? I should fix the docs.

sklump (Mon, 22 Feb 2021 17:16:04 GMT):

That's correct: note that here
https://github.com/hyperledger/aries-cloudagent-python/blob/39ccdf8e5b1b909fbe59fa984361935d6f8b658d/demo/runners/alice.py#L49
(and similarly for Faber), it is a default for demo purposes.

Actually please do write up an issue here
https://github.com/hyperledger/aries-cloudagent-python/issues

for us and put it into the queue? I should fix the docs.

Yunxi 3 (Mon, 22 Feb 2021 17:17:52 GMT):

as i'm only doing the experimentation for the moment, the features i want is to have an internal von-network running on the cloud server, but i do want to access it via my local laptop's browser. so, the von-webserver can be accessed once its port number is whitelisted, but when i checked the logs for each von node, i see these nodes somehow need to connect to each other via port number such as 9702.

Yunxi 3 (Mon, 22 Feb 2021 17:17:52 GMT):

as i'm only doing the experimentation for the moment, the features i want is to have an internal von-network running on the cloud server, but i do want to access it via my local laptop's browser. so, the von-webserver can be accessed once its port number is whitelisted (as 9000 is allowed by my corporate), but when i checked the logs for each von node, i guess these nodes need to connect to each other via port number such as 9702.

Yunxi 3 (Mon, 22 Feb 2021 17:17:52 GMT):

as i'm only doing the experimentation for the moment, the features i want is to have an internal von-network running on the cloud server, but i do want to access it via my local laptop's browser. so, the von-webserver can be accessed once its port number is whitelisted (as 9000 is allowed by my corporate), but when i checked the logs for each von node, i guess these nodes need to connect to each other via port numbers such as 9702, 9703.

Yunxi 3 (Mon, 22 Feb 2021 17:19:38 GMT):

so the issue will be, update the doc reflecting the auto process for the two agents, right?

Yunxi 3 (Mon, 22 Feb 2021 17:27:45 GMT):

Hello all,  could anyone help me on why i got this issue above? In addition, i know acapy currently supports both sqlite and postgresql as dbs for storage. So, when i run the agents without specifying any dbs (not even know if this is possible), how does the agent know which db to use?

sklump (Mon, 22 Feb 2021 17:27:49 GMT):

Yes, at least. I will also figure out why it can't find the connection record anymore, and see if I can get a better error message

Yunxi 3 (Mon, 22 Feb 2021 17:28:57 GMT):

Will do @sklump . Regarding the storage. i know acapy currently supports both sqlite and postgresql as dbs for storage. So, when i run the agents without specifying any dbs (not even know if this is possible), how does the agent know which db to use?

Yunxi 3 (Mon, 22 Feb 2021 17:31:29 GMT):

@sklump , i've raised this issue: https://github.com/hyperledger/aries-cloudagent-python/issues/988

sklump (Mon, 22 Feb 2021 17:31:49 GMT):

no idea on that

Yunxi 3 (Mon, 22 Feb 2021 17:32:00 GMT):

no problem

Yunxi 3 (Mon, 22 Feb 2021 17:33:45 GMT):

Hello all, i know acapy currently supports both sqlite and postgresql as dbs for storage (by calling either indy-sdk or aries-askar in the future). my question is when i run the agents without specifying any dbs (not even know if this is possible), how does the agent know which db to use? also, how can i verify if a db storage/wallet is provisioned to an agent?

Yunxi 3 (Mon, 22 Feb 2021 17:33:45 GMT):

Hello all, i know acapy currently supports both sqlite and postgresql as dbs for storage purpose (by calling either indy-sdk or aries-askar in the future). my question is when i run the agents without specifying any dbs (not even know if this is possible), how does the agent know which db to use? also, how can i verify if a db storage/wallet is provisioned to an agent?

Yunxi 3 (Mon, 22 Feb 2021 17:33:45 GMT):

Hello all, i know acapy currently supports both sqlite and postgresql as dbs for storage purpose (by calling either indy-sdk or aries-askar in the future). my question is when i run the agents without specifying any dbs in the attributes (not even know if this is supported or not, lol), how does the agent know which db to use? also, how can i verify if a db storage/wallet is provisioned to an agent?

Yunxi 3 (Mon, 22 Feb 2021 17:33:45 GMT):

Hello all, after checking the acapy command, i see a few attributes related to storage/wallet, and wondering if I need to specify them all for a particular type of storage (e.g. memory, sqlite and postgresql)?  The attributes are: --wallet-type  --wallet-storage-type  and --storage-type. The current help info doesn't specify if there are any dependency amongst 3 of them.

Yunxi 3 (Mon, 22 Feb 2021 17:33:45 GMT):

Hello all, after checking the acapy command, i see a few attributes related to storage/wallet, and wondering if I need to specify them all if using a particular type of storage (e.g. memory, sqlite and postgresql)?  The attributes are: --wallet-type  --wallet-storage-type  and --storage-type. The current help info doesn't specify if there are any dependency amongst 3 of them.

Yunxi 3 (Mon, 22 Feb 2021 17:33:45 GMT):

Hello all, after checking the acapy command, i see a few attributes related to storage/wallet, and wondering if I need to specify them all if using a particular type of storage (e.g. memory, sqlite and postgresql)?  The attributes are: --wallet-type  --wallet-storage-type  and --storage-type. The current help info doesn't specify if there are any dependency amongst 3 of them.   Also, when i see --auto-provision attribute, it mentions intilializes the requested profile if it does not exist, I wonder what's the difference between the profile and a wallet/storage?

WadeBarnes (Mon, 22 Feb 2021 17:50:50 GMT):

Yes the nodes need to talk with each other on ports within the range of 9700 to 9799.  It's possible to remap the ports a layer above, but then you start getting into more complicated proxy ports mappings which then complicates the client/agent connections.

WadeBarnes (Mon, 22 Feb 2021 17:50:50 GMT):

Yes the nodes need to talk with each other on ports within the range of 9700 to 9799.  It's possible to remap the ports a layer above, but then you start getting into more complicated proxy and port mappings which then complicates the client/agent connections.

WadeBarnes (Mon, 22 Feb 2021 17:53:02 GMT):

If you're just experimenting, run everything locally on your laptop.

JackyYuan (Tue, 23 Feb 2021 05:57:40 GMT):

Has joined the channel.

JackyYuan (Tue, 23 Feb 2021 05:57:41 GMT):

Hello aca-py team! I'm Jacky, a part time contractor with SecureKey who's here to help with the interop by implementing some of the RFC's required for communications between the two projects.

Is this a good place to discuss interop related details and ask questions?

Yunxi 3 (Tue, 23 Feb 2021 14:01:32 GMT):



Clipboard - February 23, 2021 2:01 PM

Yunxi 3 (Tue, 23 Feb 2021 14:03:23 GMT):

Hello all, after running aries agents by using acapy, i see log info shows "ledger instance not provided", but i did provide  --genesis-url as the attribute and the von ledger is accessible in the browser and registering DID works. When i tried to generate a schema to von ledger, the logs also shows "no ledger available", can anyone help here? thanks

Yunxi 3 (Tue, 23 Feb 2021 14:03:50 GMT):



Clipboard - February 23, 2021 2:03 PM

imroue (Tue, 23 Feb 2021 15:07:07 GMT):

Has joined the channel.

esune (Tue, 23 Feb 2021 16:55:31 GMT):

#aries-interop might be an even better as it is a more "focused" channel

swcurran (Tue, 23 Feb 2021 18:46:14 GMT):

@JackyYuan -- welcome.  I think you might be working on some Aries Agent Test Harness work. If that is the case, there is that channel as well #aries-agent-test-harness .

JackyYuan (Tue, 23 Feb 2021 20:48:46 GMT):

Thanks! I'll take a look at both channels

Specifically, I'm working on interop between the aries-go agent and the aca-py agent, implementing RFC 334 and 587 on aca-py to start. (Not sure if this work falls under aries test harness). I'll mainly be communicating with aca-py devs.

Please let me know if there are any other good channel suggestions :)

swcurran (Tue, 23 Feb 2021 21:14:30 GMT):

In that case...you are in the right place.

FYI @andrew.whitehead as he probably knows the most about the low level comms with ACA-Py.

lijiachuan (Wed, 24 Feb 2021 16:06:29 GMT):

Hi @swcurran , I tried the Alice-Faber demo, from the start command line parameter, I saw that:
for Faber, it has `'--webhook-url', 'http://10.0.0.6:8022/webhooks'` and for Alice, it has `'--webhook-url', 'http://10.0.0.7:8032/webhooks'`, whether above paramters are the same as what you referred to as "webhooks activated"? And also I am not sure what is the document you are referring to with "all the webhooks in all scenarios", I would like to check that document. Kindly advise. Thanks.

swcurran (Wed, 24 Feb 2021 16:27:25 GMT):

The basics are what you point out above -- you tell ACA-Py where to fire off the webhooks.  Up until the upcoming 0.6.0, that was just one place.  In 0.6.0, you can have multiple listeners, and the use of webhooks is aligned with multi-tenancy, so each wallet can (for example) have it's own webhook.

@shaanjot.gill -- is there a summary doc on this?  If not -- perhaps we need a "webhooks.md" file in the repo?

daidoji (Wed, 24 Feb 2021 16:29:41 GMT):

what does `wallet.get_signing_key` actually return?  I'm having trouble understanding it from the tests and all my examples seem to be having strange indy wallet errors.

daidoji (Wed, 24 Feb 2021 16:29:41 GMT):

what does `wallet.get_signing_key` (like the `metadata` part) actually return?  I'm having trouble understanding it from the tests and all my examples seem to be having strange indy wallet errors.

daidoji (Wed, 24 Feb 2021 16:29:41 GMT):

what does `wallet.get_signing_key` (like the `metadata` part of the keyinfo) actually return?  I'm having trouble understanding it from the tests and all my examples seem to be having strange indy wallet errors no matter what verkey I use, created via `wallet.create_signing_key` or verkeys attached to the dids the wallet holds.

daidoji (Wed, 24 Feb 2021 16:43:29 GMT):

oh wait, nevermind.  It just returns the verkey as well.

daidoji (Wed, 24 Feb 2021 16:43:36 GMT):

with any metadata attached

daidoji (Wed, 24 Feb 2021 16:43:47 GMT):

the errors were my own :-(

vongohren (Wed, 24 Feb 2021 18:00:20 GMT):

Has joined the channel.

vongohren (Wed, 24 Feb 2021 18:04:04 GMT):

Hi guys! I'm Snorre, from https://www.diwala.io/. Looking to be using cloud-agent as a key component going forward and will probably have a lot of questions. Already had a great chat with Ian getting me over some issues.

Is this a good place to ask some questions and discussions? In conjunction with github ofcourse!

ianco (Wed, 24 Feb 2021 18:15:02 GMT):

Welcome!  Yes this is the right channe

ianco (Wed, 24 Feb 2021 18:15:02 GMT):

Welcome!  Yes this is the right channel

JackyYuan (Thu, 25 Feb 2021 01:37:46 GMT):

great! Thanks for all the help

Yunxi 3 (Thu, 25 Feb 2021 10:56:34 GMT):

Hello all, for issuing a credential, does an issuer agent always have to send a credential offer to a credential holder agent?

Yunxi 3 (Thu, 25 Feb 2021 10:56:34 GMT):

Hello all, for issuing a credential, does an issuer agent always have to send a credential offer to a credential holder agent? how if we need multi tenancy feature in the credential holder agent. For example. four different wallets representing 4 end users respectively and all of them will request the same credential from the issuer. In a case like this, does the issuer agent need to send a credential offer to the holder agent 4 times for each wallet or only once?

Yunxi 3 (Thu, 25 Feb 2021 10:56:34 GMT):

Hello all, for issuing a credential, does an issuer agent always have to send a credential offer to a credential holder agent? If so, how about if we need a multi tenancy feature in the credential holder agent. For example. four different wallets representing 4 end users respectively and all of them will request the same credential from the issuer. In a case like this, does the issuer agent need to send a credential offer to the holder agent 4 times for each wallet or only once?

michawensveen (Thu, 25 Feb 2021 12:00:20 GMT):

Hi All,
I am trying to use the "/present-proof/create-request" method of the api to request proof from somebody I have no connection with. 
I add the service decorator (using https://github.com/bcgov/vc-authn-oidc/blob/master/oidc-controller/src/VCAuthn/Models/PresentationRequestMessage.cs) as described in previous post.
In regards to the Faber/Alice demo, how do I get the proof request in the Alice agent? There appears to be no method for that. 
Any help would be appreciated.

sklump (Thu, 25 Feb 2021 12:17:11 GMT):

The demo is a demo, not an application. Alice/Faber exchange proof request as coded. Your choice to try other things with the connection is to use the (swagger) admin API at ports 8021 and 8031.

michawensveen (Thu, 25 Feb 2021 12:20:50 GMT):

@sklump I am using the swagger admin api (8031 for Alice). but which method in the admin api could I call to let Alice present proof if Faber created the proof without a connection-id

dbluhm (Thu, 25 Feb 2021 14:45:50 GMT):

Indicio and SICPA are collaborating on adding pluggable DID Resolvers to ACA-Py. In addition to the interfaces required to plugin resolvers, we've also coded up an Indy resolver that's registered by default when an Indy ledger has been configured on the agent. We are also working on a resolver implementation that uses the/a universal resolver over HTTP (generally intended for use in testing or when you're running your own universal resolver instance on premise) and eventually we would like to add a resolver implementation that uses the/a universal resolver over DIDComm using the DID Resolution protocol DanubeTech has been championing. We're running into a couple of questions now: do we want the HTTP Universal Resolver implementation built into ACA-Py (enabled with command line arg/config option) or loaded as an external plugin? How about the DIDComm Universal Resolver implementation?

I could see this easily going either way and in either case setup and configuration would not be dramatically different (add `--enable-http-universal-resolver` or similar vs `pip install acapy-plugin-http-universal-resolver` and add `--plugin acapy_plugin_http_universal_resolver`)

Thanks in advance for your input.
cc: @swcurran @andrew.whitehead

dbluhm (Thu, 25 Feb 2021 14:45:50 GMT):

Indicio and SICPA are collaborating on adding pluggable DID Resolvers to ACA-Py. In addition to the interfaces required to plugin resolvers, we've also coded up an Indy resolver that's registered by default when an Indy ledger has been configured on the agent. We are also working on a resolver implementation that uses the/a universal resolver over HTTP (generally intended for use in testing or when you're running your own universal resolver instance on premise) and eventually we would like to add a resolver implementation that uses the/a universal resolver over DIDComm using the DID Resolution protocol DanubeTech has been championing. We're running into a couple of questions now: do we want the HTTP Universal Resolver implementation built into ACA-Py (enabled with command line arg/config option) or loaded as an external plugin? How about the DIDComm Universal Resolver implementation?

I could see this easily going either way and in either case setup and configuration would not be dramatically different (add `--enable-http-universal-resolver` or similar vs `pip install acapy-plugin-http-universal-resolver` and add `--plugin acapy_plugin_http_universal_resolver`)

Thanks in advance for your input.
cc: @swcurran @andrew.whitehead @victor.martinez

lohan.spies (Thu, 25 Feb 2021 14:47:58 GMT):

Like the pip install approach.

dbluhm (Thu, 25 Feb 2021 14:54:37 GMT):

I don't think it's been implemented this way yet but the DID Resolution protocol support lends itself to being loaded as a plugin; including an implementation for hooking into the DID resolver interface to that group of work also makes sense to me for the DIDComm Universal Resolver. Grouping the two wouldn't require loading both. There's a lot of name collision going on so hopefully my intent is at least somewhat clear lol.

Yunxi 3 (Thu, 25 Feb 2021 14:58:14 GMT):

Hello all, i'm using acapy v0.6.0-rc0 to run two agents representing a credential issuer and a credential holder. I don't enable the attributes such as --auto-respond-credential-offer, --auto-respond-credential-request, and trying to manually trigger steps for (1) holder sends a credential proposal (api: issue-credential-2.0/send-proposal) (2) issuer sends a credential offer (issue-credential-2.0/send-offer)(3) holder sends a credential request (api: issue-credential-2.0/records/{cred_ex_id}/send-request) and (4) issuer sends an issued credential (api: issue-credential-2.0/records/{cred_ex_id}/issue). The 3 steps worked fine, but when running step (4), i keep getting error, see attached file. So, q1, do i use the right api for step (4) ? If so, anyone has met same issues? Thanks

Yunxi 3 (Thu, 25 Feb 2021 14:58:14 GMT):

Hello all, i'm using acapy v0.6.0-rc0 to run two agents representing a credential issuer and a credential holder. I don't enable the attributes such as --auto-respond-credential-offer, --auto-respond-credential-request, and trying to manually trigger steps for (1) holder sends a credential proposal (api: issue-credential-2.0/send-proposal) (2) issuer sends a credential offer (issue-credential-2.0/send-offer)(3) holder sends a credential request (api: issue-credential-2.0/records/{cred_ex_id}/send-request) and (4) issuer sends an issued credential (api: issue-credential-2.0/records/{cred_ex_id}/issue). The 3 steps worked fine, but when running step (4), i keep getting error, see attached file. My question is whether I have used the right api for step (4) ? If so, anyone has met same issues? Thanks

Yunxi 3 (Thu, 25 Feb 2021 14:58:43 GMT):



error.txt

Yunxi 3 (Thu, 25 Feb 2021 15:00:11 GMT):

Hello all, after checking the acapy command, i see a few attributes related to storage/wallet, and wondering if I need to specify them all if using a particular type of storage (e.g. memory, sqlite and postgresql)? The attributes are: --wallet-type --wallet-storage-type and --storage-type. The current help info doesn't specify if there are any dependency amongst 3 of them. Also, when i see --auto-provision attribute, it mentions intilializes the requested profile if it does not exist, I wonder what's the difference between the profile and a wallet/storage?

sklump (Thu, 25 Feb 2021 15:02:36 GMT):

Probably out-of-band/create-invitation with an attachment

Yunxi 3 (Thu, 25 Feb 2021 16:50:54 GMT):

hello all, regarding the wallet type, what's the key difference between a basic (memory) and an indy one?

swcurran (Thu, 25 Feb 2021 16:52:48 GMT):

The indy one uses the indy-sdk, and indy-wallet (as it is called) within it.  There are two (or three?) flavours of indy-wallet persistence -- sqlite, postgres and I think there is also an in-memory variant.

The in-memory one in ACA-Py does not use the indy-sdk for storage.

swcurran (Thu, 25 Feb 2021 16:53:00 GMT):

I better get @andrew.whitehead to confirm that :-)

Yunxi 3 (Thu, 25 Feb 2021 16:54:37 GMT):

Thanks for the info @swcurran . If I choose to use Indy as the type, does it use sqlite by default?

swcurran (Thu, 25 Feb 2021 16:55:03 GMT):

Yes

Yunxi 3 (Thu, 25 Feb 2021 16:56:17 GMT):

sorry, dont know sqlite in detail. Does it mean sqlite is auto provisioned as a db in indy-sdk?

Yunxi 3 (Thu, 25 Feb 2021 16:56:17 GMT):

sorry, dont know sqlite in detail. Does it mean sqlite is auto provisioned as a db (probably a light-weight one?) in indy-sdk?

andrew.whitehead (Thu, 25 Feb 2021 17:16:34 GMT):

No, the ACA-Py in-memory wallet doesn't touch indy-SDK

andrew.whitehead (Thu, 25 Feb 2021 17:17:29 GMT):

The sqlite database is in one file (plus up to two files if it's currently open). It's auto-created during provisioning

andrew.whitehead (Thu, 25 Feb 2021 17:17:48 GMT):

The postgres backend can automatically create the database as well if admin credentials are provided

Yunxi 3 (Thu, 25 Feb 2021 17:26:25 GMT):

Thanks for the response @andrew.whitehead . Still got other questions. Q1: am i able to find the sqllite db in my agent somewhere? Q2: if i want to use postgresql, do you mean postgres backend will create a postgres db for me as well? Q3. if answer for Q2 is correct, am i able to find the postgresql db in my agent somewhere?  Q4. can i use an external postgresql db (e.g. aws postgresql)?

Yunxi 3 (Thu, 25 Feb 2021 17:26:25 GMT):

Thanks for the response @andrew.whitehead . Still got other questions. Q1: am i able to find the sqllite db in my agent somewhere? Q2: if i want to use postgresql, do you mean postgres backend will automatically create a postgres db for me as well? Q3. if answer for Q2 is correct, am i able to find the postgresql db in my agent somewhere?  Q4. can i use an external postgresql db (e.g. aws postgresql)?

andrew.whitehead (Thu, 25 Feb 2021 17:33:50 GMT):

The sqlite wallet is created under the indy home directory, `~/.indy_client/wallet/{name}` on unixes

andrew.whitehead (Thu, 25 Feb 2021 17:33:50 GMT):

The sqlite wallet is created under the indy home directory, `~/.indy_client/wallet/{name}` on unixes. It's encrypted, though

andrew.whitehead (Thu, 25 Feb 2021 17:34:49 GMT):

The postgres DB is always external, it requires a server application

Yunxi 3 (Thu, 25 Feb 2021 18:34:21 GMT):

Hello all, when reading this credential revocation doc: https://github.com/hyperledger/indy-sdk/blob/master/docs/concepts/revocation/cred-revocation.md. "This is handled by requiring accumulator updates to also publish a witness delta as part of the same transaction. This tells provers how to adjust their witness (referencing other indexes in the public tails file) to bring it back into harmony with the current value of the accumulator."  My understanding is each prover can only look up its own private factor in the tails file, this implies they shouldn't be able to calculate their witness by getting the info from the tails file but should only get it from the issuer. If this is correct, how does each prover adjust their witness based on the witness delta?

mattatkiva (Thu, 25 Feb 2021 19:33:58 GMT):

I apologize in advance for this really dumb question.  I blew away my local acapy repo, grabbed latest from github.  I get this error trying to run it, which used to work I believe.
```mattraffel@kiva-mattr:~/src/hyperledger/acapy/bin$ python3 ./aca-py start \
>     --inbound-transport http 0.0.0.0 8123 \
>     --admin 0.0.0.0 8124 \
>     --outbound-transport http \
>     --webhook-url "http://127.0.0.1:5000/v1/controller/alice" \
>     --endpoint http://0.0.0.0:8123 \
>     --admin-insecure-mode
  File "./aca-py", line 3
    if [ -z "$PYTHON" ]; then
            ^
SyntaxError: invalid syntax```

what step am I missing?

andrew.whitehead (Thu, 25 Feb 2021 19:35:50 GMT):

aca-py is a shell script now, not a python script

mattatkiva (Thu, 25 Feb 2021 19:36:22 GMT):

```mattraffel@kiva-mattr:~/src/hyperledger/acapy/bin$ ls -l
total 16
-rwxr-xr-x  1 mattraffel  staff   165B Feb 25 12:26 aca-py*
-rwxr-xr-x  1 mattraffel  staff   497B Feb 25 12:26 start_acapy_alice.sh*
mattraffel@kiva-mattr:~/src/hyperledger/acapy/bin$ ./aca-py
/Applications/Xcode.app/Contents/Developer/usr/bin/python3: No module named aries_cloudagent.__main__; 'aries_cloudagent' is a package and cannot be directly executed```

andrew.whitehead (Thu, 25 Feb 2021 19:36:54 GMT):

cd ..; bin/aca-py

mattatkiva (Thu, 25 Feb 2021 19:38:02 GMT):

still getting errors.  how much should I copy here?

andrew.whitehead (Thu, 25 Feb 2021 19:38:56 GMT):

what kind of errors?

mattatkiva (Thu, 25 Feb 2021 19:39:33 GMT):

```mattraffel@kiva-mattr:~/src/hyperledger/acapy$ ./bin/aca-py start \
>      --inbound-transport http 0.0.0.0 8123 \
>      --admin 0.0.0.0 8124 \
>      --outbound-transport http \
>      --webhook-url "http://127.0.0.1:5000/v1/controller/alice" \
>      --endpoint http://0.0.0.0:8123 \
>      --admin-insecure-mode
Traceback (most recent call last):
  File "/Applications/Xcode.app/Contents/Developer/Library/Frameworks/Python3.framework/Versions/3.8/lib/python3.8/runpy.py", line 193, in _run_module_as_main
    return _run_code(code, main_globals, None,
  File "/Applications/Xcode.app/Contents/Developer/Library/Frameworks/Python3.framework/Versions/3.8/lib/python3.8/runpy.py", line 86, in _run_code
    exec(code, run_globals)
  File "/Users/mattraffel/src/hyperledger/acapy/aries_cloudagent/__main__.py", line 74, in 
    main(sys.argv)
  File "/Users/mattraffel/src/hyperledger/acapy/aries_cloudagent/__main__.py", line 71, in main
    run(args)
  File "/Users/mattraffel/src/hyperledger/acapy/aries_cloudagent/__main__.py", line 64, in run
    run_command(command, args)
  File "/Users/mattraffel/src/hyperledger/acapy/aries_cloudagent/commands/__init__.py", line 36, in run_command
    module = load_command(command) or load_command("help")
  File "/Users/mattraffel/src/hyperledger/acapy/aries_cloudagent/commands/__init__.py", line 31, in load_command
    return import_module(module_path)
  File "/Applications/Xcode.app/Contents/Developer/Library/Frameworks/Python3.framework/Versions/3.8/lib/python3.8/importlib/__init__.py", line 127, in import_module
    return _bootstrap._gcd_import(name[level:], package, level)
  File "", line 1014, in _gcd_import
  File "", line 991, in _find_and_load
  File "", line 975, in _find_and_load_unlocked
  File "", line 671, in _load_unlocked
  File "", line 783, in exec_module
  File "", line 219, in _call_with_frames_removed
  File "/Users/mattraffel/src/hyperledger/acapy/aries_cloudagent/commands/start.py", line 8, in 
    from configargparse import ArgumentParser
ModuleNotFoundError: No module named 'configargparse'```

andrew.whitehead (Thu, 25 Feb 2021 19:39:56 GMT):

missing dependencies, `pip install -r requirements.txt`

mattatkiva (Thu, 25 Feb 2021 19:42:57 GMT):

ok.  so is it fair to say https://github.com/hyperledger/aries-cloudagent-python/blob/main/DevReadMe.md is out of date

andrew.whitehead (Thu, 25 Feb 2021 19:46:52 GMT):

Not at all. It suggests you install the package from pypi or run it in Docker

mattatkiva (Thu, 25 Feb 2021 19:47:21 GMT):

running it in docker is producing errors too

mattatkiva (Thu, 25 Feb 2021 19:51:23 GMT):

this step is missing from https://github.com/hyperledger/aries-cloudagent-python/blob/main/DevReadMe.md

andrew.whitehead (Thu, 25 Feb 2021 19:51:48 GMT):

It's not required if you install the package

mattatkiva (Thu, 25 Feb 2021 19:53:36 GMT):

```mattraffel@kiva-mattr:~/src/hyperledger/acapy$ ./scripts/run_docker start --inbound-transport http 0.0.0.0 10000 --outbound-transport http --log-level DEBUG
[+] Building 1.2s (14/14) FINISHED
 => [internal] load build definition from Dockerfile.run                                                        0.0s
 => => transferring dockerfile: 41B                                                                             0.0s
 => [internal] load .dockerignore                                                                               0.0s
 => => transferring context: 34B                                                                                0.0s
 => [internal] load metadata for docker.io/bcgovimages/von-image:py36-1.15-1                                    1.1s
 => [internal] load build context                                                                               0.1s
 => => transferring context: 70.13kB                                                                            0.0s
 => [1/9] FROM docker.io/bcgovimages/von-image:py36-1.15-1@sha256:7ba9452bbda1b5d03f117451ba6504f30cfe5598e74f  0.0s
 => CACHED [2/9] ADD requirements*.txt ./                                                                       0.0s
 => CACHED [3/9] RUN pip3 install --no-cache-dir -r requirements.txt -r requirements.dev.txt                    0.0s
 => CACHED [4/9] ADD aries_cloudagent ./aries_cloudagent                                                        0.0s
 => CACHED [5/9] ADD bin ./bin                                                                                  0.0s
 => CACHED [6/9] ADD README.md ./                                                                               0.0s
 => CACHED [7/9] ADD setup.py ./                                                                                0.0s
 => CACHED [8/9] RUN pip3 install --no-cache-dir -e .                                                           0.0s
 => CACHED [9/9] RUN mkdir logs && chown -R indy:indy logs && chmod -R ug+rw logs                               0.0s
 => exporting to image                                                                                          0.0s
 => => exporting layers                                                                                         0.0s
 => => writing image sha256:e52c11e6a7f3e32e7dcd63f539707e8cad53f254c6e2173a4770576e8644b1b8                    0.0s
 => => naming to docker.io/library/aries-cloudagent-run                                                         0.0s
Input error```
this is a step in the doc as well

andrew.whitehead (Thu, 25 Feb 2021 19:54:44 GMT):

I'm not sure what that's about

andrew.whitehead (Thu, 25 Feb 2021 19:55:38 GMT):

You can also run `pip install -e .` from the root directory to add the local copy of the package to your python modules

mattatkiva (Thu, 25 Feb 2021 19:56:17 GMT):

but thats running it in docker right?

andrew.whitehead (Thu, 25 Feb 2021 19:56:42 GMT):

scripts/run_docker does, that command does not

mattatkiva (Thu, 25 Feb 2021 19:58:17 GMT):

Im missing something.  how is running the pip install command going to fix the issue with trying to run acapy in docker (thats the command above I copied and ran from the documentation sans the --debug parameter)?

andrew.whitehead (Thu, 25 Feb 2021 19:59:11 GMT):

It's not. I don't know why the docker build isn't working for you, your platform must be different somehow

andrew.whitehead (Thu, 25 Feb 2021 20:07:56 GMT):

You could try commenting out the `RAND_NAME=..` line near the end of scripts/run_docker and changing it to something else, it just generates a random name so that multiple containers don't conflict

vongohren (Thu, 25 Feb 2021 20:37:59 GMT):

Hey guys, last week I asked these questions: https://github.com/hyperledger/aries-cloudagent-python/issues/983
Lots of good stuff came out of that. I promised a more detailed write up from my point of view. I would love some feedback on that stuff. I will move it over to github a bit later so I potentially can add it to the repo, but probably need a couple of rounds of feedback on it first.

Im building the document out as I go through getting familiar with Aca-PY, and in the following doc there are some questions labled questions under some of the titles. Would love some insight and comments on those. As I have only touched upon the connection and issuance for now, I feel that it is a good place to not overwhelm the feedback session
https://docs.google.com/document/d/1eJzy8vIJ0bRVVSG-7Z3uC9lEay_mbIw4mSSoJbdhEmo/edit?usp=sharing

ianco (Thu, 25 Feb 2021 20:49:28 GMT):

@alexgmetcalf

ianco (Thu, 25 Feb 2021 20:50:00 GMT):

User User_1 added by ianco.

swcurran (Fri, 26 Feb 2021 00:16:53 GMT):

*FYI: Aries Cloud Agent - Python Release Candidate 0.6.0 has been tagged and posted to PyPi!*

Release notes are available here - https://github.com/hyperledger/aries-cloudagent-python/releases/tag/0.6.0. A new docker image will shortly be available here -- https://hub.docker.com/r/bcgovimages/aries-cloudagent/tags?page=1&ordering=last_updated

This is a very large release with lots added, including:

* Breaking changes - adjustments to startup options and changes to ACA-Py plugin integrations.
* Multi-tenancy support
* Mediator Support
* Flexible Webhooks handling support for controllers
* DID Exchange and OOB support
* Issuer Credential V2 Support
* Various fixes...

Code reference documentation has been generated to ReadTheDocs - https://aries-cloud-agent-python.readthedocs.io/en/0.6.0/

swcurran (Fri, 26 Feb 2021 00:16:53 GMT):

*FYI: Aries Cloud Agent - Python Release 0.6.0 has been tagged and posted to PyPi!*

Release notes are available here - https://github.com/hyperledger/aries-cloudagent-python/releases/tag/0.6.0. A new docker image will shortly be available here -- https://hub.docker.com/r/bcgovimages/aries-cloudagent/tags?page=1&ordering=last_updated

This is a very large release with lots added, including:

* Breaking changes - adjustments to startup options and changes to ACA-Py plugin integrations.
* Multi-tenancy support
* Mediator Support
* Flexible Webhooks handling support for controllers
* DID Exchange and OOB support
* Issuer Credential V2 Support
* Various fixes...

Code reference documentation has been generated to ReadTheDocs - https://aries-cloud-agent-python.readthedocs.io/en/0.6.0/

swcurran (Fri, 26 Feb 2021 00:17:34 GMT):

Awesome to have this released on the same day that Aries became an "Active" project in Hyperledger!!!

ianco (Fri, 26 Feb 2021 01:27:10 GMT):

You didn't mention that the `0.6.0` tag was PR number 1000!

Yunxi 3 (Fri, 26 Feb 2021 10:20:20 GMT):

Hello all, i just updated my acapy code to the latest 0.6.0 and when running my agent which worked fine in v0.6.0rc1, now i got error: docker: Invalid ip address 8000:8000: address 8000:8000:: too many colons in address. What is the right syntax for environment variables such as "PORTS=" now?

vongohren (Fri, 26 Feb 2021 15:28:44 GMT):

Im just bringing this to attention, should I rather do this on github, or where should I go?

jabuaasnez (Fri, 26 Feb 2021 15:32:38 GMT):

Has joined the channel.

jabuaasnez (Fri, 26 Feb 2021 15:32:39 GMT):

Hi! I don't know if here is the right place, but I have some doubts regarding a user case I have. 
The user case will involve DID and credentials, which I've seen it could be solved in different ways. But the problem I'm facing now, to decide what I will use to design my architecture, is to solve how I could send messages from an agent (let's say a raspberry pi or a sensor sending data) to a mobil agent via *bluetooth*.

jabuaasnez (Fri, 26 Feb 2021 15:46:26 GMT):

[ ](https://chat.hyperledger.org/channel/aries-cloudagent-python?msg=WhWsq6FYwLyACy2yY) I understand cloudagent is for services in non-mobile environment, but does anyone know in which channel I could help with my specific question?

swcurran (Fri, 26 Feb 2021 16:39:47 GMT):

We'll go through it based on this and see how this can help.  For example, maybe this just goes into an MD file in the repo and referenced as a demo/lab that people can use.

vongohren (Sun, 28 Feb 2021 15:28:20 GMT):

That is the plan @swcurran just starting here as im also building this out for the rest of my team. And I felt it was a little easier to have faster iteration in the doc :P

vongohren (Mon, 01 Mar 2021 08:49:11 GMT):

Hi! Is it not possible to send a proof request without a predicate? Trying to get this to work
` "requested_predicates": {},`

But keep hitting this

```
{
  "proof_request": {
    "requested_predicates": [
      "Missing data for required field."
    ]
  }
}
```

vongohren (Mon, 01 Mar 2021 08:49:11 GMT):

~~Hi! Is it not possible to send a proof request without a predicate? Trying to get this to work
` "requested_predicates": {},`

But keep hitting this

```
{
  "proof_request": {
    "requested_predicates": [
      "Missing data for required field."
    ]
  }
}
```~~

Me just building the wrong JSON

vongohren (Mon, 01 Mar 2021 08:49:11 GMT):

~~Hi! Is it not possible to send a proof request without a predicate? Trying to get this to work~~
~~` "requested_predicates": {},`~~

~~But keep hitting this~~

~~```
{
  "proof_request": {
    "requested_predicates": [
      "Missing data for required field."
    ]
  }
}
```~~

Me just building the wrong JSON

vongohren (Mon, 01 Mar 2021 08:49:11 GMT):

Edit: Me just building the wrong JSON

~~Hi! Is it not possible to send a proof request without a predicate? Trying to get this to work~~
~~` "requested_predicates": {},`~~

~~But keep hitting this~~

~~```
{
  "proof_request": {
    "requested_predicates": [
      "Missing data for required field."
    ]
  }
}
```~~

vongohren (Mon, 01 Mar 2021 08:49:11 GMT):

Edit: Me just building the wrong JSON, put the attribute inside the wrong brackets

~~Hi! Is it not possible to send a proof request without a predicate? Trying to get this to work~~
~~` "requested_predicates": {},`~~

~~But keep hitting this~~

~~```
{
  "proof_request": {
    "requested_predicates": [
      "Missing data for required field."
    ]
  }
}
```~~

RounakGhosh (Mon, 01 Mar 2021 10:01:47 GMT):

Hello Everyone @swcurran ,
*_Issue regarding Aca-Py----_* I have been able to send proof request from aca py agent to the mobile wallet. I am getting the proof request in my mobile, however the data is loading in it. The cred_def_id I had provided matches with the credentials I have in my wallet. Would you be able to clarify what might be the issue.? Thanks.

RounakGhosh (Mon, 01 Mar 2021 10:01:47 GMT):

Hello Everyone and @swcurran ,
*_Issue regarding Aca-Py----_* I have been able to send proof request from aca py agent to the mobile wallet. I am getting the proof request in my mobile, however the data is loading in it. The cred_def_id I had provided matches with the credentials I have in my wallet. Would you be able to clarify what might be the issue.? Thanks.

Yunxi 3 (Mon, 01 Mar 2021 10:21:04 GMT):

Hello all and @swcurran , I've got a question regarding the public DID for an agent. I understand practically, I need to register an DID for an agent on the Indy ledger (even though it's a dev one) before running an agent, because the agent needs a proper seed associated with the DID to run properly. However, conceptually, a DID in the SSI world should represent an end user, so I'm confused how I should create DID for each end user. For a one-one mapping between an agent to an end user (e.g. each agent represents an individual end user, this one-one mapping follows the concepts), but Q1. if I want to turn on multi-tenancy feature in an agent to represent many end users, how can the DID of an agent represent each end user? Q2. I understand a public DID is stored in the Indy ledger, is the public DID of an end user also stored in the agent's wallet ? Q2 comes from an API available to agents named "/wallet/did/public".

Shweta1 (Mon, 01 Mar 2021 11:12:08 GMT):

Hi All,
I am using link (https://github.com/hyperledger/aries-cloudagent-python/issues/910)to create mediator.
Created 3 agents alice,bob and mediator.

alice create connection invitation.
mediator receives invitation by receive-invitation using auto accept.
but the Alice's connection state is response.while it should be active.

Pls suggest.I am using cloudagent 0.6.0 tag.

daidoji (Mon, 01 Mar 2021 13:07:10 GMT):

There are public dids (which you can use to create connections with other agents) and then there are the dids made for each pairwise connection.

If you create multiple connections to other agents, you'll notice that each one creates a new pairwise did (which you can view when querying the connections).  So acapy (and indy) do this for you transparently.

daidoji (Mon, 01 Mar 2021 13:07:30 GMT):

It'll work similarly with multi-tenancy

daidoji (Mon, 01 Mar 2021 13:07:47 GMT):

all the dids are stored in the wallet for acapy

vongohren (Mon, 01 Mar 2021 13:52:52 GMT):



Screen Shot 2021-03-01 at 14.51.05.png

vongohren (Mon, 01 Mar 2021 13:52:56 GMT):



Screen Shot 2021-03-01 at 14.50.49.png

vongohren (Mon, 01 Mar 2021 13:54:28 GMT):

Hi! I have some real issues with getting postgres to work locally :O

See the screenshots above

It seems that it is reaching the database, as the logs are getting fatal errors. So the connection is made.

But I cannot understand the error happening?

```
        --wallet-storage-type postgres_storage \
        --wallet-storage-config '{\"url\":\"host.docker.internal:5432\"}' \
        --wallet-storage-creds '{\"account\":\"local-cloud-agent\",\"password\":\"testtest\",\"admin_account\":\"admin-cloud-agent\",\"admin_password\":\"testtest\"}' \
``` 

This is the current config im testing out and inspiration is coming from here: https://github.com/bcgov/aries-vcr/blob/master/docker/docker-compose.yml#L196

Any ideas what I might be doing wrong?

vongohren (Mon, 01 Mar 2021 13:54:28 GMT):

Hi! I have some real issues with getting postgres to work locally :O

See the screenshots above

It seems that it is reaching the database, as the logs are getting fatal errors. So the connection is made.

But I cannot understand the error happening?

```
--wallet-storage-type postgres_storage \
--wallet-storage-config '{\"url\":\"host.docker.internal:5432\"}' \
--wallet-storage-creds '{\"account\":\"local-cloud-agent\",\"password\":\"testtest\",\"admin_account\":\"admin-cloud-agent\",\"admin_password\":\"testtest\"}' \
--wallet-name diwala2 \
``` 

This is the current config im testing out and inspiration is coming from here: https://github.com/bcgov/aries-vcr/blob/master/docker/docker-compose.yml#L196

Any ideas what I might be doing wrong?

vongohren (Mon, 01 Mar 2021 13:54:28 GMT):

Hi! I have some real issues with getting postgres to work locally :O

See the screenshots above

It seems that it is reaching the database, as the logs are getting fatal errors. So the connection is made.

But I cannot understand the error happening?

```
aca-py start \
-it http '0.0.0.0' 10000 \
-ot http \
--admin '0.0.0.0' 5000 \
-e 'http://localhost:10000/' \
--auto-provision \
--wallet-storage-type postgres_storage \
--wallet-storage-config '{\"url\":\"host.docker.internal:5432\"}' \
--wallet-storage-creds '{\"account\":\"local-cloud-agent\",\"password\":\"testtest\",\"admin_account\":\"admin-cloud-agent\",\"admin_password\":\"testtest\"}' \
--wallet-type indy \
--wallet-name diwala2 \
--wallet-key Diwala.Agent421311 \
--seed diwala9jphVquhjphuVIerbf0XEc74WL \
--genesis-url http://test.bcovrin.vonx.io/genesis \
--label 'Diwala Agent 3' \
--admin-insecure-mode \
--multitenant \
--multitenant-admin \
--jwt-secret very_secret_secret \
--log-level info",
``` 

This is the current config im testing out and inspiration is coming from here: https://github.com/bcgov/aries-vcr/blob/master/docker/docker-compose.yml#L196

Any ideas what I might be doing wrong?

vongohren (Mon, 01 Mar 2021 16:00:48 GMT):

Im running a simple postgres locally and the docker images. I have made those roles and given them super privliged. I know they work to create DBs as tested with some other code. So what might be some good debugging steps here?

swcurran (Mon, 01 Mar 2021 16:07:21 GMT):

There is a group at DIF (Decentralized Identity Foundation) working on DIDComm over Bluetooth that might be useful to you. This was an intended use case from the start of DIDComm, and it is possible, but I'm not certain of the state of what has been implemented.

swcurran (Mon, 01 Mar 2021 16:10:12 GMT):

Things to look at -- make sure you both devices are on the same network (e.g. Sovrin Staging). Check the proof request data structure. We've seen issues with the credential being revokable but the proof request not asking for revocation and vice versa, and the wallets not be able to handle that (though the should...).

swcurran (Mon, 01 Mar 2021 16:15:35 GMT):

Public DIDs are needed only for issuers. If the agent is not going to be an issuer, there is no need for a public DID.  A public DID can be used for other things -- for example, a mediator might have a public DID.  In general -- agents for people do NOT have public DIDs, as that would be putting private info on a ledger. In the Indy/Aries world that is a pretty hard and fast rule -- in other DID ecosystems, this may not be the case.

Q1 - There might be a public DID for a mediator that is in front of all of the tenants. The public DID is where to send the messages and have an encryption key for the mediator, but all the tenants need not have a public DID, and their endpoint is known only to the mediator.

Q2. An agent that has a DID on an Indy ledger has the private key for that DID in their secure storage.

swcurran (Mon, 01 Mar 2021 16:19:32 GMT):

Likely, this is because there is no event to transition the connection to active.  In the newer "DID-Exchange" protocol, there is a response back that provides that.  A trust ping sent by Alice can be used to transition the state.

swcurran (Mon, 01 Mar 2021 16:20:12 GMT):

@ianco --- right up your alley, I'm sure :-)

jabuaasnez (Mon, 01 Mar 2021 16:22:20 GMT):

Thanks for answering! I'll look into DIF works, namely DIDComm WG. 
I was focusing on Bluetooth, but are there any works showing or allowing the communicatoin I described? withouth needing an internet connection?

swcurran (Mon, 01 Mar 2021 16:28:04 GMT):

There is a specific "DIDComm Bluetooth" working group ("wg-didcomm-bluetooth").

Shweta1 (Mon, 01 Mar 2021 17:48:14 GMT):

Thanks a lot swcurran,alice pinged to mediator makes active connection.

Shweta1 (Mon, 01 Mar 2021 18:29:45 GMT):

Hi Team, when agent with follwing configuration is trying to create schema,gives error 403: no ledger avaliable.

Shweta1 (Mon, 01 Mar 2021 18:29:45 GMT):

Hi Team, when agent with follwing configuration is trying to create schema,gives error 403: no ledger avaliable.                                                                                                     
 # General
label: Bob
endpoint: http://localhost:3004
inbound-transport:
  - [http, 0.0.0.0, 3004]
outbound-transport: http
no-ledger: true
genesis-url:http://localhost:9000/genesis-url


# Admin
admin: [0.0.0.0, 3005]
admin-insecure-mode: true

Shweta1 (Mon, 01 Mar 2021 18:29:45 GMT):

Hi Team, when agent with follwing configuration is trying to create schema,gives error *403: no ledger avaliable*.                                                                                                     
 # General
label: Bob
endpoint: http://localhost:3004
inbound-transport:
  - [http, 0.0.0.0, 3004]
outbound-transport: http
no-ledger: true
genesis-url:http://localhost:9000/genesis-url


# Admin
admin: [0.0.0.0, 3005]
admin-insecure-mode: true

Shweta1 (Mon, 01 Mar 2021 18:29:45 GMT):

Hi Team, when agent with follwing configuration is trying to create schema,gives error *403: no ledger avaliable*.                                                                                                     
 # General
label: Bob
endpoint: http://localhost:3004
inbound-transport:
  - [http, 0.0.0.0, 3004]
outbound-transport: http
no-ledger: true
genesis-url:http://localhost:9000/genesis

# Admin
admin: [0.0.0.0, 3005]
admin-insecure-mode: true

Shweta1 (Mon, 01 Mar 2021 18:29:45 GMT):

Hi Team, when agent with follwing configuration is trying to create schema,gives error *403: no ledger avaliable*.                                                                                                     
 # General
label: Bob
endpoint: http://localhost:3004
inbound-transport:
  - [http, 0.0.0.0, 3004]
outbound-transport: http
genesis-url:http://localhost:9000/genesis

# Admin
admin: [0.0.0.0, 3005]
admin-insecure-mode: true

vongohren (Mon, 01 Mar 2021 20:39:22 GMT):

@ianco would love to speak with you in regards to this :D

ianco (Mon, 01 Mar 2021 20:53:51 GMT):

What errors are you getting?

vongohren (Mon, 01 Mar 2021 21:23:03 GMT):

@ianco the pictures are posted above this message. Were not able to incorporate the pictures into the  message

ianco (Mon, 01 Mar 2021 21:25:24 GMT):

Ah ok I see

ianco (Mon, 01 Mar 2021 21:25:45 GMT):

It's an error creating the postgres database, so probably an issue with the credentials or some configuration value

ianco (Mon, 01 Mar 2021 21:26:28 GMT):

The sql's use to create the wallet are here:  https://github.com/hyperledger/indy-sdk/blob/master/experimental/plugins/postgres_storage/src/postgres_storage.rs#L121

ianco (Mon, 01 Mar 2021 21:26:44 GMT):

I suggest logging into postgres with your admin account and try to run these queries manually

vongohren (Mon, 01 Mar 2021 21:38:52 GMT):

@ianco ok will try that tomorrow. Is what do I need to do to trigger those debugger statements btw? They can be very helpful!

vongohren (Tue, 02 Mar 2021 07:55:10 GMT):

Debugger level set to debug got that working

vongohren (Tue, 02 Mar 2021 08:19:54 GMT):

@ianco I found a very strange workaround which is unclear to me why.

This connection string: postgresql://admin-cloud-agent:testtest@localhost:5432
(ignore the localhost, assume it works)

This string is made by the SDK. I tested this string in a minimal connection scenario, and what it complains about is that it is trying to connect to the db 'admin-cloud-agent', which is strange, since that is the user. I just wanted to connect and create a DB. But that was not possible until i acctually created that DB by hand, then it could connect and go and create the DB it wanted.

So if I just have a DB with that use name in the system it will continue and do its deed and work just fine. 

How come? Is it because I run postgresql 12? That some default handling has happened since then and it is not catered for in the code?

T_aanna (Tue, 02 Mar 2021 09:47:18 GMT):

Has joined the channel.

vongohren (Tue, 02 Mar 2021 12:49:34 GMT):

Started the work on github now, hope for better response there: https://github.com/hyperledger/aries-cloudagent-python/pull/1004

vongohren (Tue, 02 Mar 2021 12:49:48 GMT):

Started the work on github now, hope for better response there: https://github.com/hyperledger/aries-cloudagent-python/pull/1004

Yunxi 3 (Tue, 02 Mar 2021 14:08:18 GMT):



Clipboard - March 2, 2021 2:08 PM

Yunxi 3 (Tue, 02 Mar 2021 14:09:24 GMT):

@swcurran , if public DIDs are no needed for an agent that is going to be an issuer, why does the current Acapy require a DID to be registered in the indy ledger? For instance, if I take the von as an example, without writing a new DID to the ledger in the von as shown in the screenshot, running acapy will return error: aries_cloudagent.config.base.ConfigError: Ledger rejected transaction request: client request invalid: could not authenticate, verkey for VV9pK5ZrLPRwYmotgACPkC cannot be found

Yunxi 3 (Tue, 02 Mar 2021 14:09:24 GMT):

@swcurran , if a public DIDs is not needed for an agent that is going to be an issuer, why does the current Acapy require a DID to be registered in the indy ledger? For instance, if I take the von as an example, without writing a new DID to the ledger in the von as shown in the screenshot, running acapy will return error: aries_cloudagent.config.base.ConfigError: Ledger rejected transaction request: client request invalid: could not authenticate, verkey for VV9pK5ZrLPRwYmotgACPkC cannot be found

Yunxi 3 (Tue, 02 Mar 2021 14:09:24 GMT):

@swcurran , if a public DIDs is not needed for an agent that is going to be an issuer, why does the current Acapy require a DID to be registered in the indy ledger? For instance, if I take the von as an example, without writing a new DID to the ledger by using the web UI in the von as shown in the screenshot, running acapy will return error: aries_cloudagent.config.base.ConfigError: Ledger rejected transaction request: client request invalid: could not authenticate, verkey for VV9pK5ZrLPRwYmotgACPkC cannot be found

Yunxi 3 (Tue, 02 Mar 2021 14:09:24 GMT):

@swcurran , if a public DIDs is not needed for an agent that is going to be an issuer, why does the current Acapy require a DID to be registered in the indy ledger? For instance, if I take the von as an example, without writing a new DID to the ledger by using the web UI in the von as shown in the screenshot, running acapy will return error: aries_cloudagent.config.base.ConfigError: Ledger rejected transaction request: client request invalid: could not authenticate, verkey for VV9pK5ZrLPRwYmotgACPkC cannot be found.

ianco (Tue, 02 Mar 2021 14:44:07 GMT):

I think there may have been some changes in postgres in terms of how it handles the default database for the user

swcurran (Tue, 02 Mar 2021 14:44:52 GMT):

Public DIDs **are** needed for issuers -- just not for others.

ianco (Tue, 02 Mar 2021 14:45:00 GMT):

Between postgres 9 and 10 maybe?  I don't recall exactly offhand ...

yezi (Wed, 03 Mar 2021 07:02:17 GMT):

Has joined the channel.

yezi (Wed, 03 Mar 2021 07:02:18 GMT):

hi

vongohren (Wed, 03 Mar 2021 09:07:54 GMT):

Is it anything worth adding to an issue of lib indy sdk or something? Or just having the notion of needing to create a DB with that name when running the db?

da3v21 (Wed, 03 Mar 2021 09:54:18 GMT):

Currently, For a verifier to verify a credential, He has to select the ledger url of a credential by himself. Instead it will be better to add ledger url in a credential by the issuer and verifier will receive it from the prover during send-presentation.

Yunxi 3 (Wed, 03 Mar 2021 10:20:55 GMT):

sorry, put the wrong info in my previous question. The question is: If a public DID is not needed for an agent that is NOT going to be an issuer, why does the current Acapy require a DID to be registered in the indy ledger? In practice, whenever I try to run a new acapy agent regardless of it's going to be an issuer or not, I have to register the DID in the von first, otherwise, acapy agent won't run properly, but returns errors as I showed above.

Yunxi 3 (Wed, 03 Mar 2021 10:20:55 GMT):

sorry, put the wrong info in my previous question. The question is: If a public DID is not needed for an agent that is NOT going to be an issuer, why does the current Acapy require a DID to be registered in the indy ledger? In practice, whenever I try to run a new acapy agent regardless of whether it's going to be an issuer or not, I have to register the DID in the von first, otherwise, acapy agent won't run properly, but returns errors as I showed above.

Yunxi 3 (Wed, 03 Mar 2021 10:30:35 GMT):

@daidoji , when you said "all the dids are stored in the wallet for acapy", do you mean all pairwise dids only (*private* dids, assuming *NOT* using the public dids for connection) are stored in the wallet?

Yunxi 3 (Wed, 03 Mar 2021 10:30:35 GMT):

@daidoji , when you said "all the dids are stored in the wallet for acapy", do you mean all pairwise dids only (i.e. *private* dids, assuming *NOT* using the public dids for connection) are stored in the wallet?

daidoji (Wed, 03 Mar 2021 13:05:00 GMT):

And the public ones that wallet has created on the public ledger.  `/wallet/dids` in the admin should have all of them I believe.

wip-abramson (Wed, 03 Mar 2021 14:18:20 GMT):

Hey are these the most up to date docs for migrating to 0.6.0? - https://hackmd.io/pWCJ4fnoR_aTPIoBiNBV_g

wip-abramson (Wed, 03 Mar 2021 14:19:26 GMT):

If they are it seems they are a bit out of date. They don't mention the change from ConnectionRecord to ConnRecord

wip-abramson (Wed, 03 Mar 2021 14:20:42 GMT):

We also found the bit about ProfileSession confusing. Since we got session using     session = await context.session() taken from the protocols in ACA-Py

wip-abramson (Wed, 03 Mar 2021 14:21:19 GMT):

rather than 
app["context"].profile
profile.session()

ianco (Wed, 03 Mar 2021 14:37:59 GMT):

Yes for sure, go ahead and record an issue, we should at least update the docs

swcurran (Wed, 03 Mar 2021 14:49:08 GMT):

Join us for the ACA-Py User Group is Wednesday at 11AM Pacific (19:00 UTC/20:00 CET). Everyone is welcome!

Zoom link is: https://zoom.us/my/hyperledger.community?pwd=STZQd0xMZU9xRVVOVnpQM3JNQ2dqZz09
Link to meeting agenda page: https://wiki.hyperledger.org/display/ARIES/2021-03-03+Aries+Cloud+Agent+-+Python+Users+Group+Community+Meeting

Topics for the Meeting:

- Status of Persistent Queues Work
- Status of W3C Standard Verifiable Credentials with ZKP and Selective Disclosure in ACA-Py
- Status of DID Resolver work
- What is needed for ACA-Py 1.0.0?

swcurran (Wed, 03 Mar 2021 14:49:08 GMT):

Join us for the ACA-Py User Group Wednesday at 11AM Pacific (19:00 UTC/20:00 CET). Everyone is welcome!

Zoom link is: https://zoom.us/my/hyperledger.community?pwd=STZQd0xMZU9xRVVOVnpQM3JNQ2dqZz09
Link to meeting agenda page: https://wiki.hyperledger.org/display/ARIES/2021-03-03+Aries+Cloud+Agent+-+Python+Users+Group+Community+Meeting

Topics for the Meeting:

- Status of Persistent Queues Work
- Status of W3C Standard Verifiable Credentials with ZKP and Selective Disclosure in ACA-Py
- Status of DID Resolver work
- What is needed for ACA-Py 1.0.0?

swcurran (Wed, 03 Mar 2021 14:49:41 GMT):

Today ^^^ !!

Yunxi 3 (Wed, 03 Mar 2021 15:24:41 GMT):

Thanks for the answer @daidoji , i can see them both by calling this apis :-)

Yunxi 3 (Wed, 03 Mar 2021 15:30:35 GMT):

Thanks for the answer, @swcurran , got extra questions. Q1: Why does agent that operates as an issuer needs to have a public DID? Q2: When you mentioned a mediator might have a public DID, do you mean a separate agent (not sure if this is right?) operating as a mediator from an agent as a holder which runs on multi-tenancy mode? Q3: in the multi-tenancy mode, a see base wallet and users sub wallets will be created together, can we use the base wallet's public/private DID as the main endpoint for the rest of the sub wallets?

Yunxi 3 (Wed, 03 Mar 2021 15:30:35 GMT):

Thanks for the answer, @swcurran , got extra questions. Q1: Why does agent that operates as an issuer needs to have a public DID? Q2: When you mentioned a mediator might have a public DID, do you mean a separate agent (not sure if this is right?) operating as a mediator from an agent as a holder which runs on multi-tenancy mode? Q3: in the multi-tenancy mode, a see a base wallet and users sub wallets will be created together, can we use the base wallet's public/private DID as the main endpoint for the rest of the sub wallets?

swcurran (Wed, 03 Mar 2021 15:32:50 GMT):

Sorry about that.  I didn't know about the ConnectionRecord change -- @sklump?

@andrew.whitehead -- might be able to help about the session changes.

wip-abramson (Wed, 03 Mar 2021 15:38:43 GMT):

All good, we made it :) Just thought others might find it helpful

wip-abramson (Wed, 03 Mar 2021 15:39:24 GMT):

Most useful for us when upgrading our protocol was looking just over the protocols in ACA-Py

andrew.whitehead (Wed, 03 Mar 2021 17:50:44 GMT):

What do you mean by the ledger url of a credential?

Yunxi 3 (Wed, 03 Mar 2021 18:32:19 GMT):



Clipboard - March 3, 2021 6:32 PM

Yunxi 3 (Wed, 03 Mar 2021 18:33:29 GMT):



Clipboard - March 3, 2021 6:33 PM

Yunxi 3 (Wed, 03 Mar 2021 18:33:48 GMT):

Hello all, when i try to call an "/present-proof/send-request" api to send a proof request, i got the error showing "String does not match expected pattern", i'm wondering in the json body for this api, what values in the screenshot should i change (e.g. p_type, value for p_value)?

JackyYuan (Thu, 04 Mar 2021 05:25:11 GMT):

Hi ACA-Py team, I was looking at the demo (https://github.com/hyperledger/aries-cloudagent-python/blob/main/demo/README.md) and saw that the "Play with VON" link (http://play-with-von.vonx.io/) for running the demo in browser was not working. Is there an updated link to use?

JackyYuan (Thu, 04 Mar 2021 05:25:11 GMT):

Hi ACA-Py team, I was looking at the demo (https://github.com/hyperledger/aries-cloudagent-python/blob/main/demo/README.md) and saw that the "Play with VON" link (http://play-with-von.vonx.io/) for running the demo in browser was not working. Is there an updated link to use? Thanks!

da3v21 (Thu, 04 Mar 2021 09:36:53 GMT):

a credential definition will be published in a ledger like sovrin staging net/ builder net etc. A verifier has to contact that ledger to verify the credential right. But currently we have to choose the ledger manually

vongohren (Thu, 04 Mar 2021 11:45:22 GMT):

Hi, iv been playing around with getting this hosted on GCP, in a multitennant way. There are some pointers to that doing this on Cloud Run would be impossible as the architecture is now. Cloud run only supports exposing one port. Then one cannot have admin and agent port available? Is it correct to say that admin port is nessecary for the controller to be able to execute on behalf of the multitennant agent? And the inbound port is nessecary for requests coming outside of the multitennant scope?

vongohren (Thu, 04 Mar 2021 12:13:28 GMT):

Im thinking, if this is horisontally scalable, with a postgres in the back. One can run the inbound on one cloud run instance and admin on another? Or are there any possible scary stuff that can happen? If one define the inbound to be the other right instance on the admin instance?

vongohren (Thu, 04 Mar 2021 12:36:33 GMT):

Maybe this does answer my question that it is doable?

vongohren (Thu, 04 Mar 2021 12:36:34 GMT):

https://github.com/hyperledger/aries-cloudagent-python/blob/main/Multitenancy.md#multi-tenant-admin-api

vongohren (Thu, 04 Mar 2021 14:20:57 GMT):

Iv asked this question two places, sorry: https://chat.hyperledger.org/channel/MirQEtycfPYQmjxEX?msg=bKFKf974J8fRFN3Wy

vongohren (Thu, 04 Mar 2021 14:42:53 GMT):

Im reporting more on the other question. But im getting an error doing this, trying out locally with two docker intances

vongohren (Thu, 04 Mar 2021 14:55:17 GMT):

If anyone have the time to jump on a call today to discuss this, im available in 1.5 hours.

vongohren (Thu, 04 Mar 2021 14:55:17 GMT):

If anyone have the time to jump on a call today to discuss this, im available in 1.5 hours and onwards

vongohren (Thu, 04 Mar 2021 14:56:50 GMT):

If anyone have the time to jump on a call today to discuss this, im available in 1.5 hours and onwards

cam-parra (Thu, 04 Mar 2021 17:35:34 GMT):

Just a quick question... what does revocation_registry_size establish? It's unclear in the documentation

sklump (Thu, 04 Mar 2021 17:40:27 GMT):

[ ](https://chat.hyperledger.org/channel/aries-cloudagent-python?msg=f8SiCPYm8bt6ucMdX) The size of the tails file

sklump (Thu, 04 Mar 2021 17:40:27 GMT):

[ ](https://chat.hyperledger.org/channel/aries-cloudagent-python?msg=f8SiCPYm8bt6ucMdX) The size of the tails file; i.e., the size of the revocation registry

sklump (Thu, 04 Mar 2021 17:40:27 GMT):

[ ](https://chat.hyperledger.org/channel/aries-cloudagent-python?msg=f8SiCPYm8bt6ucMdX) The size of the tails file; i.e., the size of the revocation registry. The bigger, the slower the generation but the less frequent it need be. There is also a security argment to larger tails files/rev regs.

sklump (Thu, 04 Mar 2021 17:40:27 GMT):

[ ](https://chat.hyperledger.org/channel/aries-cloudagent-python?msg=f8SiCPYm8bt6ucMdX) The size of the tails file; i.e., the size of the revocation registry. The bigger, the slower the generation but the less frequent it need be. There is also a security argument to larger tails files/rev regs.

sklump (Thu, 04 Mar 2021 17:40:27 GMT):

[ ](https://chat.hyperledger.org/channel/aries-cloudagent-python?msg=f8SiCPYm8bt6ucMdX) The size of the tails file; i.e., the size of the revocation registry. The bigger, the slower the generation but the less frequent it need be.  Note that aca-py automatically generates revocation registries and uploads them to the tails server (since mid-2020ish). There is also a security argument to larger tails files/rev regs.

cam-parra (Thu, 04 Mar 2021 17:47:51 GMT):

Thank you!

esune (Thu, 04 Mar 2021 17:52:20 GMT):

I left you a note on the multitenant thread about the multitenancy-specific part. Regarding GCP: if your controller lives in the same (internal) network as the agent you do not need to expose that port/route to the internet and should be able to make the two components communicate internally. If you need to expose the agent admin api so that you have more than one controller being able to call the agent you would then likely need to come up with a reverse-proxy configuration that allows you to route requests to the right endpoint based on the incoming request path - as an example (e.g.: `/public` proxies to the public port, `/admin` to the admin port)

andrew.whitehead (Thu, 04 Mar 2021 18:20:20 GMT):

The credential ID contains the DID of the issuer, which should be enough to resolve the ledger. The problem is that did:sov: can currently refer to multiple ledgers, this is something people are currently trying to fix with did:indy: to distinguish which one

andrew.whitehead (Thu, 04 Mar 2021 18:20:20 GMT):

The credential definition ID contains the DID of the issuer, which should be enough to resolve the ledger. The problem is that did:sov: can currently refer to multiple ledgers, this is something people are currently trying to fix with `did:indy:` to distinguish which one

vongohren (Thu, 04 Mar 2021 19:08:22 GMT):

Thanks thanks! Ok ok, but is it fair to say that since Cloud Run cannot expose more than one port at the time, it is not possible to use it there? Or can to instances live next to each other? In a horizontal scale pattern?

esune (Thu, 04 Mar 2021 20:06:17 GMT):

I would say it will not work out-of-the-box, not possible seems a bit extreme statement-wise :sweat_smile:

vongohren (Thu, 04 Mar 2021 21:37:38 GMT):

:P Well, that brings us back to the discussion we are having in the other thread. Would be awesome to see how we can do it. Because based on the demo shared, im not able to replicate things locally, but I might be missing a component and be missing some configurations

rpobulic (Fri, 05 Mar 2021 05:26:33 GMT):

If I specify alias in /out-of-band/create-invitation, it is ignored and no Alias is visible in /connections. Specifying alias in  /out-of-band/receive-invitation works as expected. Currently, the only way during /out-of-band/create-invitation to identify the connection for later reference is the invi_msg_id, but it cannot be used as a query parameter for /connections, so a full scan of all connections is needed to find the corresponding connection_id.

rpobulic (Fri, 05 Mar 2021 06:30:58 GMT):

RFC 0434 specifies URL shortening, by replacing the long oob query parameter with a short id parameter. I was not able to find how to use this in 0.6.0, are there any plans to implement URL shortening?

andrew.whitehead (Fri, 05 Mar 2021 07:57:21 GMT):

No plans at the moment. It probably wouldn't be difficult to add a public endpoint that could be used to resolve an invitation by ID, though.

da3v21 (Fri, 05 Mar 2021 09:34:32 GMT):

Thanks for the explanation.

da3v21 (Fri, 05 Mar 2021 09:36:36 GMT):

Currently we give a ledger url to agents, to read/write on the ledger. In a production level environment, any client should be able to access the ledger from any node in the network right?

swcurran (Fri, 05 Mar 2021 16:27:27 GMT):

We've found in implementing this that the URL handling/shortening is an attribute of the controller and that it makes sense that it handle it.

swcurran (Fri, 05 Mar 2021 16:28:05 GMT):

So there was not a lot of need to build it into ACA-Py.

swcurran (Fri, 05 Mar 2021 16:28:34 GMT):

The controller being the thing that displays the QR code and receives the request from the QR code being scanned.

andrew.whitehead (Fri, 05 Mar 2021 18:39:09 GMT):

Yes, ideally they wouldn't need the ledger URL (genesis transactions) and would be able to resolve a DID directly, but it's not quite that simple yet

rpobulic (Fri, 05 Mar 2021 20:02:03 GMT):

I think that using ?id instead of ?oob is not something the controller can deal with. It seems that the greatest benefit of using the OOB protocol is that the connection invitation and credential issue or proof presentation can be initiated in a single step, with the possibility to fully automate the rest of the flow, on framework level, without the need for any additional asynchronous steps and correlating connections and credentials or proofs. To achieve one step credential issue or proof presentation when there is no existing connection, the connection must be bootstrapped out-of-band, but it would be very nice if the acapy flow can continue automatically through the new connection, sending the attachments specified in create-invitation, without the need to ever send the attachments out-of-band. I am developing a Medical Pass controller, and 99% of the user interactions can be just a single scan of a QR code, both when receiving a credential and when receiving a proof request. Our real life examples of credentials and proof requests are all too big for a QR code, and often to big for an URL. I guess that many other use cases have similar requirements.

swcurran (Fri, 05 Mar 2021 23:29:33 GMT):

@esune to weigh in with this one as he has dealt with this before.

@rpobulic --- could you outline what you are looking for -- what endpoint(s) and what would it/they do?

rpobulic (Sat, 06 Mar 2021 12:20:24 GMT):

I believe that /out-of-band/create-invitation and /out-of-band/receive-invitation are the appropriate endpoints. A parameter should be added to create-invitation for choosing ?oob or ?id URL parameter generated in the response. Also, it would be nice to have the attachments specified only in create-invitation, and then have the receive-invitation get those attachments through the newly established connection, as the message_id should be logically sufficient to reference the whole invitation, including attachments. That means that only message_id has to be sent out-of-band, not the attachments, making the QR code really small, regardless how many and how complex are the attachments.

lijiachuan (Sun, 07 Mar 2021 15:59:01 GMT):

Hi All, I am not sure whether you encountered this error before? I just cloned one latest version of ACA-Py code, and tried to run the agent, but below error was returned:
```
docker: Invalid ip address 8080:8080: address 8080:8080:: too many colons in address.
```

I used the same command as I used before, but this time it failed. Below is my command:
```
PORTS="8080:8080 8000:8000" \
scripts/run_docker start \
-l Agent \
--inbound-transport http 0.0.0.0 8000 \
--outbound-transport http \
--admin 0.0.0.0 8080 \
--admin-insecure-mode \
--endpoint http://agentIP:8000 \
--genesis-url http://networkIP/genesis \
--wallet-type indy \
--wallet-name mywallet \
--wallet-key welldone \
--seed 000000000000000000000000000Agent \
--log-level 'info'  \
--auto-accept-invites \
--auto-accept-requests \
--auto-ping-connection \
--auto-respond-credential-offer \
--auto-respond-credential-request \
--auto-store-credential \
--auto-verify-presentation \
--auto-provision
```

andrew.whitehead (Sun, 07 Mar 2021 17:32:49 GMT):

There's a recent change to the script, use PORTS="8080 8000"

swcurran (Mon, 08 Mar 2021 00:17:39 GMT):

Can we get this documented, or add to the script to catch this?  This is the second person to stumble on this.

@WadeBarnes -- thoughts?

andrew.whitehead (Mon, 08 Mar 2021 00:58:07 GMT):

I have a PR in to accept either 

RounakGhosh (Mon, 08 Mar 2021 14:22:47 GMT):

@swcurran Can you please guide, how to check whether the devices are in same (Sovrin Staging) network.?

swcurran (Mon, 08 Mar 2021 15:23:26 GMT):

Nice!

Yunxi 3 (Mon, 08 Mar 2021 17:40:05 GMT):

Hello all, for an issuer agent to revoke a credential by calling api for /revocation/revoke, how can the issuer know what values should be put in the JSON body for the two fields here:   "cred_ex_id" and  "cred_rev_id"?

sklump (Mon, 08 Mar 2021 17:46:13 GMT):

The controller ought to capture these data at credential issue.
The /revocation/revoke API takes either the cred ex id, or else the revocation registry identifier (rev reg id) and credential revocation identifier (cred rev id). If you have the cred ex id, the others aren't necessary.

Yunxi 3 (Mon, 08 Mar 2021 17:48:20 GMT):

ah, didn't capture the cred ex id. Now I can get the revocation registry identifier by calling one api, but how to know the revocation identifier id?

Yunxi 3 (Mon, 08 Mar 2021 17:48:20 GMT):

ah, didn't capture the cred ex id. Now I can get the revocation registry identifier by calling one api, but how to know the revocation identifier (cred rev id)? Any api is available to get this cred rev id?

Yunxi 3 (Mon, 08 Mar 2021 17:48:20 GMT):

ah, didn't capture the cred ex id. Now I can get the revocation registry identifier by calling one api, any api is available to get this cred rev id?

andrew.whitehead (Mon, 08 Mar 2021 17:51:48 GMT):

It's an index into the tails file, so generally the first is 1, the second is 2, etc.

Yunxi 3 (Mon, 08 Mar 2021 17:55:46 GMT):

Are there any ways to check the tails file and see which index is for which credential? In a live system, we can't expect users to remember all the indexes for each credential, can we?

andrew.whitehead (Mon, 08 Mar 2021 17:57:09 GMT):

No, the tails file doesn't store that. The credential itself stores that but it's not generally made public

Yunxi 3 (Mon, 08 Mar 2021 17:57:38 GMT):

even an issuer can't get this info from the credential?

andrew.whitehead (Mon, 08 Mar 2021 17:59:30 GMT):

The issuer doesn't generally have the credential, just a record of issuing it

sklump (Mon, 08 Mar 2021 18:00:10 GMT):

no

Yunxi 3 (Mon, 08 Mar 2021 18:03:13 GMT):

So my understanding is this cred_rev_id is more used for developer's debugging purpose? And the best way to do this, is to store the cred_ex_id in the system as mentioned by @sklump ?

sklump (Mon, 08 Mar 2021 18:04:34 GMT):

You can get it through GET /credential/{credential_id}, it's the  cred_rev_id value.

sklump (Mon, 08 Mar 2021 18:04:53 GMT):

The cred_rev_id is the credential revocation identifier.

sklump (Mon, 08 Mar 2021 18:06:35 GMT):

Cred_ex_id is the credential exchange identifier; the issuer should not typically retain cred ex exchange records after issue.

sklump (Mon, 08 Mar 2021 18:07:25 GMT):

Cred_ex_id serves as an index to the issuer credential revocation record, which also stores rev reg id and cred rev id with revocation status.

sklump (Mon, 08 Mar 2021 18:07:50 GMT):

Either cred ex id, or rev reg id & cred rev id, are fine to index credentials for later revocation.

Yunxi 3 (Mon, 08 Mar 2021 18:08:04 GMT):

I just try this api on the issuer side, the issuer can't see any credentials, but the same api works on the holder, which returns 1 credential

sklump (Mon, 08 Mar 2021 18:08:15 GMT):

It is not correct to say that cred rev id is primarily for debugging.

sklump (Mon, 08 Mar 2021 18:08:46 GMT):

The holder holds the credential. The issuer does not.

sklump (Mon, 08 Mar 2021 18:08:46 GMT):

The holder holds the credential. The issuer does not (this is why it is best to drop cred ex records after cred issue).

sklump (Mon, 08 Mar 2021 18:09:27 GMT):

The issuer should retain either the cred ex id or the rev reg id + cred rev id.

Yunxi 3 (Mon, 08 Mar 2021 18:10:32 GMT):

How can the issuer retain the cred rev id, or at which step?

Yunxi 3 (Mon, 08 Mar 2021 18:10:32 GMT):

How can the issuer retain the cred rev id, or at which step? i mean now issuer can't see this credential, how can the issuer get this cred rev id? by contacting the holder to send this info back ?

sklump (Mon, 08 Mar 2021 18:12:30 GMT):

It's in the cred ex record (issue-credential v1), or in the indy detail record (issue-credential v2)

sklump (Mon, 08 Mar 2021 18:12:30 GMT):

It's in the cred ex record (issue-credential v1, `revocation_id`), or in the indy detail record (issue-credential v2, `cred_rev_id`)

sklump (Mon, 08 Mar 2021 18:12:44 GMT):

There are webhooks (see the demo) that fire on saving either.

sklump (Mon, 08 Mar 2021 18:15:02 GMT):

So the controller can capture it at credential issue.

Yunxi 3 (Mon, 08 Mar 2021 18:16:55 GMT):

okay thanks for the info @sklump .

Yunxi 3 (Mon, 08 Mar 2021 18:19:39 GMT):

One more question, currently, my issuer agent will auto issue credentials and send them to my holder agent once it receives a send credential request message from the holder agent, i'm wondering if this is because i've turned on some attributes when running my acapy agent? Below are the "auto attributes" i've turned on: --auto-provision \
--auto-accept-invites \
--auto-accept-requests \
--auto-respond-messages \
--auto-ping-connection \, not sure which one makes this process auto happen

Yunxi 3 (Mon, 08 Mar 2021 18:19:39 GMT):

One more question, currently, my issuer agent will auto issue credentials and send them to my holder agent once it receives a send credential request message from the holder agent, i'm wondering if this is because i've turned on some attributes when running my acapy agent? Below are the "auto attributes" i've turned on: --auto-provision \
--auto-accept-invites \
--auto-accept-requests \
--auto-respond-messages \
--auto-ping-connection \, not sure which one makes this process auto happen. I've checked the help command, don't find anyone is potentially related to this auto credential issuance

Yunxi 3 (Mon, 08 Mar 2021 18:19:39 GMT):

One more question, currently, my issuer agent will auto issue credentials and send them to my holder agent once it receives a send credential request message from the holder agent, i'm wondering if this is because i've turned on some attributes when running my acapy agent? Below are the "auto attributes" i've turned on: --auto-provision \
--auto-accept-invites \
--auto-accept-requests \
--auto-respond-messages \
--auto-ping-connection \, not sure which one makes this process auto happen. I've checked the help command, don't find any one of the attributes is potentially related to this auto credential issuance

esune (Mon, 08 Mar 2021 19:24:57 GMT):

I understand what @rpobulic means.

From a QR code "quality" perspective, the more information is embedded, the hardest it is to scan and decode it properly.

esune (Mon, 08 Mar 2021 19:27:59 GMT):

I have not (yet) played around with OOB so I am not able to answer questions specific to its implementation and/or possible evolutions at this time, however as @swcurran mentioned in some of our use cases (e.g.: [vc-authn-oidc](https://github.com/bcgov/vc-authn-oidc) the controller is the entity that takes care of "normalizing" the payload for the QR code by creating a short URL that contains a redirect to a full JSON payload that is then used by the wallet.

esune (Mon, 08 Mar 2021 19:28:40 GMT):

I do not think there is a well-defined standard on shortening/redirection - other than what the wallets have come up to commonly using.

esune (Mon, 08 Mar 2021 19:30:01 GMT):

It would probably make sense (to me) to have an external (non aca-py) shortening service handle this as most of these URLs "die" after being used once and we would not want to keep the records/data in the wallet forever - potentially. An external standardized service would be the best option.

esune (Mon, 08 Mar 2021 19:33:45 GMT):

You could potentially write a plugin that does that and stores the mapping in aca-py, however this would probably not be a great idea as you would still need a pass-through call to the controller in order to be able to expose the URL to the internet (the admin API is protected and should not generally be publicly accessible).

JSedlmeir (Mon, 08 Mar 2021 21:43:40 GMT):

Has joined the channel.

JSedlmeir (Mon, 08 Mar 2021 21:43:41 GMT):

Hello everyone, is there a way to configure the webhooks that the aries-cloudagent sends with an API key (or any other security that can be used in an enterprise deployment)?

JSedlmeir (Mon, 08 Mar 2021 21:43:41 GMT):

Hello everyone, is there a way to configure the webhooks that the aries-cloudagent sends with an API key (or any other security configuration that can be used in an enterprise deployment)?

esune (Mon, 08 Mar 2021 21:47:40 GMT):

Starting with ACA-Py 0.6.0 you can specify the webhook endpoint(s) in the format `https://some-address/my-path#api-key-to-use` and the api-key will be parsed out and added to the x-api-key header

JSedlmeir (Mon, 08 Mar 2021 21:48:29 GMT):

Awesome, thank you very much!!

JSedlmeir (Mon, 08 Mar 2021 21:48:45 GMT):

Awesome, thank you very much!!

swcurran (Mon, 08 Mar 2021 22:05:59 GMT):

Welcome @JSedlmeir !

JSedlmeir (Mon, 08 Mar 2021 23:52:56 GMT):

@esune, is the method that you suggested supposed to work also without https and with a plain ip address for testing purposes, i.e., `http://my-ip-address:my-port#api-key-to-use` (and is the placement of the port correct)? I think I am still doing something wrong. =)

esune (Tue, 09 Mar 2021 00:54:20 GMT):

I think so, what you are posting here seems to match the behaviour I'd expect. Is it not working? What are you seeing as error/messages?

sklump (Tue, 09 Mar 2021 11:22:07 GMT):

--auto-respond-credential-request

sklump (Tue, 09 Mar 2021 11:24:21 GMT):

but auto_issue overrides where it appears in the admin API.

Yunxi 3 (Tue, 09 Mar 2021 13:28:55 GMT):

Hello @sklump , I haven't used this --auto-respond-credential-request when running my acapy agent, why does this auto credential issuance happen in my issuer agent?

Yunxi 3 (Tue, 09 Mar 2021 13:43:09 GMT):

Hello all, after revoking a credential, is the only way to verify a revoked credential is to let the verifier verify the revoked credential? Are there other ways for the issuer to check a list of revoked credentials by using any apis in acapy?

sklump (Tue, 09 Mar 2021 13:58:39 GMT):

You must have set auto_issue in an admin API call.

sklump (Tue, 09 Mar 2021 13:58:39 GMT):

You must have set auto_issue in an admin API call, or used `POST /issue-credential/create` / `POST /issue-credential-2.0/create` (these calls automate the flow start to stop)

sklump (Tue, 09 Mar 2021 13:58:39 GMT):

You must have set auto_issue in an admin API call, or used `POST /issue-credential/create` / `POST /issue-credential-2.0/create` (these calls automate the flow start to finish)

sklump (Tue, 09 Mar 2021 14:02:38 GMT):

GET `/revocation/credential-record`

sklump (Tue, 09 Mar 2021 14:02:38 GMT):

`GET /revocation/credential-record`, `state="revoked"`

Yunxi 3 (Tue, 09 Mar 2021 14:21:33 GMT):

thanks @sklump; i can see the revoked credential by calling this api. However, when the verifier agent resend the request to the holder and get the presentation from the holder and do the presentation validation again, the result still shows the state is "verified". What's wrong here?

Yunxi 3 (Tue, 09 Mar 2021 14:29:12 GMT):

sorry, ignore my previous message, just found out there is another attribute showing the true/false for the verified attribute

sklump (Tue, 09 Mar 2021 14:57:02 GMT):

Any more issues, please write them up and submit them.

lijiachuan (Tue, 09 Mar 2021 15:24:25 GMT):

Hi @andrew.whitehead , thanks for your reply, but currently althoug the agent was up and running, but I could not open the swagger api page, with the port 8080, it worked previously. Below is the last screen in my agent console:
```
2021-03-09 15:20:23,624 aries_cloudagent.config.ledger INFO Fetching genesis transactions from: http://23.100.94.145/genesis
2021-03-09 15:20:23,632 aries_cloudagent.core.profile INFO Create profile manager: indy
2021-03-09 15:20:23,638 indy.libindy.native.command_executor INFO       src/commands/mod.rs:101 | Worker thread started
2021-03-09 15:20:23,640 indy.libindy WARNING _indy_loop_callback: Function returned error
2021-03-09 15:20:26,980 aries_cloudagent.indy.sdk.wallet_setup INFO Creating master secret...
2021-03-09 15:20:27,112 indy.libindy.native.indy.commands.pool INFO     src/commands/pool.rs:75 | OpenAck handle 4, pool_id 4, result Ok(())
2021-03-09 15:20:27,114 indy.libindy.native.indy.services.ledger INFO   src/services/ledger/mod.rs:449 | build_get_acceptance_mechanisms_request() => Ok("{\"reqId\":1615303227114395934,\"identifier\":\"PCgXpt1X4MMEtoGT2RMpq9\",\"operation\":{\"type\":\"7\"},\"protocolVersion\":2}")
2021-03-09 15:20:27,130 indy.libindy.native.indy.services.ledger INFO   src/services/ledger/mod.rs:439 | build_get_txn_author_agreement_request() => Ok("{\"reqId\":1615303227130004163,\"identifier\":\"PCgXpt1X4MMEtoGT2RMpq9\",\"operation\":{\"type\":\"6\"},\"protocolVersion\":2}")
2021-03-09 15:20:27,143 indy.libindy.native.indy.services.ledger INFO   src/services/ledger/mod.rs:137 | build_get_attrib_request() => Ok("{\"reqId\":1615303227143394159,\"identifier\":\"PCgXpt1X4MMEtoGT2RMpq9\",\"operation\":{\"type\":\"104\",\"dest\":\"PCgXpt1X4MMEtoGT2RMpq9\",\"raw\":\"endpoint\"},\"protocolVersion\":2}")

::::::::::::::::::::::::::::::::::::::::::::::
:: CompanyB                                 ::
::                                          ::
::                                          ::
:: Inbound Transports:                      ::
::                                          ::
::   - http://0.0.0.0:8000                  ::
::                                          ::
:: Outbound Transports:                     ::
::                                          ::
::   - http                                 ::
::   - https                                ::
::                                          ::
:: Public DID Information:                  ::
::                                          ::
::   - DID: PCgXpt1X4MMEtoGT2RMpq9          ::
::                                          ::
:: Administration API:                      ::
::                                          ::
::   - http://0.0.0.0:8080                  ::
::                                          ::
::                           ver: 0.6.0-pre ::
::::::::::::::::::::::::::::::::::::::::::::::

Listening...

2021-03-09 15:20:32,421 indy.libindy.native.indy.services.pool.pool INFO        src/services/pool/pool.rs:749 | Drop started
2021-03-09 15:20:32,422 indy.libindy.native.indy.services.pool.pool INFO        src/services/pool/pool.rs:757 | Drop wait worker
2021-03-09 15:20:32,422 indy.libindy.native.indy.services.pool.pool INFO        src/services/pool/pool.rs:760 | Drop finished
```

And when I tried to browser the AgentIP:8080, it returned:

```
Hmmm… can't reach this page13.88.223.246 refused to connect.
Try:

Checking the connection
Checking the proxy and the firewall
ERR_CONNECTION_REFUSED
```

lijiachuan (Tue, 09 Mar 2021 15:26:29 GMT):

except change `PORTS="8080:8080 8000:8000" \` to `PORTS="8080 8000"`, any other changes for the start command?

lijiachuan (Tue, 09 Mar 2021 15:26:29 GMT):

except change `PORTS="8080:8080 8000:8000" \` to `PORTS="8080 8000" \`, any other changes for the start command?

lijiachuan (Tue, 09 Mar 2021 15:29:39 GMT):

I tried to use one pervious version ACA-Py, the API page can be shown properly, so I think this issue only happened after I change to the latest version

andrew.whitehead (Tue, 09 Mar 2021 18:26:47 GMT):

The PR was just merged yesterday so you may have to pull the latest code. We recommend using the latest stable release in general, 0.6.0 in this case

cam-parra (Tue, 09 Mar 2021 21:18:46 GMT):

maybe a dumb question but I just want a sanity check. Is `cred_ex_id` the same as `credential_exchange_id`?

andrew.whitehead (Tue, 09 Mar 2021 21:21:37 GMT):

yes it is

cam-parra (Tue, 09 Mar 2021 21:23:01 GMT):

thank you :)

kostasmoschou (Wed, 10 Mar 2021 08:15:01 GMT):

Hi all, when I want to offer-credentials using the out-of-band protocol, I use /out-of-band/create-invitation with an attachment from the issuer point of view. But when I execute the /out-of-band/receive-invitation using as body the invitation object created, from the holder point of view, I get the following error --> "Unsupported request~attach type, only request-presentation is supported". From the code this seems correct, since the receive_invitation function of the out-of-band manager checks if the request_attach[@type] is request-presentation. Is this functionality not yet implemented?? or am I doing something wrong, regarding the flow of credential-offer, using oob??

Yunxi 3 (Wed, 10 Mar 2021 10:55:48 GMT):

hello all, currently, a communication channel is established between two agents via the process of one agent sending an invitation out and accepted by the other side, and i can see connection ids are available on both agents. However, I observe that if i stop one acapy agent and rerun it again, its connection info will be gone. I then have two questions here. Q1: where does acapy store the connection ids? Q2: after an acapy agent suddenly crashes and restart, how can we retrieve all previous connection ids for it?

jacobsaur (Wed, 10 Mar 2021 11:23:12 GMT):

Hi all, I had a question about the "/issue-credential/records" endpoint which we're using to display to an issuer the credentials that they have issued. The problem we're experiences is that we have a lot of very large credentials that have been issued, so trying to fetch all records like that causes aca-py to crash. We'd like to introduce some pagination, eg by providing a limit and offset to that API call. It looks like under the hood that endpoint calls the indy-sdk function indy_fetch_wallet_search_next_records(), that takes a "count" argument which would solve the limit part of pagination. The offset part seems a bit trickier because even though the underlying DB supports offset (we're using postgres) the indy-sdk doesn't (from what I can see). This means we'd probably need to do something hacky like iterating through multiple indy_fetch_wallet_search_next_records() calls (explicitly garbage collecting the results each time to avoid the crash), until we reached our offset. 
Is there another way to solve our use case that we're missing? Is there a better solution to the problem than the one outlined? Thanks for any feedback :)

sklump (Wed, 10 Mar 2021 11:27:25 GMT):

Note that this use case runs counter to the model of self-sovereign identity: issuers gotta issue, holders gotta hold. Suppose the Elbonian government issued Party support credentials. Then there was a revolution and the incoming regime wanted to root out all previous party supporters. That's not self-sovereign.

sklump (Wed, 10 Mar 2021 11:27:25 GMT):

Note that this use case runs counter to the model of self-sovereign identity: issuers gotta issue, holders gotta hold. Suppose the Elbonian government issued Party support credentials. Then there was a revolution and the incoming regime wanted to root out all previous Party supporters. That's not self-sovereign.

sklump (Wed, 10 Mar 2021 11:29:31 GMT):

You can get a count of revocable credentials issued by revocation registry, and you can enumerate revocation registries created.

sklump (Wed, 10 Mar 2021 11:30:48 GMT):

Please write this one up as an issue. I'm flat out right now but I don't want it to drop off the end.

kostasmoschou (Wed, 10 Mar 2021 11:49:07 GMT):

ok, thank you. I will

vongohren (Wed, 10 Mar 2021 12:14:29 GMT):

Does it exist any information on any production chains that is open to use? And how to go about connecting to them? And the pricing for using them? Or process of using them?

WadeBarnes (Wed, 10 Mar 2021 13:22:16 GMT):

https://sovrin.org/

WadeBarnes (Wed, 10 Mar 2021 13:25:05 GMT):

You can connect to BuilderNet (dev) and StagingNet (test) yourself using https://selfserve.sovrin.org/

WadeBarnes (Wed, 10 Mar 2021 13:25:27 GMT):

Ignore the Payment-Address field.

jacobsaur (Wed, 10 Mar 2021 13:31:03 GMT):

So it seems like there's 2 components here. 
First is philosophical about whether this is SSI. It seems reasonable to me that organizations would want keep track of their own members. So in your example it would be wrong for the Elbonian government to issue Party support credentials, but the Anti-Revolution Party could issue credentials to their own party members, and when the Revolution party takes over the government they don't get to see what the Anit-Revolution Party issued (ie issuers shouldn't collaborate). 
The second is technical, if viewing credentials that you have previously issued isn't SSI then perhaps the /issue-credential/records endpoint should be removed completely?

JSedlmeir (Wed, 10 Mar 2021 14:24:01 GMT):

I retried and now it is working as descibed above. =) Thanks for your help!

sklump (Wed, 10 Mar 2021 15:21:31 GMT):

It's up to policy whether to retain cred ex records, but they do use database space. The endpoint is useful for troubleshooting/debugging, just like several of the revocation registry endpoints for example.

We agree that there are things that the controller should retain - note that the controller gets a webhook every time aca-py saves a cred ex record. The place to store pertinent data is in the controller, hopefully not more than necessary.

sklump (Wed, 10 Mar 2021 15:21:31 GMT):

It's up to policy whether to retain cred ex records, but they do use database space. The endpoint is useful for troubleshooting/debugging, just like several of the revocation registry endpoints for example. Recall that aca-py does issuer credential revocation records for revocable credentials; these retain enough info to revoke and nothing more - they're tiny.

We agree that there are things that the controller should retain - note that the controller gets a webhook every time aca-py saves a cred ex record. The place to store pertinent data is in the controller, hopefully not more than necessary.

sklump (Wed, 10 Mar 2021 15:21:31 GMT):

It's up to policy whether to retain cred ex records, but they do use database space. The endpoint is useful for troubleshooting/debugging, just like several of the revocation registry endpoints for example. Recall that aca-py does retain issuer credential revocation records for revocable credentials; these retain enough info to revoke and nothing more - they're tiny.

We agree that there are things that the controller should retain - note that the controller gets a webhook every time aca-py saves a cred ex record. The place to store pertinent data is in the controller, hopefully not more than necessary.

sklump (Wed, 10 Mar 2021 15:24:02 GMT):

At this point usually I defer to @swcurran 's thoughts.,

sklump (Wed, 10 Mar 2021 15:24:02 GMT):

At this point usually I defer to @swcurran 's thoughts.

vongohren (Wed, 10 Mar 2021 16:26:45 GMT):

@WadeBarnes thanks! But I already get the test and dev solutions I need from here: http://test.bcovrin.vonx.io. I guess it would be pretty much the same to use the sovring stage net?

What I mean is real production nets, and how do I get on those? Or which is open for creation and what costs to one operate with? If there is any info on this?

vongohren (Wed, 10 Mar 2021 16:38:56 GMT):

I have a question in regards to a use case with Aries. Right now we have usecases with institutes providing skills, they issue credentials on behalf of the institute, but also it is very important to have some audit trail to the people signing of the credentials. Preferebly there are two signers. How would one go about issuing such a credential or what can one do to mix and match, so that a user can get a credential, that is attestable back to the instituion, and the person responsible for the issuance? We also need a view that can be physical for this credential, that has been solved before with again, a public credential and a QR code. But using aries, I'm unsure how that would work.

But back to the original usecase
Is it possible to embed a credential inside another?
Does it exist any case and examples of public credentials, and then just use that as a reference?

Or am I thinking completly wrong about this usecase, and how a credential should be built up?

esune (Wed, 10 Mar 2021 16:51:37 GMT):

@jacobsaur  can your controller keep track of this information by recording the information received via webhooks on the "credential issued" event? This leaves ACA-Py as gateway to the ledger and other agents, and defers the record-keeping to the controller, which holds the business logic implemented by the relevant organization.

esune (Wed, 10 Mar 2021 16:53:05 GMT):

The main difference between BCovrin and Sovrin test ledgers is that on Sovrin your agents must agree to the TAA Transaction Author Agreement) before they can write anything to the ledger - assuming they have the right privileges to do so.

esune (Wed, 10 Mar 2021 16:53:54 GMT):

Sovrin MainNet is a production ledger. You should be able to get the info you need at the link @WadeBarnes  posted above (https://sovrin.org) - or at the very least contact info to ask I guess

esune (Wed, 10 Mar 2021 16:58:45 GMT):

It sounds to me like this could potentially be solved by using the endorser protocol (changes were recently merged in ACA-Py to support this, see [here](https://github.com/hyperledger/aries-cloudagent-python/pull/870)).

Not sure if there is a way to "just sign" transactions without the requirement to endorse them, or whether this fits your use-case.

Either way, I think that given the signing keys and information of the signer/endorser it should be possible to reconstruct who approved the credential in the first place.

WadeBarnes (Wed, 10 Mar 2021 17:35:27 GMT):

https://sovrin.org/overview/

WadeBarnes (Wed, 10 Mar 2021 17:35:41 GMT):

https://sovrin.org/issue-credentials/

jacobsaur (Wed, 10 Mar 2021 17:39:45 GMT):

Ya that's definitely possible. Our original thought was, as you say, to store it in the controller's DB, but then we saw the /records endpoint so figured there was no point in duplicating data (and keeping in-sync etc) so why not just use that existing endpoint. It seems like it would be worthwhile to get the /records endpoint working at scale, but I understand that there's the underlying limitation that indy-sdk doesn't support pagination (although I believe there's a proposal to start supporting it). Perhaps once indy-sdk fully supports pagination it will be a more straightforward case to add pagination args to the /records endpoint.

esune (Wed, 10 Mar 2021 18:32:22 GMT):

Yeah, I understand what you mean. The additional bottleneck is in how those records are stored in the wallet - encrypted data is way harder to deal with because you can't really filter on content and/or regular indexes as you would on a normal database (it will be - at the very least - slower).

esune (Wed, 10 Mar 2021 18:33:24 GMT):

That is why I would recommend your controller to track the info that is required by the business process, and leave the agent as your interface to ledger/agents, but nothing else (in the case of the issuer and your use-case, keep in mind your mileage may vary depending on what you're going to implement nd need)

swcurran (Wed, 10 Mar 2021 18:49:34 GMT):

There is also the concept of "Chained Credentials" as outlined here -- https://github.com/hyperledger/aries-rfcs/tree/master/concepts/0104-chained-credentials

That is (AFAIK) only theoretical -- no one has done that yet.  But it would seem to be on path of what you are doing.

swcurran (Wed, 10 Mar 2021 18:51:55 GMT):

We've got some folks at BC Gov thinking the same thing in a different domain (Mining) -- where the person doing the work needs to demonstrate the have the knowledge (e.g. professional accreditation) and authority (they work for BC Gov) to issue the credential.

vongohren (Thu, 11 Mar 2021 09:59:54 GMT):

Thanks for the reply guys! Chained credentials look interesting, but seems a bit to far away. @esune any where I can read more about the endorser protocol?

vongohren (Thu, 11 Mar 2021 10:00:34 GMT):

Thanks guys

mvaibhav (Thu, 11 Mar 2021 10:35:00 GMT):

Has joined the channel.

jacobsaur (Thu, 11 Mar 2021 10:46:15 GMT):

Thanks for the feedback - that's a good point about the indexing on encrypted data. I think we'll start looking into a separate DB to track issued credentials and not rely on the /records endpoint.

vongohren (Thu, 11 Mar 2021 12:31:40 GMT):

The Hack md is the resource I guess. :P

vongohren (Thu, 11 Mar 2021 12:33:56 GMT):

This beeing merged, does that mean that there is possible to use it? If one build the image from the main branch?

vongohren (Thu, 11 Mar 2021 12:35:02 GMT):

Is this related to making a credential public, or how does it work?

swcurran (Thu, 11 Mar 2021 15:05:39 GMT):

The specific use case it addresses in the existing implementation is for an endorser to sign an Indy transaction on behalf of an author, so that the transaction can be written to the ledger.  In Indy -- permission is needed to write so those actions must be done by an endorser or done by an author (no permissions) and signed by an endorser.

The mechanism might be able to be used to have the credential signed by others as it is processed.  However, I'm not sure how you would use that in a generic way in a VC, as there is no concept of signing by other than the issuer in the VC standard.

Perhaps a field in the credential could itself have a credential (base64'd?) but I'm not sure who the holder would be.

divinit7 (Thu, 11 Mar 2021 15:58:01 GMT):

Has joined the channel.

esune (Thu, 11 Mar 2021 16:44:38 GMT):

@swcurran wouldn't the endorser's signing-keys work as some sort of co-signature? I admit I have not played with this enough yet, but to me what @vongohren is trying to do looks more like multiple signatures on the same credential, rather than a chained set of credentials.

esune (Thu, 11 Mar 2021 16:45:08 GMT):

(I am definitely just brainstorming here, so concepts may be wrong - slightly or a lot)

swcurran (Thu, 11 Mar 2021 20:40:33 GMT):

Yes, that could be a way of doing it. But how does the verifier know what that means?  How do they get the DID for that second issuer to know if they shouild trust them? 

To some degree it depends on the use case.  For example, does the verifier need to verify the authority/credentials of the person at verification time, or is that for audit purposes if that became necessary.  In that case an ID and signature might be sufficient. But if they want to check at verification time, then a credential from the person would make more sense.

daidoji (Thu, 11 Mar 2021 21:26:31 GMT):

In acapy, if we present proof that takes a schema and cred_def (but don't hold the credential needed to fufill that contract) why does it return 200OK and then put the values we revealed into the self-attested attributes?  Is there a flag or something we should be passing so that the agent errors if we don't hold the credential to fulfill the proof?

daidoji (Thu, 11 Mar 2021 21:26:31 GMT):



daidoji (Thu, 11 Mar 2021 21:29:27 GMT):

Something similar to 
```{
  "comment": "hey charles",
  "connection_id": "fb6493d9-7e75-42e8-a70f-ffae66fde0fd",
  "proof_request": {
    "name": "hire_proof",
    "nonce": "a519371c3e32b0a82cbbf08986a8e35626dc180f188d6f80244113b4b852da6e",
    "requested_attributes": {
      "employee_referrent": {
        "name": "employee_name",
        "restrictions": [
          {
            "schema_id": "TB15mm6rCA1ie5iizAJnuf:2:Record of Hire Schema:0.0.0",
            "cred_def_id": "NbP4i4SPnbWmkMbkrerwV6:3:CL:5099:Acme_Agent.Record_of_Hire_Schema"
          }
        ],
        "revealed": true
      }
    },
    "requested_predicates": {},
    "version": "1.0"
  },
  "trace": false
}```

Yunxi 3 (Fri, 12 Mar 2021 11:37:07 GMT):

Hello all, have two questions for multi-tenancy. Q1: Does the multi-tenancy feature in acapy support postgresql? Q2: If answer for Q1 is yes, apart from this doc: https://github.com/hyperledger/aries-cloudagent-python/blob/main/Multitenancy.md, are there any docs available showing detailed-level guidance regarding how multi-tenancy can work with postgresql? thanks!

MujtabaIdrees (Fri, 12 Mar 2021 11:53:13 GMT):

Has joined the channel.

devexplore2020 (Sat, 13 Mar 2021 05:36:19 GMT):

Hi everyone. Is there some work on a mobile app/wallet interacting with Acapy. It would be cool to see some work if it can be shared 

swcurran (Sat, 13 Mar 2021 17:12:26 GMT):

Some of the existing proprietary wallets work pretty well --- especially Tinisic, eSatus and LISSI.  We're working on a way to do easy interop testing with any wallet.

There are some open source wallets that are coming to light.  Aries MAX has been there for awhile, but not a lot of uptick in working on it.  We see that changing soon.

HighBrow (Sun, 14 Mar 2021 08:15:30 GMT):

Has joined the channel.

vongohren (Mon, 15 Mar 2021 08:59:51 GMT):

I believe that is why I was talking about public credentials. Is i possible for an "endorser" to issue a public credentials, giving his signature, then the credential that needs multiple endorsers can have a schmea where there is a list of endorsers? Which just points to these public credentials? 

We are doing something like this today in our VCs, but we want to move away from that because it is not 100% standards compliant. But we are basically providing a list of verifiers credentials, inside the same credential. It is very easy to build in the eco system of JWT credentials, but anon credentials do seem a bit restricted as one dont have access to the credential itself?

FilipeCapela98 (Mon, 15 Mar 2021 09:33:36 GMT):

Has joined the channel.

FilipeCapela98 (Mon, 15 Mar 2021 09:33:38 GMT):

Hello everyone! I was wondering, are there any plans or is there anything already available regarding RFC-0104 (chained credentials) on the current aca-py implementation?

sumit-crubn (Mon, 15 Mar 2021 11:43:08 GMT):

Has joined the channel.

sumit-crubn (Mon, 15 Mar 2021 11:43:09 GMT):

Hi everyone, I am not able to get the webhooks for connectionless proof request, Can someone guide me for that.

daidoji (Mon, 15 Mar 2021 13:10:44 GMT):

@danielhardman is the guy to talk to about this but he's pretty busy.  He had informed me earlier that a lot of work was being done in this space at the difficult to Google name of "ACDC" (Authentic Chained Data Containers I think) at the Trust Over IP Foundation.  https://wiki.trustoverip.org/display/HOME/ACDC+%28Authentic+Chained+Data+Container%29+Task+Force    

Not much has been done in acapy specifically that I know of so far but we're interested in this space too, just haven't been able to invest a lot of time or effort yet into making it happen.

Maybe someone else knows of something I don't though as this is a pretty wide space.  I'd start with the group I linked though.

Yunxi 3 (Mon, 15 Mar 2021 13:52:39 GMT):

Hello all, I've got questions regarding whether the below 3 scenarios of ZKP and selective disclosure are supported in the current acapy's implementation?

Assuming a simple passport credential I want to use, and in this credential, the attributes and values for the holder issued by an issuer are (1) holder: John (2) issuer: Issuer A (3) gender: M (4) age: 20.

• Scenario 1(ZKP): A verifier only wants to know if a holder has a passport credential issued by an issuer. So, holder only reveals the proof showing s/he has got a valid passport credential issued by the issuer.

• Scenario 2(Selective Disclosure): A verifier wants to know the names and gender from the holder only. So, holder only reveals values in the credential - "holder: John" and "gender: M", and no values for the other two attributes (i.e. issuer and age).

• Scenario 3(ZKP + Selective Disclosure): Apart from the info in Scenario 2, a verifier also wants to make sure the holder is older than 18. So the holder will reveal values in the credential - "holder: John" and "gender: M" and "age: >18", no values will be revealed for the issuer attribute.

If the above scenarios are supported in current acapy's implementation, how should I construct the right JSON body when calling the api for both verifier's api: present-proof/send-request and holder's api - /present-proof/records/{pres_ex_id}/send-presentation for each of the scenario? Thanks!

Yunxi 3 (Mon, 15 Mar 2021 13:54:25 GMT):

Hello all, have two questions for multi-tenancy. Q1: Does the multi-tenancy feature in acapy support postgresql? Q2: If answer for Q1 is yes, apart from this doc: https://github.com/hyperledger/aries-cloudagent-python/blob/main/Multitenancy.md, are there any docs available showing detailed-level guidance regarding how multi-tenancy can work with postgresql? thanks!

Yunxi 3 (Mon, 15 Mar 2021 14:49:12 GMT):

Hello all, got a question regarding the use of postgresql. The option --wallet-storage-config requires a value  for "wallet_scheme". What's the right value should be put here?

Yunxi 3 (Mon, 15 Mar 2021 14:49:38 GMT):

Hello all, have two questions for multi-tenancy. Q1: Does the multi-tenancy feature in acapy support postgresql? Q2: If answer for Q1 is yes, apart from this doc: https://github.com/hyperledger/aries-cloudagent-python/blob/main/Multitenancy.md, are there any docs available showing detailed-level guidance regarding how multi-tenancy can work with postgresql? thanks!

swcurran (Mon, 15 Mar 2021 15:06:04 GMT):

What @daidoji said.  Glad to have it implemented in ACA-Py, but it's not in active planning/work yet.\

FilipeCapela98 (Mon, 15 Mar 2021 15:07:11 GMT):

Thank you for the clarifications!

swcurran (Mon, 15 Mar 2021 15:12:42 GMT):

The scenarios are all doable. For the proof request, you have to construct the Proof request using the Indy AnonCreds proof request structure.

Here are some docs on what that would look like: https://github.com/hyperledger/indy-sdk/tree/master/docs/design/002-anoncreds

The proof data structure would be produced by the holder/prover processing (using calls to Indy AnonCreds handlers) the proof request and finding the appropriate credentials in the wallet.

The ACA-Py demos describe how a controller can construct a proof request.

cam-parra (Mon, 15 Mar 2021 16:32:37 GMT):

Does anyone have any documentation on how revoke time works in ACA-py? I am still not sue the purpose of this variable. To me it seems like we wouldn't want to check if a credential was revoked in the past but if it is currently revoked.

sklump (Mon, 15 Mar 2021 16:47:19 GMT):

There legitimate use cases to check if a cred was in good standing in the past: for example, was this lawyer disbarred at the time of such and such trial, making it a mistrial?

If you want now, just specify to=. As always, omit from= or set it the same as to=.

sklump (Mon, 15 Mar 2021 16:47:19 GMT):

There are legitimate use cases to check if a cred was in good standing in the past: for example, was this lawyer disbarred at the time of such and such trial, making it a mistrial?

If you want now, just specify `to=`. As always, omit `from=` or set it the same as `to=`.

Yunxi 3 (Mon, 15 Mar 2021 17:09:15 GMT):

Hello @swcurran, thanks for the link, but i can't find any function defined for the verifier to request a proof. My understanding is this send request message should clearly specify what the verifier wants from a holder/prover

Yunxi 3 (Mon, 15 Mar 2021 17:09:15 GMT):

Hello @swcurran, thanks for the link, but i can't find any function defined for the verifier to request a proof. My understanding is this "send request" message should clearly specify what the verifier wants from a holder/prover

Yunxi 3 (Mon, 15 Mar 2021 17:22:45 GMT):

After checking the requesting proof and send proof steps in the demo, i think it shows me how to do them in my scenarios 3 (can also be applied to my scenario 2), but how about scenario 1?

Yunxi 3 (Mon, 15 Mar 2021 17:22:45 GMT):

After checking the requesting proof and send proof steps in the demo, i think it shows me how to do them in my scenarios 3 where name, date and degree are selective disclosure and age is ZPF (can also be applied to my scenario 2), but how about scenario 1?

swcurran (Mon, 15 Mar 2021 18:02:39 GMT):

In anoncreds, I don't think 1 can be done. I think the best you can do is request as little as possible.  For example -- "Age > 0" in the example you have.

Yunxi 3 (Mon, 15 Mar 2021 18:12:20 GMT):

Thanks for confirming this @swcurran.

Yunxi 3 (Mon, 15 Mar 2021 18:15:42 GMT):

one more question, what's the usage for "self_attested_attributes"?

swcurran (Mon, 15 Mar 2021 18:17:55 GMT):

As part of the presentation request, a verifier can ask for data that does not come from a credential -- that the prover just fills in a value with whatever they want.

Yunxi 3 (Mon, 15 Mar 2021 18:43:56 GMT):

Thanks @swcurran , I wonder what's the benefit (probably business-related) of using such self attributes? Could you give me a real scenario to help me understand on it?

Yunxi 3 (Mon, 15 Mar 2021 18:45:05 GMT):

Hello all, regarding the use of postgresql in acapy, are there any version restrictions required by acapy? e.g. only particular versions of postgresql are supported at the moment?

swcurran (Mon, 15 Mar 2021 19:55:57 GMT):

Perhaps a verifier gets the legal name name of a person from an authority, and then requests a self-asserted field that is "what-we-should-call-you".

Yunxi 3 (Mon, 15 Mar 2021 20:45:43 GMT):

@cam-parra , i was in the same situation regarding this question until yesterday. Please see the conversation in my ticket: https://github.com/hyperledger/aries-cloudagent-python/issues/1020. Obviously, there's a gap between conceptual vision and the real implementation on this credential revoke and checking process.

cam-parra (Mon, 15 Mar 2021 20:46:48 GMT):

@jacobsaur or @ianco should know the answer to this

ianco (Mon, 15 Mar 2021 20:48:29 GMT):

We don't have any restrictions that I know of

cam-parra (Mon, 15 Mar 2021 20:49:43 GMT):

@Yunxi and @sklump  thank you for the help! I will take these both into consideration

cam-parra (Mon, 15 Mar 2021 20:55:06 GMT):

I mean the current way is fine as it is implemented. But the global default is not very clear here.  I would assume that the absence of  ```non_revoked: {
                    to: timestamp
                }```

cam-parra (Mon, 15 Mar 2021 20:55:06 GMT):

I mean the current way is fine as it is implemented. But the global default is not very clear here.  I would assume that the absence of  ```non_revoked: {
                    to: timestamp
                }``` 
would mean that it would just default to current time to the past

swcurran (Mon, 15 Mar 2021 21:19:21 GMT):

Last I checked we just updated our instanced to use v12

Yunxi 3 (Mon, 15 Mar 2021 21:24:56 GMT):

Thanks @ianco  and @swcurran . Does acapy's multi-tenancy support postgresql?

cam-parra (Mon, 15 Mar 2021 21:28:49 GMT):

Last I checked multi tenancy works with our postgres implementation 

Yunxi 3 (Mon, 15 Mar 2021 21:30:26 GMT):

thanks @cam-parra for confirming it, which version of postgres do you use?

cam-parra (Mon, 15 Mar 2021 21:33:33 GMT):

We use 11.  Here is our docker-compose 

cam-parra (Mon, 15 Mar 2021 21:33:36 GMT):

https://github.com/kiva/aries-guardianship-agency/blob/master/docker-compose.yml

Yunxi 3 (Mon, 15 Mar 2021 21:36:10 GMT):

thanks @cam-parra . I've got little experiences on using postgres, could i get some tech support from you regarding how to use postgres in acapy? support 1: i've got below options turned on when running my acapy, are they enough for postgres? `--wallet-type indy \
--storage-type indy \
--wallet-storage-type postgres_storage \
--wallet-storage-config "{\"url\":\"{endpoint}:5432\", \"wallet_scheme\":\"MultiWalletSingleTable\"}" \
--wallet-storage-creds "{\"account\":\"postgres\",\"password\": \"{password}\",\"admin_account\":\"postgres\",  \"admin_password\": \"{password}\"}" \`

Yunxi 3 (Mon, 15 Mar 2021 21:38:25 GMT):

support 2: regarding the value for the two options here: --wallet-storage-config "{\"url\":\"{endpoint}:5432\", \"wallet_scheme\":\"{wallet_scheme_value}\"}" \
--wallet-storage-creds "{\"account\":\"postgres\",\"password\": \"{password}\",\"admin_account\":\"postgres\",  \"admin_password\": \"{admin_password}\"}" \, I wonder what's the right value for {wallet_scheme_value}? also, is the account and password the same as the admin account and password?

cam-parra (Mon, 15 Mar 2021 21:38:56 GMT):

https://github.com/kiva/aries-guardianship-agency/blob/master/dummy.env

cam-parra (Mon, 15 Mar 2021 21:39:37 GMT):

Here you can see a lot of the variables we set as environment values. I will send how we start aca-py soon

Yunxi 3 (Mon, 15 Mar 2021 21:43:41 GMT):

thanks

cam-parra (Mon, 15 Mar 2021 21:48:24 GMT):

https://github.com/kiva/aries-guardianship-agency/blob/master/src/manager/agent.config.ts#L121

cam-parra (Mon, 15 Mar 2021 21:49:23 GMT):

Here are the variables we use in our code to start up agents. I can explain more but not currently at my work station 

Yunxi 3 (Mon, 15 Mar 2021 21:53:36 GMT):

thanks for the file, for wallet scheme, the value is MultiWalletSingleTable. i just wonder if this is a db table that has to be created in the postgres?

Yunxi 3 (Mon, 15 Mar 2021 21:57:43 GMT):

basically, on the postgres side, what is needed for acapy to connect to it apart fromall the basic config (e.g. username password, endpoint, port)?

cam-parra (Mon, 15 Mar 2021 21:59:01 GMT):

I’ll defer that part to @jacobsaur he is the one who wrote the code for multi tenancy

Yunxi 3 (Mon, 15 Mar 2021 22:01:00 GMT):

think my questions are related to the basic config for acapy to connect to a postgres? the multi-tenancy feature is not in the scope yet

JSedlmeir (Tue, 16 Mar 2021 00:34:24 GMT):

Hey everyone, I was wondering what the standard behaviour of the Aries Cloudagent with respect to the pool config is. Will queries be sent to two random but fixed nodes and compared (at least I thought this is the default config for the indy-sdk)? Will the respective nodes be chosen randomly or does the agent prefer specific nodes (for example, one that runs with the same DID as the agent because they use the same seed)?

jacobsaur (Tue, 16 Mar 2021 10:36:43 GMT):

Ya for the MultiWalletSingleTable scheme it uses the same DB for storing all wallets (if you're trying to store anything more than 1000 wallets one DB per wallet becomes excessive). The table schemas are here: https://github.com/kiva/aries-guardianship-agency/blob/master/resources/init.sql and if you're just trying to test things out locally with docker compose you can use a setup like this: https://github.com/kiva/aries-guardianship-agency/blob/master/docker-compose.yml#L47

FilipeCapela98 (Tue, 16 Mar 2021 11:00:51 GMT):

Hello everyone, is there a way for an agent to start a connection request without human intervention? (e.g. agent receives connection request via bluetooth or wifi)

sklump (Tue, 16 Mar 2021 13:12:51 GMT):

Early implementations with assumptions on defaults led to ambiguous semantics when non-revocable credentials were possible but not necessary responses to proof requests. RFC 441 is definitive now.

vongohren (Tue, 16 Mar 2021 13:22:49 GMT):

@swcurran @esune any thoughts on this? I will need to find a possbile way within the next month, but I still lack a bit of insight on if public credentials is possible?

Yunxi 3 (Tue, 16 Mar 2021 15:21:36 GMT):

@jacobsaur , so the wallet_scheme:multiwalletsingletable does require these tables to be created in the postgresql as a prerequisite for acapy to successfully connect to the postgresql db, right?

ianco (Tue, 16 Mar 2021 17:10:11 GMT):

It should create the necessary tables on startup

swcurran (Tue, 16 Mar 2021 18:59:57 GMT):

It's something I've thought about a lot related to the issuer of a credential, but not for the individuals that enabled the issuing of the credential.  E.g. for the University, but not for the Dean and Professor.  In theory, it's the same problem, with the added difficulty that the VC standard is very clear about where you find the identifier for the Issuer.  It's not standard where you would find an identifier for others involved in the issuing.

My first guess would be that the credential have claims that are defined to be identifiers of the "others" in the process, and that the value for each be a public DID.  With that, the same techniques can be used with the Issuer to determine the authority for the "others" to issue a credential.

An alternative would be to have a verifiable proof that shows that authority as the value of the claim. That would still have an identifier in it for the subject.

The hard part for both approaches is standardizing the process. My suggestion would to stick with identifiers and the same process as the issuer.

swcurran (Tue, 16 Mar 2021 19:03:17 GMT):

BC Gov has this issue today in what we are doing.  Our Major Mines group issues a permit for a Mine. That permit is issued by the Ministry, but it is a single person that "pushes the button", and that person must be qualified to do so.  My intuition is that it would be best for that person to have a DID about their professional qualifications, and that DID can be queries for proof that they are qualified (e.g. Professional Engineer).

Yunxi 3 (Tue, 16 Mar 2021 19:46:36 GMT):

just to be clear here, when you said "it", you mean acapy would automatically create these necessary tables in the postgresql?

ianco (Tue, 16 Mar 2021 20:53:37 GMT):

Actually "it" is the postgres plug-in, which is part of indy-sdk.  As long as you provide an admin user as part of the psotgres config, it will create whatever it needs

cam-parra (Tue, 16 Mar 2021 20:56:35 GMT):

Yes that would be called a mediator. It waits for incoming messages and then sends it to the agent 

Yunxi 3 (Tue, 16 Mar 2021 21:04:45 GMT):

thanks for the details @ianco . I've tried to run acapy with postgresql, in my case, I use AWS postgreql, but got errors and I have no clue what's wrong with my setup. Could you give a help on it? This is the ticket i raised: https://github.com/hyperledger/aries-cloudagent-python/issues/1026. Thanks!

FilipeCapela98 (Wed, 17 Mar 2021 08:43:35 GMT):

But then how will a new agent know that he needs to connect to said mediator? 
My idea is to have two agents establish a connection without the need for a human party prior to it. Not even to scan a QR code or similar

Yunxi 3 (Wed, 17 Mar 2021 13:47:01 GMT):

hello @jacobsaur, is 1000 wallets a threshold for multi-tenancy in postgresql? if I need around 10,000 wallets in my case, should i use 10 postgresqls and each will be multi-tenacy enabled? Also, apart from the "MultiWalletSingleTable" as the value for wallet-scheme, are there any other values available? e.g. something like MultiWalletMultiTables?

Yunxi 3 (Wed, 17 Mar 2021 13:49:26 GMT):

Hello all, are there any docs available stating what info Acapy use is stored in which data table. E.g. where is connection info for an agent stored to?

Yunxi 3 (Wed, 17 Mar 2021 13:49:26 GMT):

Hello all, are there any docs available stating what info Acapy use is stored in which data table in the postgresql db? E.g. where is connection info for an agent stored to?

ianco (Wed, 17 Mar 2021 14:17:04 GMT):

There is also "MultiWalletMultiTable".  The documentation is here:  https://github.com/hyperledger/indy-sdk/tree/master/experimental/plugins/postgres_storage#wallet-management-modes (although the "MultiWalletMultiTable" isn't mentioned)

Yunxi 3 (Wed, 17 Mar 2021 14:25:42 GMT):

Thanks @ianco . Will "MultiWalletSingleTable" (Each wallet has its own connection pool) provide higher performance than "MultiWalletSingleTableSharedPool"(The plugin will create only 1 connection pool reused by all wallets)?

wip-abramson (Wed, 17 Mar 2021 15:18:48 GMT):

Are there no webhooks for the mediation API btw?

ianco (Wed, 17 Mar 2021 15:45:57 GMT):

I haven't used the "shared pool" version, but it sounds like it will be more efficient use of postgres connections

jacobsaur (Wed, 17 Mar 2021 15:48:15 GMT):

1000 wallets was just an example number, we have on the order of a million wallets using a single postgres db set up in  MultiWalletSingleTable mode

dbluhm (Wed, 17 Mar 2021 17:10:49 GMT):

Not currently implemented but should be an easy fix. We (the original contributors) had it on our to-do list but it's just not been top priority atm. We're happy to review a PR and answer questions. Open issue: https://github.com/hyperledger/aries-cloudagent-python/issues/950

dbluhm (Wed, 17 Mar 2021 17:10:49 GMT):

Not currently implemented but should be an easy fix. We (the original contributors) had it on our to-do list but it's just not top priority atm. We're happy to review a PR and answer questions. Open issue: https://github.com/hyperledger/aries-cloudagent-python/issues/950

wip-abramson (Wed, 17 Mar 2021 17:13:47 GMT):

Fair makes sense. Not high on my priority list either, but if I get some time I will take a look at it. Cheers

Yunxi 3 (Wed, 17 Mar 2021 17:53:04 GMT):

@jacobsaur, this is great, thanks for the info.

Yunxi 3 (Wed, 17 Mar 2021 17:53:04 GMT):

@jacobsaur, great to know postgresql can support million wallets in practice.

Yunxi 3 (Wed, 17 Mar 2021 17:55:51 GMT):

btw @ianco  and @jacobsaur , what's expected by using this "  --recreate-wallet" flag when running acapy? i've turned this flag on, but I don't see the wallet db along with its tables in the postgresql have been recreated. Its help info shows "If an existing wallet exists with the same name,
                        remove and recreate it during provisioning.", and i assume "wallet" here means the real storage (in my case, it's postgresql)?

Yunxi 3 (Wed, 17 Mar 2021 18:26:28 GMT):

Hello all, after turning on multi-tenancy feature, how can I specify which message routing approach to be used as mentioned in this doc: https://github.com/hyperledger/aries-cloudagent-python/blob/main/Multitenancy.md? The multitenancy/wallet api's JSON body has an attribute named "wallet_dispatch_type" with a value of "default", not sure if this is the right config here?

ianco (Wed, 17 Mar 2021 20:24:14 GMT):

I'm not familiar with this flag

thomas_kim (Thu, 18 Mar 2021 02:00:32 GMT):

Hi community. Is there a specific plan for merging askar wallet into the main branch of ACA-Py?

thomas_kim (Thu, 18 Mar 2021 02:00:32 GMT):

Hi community. Is there a specific plan for merging the askar wallet into the main branch of ACA-Py?

swcurran (Thu, 18 Mar 2021 02:39:36 GMT):

Andrew -- thoughts?  @andrew.whitehead :-)

ianco (Thu, 18 Mar 2021 03:18:23 GMT):

We talked about this on aca-pug today:  https://wiki.hyperledger.org/display/ARIES/2021-03-17+Aries+Cloud+Agent+-+Python+Users+Group+Community+Meeting

andrew.whitehead (Thu, 18 Mar 2021 03:56:44 GMT):

I'm just working on some breaking changes for the askar key management, so I'd like to wrap those up before giving it some wider usage. After updating the shared-components branch I'll do create a PR for that

da3v21 (Thu, 18 Mar 2021 05:57:31 GMT):

I beleive we can do the first ZKP, if se add cred_def_id as an attribute

vongohren (Thu, 18 Mar 2021 08:30:55 GMT):

Thanks for great thoughts! Yeah so having a did that can be validated as working for X and professioanl engineer? Because I guess working for X is kinda important. By using this public did, how do you interlink this in a nice manner is my questions. 

Because aca py is kinda strict on the flow it offers. Or is it just me that dont have the possibilites too much under my skin to be able to see the opportunities?

jacobsaur (Thu, 18 Mar 2021 14:18:47 GMT):

I believe it will just remove and recreate the wallet rows (ie data) not drop and recreate the tables

wip-abramson (Thu, 18 Mar 2021 15:17:48 GMT):



Screenshot 2021-03-17 at 6.38.20 PM.png

RounakGhosh (Fri, 19 Mar 2021 11:46:44 GMT):

Hello Community and @swcurran  is there any way by which we can send message from mobile agent to the web agent. We are setting up an Application which will be able to connect via QR code from web services.  I could use /connection/{id}/send-message API webhook call, to send message from web agent to mobile agent, but the reverse is not happening. Any help would be very much appreciated. Thanks.

RounakGhosh (Fri, 19 Mar 2021 11:46:44 GMT):

Hello Community and @swcurran  is there any way by which we can send message from mobile agent to the web agent. We are setting up an Application which will be able to connect via QR code from web services.  I could use /connection/{id}/send-message API webhook call, to send message from web agent to mobile agent, but the reverse is not happening. Any help would be very much appreciated. We are building an application in which user would be able to choose proof request and that request would be sent to web agent and after that, I would be sending /{AGENT_URL}/present-proof/send-request to the wallet. This is precisely why we need to configure the afore mentioned step.  Thanks.

RounakGhosh (Fri, 19 Mar 2021 11:46:44 GMT):

Hello Community and @swcurran  is there any way by which we can send message from mobile agent to the web agent. We are setting up an Application which will be able to connect via QR code from web services.  I could use /connection/{id}/send-message API webhook call, to send message from web agent to mobile agent, but the reverse is not happening. Any help would be very much appreciated. We are building an application in which user would be able to choose proof request and that message would be sent to web agent and after that, I would be sending /{AGENT_URL}/present-proof/send-request to the wallet. This is precisely why we need to configure the afore mentioned step.  Thanks.

Yunxi 3 (Fri, 19 Mar 2021 12:03:44 GMT):

thanks for the info @jacobsaur , any online docs available that show  what types of data are stored in each table?

Yunxi 3 (Fri, 19 Mar 2021 12:38:16 GMT):

@jacobsaur ,  i previously created two sub wallets, and still see they are there in the Items table, when running the acapy with this flag turning on

Yunxi 3 (Fri, 19 Mar 2021 12:46:40 GMT):



Clipboard - March 19, 2021 12:46 PM

Yunxi 3 (Fri, 19 Mar 2021 12:47:02 GMT):

Hello all, when running acapy, i always see info "Function returned error" in the acapy logs, what does it mean?

sklump (Fri, 19 Mar 2021 12:54:48 GMT):

note that anything marked indy.libindy is for the indy folks.

Yunxi 3 (Fri, 19 Mar 2021 12:58:08 GMT):

ah, is the "indy-node" the right channel ?

marvinehaus42 (Fri, 19 Mar 2021 13:30:06 GMT):

Has joined the channel.

wip-abramson (Fri, 19 Mar 2021 18:54:25 GMT):

Where is the best place for me to look to learn how to configure my ACA-Py instance using postgres btw?

swcurran (Fri, 19 Mar 2021 19:19:58 GMT):

indy-sdk probably better -- it's something coming back from the libindy client.

swcurran (Fri, 19 Mar 2021 19:19:58 GMT):

#indy-sdk probably better -- it's something coming back from the libindy client.

SeriousM 4 (Sun, 21 Mar 2021 15:10:35 GMT):

Has joined the channel.

Yunxi 3 (Mon, 22 Mar 2021 09:25:32 GMT):

Hello @jacobsaur  and @ianco , after turning on multi-tenancy feature in my holder agent, how can I specify which message routing approach to be used as mentioned in this doc: https://github.com/hyperledger/aries-cloudagent-python/blob/main/Multitenancy.md? The multitenancy/wallet api's JSON body has an attribute named "wallet_dispatch_type" with a value of "default", not sure if this is the right config here? In other words, in practice, how can I make the issuer agent to send a message to a particular tenant ( there are two tenants already created in the holder agent) in the holder agent?

Yunxi 3 (Mon, 22 Mar 2021 09:30:10 GMT):

Hello all, after turning on the feature of multi-tenancy in my agent, i can create two tenants in it. By observing the real data table in my postgres db, i see the two tenants' wallets are store in the same table named "items".  I understand this follows a multi-tenancy model - "single schema in a single database" in postgres, whereas row-level security is normally required. I wonder if there are any docs available describing how ACA-Py designs/implements this multi-tenancy model under the hood?

Yunxi 3 (Mon, 22 Mar 2021 09:30:10 GMT):

Hello all, after turning on the feature of multi-tenancy in my agent, i can create two tenants in it. By observing the real data table in my postgres db, i see the two tenants' wallets are stored in the same table named "items".  I understand this follows a multi-tenancy model - "single schema in a single database" in postgres, whereas row-level security is normally required. I wonder if there are any docs available describing how ACA-Py designs/implements this multi-tenancy model under the hood?

HighBrow (Mon, 22 Mar 2021 13:41:53 GMT):

@andrew.whitehead Can you share some details on how exactly does an Agent currently communicates to the ledger? Does it contacts the ledger (browser) or each of the nodes individually at the time of verification of a proof presentation?

jacobsaur (Mon, 22 Mar 2021 13:54:52 GMT):

Ya, in our setup we use wallet_dispatch_type "default". When you create a particular tenant you get a token with which to interact with that tenant over the admin API. You can then create a connection invitation which has a recipient key. When the issuer accepts that connection invitation and then proceeds to communicate (eg send credentials) over that connection the multitenant aca-py uses the recipient key to determine which tenant to interact with.

jacobsaur (Mon, 22 Mar 2021 13:59:01 GMT):

Hi, I had a question about v2 credentials (https://github.com/hyperledger/aries-rfcs/tree/master/features/0453-issue-credential-v2) - are they the future? ie should we make the switch to issuing v2 credentials sooner rather than later to be in sync with where the community is moving?

TimoGlastra (Mon, 22 Mar 2021 14:01:35 GMT):

During the last ACA-Pug call we had a discussion about did endpoints and supporting did:keys + backwards compatibility. I would post here what my findings were regarding this topic. I have now taken the following approach:
- Create did endpoint now optionally takes `method` and `options.key_type` parameters. `method` default to `sov` and `options.key_type` to `ed25519`. This makes it backwards compatible but also allows to create e.g. bls keys using `method` of `key` and `options.key_type` of `bls12381g2`.
- Query did endpoints has a new `method` query that allows you to specify `sov` or `key`.

TimoGlastra (Mon, 22 Mar 2021 14:09:27 GMT):

During the last ACA-Pug call we had a discussion about did endpoints and supporting did:keys + backwards compatibility. I would post here what my findings were regarding this topic. I have now taken the following approach:
- Create did endpoint now optionally takes `method` and `options.key_type` parameters. `method` default to `sov` and `options.key_type` to `ed25519`. This makes it backwards compatible but also allows to create e.g. bls keys using `method` of `key` and `options.key_type` of `bls12381g2`.
- Query did endpoint has a new `method` query that allows you to specify `sov` or `key`.
- `sov` dids are still returned without `did:sov` prefix for backwards compatibility.

My thinking was that maybe we could add an additional query property to specify you want the route to return fully qualified dids for public / posted indy dids. (so `did:sov` will be prefixed). I didn't want to automatically prefix all indy dids with `did:sov` as that doesn't make sense for local dids + if you're not using the sovrin mainnet. Then the full prefixed `did:sov` could be used for the VC `issuer` property and allow to issue using public `sov` dids. The only breaking change would be that agents that want nothing to do with `did:key` should query for `method` of `sov` when listing all dids.

Thoughts?

Yunxi 3 (Mon, 22 Mar 2021 14:46:17 GMT):

Hello @jacobsaur , Thanks for the info. Still got other questions. Q1: does "default" mean it will use the "relaying message routing" approach? Q2: to use the "mediation" approach, what value should be used then? Q3: where can I see the token when creating a particular tenant? Q4: apart from this doc: https://github.com/hyperledger/aries-cloudagent-python/blob/main/Multitenancy.md. Any other docs give more details on how to work with multi-tenancy model (e.g. all the process you gave above)?

Yunxi 3 (Mon, 22 Mar 2021 14:46:17 GMT):

Hello @jacobsaur , Thanks for the info. Still got other questions. Q1: does "default" mean it will use the "relaying message routing" approach? Q2: to use the "mediation" approach, what value should be used then? Q3: where can I see the token when creating a particular tenant? Q4: apart from this doc: https://github.com/hyperledger/aries-cloudagent-python/blob/main/Multitenancy.md. Any other docs give more details on how to work with multi-tenancy model (e.g. all the detailed-level process you gave above)?

Yunxi 3 (Mon, 22 Mar 2021 14:46:17 GMT):

Hello @jacobsaur , Thanks for the info. Still got other questions. Q1: does "default" mean it will use the "relaying message routing" approach? Q2: to use the "mediation" approach, what value should be used then? Q3: apart from this doc: https://github.com/hyperledger/aries-cloudagent-python/blob/main/Multitenancy.md. Any other docs give more details on how to work with multi-tenancy model (e.g. all the detailed-level process you gave above)?

Yunxi 3 (Mon, 22 Mar 2021 14:46:17 GMT):

Hello @jacobsaur , Thanks for the info. Still got other questions. Q1: does "default" mean it will use the "relaying message routing" approach? Q2: to use the "mediation" approach, what value should be used then? Q3: How does the token of a tenant related to the recipient key in the connection invitation? Q4: apart from this doc: https://github.com/hyperledger/aries-cloudagent-python/blob/main/Multitenancy.md. Any other docs give more details on how to work with multi-tenancy model (e.g. all the detailed-level process you gave above)?

andrew.whitehead (Mon, 22 Mar 2021 19:04:32 GMT):

It contacts the nodes individually. For a consensus read request it may only need to fetch from one node, providing that a valid state proof is included in the response. Otherwise it may need to contact additional nodes to confirm the validity of the response

HighBrow (Tue, 23 Mar 2021 05:23:19 GMT):

Thanks for the explanation!

Yunxi 3 (Tue, 23 Mar 2021 13:20:12 GMT):

Hello all, i'm trying to understand both conceptually and pragmatically how one agent can talk to another agent with multi-tenancy feature is turned on. For example, if i have agent 1 and agent 2 (with multi-tenancy feature turned on), and created 2 sub wallets (e.g. wallet 1 and wallet 2) in the agent 2. When agent 1 wants to set up a connection with agent 2 and only issue a credential for wallet 2 in agent 2. How could this work ?

Yunxi 3 (Tue, 23 Mar 2021 13:20:12 GMT):

Hello all, i'm trying to understand pragmatically how one agent can talk to another agent with multi-tenancy feature is turned on. For example, if i have agent 1 and agent 2 (with multi-tenancy feature turned on), and created 2 sub wallets (e.g. wallet 1 and wallet 2) in the agent 2. When agent 1 wants to set up a connection with agent 2 and only issue a credential for wallet 2 in agent 2, how could this process work pragmatically?

Yunxi 3 (Tue, 23 Mar 2021 13:20:12 GMT):

Hello all, i'm trying to understand pragmatically how one agent can talk to a specific tenant in another agent with multi-tenancy feature is turned on. For example, if i have agent 1 and agent 2 (with multi-tenancy feature turned on), and created 2 sub wallets (e.g. wallet 1 and wallet 2) in the agent 2. When agent 1 wants to set up a connection with agent 2 and only issue a credential for wallet 2 in agent 2, how could this process work pragmatically?

Yunxi 3 (Tue, 23 Mar 2021 13:20:12 GMT):

Hello all, i'm trying to understand pragmatically how one agent can talk to a specific tenant in another agent with multi-tenancy feature turned on. For example, if i have agent 1 and agent 2 (with multi-tenancy feature turned on), and created 2 sub wallets (e.g. wallet 1 and wallet 2) in the agent 2. When agent 1 wants to set up a connection with agent 2 and only issue a credential for wallet 2 in agent 2, how could this process work pragmatically?

Yunxi 3 (Tue, 23 Mar 2021 13:20:12 GMT):

Hello all, i'm trying to understand pragmatically how one agent can talk to a specific tenant in another agent with multi-tenancy feature turned on. For example, if i have agent 1 and agent 2 (with multi-tenancy feature turned on), and created 2 sub wallets (e.g. wallet 1 and wallet 2) in the agent 2. When agent 1 wants to set up a connection with agent 2 and only issues a credential for wallet 2 in agent 2, how could this process work pragmatically?

RounakGhosh (Tue, 23 Mar 2021 17:44:44 GMT):

Hello community, @swcurran , is there any way but which we can log the did comm message in aca py controller.??

RounakGhosh (Tue, 23 Mar 2021 17:44:44 GMT):

Hello community, @swcurran , is there any way by which we can log the did comm message in aca py controller.??

swcurran (Tue, 23 Mar 2021 18:02:07 GMT):

As in the raw envelope+message that is received (still in encrypted), or the decrypted message?

Either way, not sure -- @andrew.whitehead ?

swcurran (Tue, 23 Mar 2021 18:02:07 GMT):

As in the raw envelope+message that is received (message still encrypted), or the decrypted message?

Either way, not sure -- @andrew.whitehead ?

RounakGhosh (Tue, 23 Mar 2021 18:07:48 GMT):

@swcurran I am talking about wallet basic messaging functionality.

Yunxi 3 (Tue, 23 Mar 2021 21:53:15 GMT):

Hello all and @swu, following on them my question above for multi-tenancy, conceptually, I wonder whether agent 1 needs one established connection with agent 2 for communication or agent 1 needs two established connections, one for each sub wallet in agent 2?

Yunxi 3 (Tue, 23 Mar 2021 21:53:15 GMT):

Hello all and @swcurran , following on them my question above for multi-tenancy, conceptually, I wonder whether agent 1 needs one established connection with agent 2 for communication or agent 1 needs two established connections, one for each sub wallet in agent 2?

Yunxi 3 (Tue, 23 Mar 2021 21:53:15 GMT):

Hello all and @swcurran , following on my question above for multi-tenancy, conceptually, I wonder whether agent 1 needs one established connection with agent 2 for communication or agent 1 needs two established connections, one for each sub wallet in agent 2?

sumit9935 (Wed, 24 Mar 2021 05:38:33 GMT):

Has joined the channel.

sumit9935 (Wed, 24 Mar 2021 05:38:34 GMT):

Hi all
Do we receive any webhook for "connection-less proof request" after verification ?
I am using version 0.6.0 of acapy-agent. I do receive web-hook for proof req with connection creation.

JSedlmeir (Wed, 24 Mar 2021 08:55:47 GMT):

Hi everyone, I was wondering what might be the best way to find out the did and verkey that correspond to a specific seed. It would be great to have a simple way to get this in order to ask for onboarding before starting aca-py. We have a production indy network without a server that exposes the register functionality (as the VON test network would offer it).
I tried aca-py provision (which works  but gives a lot of error messages that the did is not registered yet on the ledger after displaying the new did/verkey - this is not a problem for people who know what they are doing but bad for a product that wants to reduce complexity for the company that needs to deploy the component). Using indy-cli, it seems to me that the verkey looks different from the format that aca-py uses; starting with a ~ and being much shorter. Are there any best practices?

vongohren (Wed, 24 Mar 2021 10:46:02 GMT):

@swcurran In regards to this discussion, what do you think if this presentation from Markus? https://github.com/decentralized-identity/interoperability/blob/master/agenda.md#agenda---3-feb-2021---useu-time-0600-pt---update-on-did-core-and-enterprise-ethereum-alliance-d-burnett-and-did-interop-fundamentals-markus-sabadello-and-guests

IF you hit the recording, it starts at 36 minutes.

sklump (Wed, 24 Mar 2021 11:05:32 GMT):

_seed to key_: call indy sdk https://github.com/hyperledger/indy-sdk/blob/dbd89cf94a73e7a62611c4150a874c38b810ff8d/wrappers/python/indy/crypto.py#L10

_short to full verkey_: https://github.com/hyperledger/aries-cloudagent-python/blob/a169e69f482070361dd550f5f143cb899f1283a2/aries_cloudagent/wallet/util.py#L64
explanatory text at *Please Note" above https://hyperledger-indy.readthedocs.io/projects/sdk/en/latest/docs/getting-started/indy-walkthrough.html#step-4-onboarding-faber-acme-thrift-and-government-by-steward

_full to short verkey_: actually I hadn't written this yet as we never needed it, but it will appear shortly and look like this in `wallet/util.py`:
```
def abbr_verkey(full_verkey: str, did: str = None) -> str:
    """Given a full verkey and DID, return the abbreviated verkey."""
    did_len = len(b58_to_bytes(did.split(":")[-1])) if did else 16
    return f"~{bytes_to_b58(b58_to_bytes(full_verkey)[did_len:])}"
```

sklump (Wed, 24 Mar 2021 11:05:32 GMT):

_seed to key_: call indy sdk https://github.com/hyperledger/indy-sdk/blob/dbd89cf94a73e7a62611c4150a874c38b810ff8d/wrappers/python/indy/crypto.py#L10

_short to full verkey_: https://github.com/hyperledger/aries-cloudagent-python/blob/a169e69f482070361dd550f5f143cb899f1283a2/aries_cloudagent/wallet/util.py#L64
explanatory text at *Please Note* above https://hyperledger-indy.readthedocs.io/projects/sdk/en/latest/docs/getting-started/indy-walkthrough.html#step-4-onboarding-faber-acme-thrift-and-government-by-steward

_full to short verkey_: actually I hadn't written this yet as we never needed it, but it will appear shortly and look like this in `wallet/util.py`:
```
def abbr_verkey(full_verkey: str, did: str = None) -> str:
    """Given a full verkey and DID, return the abbreviated verkey."""
    did_len = len(b58_to_bytes(did.split(":")[-1])) if did else 16
    return f"~{bytes_to_b58(b58_to_bytes(full_verkey)[did_len:])}"
```

sklump (Wed, 24 Mar 2021 11:12:29 GMT):

*CRITICAL*: your seed is secret. If anyone gets your seed, they become you at will.

JSedlmeir (Wed, 24 Mar 2021 11:26:48 GMT):

Thanks for the hint, so it seems I need to use one of the languages that the indy-sdk provides wrappers for, right? 

Regarding the security notice; the script will run locally on the side of an entity that needs to ask an Endorser for onboarding and hence needs to determine the did and verkey that the agent will have later on. So the Seed will never be communicated. =)

RounakGhosh (Wed, 24 Mar 2021 13:14:01 GMT):

@swcurran can you please guide how is it possible to receive didcomm messaging from mobile wallet and log into agent controller.

RounakGhosh (Wed, 24 Mar 2021 13:14:01 GMT):

@swcurran  is it possible to receive didcomm messaging from mobile wallet and log into web agent controller?.

jacobsaur (Wed, 24 Mar 2021 14:15:05 GMT):

Q1: So wallet_dispath_type refers to webhooks, not mediation: "Webhook target dispatch type for this wallet. \
            default - Dispatch only to webhooks associated with this wallet. \
            base - Dispatch only to webhooks associated with the base wallet. \
            both - Dispatch to both webhook targets." So when you create a multitenant agent you can specify a webhook url for it to use, default uses that one, rather than a webhook url defined for the entire multitenant instance.
Q2: I'm not exactly sure, we don't use mediation right now
Q3: I'm not 100% sure, but both the token of the tenant and the recipient key of the tenant allow the multitenant instance to know which tenant to interact with - the token is used in the admin api to controller the agent, the recipient key is used in the regular aries agent communication
Q4: I'm not sure if there are better resources, but if it's helpful here is the code to our agency, which interacts with a multitenant aca-py instance - here's the start up args we're using for example: https://github.com/kiva/aries-guardianship-agency/blob/master/dummy.env#L35

swcurran (Wed, 24 Mar 2021 14:18:02 GMT):

If I understand correctly what you are saying, then yes.  If you look at the base Alice/Faber demo on the /demo folder, that is what is happening -- messages sent from one agent to the other go via webhook to the controller and then are displayed.

Yunxi 3 (Wed, 24 Mar 2021 14:29:21 GMT):

thanks for the answer for Q1 @jacobsaur, i've eventually figured out how Acapy's multi-tenancy work in practice

Yunxi 3 (Wed, 24 Mar 2021 14:33:03 GMT):

Hello @swcurran , are there any docs available explaining where Acapy stores various information (e.g. connection, transaction)? One thing i've tried in practice, is after a connection is established between two agents, and if i stops one agent and rerun it again, all the previous connection data are gone. So wondering if we need to store some of the Acapy's data in our own database for circumstances like this?

Shweta1 (Wed, 24 Mar 2021 14:53:38 GMT):

Hi everyone,how credential present into cloud wallet is safe from hacker?As credential is saved into postgres database so which encrytion/decryption algorithm works?

Shweta1 (Wed, 24 Mar 2021 14:53:38 GMT):

Hi everyone,how credential present into cloud wallet is safe from hacker?As credential is saved into postgres database so which encrytion/decryption algorithm works?is it same for mobile wallet

RounakGhosh (Wed, 24 Mar 2021 16:42:08 GMT):

Thanks @swcurran . Can you also guide on how to send DidComm message between two agents.??.

RounakGhosh (Wed, 24 Mar 2021 16:42:08 GMT):

Thanks @swcurran . Can you also guide on how to send DidComm message between two agents.??

vineeta (Thu, 25 Mar 2021 03:47:25 GMT):

Has joined the channel.

michawensveen (Thu, 25 Mar 2021 08:09:49 GMT):

yes, /present_proof will be called with the Presentation Exchange Record

sumit9935 (Thu, 25 Mar 2021 10:36:18 GMT):

but I dnt receive any webhok when the presentation is accepted. It only sends webhook when proof is created

swcurran (Thu, 25 Mar 2021 19:39:42 GMT):

The short answer to that is that losing your wallet is a Bad Thing and you should never do that accidentally.  You are much better focusing effort on making sure that you good resiliency built in -- don't lose your wallet.

To be clear -- something should be held by the controller -- e.g. the relationship between a connection in the wallet and an account/entity in your controller system.  But the internal data in a wallet, like a connection, should always be preserved.

swcurran (Thu, 25 Mar 2021 19:40:46 GMT):

For enterprise systems, that basically means backing up your database sufficiently and securely.  All the same techniques for enterprise database backups appy.

michawensveen (Fri, 26 Mar 2021 07:58:08 GMT):

Are you sure you're agents receives the proof? If you look up the proof request (using the presentation-exchange-id) with the rest-api (swagger) does the status change?

Yunxi 3 (Fri, 26 Mar 2021 14:40:45 GMT):

thanks for your info @swcurran. Like what you said, there are something the controller should handle properly, that's why I wonder what type of information a controller should handle, which results in my original question - whether there are any docs available showing what information is stored in wallet/storage, then I can figure out what information should be handled by controller properly? Does it make sense?

Yunxi 3 (Fri, 26 Mar 2021 14:41:43 GMT):

The reason I want to know what info is stored in the wallet/storage is because when I check the postgresql, I see most data are binary which doesn't tell me what they are

swcurran (Fri, 26 Mar 2021 14:49:18 GMT):

Yes.  Help on where we should put this would be useful feedback (or a PR).  I'll take a pass here at what is there:

- credentials and tags to enable searching credentials.
- ledger objects created and published by the agent.
- ledger objects cached by the agent
- DIDs created by the agent - including private keys
- Connections established by the agents. Recently added is a way to keep other metadata related to a connection.
- Protocols state objects -- mostly only those for protocols that are in flight, but AFAIK, some protocol state is kept around (e.g. credential issue state has options to keep, keep minimum and delete).

I'm not certain what additional data is kept in multi-tenancy mode.

IMHO -- the controller should keep anything that needs to be persisted about a protocol execution, so the state object can be deleted by the wallet, to reduce bloat in the wallet.

Regards the binary data.  It is binary for security, but it makes it hard on the developer.  aries-askar (new storage module) has (I think) a mode that uses "null" encryption, which will allow for developers to see inside the wallet.

Yunxi 3 (Fri, 26 Mar 2021 14:59:23 GMT):

Thanks @swcurran . Just be clear, regarding "Help on where we should put this would be useful feedback (or a PR).", do you mean I can raise a ticket like "a doc will be helpful to explain what informatin a controller should handle" on the github ? Regarding the 6 points ( from - credentials and tags to - protocols state objects), are these the data in the current wallet/db storage?

swcurran (Fri, 26 Mar 2021 15:00:37 GMT):

In particular -- where in the documentation we have would you have expected (or wanted) to have found this info?   It should be in the markdown files somewhere :-)

Yunxi 3 (Fri, 26 Mar 2021 15:01:52 GMT):

cool, will raise a ticket there. how about my 2nd question? Regarding the 6 points ( from - credentials and tags to - protocols state objects), are these the data in the current wallet/db storage?

swcurran (Fri, 26 Mar 2021 15:02:24 GMT):

Yes -- all of those things are in the current wallet/db storage.

Yunxi 3 (Fri, 26 Mar 2021 15:14:53 GMT):

thanks @swcurran, i just raised two tickets on the repo :-)

dbluhm (Fri, 26 Mar 2021 18:48:34 GMT):

The use of unqualified Indy DIDs has proven quite problematic in the DID Resolver work as well. I think we'll need a strategy for phasing that out completely in the not too distant future. The additional query property seems reasonable to me.

swcurran (Fri, 26 Mar 2021 18:56:01 GMT):

Have you seen what we were doing in the DID Indy work?  #indy-did-method ?

We're pretty close to having the whole thing worked out.  The challenge is now to get some indy-node developers to make it happen.  We couldn't really get started until the CI/CD and Ubuntu upgrade work is done, but once that is completed, we can move `did:indy` forward.

JSedlmeir (Fri, 26 Mar 2021 20:49:39 GMT):

Hi all, is there any way to *receive* a connectionless proof request (and to create the presentation accordingly) with the aries-cloudagent or is this only supported by mobile wallets currently?

swcurran (Fri, 26 Mar 2021 21:42:02 GMT):

This has been asked before and AFAIK, the answer is that this is still not possible in ACA-Py.  It could be done, but it has not been a priority.

JSedlmeir (Sat, 27 Mar 2021 08:53:13 GMT):

All right, thanks a lot for the information :slight_smile:

wip-abramson (Mon, 29 Mar 2021 15:30:17 GMT):

Hey, wondering if this is an ACA-Py bug. After migrating to v0.6.0 our webhook handler is now triggered twice (for I think every webhook). Has anyone else come across this? We have made some minor changes to our code but, pretty sure these haven't affected the webhook stuff

ianco (Mon, 29 Mar 2021 16:05:06 GMT):

Yes you can (potentially) get a "double-hit" if you use the `WEBHOOK_URL` environment variable

ianco (Mon, 29 Mar 2021 16:06:51 GMT):

This was the original method of specifying a web hook, later a command-line argument was added (`--webhook-url`).  One of the updates in the 0.6.0 version is the ability to specify multiple targets for a web hook, and this inadvertently opened up the possibility to "double tap"

ianco (Mon, 29 Mar 2021 16:07:43 GMT):

I suggest to get rid of the `WEBHOOK_URL` environment variable and use the command line arg instead (or use `ACAPY_WEBHOOK_URL` as an environment variable since this is like a synonym for the command line arg)

lohan.spies (Mon, 29 Mar 2021 16:08:15 GMT):

Interesting

wip-abramson (Mon, 29 Mar 2021 16:08:19 GMT):

Cheers!

ianco (Mon, 29 Mar 2021 16:09:44 GMT):

Anyways the `WEBHOOK_URL` should probably be deprecated but unfortunately we're using this pretty much everywhere in BC Gov deployments (since we're early adoptors)

lohan.spies (Mon, 29 Mar 2021 16:13:58 GMT):

@wip-abramson suggest we just change the env var to `ACAPY_WEBHOOK_URL` for now.

ianco (Mon, 29 Mar 2021 16:42:33 GMT):

PS the "double-hit" bug has been fixed since 0.6.0 but you can still (potentially) add the same webhook url multiple times

lohan.spies (Mon, 29 Mar 2021 17:13:51 GMT):

@ianco on another note. Is it now possible to pass in env vars into the YAML files directly somehow?

lohan.spies (Mon, 29 Mar 2021 17:13:51 GMT):

@ianco on another note. Is it now possible to pass in env vars into the YAML config files directly somehow?

ianco (Mon, 29 Mar 2021 17:24:32 GMT):

Not into the YAML files

ianco (Mon, 29 Mar 2021 17:25:00 GMT):

We use argparse = https://docs.python.org/3/library/argparse.html

ianco (Mon, 29 Mar 2021 17:25:00 GMT):

~We use argparse = https://docs.python.org/3/library/argparse.html~

lohan.spies (Mon, 29 Mar 2021 17:25:02 GMT):

:thumbsup:

ianco (Mon, 29 Mar 2021 17:25:27 GMT):

... so you can EITHER use a yaml config file OR use environment variables, but you can'y use an environment variable in your yaml file

ianco (Mon, 29 Mar 2021 17:26:30 GMT):

Sorry I mean ConfigArgParse = https://pypi.org/project/ConfigArgParse/

lohan.spies (Mon, 29 Mar 2021 17:28:12 GMT):

Understood. We created a workaround that allows you to parse env vars into the yaml files. Maybe we need to revert back to ConfigArgParse again

lohan.spies (Mon, 29 Mar 2021 17:28:39 GMT):

@wip-abramson lets discuss the above and decide.

RounakGhosh (Tue, 30 Mar 2021 13:28:25 GMT):

@swcurran is it possible to receive message send to web agent through /basicmessages webhook call from mobile agent.

RounakGhosh (Tue, 30 Mar 2021 13:28:25 GMT):

@swcurran is it possible to receive message send to web agent from mobile agent through /basicmessages webhook call ??

swcurran (Tue, 30 Mar 2021 13:41:11 GMT):

Based on your question -- yes.  If you run the Alice/Faber Demo with the "--events" flag and use the "Send a Message" option (3, I think) you will see that.  Then you can look at the underlying code.

RounakGhosh (Tue, 30 Mar 2021 15:45:16 GMT):



Clipboard - March 30, 2021 9:15 PM

RounakGhosh (Tue, 30 Mar 2021 15:45:30 GMT):

@swcurran Thanks so much for the help, but I am getting this error.

swcurran (Tue, 30 Mar 2021 15:46:24 GMT):

I as taking about the demo in the demo folder -- Alice/Faber demo.

swcurran (Tue, 30 Mar 2021 15:46:24 GMT):

I as talking about the demo in the demo folder -- Alice/Faber demo.

swcurran (Tue, 30 Mar 2021 15:46:52 GMT):

`./run_demo alice --events`

RounakGhosh (Tue, 30 Mar 2021 15:54:19 GMT):

@swcurran I want to receive message sent from mobile agent to web agent. Is there any way I can log it and check the "content"?. Thanks

swcurran (Tue, 30 Mar 2021 15:54:53 GMT):

I don't know.

swcurran (Tue, 30 Mar 2021 15:55:06 GMT):

Sorry -- I don't deal with the code at that level.

RounakGhosh (Tue, 30 Mar 2021 16:01:06 GMT):

@swcurran Okay, sure. Thanks a lot for your help.

FilipeCapela98 (Wed, 31 Mar 2021 10:18:11 GMT):

Hello everyone, is there an existing static-agent implementation aside from the aries-staticagent-python, which currently supports receiving credentials?

dbluhm (Wed, 31 Mar 2021 15:34:14 GMT):

Not that I'm aware of. The static agent space has not been very thoroughly explored with most people focusing on full agents.

dbluhm (Wed, 31 Mar 2021 15:35:28 GMT):

Credential support in something like the aries-staticagent-python project would not exactly be trivial but is simplified by the shared libraries BC Gov has been promoting for use in ACA-Py

Jsyro (Wed, 31 Mar 2021 21:22:21 GMT):

Has joined the channel.

matthewhall78 (Wed, 31 Mar 2021 21:22:52 GMT):

Has joined the channel.

iammatrix (Thu, 01 Apr 2021 15:36:03 GMT):

Has joined the channel.

iammatrix (Thu, 01 Apr 2021 15:36:12 GMT):

Hello guys, I am trying to add oidc login feature with keycloak in my website, but I am getting that error constantly and I am not able to find a solution for this, "{"error":"unknown_presentation_record_id","error_description":"Cannot find respective record id"}", If any one can help It'd be highly appreciated

WadeBarnes (Thu, 01 Apr 2021 15:37:07 GMT):

@esune ^

c2bo (Thu, 01 Apr 2021 17:11:40 GMT):

I assume you are using github.com/bcgov/vc-authn-oidc? If so you have to provide a custom attribute in your keycloak that has to be forwarded called "pres_req_conf_id" which has to point to a valid configuration.
See https://github.com/bcgov/vc-authn-oidc/blob/ad322343146f850d4c9db8b0ca4c7acd03f3b45b/docs/README.md

usingetechnology (Thu, 01 Apr 2021 20:11:47 GMT):

Has joined the channel.

usingetechnology (Thu, 01 Apr 2021 20:11:48 GMT):

quick question - can my controller query ace-py to determine what the configuration is? example: controller query aca-py to see if it is set to auto respond to presentation requests (auto-respond-presentation-request)?

FilipeCapela98 (Thu, 01 Apr 2021 23:35:05 GMT):

Thank you @dbluhm

swcurran (Fri, 02 Apr 2021 20:26:06 GMT):

I don't think there is a way to do that -- nothing in the API provides it. 

Should that be added?

@ianco @amanji

jasoncys (Mon, 05 Apr 2021 07:21:25 GMT):

Has joined the channel.

jasoncys (Mon, 05 Apr 2021 07:21:26 GMT):

Hi, I am in the `Genesis file handling` section of `aries-cloudagent-python/demo/`.  I'd like to ask where I can find the file, i.e. is it `indy-sdk/cli/docker_pool_transactions_genesis`?  Thanks in advance.

jasoncys (Mon, 05 Apr 2021 07:21:26 GMT):

Hi, I am in the `Genesis file handling` section of `aries-cloudagent-python/demo/`.  I'd like to ask where I can find the genesis file, i.e. is it `indy-sdk/cli/docker_pool_transactions_genesis`?  Thanks in advance.

chakshujain (Mon, 05 Apr 2021 11:56:58 GMT):

Hi, I was trying different operators in the *requested_predicates* field while running the */present-proof/send-request* API of the aca-py and found that *"="* operator not supported by aca-py yet. So, my question is will other operators be supported by aca-py in future or not and also is there any plan to include *string comparisons* as well?

jasoncys (Mon, 05 Apr 2021 12:15:57 GMT):

Hi, when I try `Run the Alice and Faber Controllers/Agents` in `aries-cloudagent-python/demo` using `GENESIS_FILE=/path/to/local-genesis.txt DEFAULT_POSTGRES=true python3 -m runners.faber --port 8020`, I receive the following error:```
#1 Provision an agent and wallet, get back configuration details
Faber      | Registering faber.agent ...
Shutting down agent ...
Faber      | Shutting down admin api session
Faber      | Shutting down web hooks site
Faber      | Shutting down agent
Traceback (most recent call last):
  File "/usr/lib/python3.6/runpy.py", line 193, in _run_module_as_main
    "__main__", mod_spec)
  File "/usr/lib/python3.6/runpy.py", line 85, in _run_code
    exec(code, run_globals)
  File "/home/jyscheung/Projects/aries-cloudagent-python/demo/runners/faber.py", line 430, in 
    asyncio.get_event_loop().run_until_complete(main(args))
  File "/usr/lib/python3.6/asyncio/base_events.py", line 488, in run_until_complete
    return future.result()
  File "/home/jyscheung/Projects/aries-cloudagent-python/demo/runners/faber.py", line 173, in main
    schema_attrs=faber_schema_attrs,
  File "/home/jyscheung/Projects/aries-cloudagent-python/demo/runners/agent_container.py", line 388, in initialize
    await self.agent.register_did()
  File "/home/jyscheung/Projects/aries-cloudagent-python/demo/runners/support/agent.py", line 369, in register_did
    ledger_url + "/register", json=data
  File "/home/jyscheung/.local/lib/python3.6/site-packages/aiohttp/client.py", line 1117, in __aenter__
    self._resp = await self._coro
  File "/home/jyscheung/.local/lib/python3.6/site-packages/aiohttp/client.py", line 544, in _request
    await resp.start(conn)
  File "/home/jyscheung/.local/lib/python3.6/site-packages/aiohttp/client_reqrep.py", line 890, in start
    message, payload = await self._protocol.read()  # type: ignore
  File "/home/jyscheung/.local/lib/python3.6/site-packages/aiohttp/streams.py", line 604, in read
    await self._waiter
aiohttp.client_exceptions.ServerDisconnectedError: Server disconnected
```

jasoncys (Mon, 05 Apr 2021 12:15:57 GMT):

Hi, when I try `Run the Alice and Faber Controllers/Agents` in `aries-cloudagent-python/demo` using `GENESIS_FILE=/path/to/local-genesis.txt DEFAULT_POSTGRES=true python3 -m runners.faber --port 8020`, I receive the following error:```
#1 Provision an agent and wallet, get back configuration details
Faber      | Registering faber.agent ...
Shutting down agent ...
Faber      | Shutting down admin api session
Faber      | Shutting down web hooks site
Faber      | Shutting down agent
Traceback (most recent call last):
  File "/usr/lib/python3.6/runpy.py", line 193, in _run_module_as_main
    "__main__", mod_spec)
  File "/usr/lib/python3.6/runpy.py", line 85, in _run_code
    exec(code, run_globals)
  File "/home/jyscheung/Projects/aries-cloudagent-python/demo/runners/faber.py", line 430, in 
    asyncio.get_event_loop().run_until_complete(main(args))
  File "/usr/lib/python3.6/asyncio/base_events.py", line 488, in run_until_complete
    return future.result()
  File "/home/jyscheung/Projects/aries-cloudagent-python/demo/runners/faber.py", line 173, in main
    schema_attrs=faber_schema_attrs,
  File "/home/jyscheung/Projects/aries-cloudagent-python/demo/runners/agent_container.py", line 388, in initialize
    await self.agent.register_did()
  File "/home/jyscheung/Projects/aries-cloudagent-python/demo/runners/support/agent.py", line 369, in register_did
    ledger_url + "/register", json=data
  File "/home/jyscheung/.local/lib/python3.6/site-packages/aiohttp/client.py", line 1117, in __aenter__
    self._resp = await self._coro
  File "/home/jyscheung/.local/lib/python3.6/site-packages/aiohttp/client.py", line 544, in _request
    await resp.start(conn)
  File "/home/jyscheung/.local/lib/python3.6/site-packages/aiohttp/client_reqrep.py", line 890, in start
    message, payload = await self._protocol.read()  # type: ignore
  File "/home/jyscheung/.local/lib/python3.6/site-packages/aiohttp/streams.py", line 604, in read
    await self._waiter
aiohttp.client_exceptions.ServerDisconnectedError: Server disconnected
```
Any idea of what went wrong?  I did modify the file `runners/support/agent.py` to change the port to 9701 from the default value 9000.

jasoncys (Mon, 05 Apr 2021 12:15:57 GMT):

Hi, when I try `Run the Alice and Faber Controllers/Agents` in `aries-cloudagent-python/demo` using `GENESIS_FILE=/path/to/local-genesis.txt DEFAULT_POSTGRES=true python3 -m runners.faber --port 8020`, I receive the following error:```
#1 Provision an agent and wallet, get back configuration details
Faber      | Registering faber.agent ...
Shutting down agent ...
Faber      | Shutting down admin api session
Faber      | Shutting down web hooks site
Faber      | Shutting down agent
Traceback (most recent call last):
  File "/usr/lib/python3.6/runpy.py", line 193, in _run_module_as_main
    "__main__", mod_spec)
  File "/usr/lib/python3.6/runpy.py", line 85, in _run_code
    exec(code, run_globals)
  File "/home/jyscheung/Projects/aries-cloudagent-python/demo/runners/faber.py", line 430, in 
    asyncio.get_event_loop().run_until_complete(main(args))
  File "/usr/lib/python3.6/asyncio/base_events.py", line 488, in run_until_complete
    return future.result()
  File "/home/jyscheung/Projects/aries-cloudagent-python/demo/runners/faber.py", line 173, in main
    schema_attrs=faber_schema_attrs,
  File "/home/jyscheung/Projects/aries-cloudagent-python/demo/runners/agent_container.py", line 388, in initialize
    await self.agent.register_did()
  File "/home/jyscheung/Projects/aries-cloudagent-python/demo/runners/support/agent.py", line 369, in register_did
    ledger_url + "/register", json=data
  File "/home/jyscheung/.local/lib/python3.6/site-packages/aiohttp/client.py", line 1117, in __aenter__
    self._resp = await self._coro
  File "/home/jyscheung/.local/lib/python3.6/site-packages/aiohttp/client.py", line 544, in _request
    await resp.start(conn)
  File "/home/jyscheung/.local/lib/python3.6/site-packages/aiohttp/client_reqrep.py", line 890, in start
    message, payload = await self._protocol.read()  # type: ignore
  File "/home/jyscheung/.local/lib/python3.6/site-packages/aiohttp/streams.py", line 604, in read
    await self._waiter
aiohttp.client_exceptions.ServerDisconnectedError: Server disconnected
```
Any idea of what went wrong?  I did modify the file `runners/support/agent.py` to change the port to 9701 from the default value 9000.  I load local indy pool and postgres with the following:```
Built libindy locally following the instructions on https://github.com/hyperledger/indy-sdk/blob/master/docs/build-guides/ubuntu-build.md and ran the test successfully.

docker build -f ci/indy-pool.dockerfile -t indy_pool .
docker run -itd -p 9701-9708:9701-9708 indy_pool

docker run --name some-postgres -e POSTGRES_PASSWORD=mysecretpassword -d -p 5432:5432 postgres -c 'log_statement=all' -c 'logging_collector=on' -c 'log_destination=stderr'
``` 
I am running `Ubunty 16.04 LTS` and using `python3 version 3.6.13`  Thanks in advance.

jasoncys (Mon, 05 Apr 2021 12:15:57 GMT):

Hi, when I try `Run the Alice and Faber Controllers/Agents` in `aries-cloudagent-python/demo` with `GENESIS_FILE=/path/to/local-genesis.txt DEFAULT_POSTGRES=true python3 -m runners.faber --port 8020` where the genesis file points to `~/Projects/indy-sdk/cli/docker_pool_transactions_genesis`, I receive the following error:```
#1 Provision an agent and wallet, get back configuration details
Faber      | Registering faber.agent ...
Shutting down agent ...
Faber      | Shutting down admin api session
Faber      | Shutting down web hooks site
Faber      | Shutting down agent
Traceback (most recent call last):
  File "/usr/lib/python3.6/runpy.py", line 193, in _run_module_as_main
    "__main__", mod_spec)
  File "/usr/lib/python3.6/runpy.py", line 85, in _run_code
    exec(code, run_globals)
  File "/home/jyscheung/Projects/aries-cloudagent-python/demo/runners/faber.py", line 430, in 
    asyncio.get_event_loop().run_until_complete(main(args))
  File "/usr/lib/python3.6/asyncio/base_events.py", line 488, in run_until_complete
    return future.result()
  File "/home/jyscheung/Projects/aries-cloudagent-python/demo/runners/faber.py", line 173, in main
    schema_attrs=faber_schema_attrs,
  File "/home/jyscheung/Projects/aries-cloudagent-python/demo/runners/agent_container.py", line 388, in initialize
    await self.agent.register_did()
  File "/home/jyscheung/Projects/aries-cloudagent-python/demo/runners/support/agent.py", line 369, in register_did
    ledger_url + "/register", json=data
  File "/home/jyscheung/.local/lib/python3.6/site-packages/aiohttp/client.py", line 1117, in __aenter__
    self._resp = await self._coro
  File "/home/jyscheung/.local/lib/python3.6/site-packages/aiohttp/client.py", line 544, in _request
    await resp.start(conn)
  File "/home/jyscheung/.local/lib/python3.6/site-packages/aiohttp/client_reqrep.py", line 890, in start
    message, payload = await self._protocol.read()  # type: ignore
  File "/home/jyscheung/.local/lib/python3.6/site-packages/aiohttp/streams.py", line 604, in read
    await self._waiter
aiohttp.client_exceptions.ServerDisconnectedError: Server disconnected
```
Any idea of what went wrong?  I did modify the file `runners/support/agent.py` to change the port to 9701 from the default value 9000.  I loaded local indy pool and postgres with the following:```
Built libindy locally following the instructions on https://github.com/hyperledger/indy-sdk/blob/master/docs/build-guides/ubuntu-build.md and ran the test successfully.

docker build -f ci/indy-pool.dockerfile -t indy_pool .
docker run -itd -p 9701-9708:9701-9708 indy_pool

docker run --name some-postgres -e POSTGRES_PASSWORD=mysecretpassword -d -p 5432:5432 postgres -c 'log_statement=all' -c 'logging_collector=on' -c 'log_destination=stderr'
``` 
I am running `Ubunty 16.04 LTS` and using `python3 version 3.6.13`  Thanks in advance.

jasoncys (Mon, 05 Apr 2021 12:15:57 GMT):

Hi, when I try `Run the Alice and Faber Controllers/Agents` in `aries-cloudagent-python/demo` with `GENESIS_FILE=/path/to/local-genesis.txt DEFAULT_POSTGRES=true python3 -m runners.faber --port 8020` where the genesis file points to `~/Projects/indy-sdk/cli/docker_pool_transactions_genesis`, I receive the following error:```
#1 Provision an agent and wallet, get back configuration details
Faber      | Registering faber.agent ...
Shutting down agent ...
Faber      | Shutting down admin api session
Faber      | Shutting down web hooks site
Faber      | Shutting down agent
Traceback (most recent call last):
  File "/usr/lib/python3.6/runpy.py", line 193, in _run_module_as_main
    "__main__", mod_spec)
  File "/usr/lib/python3.6/runpy.py", line 85, in _run_code
    exec(code, run_globals)
  File "/home/jyscheung/Projects/aries-cloudagent-python/demo/runners/faber.py", line 430, in 
    asyncio.get_event_loop().run_until_complete(main(args))
  File "/usr/lib/python3.6/asyncio/base_events.py", line 488, in run_until_complete
    return future.result()
  File "/home/jyscheung/Projects/aries-cloudagent-python/demo/runners/faber.py", line 173, in main
    schema_attrs=faber_schema_attrs,
  File "/home/jyscheung/Projects/aries-cloudagent-python/demo/runners/agent_container.py", line 388, in initialize
    await self.agent.register_did()
  File "/home/jyscheung/Projects/aries-cloudagent-python/demo/runners/support/agent.py", line 369, in register_did
    ledger_url + "/register", json=data
  File "/home/jyscheung/.local/lib/python3.6/site-packages/aiohttp/client.py", line 1117, in __aenter__
    self._resp = await self._coro
  File "/home/jyscheung/.local/lib/python3.6/site-packages/aiohttp/client.py", line 544, in _request
    await resp.start(conn)
  File "/home/jyscheung/.local/lib/python3.6/site-packages/aiohttp/client_reqrep.py", line 890, in start
    message, payload = await self._protocol.read()  # type: ignore
  File "/home/jyscheung/.local/lib/python3.6/site-packages/aiohttp/streams.py", line 604, in read
    await self._waiter
aiohttp.client_exceptions.ServerDisconnectedError: Server disconnected
```
Any idea of what went wrong?  I did modify the file `runners/support/agent.py` to change the port to 9701 from the default value 9000.  I loaded local indy pool and postgres with the following:```
Built libindy locally following the instructions on https://github.com/hyperledger/indy-sdk/blob/master/docs/build-guides/ubuntu-build.md and ran the test successfully.

docker build -f ci/indy-pool.dockerfile -t indy_pool .
docker run -itd -p 9701-9708:9701-9708 indy_pool

docker run --name some-postgres -e POSTGRES_PASSWORD=mysecretpassword -d -p 5432:5432 postgres -c 'log_statement=all' -c 'logging_collector=on' -c 'log_destination=stderr'
``` 
I am running `Ubunty 16.04 LTS` and using `python3 version 3.6.13`  And I git clone both aries-cloudagent-python and indy-sdk to a local directory. Thanks in advance.

iammatrix (Mon, 05 Apr 2021 15:53:15 GMT):

Yes, I am using vc-authn-oidc, I also have read the docs from the repo, but I cannot identify which paramenter is causing this problem

jacobsaur (Mon, 05 Apr 2021 20:54:45 GMT):

@DucaDellaForcoletta were you able to solve this issue? I'm also seeing "Request Entity Too Large" errors and am wondering how to instruct aca-py to accept larger requests (ideally without changing aca-py code itself)

DucaDellaForcoletta (Tue, 06 Apr 2021 06:50:22 GMT):

@jacobsaur Hi, I customized the aca-py passing the cliet_max_size greater that the default value of 1mb.

DucaDellaForcoletta (Tue, 06 Apr 2021 06:50:22 GMT):

@jacobsaur Hi, I customized the aca-py passing the cliet_max_size greater that the default value of 1mb. At this line https://github.com/hyperledger/aries-cloudagent-python/blob/d64c3a0102b269fac9b39f30815829a64b74e9ce/aries_cloudagent/admin/server.py#L367 ```
I modified as follow       ```

```   app = web.Application(middlewares=middlewares, client_max_size=2048**2)

``` ```
This solved for me.
```

DucaDellaForcoletta (Tue, 06 Apr 2021 06:50:22 GMT):

@jacobsaur Hi, I customized the aca-py passing the cliet_max_size greater that the default value of 1mb. At this line https://github.com/hyperledger/aries-cloudagent-python/blob/d64c3a0102b269fac9b39f30815829a64b74e9ce/aries_cloudagent/admin/server.py#L367 
I modified as follow    

```   app = web.Application(middlewares=middlewares, client_max_size=2048**2)

This solved for me.

DucaDellaForcoletta (Tue, 06 Apr 2021 06:50:22 GMT):

@jacobsaur Hi, I customized the aca-py passing the cliet_max_size greater that the default value of 1mb. At this line https://github.com/hyperledger/aries-cloudagent-python/blob/d64c3a0102b269fac9b39f30815829a64b74e9ce/aries_cloudagent/admin/server.py#L367 
I modified as follow    

```   app = web.Application(middlewares=middlewares, client_max_size=2048**2)
```
This solved for me.

DucaDellaForcoletta (Tue, 06 Apr 2021 06:50:22 GMT):

@jacobsaur Hi, I customized the aca-py passing the cliet_max_size greater that the default value of 1mb. At this line https://github.com/hyperledger/aries-cloudagent-python/blob/d64c3a0102b269fac9b39f30815829a64b74e9ce/aries_cloudagent/admin/server.py#L367 
I modified as follow    

```   app = web.Application(middlewares=middlewares, client_max_size=2048**2)
```
This solved for me.

  Maybe a args param could be helpful for the scope.

DucaDellaForcoletta (Tue, 06 Apr 2021 06:50:22 GMT):

@jacobsaur Hi, I customized the aca-py passing the cliet_max_size greater that the default value of 1mb. At this line https://github.com/hyperledger/aries-cloudagent-python/blob/d64c3a0102b269fac9b39f30815829a64b74e9ce/aries_cloudagent/admin/server.py#L367 
I modified as follow    

```   app = web.Application(middlewares=middlewares, client_max_size=2048**2)
```
This solved for me.

  Maybe an args param could be helpful for the scope.

sklump (Tue, 06 Apr 2021 11:45:39 GMT):

https://github.com/hyperledger/indy-sdk/blob/32e30b6ca307c201c3d16341887af2887c6d9562/wrappers/python/indy/anoncreds.py#L1164

The underlying indy sdk supports <, <=, >=, >.
If you can come up with a string comparator that works on encoding to long ints [https://gist.github.com/swcurran/78e5a9e8d11236f003f6a6263c6619a6], please contribute it and everyone will be grateful.

sklump (Tue, 06 Apr 2021 11:45:39 GMT):

https://github.com/hyperledger/indy-sdk/blob/32e30b6ca307c201c3d16341887af2887c6d9562/wrappers/python/indy/anoncreds.py#L1164

The underlying indy sdk supports <, <=, >=, >.
If you can come up with a string comparator that works on encoding to long ints https://gist.github.com/swcurran/78e5a9e8d11236f003f6a6263c6619a6, please contribute it and everyone will be grateful.

sklump (Tue, 06 Apr 2021 11:45:39 GMT):

https://github.com/hyperledger/indy-sdk/blob/32e30b6ca307c201c3d16341887af2887c6d9562/wrappers/python/indy/anoncreds.py#L1164

The underlying indy sdk supports <, <=, >=, >. For equality, that's not a predicate: it's a requested attribute. You can request proof of an attribute value through a restriction of "attr::::value" = .

If you can come up with a string comparator that works on encoding to long ints https://gist.github.com/swcurran/78e5a9e8d11236f003f6a6263c6619a6, please contribute it and everyone will be grateful.

sklump (Tue, 06 Apr 2021 11:49:19 GMT):

I can turn that into a PR today.

FilipeCapela98 (Tue, 06 Apr 2021 12:28:32 GMT):

Hello everyone!
While connecting agents (following the demos available), I have a small issue, which is not perfectly explained in the documentation if I am not mistaken:

In the Faber-Alice demo, Faber creates an invitation, Alice receives it and accepts it. At this point the connection is at 'request' for both parties on their respective '/connections' endpoint.

At this point Faber needs to do an accept-request. Upon doing it, the connection on Alices side gets changed to 'Active', my issue is that on the Faber side the connection stays in a 'response' state and never changes.

When checking the documentation (https://github.com/hyperledger/aries-cloudagent-python/blob/main/demo/AriesOpenAPIDemo.md#establishing-a-connection) it is mentioned that Faber's connection state should change to Active, but the screenshot uploaded shows that the connection state is still in 'request', not making much sense. Could you let me know if this is expected behaviour or if there is a way to change Faber's connection state to 'active'?

"Faber" connection state:
{
      "connection_id": "7c2b1282-a47f-49e0-8257-8c0298555d38",
      "state": "response",
      "their_did": "DYZPhm3B2fdNHdqQ8vfqgJ",
      "my_did": "QJNcxhjv25gEdNfSyksXsg",
      "their_label": "alice.Agent",
      "accept": "auto",
      "initiator": "self",
      "invitation_mode": "once",
      "updated_at": "2021-04-06 11:26:46.865186Z",
      "created_at": "2021-04-06 11:26:33.059719Z",
      "routing_state": "none",
      "invitation_key": "3bB8bta4nRa2raTVrAjVtPoJwUgmtjqii4kzMAbKFrZN",
      "alias": "faber"
    }

"Alice" connection state:
{
      "state": "active",
      "their_label": "faber.Agent",
      "invitation_mode": "once",
      "connection_id": "7aa95765-9ecb-4c8a-99c9-2bf0a82db45a",
      "my_did": "DYZPhm3B2fdNHdqQ8vfqgJ",
      "routing_state": "none",
      "updated_at": "2021-04-06 11:26:46.887457Z",
      "their_did": "QJNcxhjv25gEdNfSyksXsg",
      "initiator": "external",
      "invitation_key": "3bB8bta4nRa2raTVrAjVtPoJwUgmtjqii4kzMAbKFrZN",
      "request_id": "90fad4d8-2811-4ccd-847b-f54f28e82915",
      "created_at": "2021-04-06 11:26:33.074996Z",
      "accept": "auto"
    }

sklump (Tue, 06 Apr 2021 12:55:03 GMT):

At the instant that the Faber agent accepts the request, the state is `response` (response sent). At that point, Alice has not accepted the response nor sent a trust ping to prime the connection state to `active` (setting `--auto-ping-connection`, which the demo sets).
If you go to the connections section for Faber and look for the connection there, it should be active by the time you get there.

ianco (Tue, 06 Apr 2021 12:59:32 GMT):

I wouldn't be too difficult to add this service to aca-py

ianco (Tue, 06 Apr 2021 12:59:32 GMT):

It wouldn't be too difficult to add this service to aca-py

asadhayat (Tue, 06 Apr 2021 13:13:52 GMT):

Has joined the channel.

chakshujain (Tue, 06 Apr 2021 13:22:17 GMT):

@sklump Thank you for the clarification. I will look into the string comparator part and try my best to come up with something.:slight_smile:

chakshujain (Tue, 06 Apr 2021 13:22:17 GMT):

@sklump Thank you for the clarification. I will look into the string comparator part and try my best to come up with something. :slight_smile:

sklump (Tue, 06 Apr 2021 13:32:22 GMT):

If you do you ought to get a PhD for it - it would be a huge insight mathematically.

sklump (Tue, 06 Apr 2021 14:01:05 GMT):

it could go in under status/

sklump (Tue, 06 Apr 2021 14:01:05 GMT):

it could go in under status/ within the admin/server.py status_handler

FilipeCapela98 (Wed, 07 Apr 2021 08:58:27 GMT):

Thank you @sklump! I had not realized that that flag was being used. After adding it to my config the connection indeed moved to active after the response from Faber. Have a good day!

jacobsaur (Wed, 07 Apr 2021 10:42:16 GMT):

Thanks!

sklump (Wed, 07 Apr 2021 15:24:12 GMT):

It's https://github.com/hyperledger/aries-cloudagent-python/pull/1069
But subject to black deciding to pull the stable release for now _(what does 'stable' mean then?)_: it will be in when the process copes.

Jsyro (Wed, 07 Apr 2021 17:04:30 GMT):

Is there anyway to get aca-py to generate the did/verKey from a seed without attempting to start? It would be a nice-to-have that streamlines manual registration of the DID for ledgers that require extra steps (Sovrin MainNet), or is there a way to do this that i'm not aware of (the only way we have found is to start the agent and call `wallet/did/public` while it's erroring).

domwoe (Wed, 07 Apr 2021 17:37:39 GMT):

You could use the provision command (https://github.com/hyperledger/aries-cloudagent-python/blob/main/DevReadMe.md#provisioning-a-wallet) to setup the wallet. Then register the DID, and then start the agent. I think the indy-sdk itself does not directly expose this functionality (only as part of creating a new did which requires to create a wallet instance before).

domwoe (Wed, 07 Apr 2021 17:37:39 GMT):

You could use the provision command (https://github.com/hyperledger/aries-cloudagent-python/blob/main/DevReadMe.md#provisioning-a-wallet) to setup the wallet with the DID. Then register the DID, and then start the agent. I think the indy-sdk itself does not directly expose this functionality (only as part of creating a new did which requires to create a wallet instance before).

domwoe (Wed, 07 Apr 2021 18:01:33 GMT):

Simple example `docker run --net=host bcgovimages/aries-cloudagent:py36-1.16-0_0.6.0 provision \
--seed Alice000000000000000000000000001 \
--wallet-type indy \
--wallet-name Alice1 \
--wallet-key secret --endpoint http://localhost:8000/ \
--no-ledger`
`Created new profile
Profile backend: indy
Profile name: Alice1
Created new public DID: PLEVLDPJQMJvPLyX3LgB6S
Verkey: DAwrZwgMwkTVHUQ8ZYAmuvzwprDmX8vFNXzFioxrWpCA
Ledger not configured`

esune (Wed, 07 Apr 2021 18:06:08 GMT):

You can also start the agent in read-only mode using the `ACAPY_READ_ONLY_LEDGER` environment variable and then restart it in non-readonly mode once you have registered the did/verkey on the ledger.

usingetechnology (Wed, 07 Apr 2021 21:53:04 GMT):

thanks for all that. good info for sure.  are there any plans to make something more lightweight? perhaps take the logic that generates a seed, and produces the did and verkey into a super lightweight utility? something one could call on its own during an install script? or are the supporting libraries too big? or is it ok to simply generate a seed and use an existing "open" ledger (like bcovrin-dev) to get a did and verkey?

esune (Wed, 07 Apr 2021 21:55:31 GMT):

If you start in read-only mode it doesn't need a ledger at all - it will still create a did/verkey from the provided seed. You can get the did/verkey from the agent's admin API - `/wallet/did/public`

domwoe (Thu, 08 Apr 2021 06:58:23 GMT):

As @esune said, there's no ledger involved, but indy-sdk requires the setup of a wallet. However, libindy uses Sodium under the hood so I guess you should be able to use e.g. https://www.npmjs.com/package/tweetnacl#naclsignkeypairfromseedseed to generate the key pair from seed.

sklump (Thu, 08 Apr 2021 10:59:44 GMT):

I can take this today

sklump (Thu, 08 Apr 2021 10:59:44 GMT):

https://github.com/hyperledger/aries-cloudagent-python/pull/1073

usingetechnology (Thu, 08 Apr 2021 15:58:35 GMT):

:thumbsup: thanks

domwoe (Fri, 09 Apr 2021 11:03:43 GMT):

Hey everyone, in the Business Partner Agent project (think of it as a wallet for an organization) we implemented the concept of a public profile. You can think of it as  machine-readable and cryptographically-verifiable imprint tied to a public DID. It would be great to have some feedback on this approach from the community. Is this something that is seen as useful? Would it make sense to provide more support of this on Aries level? We've put together a little explainer here: https://hackmd.io/4oZOgwFOQDSFUuu3ruN-_g You can write comments there or get back to me directly

etschelp (Fri, 09 Apr 2021 12:35:53 GMT):

Hey channel, I’m working on the aca-py Java client library: https://github.com/boschresearch/aries-acapy-clients/tree/main/java This project slowly evolved with our demo code since aca-py 0.4, so I did not much bother about keeping it in sync with a specific aca-py version. But as things now need to be more enterprise ready, I was looking into swagger-codegen to keep the libraries models in sync with aca-py. But a quick check showed that aca-py’s swagger definitions are not really 100% in sync with reality. Most of the generated models need to be adjusted. I guess I’m not the only one facing that issue. So, my question is how to fix this best. As there are many small, and big changes necessary to fix this, simply opening an issue for each and every one does not make sense. Should I open a ticket where everyone with swagger issues can comment? Or should this be a pull request? I think this is best tackled in a “swarm intelligence” kind of approach where everyone helps out to get this done.

sklump (Fri, 09 Apr 2021 14:38:16 GMT):

Please start an issue. I'll do my best to fix them as people post them.

sklump (Fri, 09 Apr 2021 14:38:16 GMT):

Please start an issue. I'll do my best to fix them as people post them. Do work from main though.

domwoe (Fri, 09 Apr 2021 14:47:32 GMT):

@ldej are you interested to join this effort as well? I think you came across some discrepancies as well as you developed your go client :)

etschelp (Fri, 09 Apr 2021 15:19:40 GMT):

I created a ticket here: https://github.com/hyperledger/aries-cloudagent-python/issues/1078

esune (Fri, 09 Apr 2021 16:14:13 GMT):

The instances of Tails Server hosted by BCGov are in the process of moving to a new domain. This will be for the most part transparent, however if you have been using the `dev` or `test` instances of the server you will need to update the URLs as follows:
DEV: `https://tails-dev.vonx.io`
TEST: `https://tails-test.vonx.io`
PROD: `https://tails.vonx.io` (same as before)
The old instances will be available until Friday April 16th at roughly 9am PDT - after this time they will be switched off. The new instances re already available, so we encourage you to switch over to using them as soon as possible.

ldej (Mon, 12 Apr 2021 04:54:30 GMT):

@domwoe Thanks for tagging me! yeah I'm trying to make a go client library for aca-py. I don't use code generators based on swagger, instead I implement it all by hand as it forces me to actually read and understand the endpoints. While implementing the endpoints I bumped into some inconsistencies with the credential endpoints, but they have been fixed already. Other than that my personal annoyance is inconsistencies in field names. For example, in some places `conn_id` is used instead of `connection_id`,  in some place `rev_reg_id` and in other `revoc_reg_id`. if those count as well then I'll happily add them.

ldej (Mon, 12 Apr 2021 04:54:30 GMT):

@domwoe Thanks for tagging me! yeah I'm trying to make a go client library for aca-py. I don't use code generators based on swagger, instead I implement it all by hand as it forces me to actually read and understand the endpoints. While implementing the endpoints I bumped into some inconsistencies with the credential endpoints, but they have been fixed already. Other than that my personal annoyance is inconsistencies in field names. For example, in some places `conn_id` is used instead of `connection_id`,  in some place `rev_reg_id` and in other `revoc_reg_id`. If those count as well then I'll happily add them.

sklump (Mon, 12 Apr 2021 12:19:26 GMT):

Unfortunately they have to stay as they are for backward compatibility with existing implementations.

sklump (Mon, 12 Apr 2021 12:19:26 GMT):

Unfortunately they have to stay as they are for backward compatibility with existing implementations. Sorry.

devexplore2020 (Mon, 12 Apr 2021 16:11:13 GMT):

Hi everyone. Would it be possible to make a generic-one time proof response in ACApy to be used by many verifiers, but that the issuer creates one tome generated proof response and to   auto-respond to every proof request (I am aware that auto-respond can be used as an option in ACApy start parameters) 

sklump (Mon, 12 Apr 2021 16:14:47 GMT):

Proofs are novel: the prover should generate a new one per request, with a unique nonce.

devexplore2020 (Mon, 12 Apr 2021 17:02:30 GMT):

Thanks @sklump I am aware of that every proof has to have a unique nonce, I was wondering if there was an API call or similar that could automate a process 

devexplore2020 (Mon, 12 Apr 2021 17:05:27 GMT):

The idea would be that the verifier asks for the proof presentation and the holder answers automatically creating the proof response, creating every time a new nonce 

sklump (Mon, 12 Apr 2021 17:09:52 GMT):

No - automatic response is all-or-nothing at present.

devexplore2020 (Mon, 12 Apr 2021 18:20:27 GMT):

So auto-respond is not possible with Acapy? 

devexplore2020 (Mon, 12 Apr 2021 18:22:17 GMT):

With out of band messages? And if the proof request always has the same attributes from every verifier using a generic-same web software 

sklump (Mon, 12 Apr 2021 18:24:21 GMT):

"--auto-respond-presentation-proposal"

sklump (Mon, 12 Apr 2021 18:24:21 GMT):

`"--auto-respond-presentation-proposal"`

sklump (Mon, 12 Apr 2021 18:25:26 GMT):

At present, proof presentation is in-band only: the holder should have an existing relationship with the verifier

devexplore2020 (Mon, 12 Apr 2021 18:35:11 GMT):

Thanks @sklump that would mean that with some kind of qrcode connection automation it would be feasible 

sklump (Mon, 12 Apr 2021 18:36:44 GMT):

the automation ought to be at the controller layer, I think

GuilhermeFunchal (Mon, 12 Apr 2021 18:47:38 GMT):

How can I use ACA-Py without Swagger?

devexplore2020 (Mon, 12 Apr 2021 19:00:27 GMT):

Yes. It has to happen there. Thanks. I hope the out of band goes further to make the relationship part more simpler 

ldej (Tue, 13 Apr 2021 06:47:26 GMT):

Yes I understand. Anyway, it might be a good idea to have some guidelines for the future when naming the fields, now it's a bit of a mess :)

JackyYuan (Tue, 13 Apr 2021 09:07:28 GMT):

Hi ACA-Py team, I created a Draft PR here (https://github.com/hyperledger/aries-cloudagent-python/pull/1085) implementing RFC 587 for interop with AFGo. Any feedback is appreciated! PS: I'm headed into exam season, so I apologize for any slow replies

sklump (Tue, 13 Apr 2021 12:38:31 GMT):

There is still some residual debate over whether it's appropriate to respond to proof requests from unknown parties. I think on balance it will probably get in.

sklump (Tue, 13 Apr 2021 12:38:31 GMT):

There is still some residual debate over whether it's appropriate to respond to proof requests from unknown parties. I think on balance it will probably get in.

In any case, for the current state, use  `GET /present-proof/records/{pres_ex_id}/credentials` to find credentials satisfying proof requests.

sklump (Tue, 13 Apr 2021 12:41:24 GMT):

Much came from third party contributions, and others were my fault. I had thought some old protocols would be gone by now but they do hang on.

sklump (Tue, 13 Apr 2021 12:41:24 GMT):

Much came from third party contributions, and others were my fault. I had thought some old protocols/versions would be gone by now but they do hang on.

swcurran (Tue, 13 Apr 2021 13:50:21 GMT):

Awesome stuff. Thanks.  We'll be looking at it. Note the DCO issue with the commits -- great if you could fix those.

GuilhermeFunchal (Tue, 13 Apr 2021 14:13:22 GMT):

Hello, How can I use ACA-Py without starting Swagger in a production environment?

andrew.whitehead (Tue, 13 Apr 2021 16:26:25 GMT):

It’s not possible to disable the swagger endpoint for the admin API currently, although it would probably be easy to add a flag. Why do you want to?

GuilhermeFunchal (Tue, 13 Apr 2021 17:27:06 GMT):

Hello, thanks for feedback. 
I'm trying to set up a Rest production environment with Aca-Py for issuing credentials. I think it is not interesting to be showing Swagger on the Internet to all users. Is there any way to block this?

andrew.whitehead (Tue, 13 Apr 2021 17:47:19 GMT):

We would normally block the admin API entirely so that only the controller can access it

dbluhm (Tue, 13 Apr 2021 18:25:05 GMT):

Who do I nudge for reviews on some of our open PRs? :slight_smile: 
https://github.com/hyperledger/aries-cloudagent-python/pull/1063
https://github.com/hyperledger/aries-cloudagent-python/pull/1077
https://github.com/hyperledger/aries-cloudagent-python/pull/1086

andrew.whitehead (Tue, 13 Apr 2021 18:26:30 GMT):

I'm just testing the did-resolver one now

andrew.whitehead (Tue, 13 Apr 2021 18:32:46 GMT):

I don't love that pydid is using the `voluptuous` library which seems to be largely abandoned but maybe it's the best option right now

dbluhm (Tue, 13 Apr 2021 18:44:07 GMT):

Very good point. Initially, my motivation was that the DID spec has some characteristics that were difficult to represent in other schema libraries and voluptuous made it very simple. We started running into some other complications with voluptuous though and came up with a better way to handle things using pydantic. Switching over to pydantic is on my todo list.

andrew.whitehead (Tue, 13 Apr 2021 18:45:34 GMT):

Okay, sounds good!

andrew.whitehead (Tue, 13 Apr 2021 18:46:59 GMT):

Maybe it should require pydid~=0.2 to pick up api-compatible updates

JackyYuan (Tue, 13 Apr 2021 22:07:08 GMT):

Fixed, thanks for letting me know

domwoe (Wed, 14 Apr 2021 06:36:04 GMT):

@dbluhm It would be great if you could support additional service endpoint types in the universal resolver. See https://hackmd.io/4oZOgwFOQDSFUuu3ruN-_g

domwoe (Wed, 14 Apr 2021 06:36:04 GMT):

@dbluhm It would be great if you could support additional service endpoint types in the resolver plugin. See https://hackmd.io/4oZOgwFOQDSFUuu3ruN-_g

sklump (Wed, 14 Apr 2021 10:25:43 GMT):

@etschelp anything left after https://github.com/hyperledger/aries-cloudagent-python/pull/1080?

sklump (Wed, 14 Apr 2021 10:25:43 GMT):

@etschelp https://github.com/hyperledger/aries-cloudagent-python/pull/1080 addresses all I found. Are there others?

JonathanLaut (Thu, 15 Apr 2021 14:17:16 GMT):

Has joined the channel.

JonathanLaut (Thu, 15 Apr 2021 14:17:17 GMT):

Hello everyone,

I currently have three different agents set up ( A, B and C).I am trying to use agent A to make agent B and agent C known to each other.  For this purpose there is a connection from agent A to agent B and another connection from agent A to agent C. To make them known to each other I want to use the POST /connections/{conn_id}/start-introduction functionality in the 0.6.0 aca-py version, where I use connection identifier and target connection identifier (the respective connection IDs of the already mentioned connections.) However, although I have 2 active connections with corresponding connection IDs, I get the following error:

500 Internal Server Error

Server got itself in trouble

Logs:

2021-04-15 11:00:43,130 aries_cloudagent.protocols.introduction.v0_1.routes INFO Introduction requested
2021-04-15 11:00:43,133 aries_cloudagent.core.dispatcher ERROR Handler error: introduction_start
Traceback (most recent call last):
  File "/home/indy/aries_cloudagent/protocols/introduction/v0_1/routes.py", line 75, in introduction_start
    init_connection_id, target_connection_id, message, outbound_handler
  File "/home/indy/aries_cloudagent/protocols/introduction/v0_1/demo_service.py", line 43, in start_introduction
    session = await self._context.session()
AttributeError: 'InjectionContext' object has no attribute 'session'
2021-04-15 11:00:43,154 aries_cloudagent.admin.server ERROR Handler error with exception: 'InjectionContext' object has no attribute 'session'

=================
Traceback (most recent call last):
  File "/home/indy/aries_cloudagent/admin/server.py", line 164, in ready_middleware
    return await handler(request)
  File "/home/indy/aries_cloudagent/admin/server.py", line 201, in debug_middleware
    return await handler(request)
  File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aiohttp_apispec/middlewares.py", line 45, in validation_middleware
    return await handler(request)
  File "/home/indy/aries_cloudagent/admin/server.py", line 362, in setup_context
    return await task
  File "/home/indy/aries_cloudagent/protocols/introduction/v0_1/routes.py", line 75, in introduction_start
    init_connection_id, target_connection_id, message, outbound_handler
  File "/home/indy/aries_cloudagent/protocols/introduction/v0_1/demo_service.py", line 43, in start_introduction
    session = await self._context.session()
AttributeError: 'InjectionContext' object has no attribute 'session'
2021-04-15 11:00:43,169 aiohttp.server ERROR Error handling request
Traceback (most recent call last):
  File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aiohttp/web_protocol.py", line 418, in start
    resp = await task
  File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aiohttp/web_app.py", line 458, in _handle
    resp = await handler(request)
  File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aiohttp/web_middlewares.py", line 119, in impl
    return await handler(request)
  File "/home/indy/aries_cloudagent/admin/server.py", line 164, in ready_middleware
    return await handler(request)
  File "/home/indy/aries_cloudagent/admin/server.py", line 201, in debug_middleware
    return await handler(request)
  File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aiohttp_apispec/middlewares.py", line 45, in validation_middleware
    return await handler(request)
  File "/home/indy/aries_cloudagent/admin/server.py", line 362, in setup_context
    return await task
  File "/home/indy/aries_cloudagent/protocols/introduction/v0_1/routes.py", line 75, in introduction_start
    init_connection_id, target_connection_id, message, outbound_handler
  File "/home/indy/aries_cloudagent/protocols/introduction/v0_1/demo_service.py", line 43, in start_introduction
    session = await self._context.session()
AttributeError: 'InjectionContext' object has no attribute 'session'

Does jmd maybe a suggestion how I could solve the problem? Thank you in advance!

JonathanLaut (Thu, 15 Apr 2021 14:17:17 GMT):

Hello everyone,

I currently have three different agents set up ( A, B and C).I am trying to use agent A to make agent B and agent C known to each other.  For this purpose there is a connection from agent A to agent B and another connection from agent A to agent C. To make them known to each other I want to use the POST /connections/{conn_id}/start-introduction functionality in the 0.6.0 aca-py version, where I use connection identifier and target connection identifier (the respective connection IDs of the already mentioned connections.) However, although I have 2 active connections with corresponding connection IDs and also basic messaging works, I get the following error:

500 Internal Server Error

Server got itself in trouble

Logs:

2021-04-15 11:00:43,130 aries_cloudagent.protocols.introduction.v0_1.routes INFO Introduction requested
2021-04-15 11:00:43,133 aries_cloudagent.core.dispatcher ERROR Handler error: introduction_start
Traceback (most recent call last):
  File "/home/indy/aries_cloudagent/protocols/introduction/v0_1/routes.py", line 75, in introduction_start
    init_connection_id, target_connection_id, message, outbound_handler
  File "/home/indy/aries_cloudagent/protocols/introduction/v0_1/demo_service.py", line 43, in start_introduction
    session = await self._context.session()
AttributeError: 'InjectionContext' object has no attribute 'session'
2021-04-15 11:00:43,154 aries_cloudagent.admin.server ERROR Handler error with exception: 'InjectionContext' object has no attribute 'session'

=================
Traceback (most recent call last):
  File "/home/indy/aries_cloudagent/admin/server.py", line 164, in ready_middleware
    return await handler(request)
  File "/home/indy/aries_cloudagent/admin/server.py", line 201, in debug_middleware
    return await handler(request)
  File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aiohttp_apispec/middlewares.py", line 45, in validation_middleware
    return await handler(request)
  File "/home/indy/aries_cloudagent/admin/server.py", line 362, in setup_context
    return await task
  File "/home/indy/aries_cloudagent/protocols/introduction/v0_1/routes.py", line 75, in introduction_start
    init_connection_id, target_connection_id, message, outbound_handler
  File "/home/indy/aries_cloudagent/protocols/introduction/v0_1/demo_service.py", line 43, in start_introduction
    session = await self._context.session()
AttributeError: 'InjectionContext' object has no attribute 'session'
2021-04-15 11:00:43,169 aiohttp.server ERROR Error handling request
Traceback (most recent call last):
  File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aiohttp/web_protocol.py", line 418, in start
    resp = await task
  File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aiohttp/web_app.py", line 458, in _handle
    resp = await handler(request)
  File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aiohttp/web_middlewares.py", line 119, in impl
    return await handler(request)
  File "/home/indy/aries_cloudagent/admin/server.py", line 164, in ready_middleware
    return await handler(request)
  File "/home/indy/aries_cloudagent/admin/server.py", line 201, in debug_middleware
    return await handler(request)
  File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aiohttp_apispec/middlewares.py", line 45, in validation_middleware
    return await handler(request)
  File "/home/indy/aries_cloudagent/admin/server.py", line 362, in setup_context
    return await task
  File "/home/indy/aries_cloudagent/protocols/introduction/v0_1/routes.py", line 75, in introduction_start
    init_connection_id, target_connection_id, message, outbound_handler
  File "/home/indy/aries_cloudagent/protocols/introduction/v0_1/demo_service.py", line 43, in start_introduction
    session = await self._context.session()
AttributeError: 'InjectionContext' object has no attribute 'session'

Does jmd maybe a suggestion how I could solve the problem? Thank you in advance!

JonathanLaut (Thu, 15 Apr 2021 14:17:17 GMT):

Hello everyone,

I currently have three different agents set up ( A, B and C).I am trying to use agent A to make agent B and agent C known to each other.  For this purpose there is a connection from agent A to agent B and another connection from agent A to agent C. To make them known to each other I want to use the POST /connections/{conn_id}/start-introduction functionality in the 0.6.0 aca-py version, where I use connection identifier and target connection identifier (the respective connection IDs of the already mentioned connections.) However, although I have 2 active connections with corresponding connection IDs and also basic messaging works, I get the following error:

500 Internal Server Error

Server got itself in trouble

Logs:

2021-04-15 11:00:43,130 aries_cloudagent.protocols.introduction.v0_1.routes INFO Introduction requested
2021-04-15 11:00:43,133 aries_cloudagent.core.dispatcher ERROR Handler error: introduction_start
Traceback (most recent call last):
  File "/home/indy/aries_cloudagent/protocols/introduction/v0_1/routes.py", line 75, in introduction_start
    init_connection_id, target_connection_id, message, outbound_handler
  File "/home/indy/aries_cloudagent/protocols/introduction/v0_1/demo_service.py", line 43, in start_introduction
    session = await self._context.session()
AttributeError: 'InjectionContext' object has no attribute 'session'
2021-04-15 11:00:43,154 aries_cloudagent.admin.server ERROR Handler error with exception: 'InjectionContext' object has no attribute 'session'

=================
Traceback (most recent call last):
  File "/home/indy/aries_cloudagent/admin/server.py", line 164, in ready_middleware
    return await handler(request)
  File "/home/indy/aries_cloudagent/admin/server.py", line 201, in debug_middleware
    return await handler(request)
  File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aiohttp_apispec/middlewares.py", line 45, in validation_middleware
    return await handler(request)
  File "/home/indy/aries_cloudagent/admin/server.py", line 362, in setup_context
    return await task
  File "/home/indy/aries_cloudagent/protocols/introduction/v0_1/routes.py", line 75, in introduction_start
    init_connection_id, target_connection_id, message, outbound_handler
  File "/home/indy/aries_cloudagent/protocols/introduction/v0_1/demo_service.py", line 43, in start_introduction
    session = await self._context.session()
AttributeError: 'InjectionContext' object has no attribute 'session'
2021-04-15 11:00:43,169 aiohttp.server ERROR Error handling request
Traceback (most recent call last):
  File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aiohttp/web_protocol.py", line 418, in start
    resp = await task
  File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aiohttp/web_app.py", line 458, in _handle
    resp = await handler(request)
  File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aiohttp/web_middlewares.py", line 119, in impl
    return await handler(request)
  File "/home/indy/aries_cloudagent/admin/server.py", line 164, in ready_middleware
    return await handler(request)
  File "/home/indy/aries_cloudagent/admin/server.py", line 201, in debug_middleware
    return await handler(request)
  File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/aiohttp_apispec/middlewares.py", line 45, in validation_middleware
    return await handler(request)
  File "/home/indy/aries_cloudagent/admin/server.py", line 362, in setup_context
    return await task
  File "/home/indy/aries_cloudagent/protocols/introduction/v0_1/routes.py", line 75, in introduction_start
    init_connection_id, target_connection_id, message, outbound_handler
  File "/home/indy/aries_cloudagent/protocols/introduction/v0_1/demo_service.py", line 43, in start_introduction
    session = await self._context.session()
AttributeError: 'InjectionContext' object has no attribute 'session'

Does someone maybe have a suggestion how I could solve the problem? Thank you in advance!

sklump (Thu, 15 Apr 2021 14:33:29 GMT):

I can take a look today

swcurran (Thu, 15 Apr 2021 15:54:27 GMT):

Cool stuff! Introduction has not had a lot of use yet, but is powerful and there will be a number of cool use cases added as a result of it.  Interested to know what you are doing with it, if you can share.

JonathanLaut (Fri, 16 Apr 2021 09:31:49 GMT):

@sklump That would be great! Thank you!

FilipeCapela98 (Fri, 16 Apr 2021 11:56:12 GMT):

Hello, is it possible to deploy an aca-py agent without setting a public DID?

sklump (Fri, 16 Apr 2021 12:51:40 GMT):

It turns out this is a more extensive troubleshooting and rebuilding exercise than I had thought. I should have it done by Monday at the latest though. Thanks for your patience.

sklump (Fri, 16 Apr 2021 12:51:40 GMT):

It turns out this is a more extensive troubleshooting and rebuilding exercise than I had thought. I should have it done by ~Monday~ next week at the latest though. Thanks for your patience.

sklump (Fri, 16 Apr 2021 13:04:55 GMT):

`--wallet-local-did`

GuilhermeFunchal (Fri, 16 Apr 2021 18:58:47 GMT):

Hello
When I use the option --multitenant, What is the DID of a subwallet to accept a connection invitation? How do I get a user's DID from a sub wallet?

matthewhall78 (Fri, 16 Apr 2021 19:05:05 GMT):

@swcurran isn't this agent to agent connection what is being built with the hyperledger-labs/business-partner-agent

swcurran (Fri, 16 Apr 2021 19:14:12 GMT):

I think this could be used in BPA for a delegate of an organization to "introduce" one of their contacts to the organization's BPA.  E.g. An account at a company goes to the bank, and introduces the bank's Agent to the Organization's Agent, so the bank can send some proof requests to the Organization.

swcurran (Fri, 16 Apr 2021 19:14:50 GMT):

There may be other ways, but I think that might be a good way to establish that connection.

sklump (Mon, 19 Apr 2021 13:34:55 GMT):

Between us on the thread, this appears to me to be a solution in search of a problem. Note its version code of 0.1, dating from early 2018 or so and derelict since then, not fixed. Why not? Nobody ever used it. I wonder what would happen if it discreetly went away.

GuilhermeFunchal (Mon, 19 Apr 2021 13:49:55 GMT):

When I use the option --multitenant ?

swcurran (Mon, 19 Apr 2021 14:45:35 GMT):

I'm OK with the 0.1 version going away until someone decides to add support.  The protocol is not in AIP 1.0 or 2.0.  I believe a different version of the protocol is part of AF-Go, and is in the latest version of the RFP.

etschelp (Mon, 19 Apr 2021 16:06:35 GMT):

I don't know if there is a fix, but for me the biggest pain point atm is missing type information within a model tree.

For example: 

DIDXRequest:did_doc~attach
or
V10CredentialExchangeListResult:credential

sklump (Mon, 19 Apr 2021 17:03:42 GMT):

How do you get here? Pick one. I don't see these.

sklump (Mon, 19 Apr 2021 17:04:39 GMT):

No idea. @ianco  ?

ianco (Mon, 19 Apr 2021 17:05:13 GMT):

New wallets are created with no public did, by defauly

ianco (Mon, 19 Apr 2021 17:05:13 GMT):

New wallets are created with no public did, by default (when you use multitenant)

matthewhall78 (Mon, 19 Apr 2021 17:27:26 GMT):

So the feature is introducing one of my connections to another one of my connections? How does doing this introduction with blockchain technology add value over the traditional means of doing introductions?   perhaps it is not a useful feature, but it is something going forward we can be aware of, and if it comes up again we can go back to it.

swcurran (Mon, 19 Apr 2021 17:30:34 GMT):

It's introducing agents to agents.  I have an agent and it's got a connection with a bank agent.  I want the bank agent to connect with my organizational agent so it can request proofs about the organization.  I get an invitation object from my organization, I pass it to the bank agent, and the bank agent uses it to connect with the organization agent.

swcurran (Mon, 19 Apr 2021 17:32:09 GMT):

It's convenient in Org-Org contexts, but less so, because both probably have a Public DID.  It's more useful in Person-Person contexts, where there are no Public DIDs.

GuilhermeFunchal (Mon, 19 Apr 2021 17:40:53 GMT):

How I change it ?

ianco (Mon, 19 Apr 2021 18:28:28 GMT):

You use the normal wallet api to create a new DID and then set it to the wallet's public DID (you also have to write the new DID to the ledger)

ianco (Mon, 19 Apr 2021 18:29:30 GMT):

it's part of the demo, as described here:  https://github.com/hyperledger/aries-cloudagent-python/tree/main/demo#multi-tenancy

ianco (Mon, 19 Apr 2021 18:31:31 GMT):

The demo code that creates a new sub-wallet with a [ublic DID is here:  https://github.com/hyperledger/aries-cloudagent-python/blob/main/demo/runners/support/agent.py#L437

GuilhermeFunchal (Mon, 19 Apr 2021 19:02:38 GMT):

Thanks Ian, I will try to use and test

srbms23 (Tue, 20 Apr 2021 08:01:08 GMT):

Has joined the channel.

srbms23 (Tue, 20 Apr 2021 08:01:08 GMT):

Hello,
I tried to start Agent on my Pi. I think Agent on Pi or even Docker Image for Arm would be great for testing stuff so I am working on that. 
However first, I want to find dependencies that work together on Pi.
What I installed so far:
*-libindy (cargo build --release)
-python3-indy 1.16.0
-aries-cloud-agent 0.6.0: cloned from git, all requirements installed* 

After that I registered public DID with seed: http://dev.greenlight.bcovrin.vonx.io
When I want to start an Agent I use following commands:

`pi@raspberrypi:~ $ PORTS="8020 11000" aca-py start --label Alice --inbound-transport http 0.0.0.0 8020 --outbound-transport http --admin 0.0.0.0 11000 --admin-insecure-mode --genesis-url http://dev.greenlight.bcovrin.vonx.io/genesis --seed Alice000000000000000000000000001 --endpoint http://192.168.2.9:8020 --debug-connection --auto-provision`

And Agent is Listening...
But when I want to send simple Schema to the ledger, I get `403 Error: No ledger available`.

The same problem, with same configuration occured after I had installed everything locally on my mac...

Did someone have the same problem or am I missing something? 
Wanted to hear few opinions about an error since I am struggling with it for 2-3 weeks now. :unamused:

sklump (Tue, 20 Apr 2021 14:39:14 GMT):

https://github.com/hyperledger/aries-cloudagent-python/pull/1101

sklump (Tue, 20 Apr 2021 14:44:39 GMT):

Oh, I see. Let me fix those two and we can go from there.

sklump (Tue, 20 Apr 2021 14:44:39 GMT):

Oh, I see. Let me fix those two and we can go from there. Just on cred ex records alone there is plenty to do here, so it won't be ready today by any means.

andrew.whitehead (Tue, 20 Apr 2021 14:54:45 GMT):

It looks like you need `--wallet-type indy`

esune (Tue, 20 Apr 2021 16:08:52 GMT):

I am wondering if this can be an issue related to the platform? I've been trying to track this down, and am getting the following results when I add `--wallet-type` `--wallet-name` `--wallet-key` to the command running natively on Ubuntu 20.04 (WSL2):

esune (Tue, 20 Apr 2021 16:08:52 GMT):

I am wondering if this can be an issue related to the host platform? I've been trying to track this down, and am getting the following results when I add `--wallet-type` `--wallet-name` `--wallet-key` to the command running natively on Ubuntu 20.04 (WSL2):

esune (Tue, 20 Apr 2021 16:08:57 GMT):

```
(env) esune@QL023542501657:~/git-repos/aries-cloudagent-python$ aca-py start --label Alice --inbound-transport http 0.0.0.0 8020 --outbound-transport http --admin 0.0.0.0 11000 --admin-insecure-mode --genesis-url http://dev.greenlight.bcovrin.vonx.io/genesis --seed Alice000000000000000000000000111 --endpoint http://192.168.2.9:8020 --debug-connections --auto-provision --wallet-type indy --wallet-name esune --wallet-key mykey
2021-04-20 09:05:18,256 indy.libindy ERROR _load_cdll: Can't load libindy: libindy.so: cannot open shared object file: No such file or directory
2021-04-20 09:05:18,256 aries_cloudagent.commands.start ERROR Exception during startup:
Traceback (most recent call last):
  File "/home/esune/git-repos/aries-cloudagent-python/aries_cloudagent/commands/start.py", line 72, in init
    await startup
  File "/home/esune/git-repos/aries-cloudagent-python/aries_cloudagent/commands/start.py", line 28, in start_app
    await conductor.setup()
  File "/home/esune/git-repos/aries-cloudagent-python/aries_cloudagent/core/conductor.py", line 94, in setup
    self.root_profile, self.setup_public_did = await wallet_config(context)
  File "/home/esune/git-repos/aries-cloudagent-python/aries_cloudagent/config/wallet.py", line 40, in wallet_config
    profile = await mgr.open(context, profile_cfg)
  File "/home/esune/git-repos/aries-cloudagent-python/aries_cloudagent/indy/sdk/profile.py", line 169, in open
    opened = await indy_config.open_wallet()
  File "/home/esune/git-repos/aries-cloudagent-python/aries_cloudagent/indy/sdk/wallet_setup.py", line 167, in open_wallet
    handle = await indy.wallet.open_wallet(
  File "/home/esune/git-repos/aries-cloudagent-python/env/lib/python3.8/site-packages/indy/wallet.py", line 124, in open_wallet
    res = await do_call('indy_open_wallet',
  File "/home/esune/git-repos/aries-cloudagent-python/env/lib/python3.8/site-packages/indy/libindy.py", line 30, in do_call
    err = getattr(_cdll(), name)(command_handle,
  File "/home/esune/git-repos/aries-cloudagent-python/env/lib/python3.8/site-packages/indy/libindy.py", line 133, in _cdll
    _cdll.cdll = _load_cdll()
  File "/home/esune/git-repos/aries-cloudagent-python/env/lib/python3.8/site-packages/indy/libindy.py", line 165, in _load_cdll
    raise e
  File "/home/esune/git-repos/aries-cloudagent-python/env/lib/python3.8/site-packages/indy/libindy.py", line 160, in _load_cdll
    res = CDLL(libindy_name)
  File "/usr/lib/python3.8/ctypes/__init__.py", line 373, in __init__
    self._handle = _dlopen(self._name, mode)
OSError: libindy.so: cannot open shared object file: No such file or directory

Shutting down
2021-04-20 09:05:18,274 asyncio ERROR Task exception was never retrieved
future: .done() done, defined at /home/esune/git-repos/aries-cloudagent-python/aries_cloudagent/commands/start.py:77> exception=AttributeError("'NoneType' object has no attribute 'context'")>
Traceback (most recent call last):
  File "/home/esune/git-repos/aries-cloudagent-python/aries_cloudagent/commands/start.py", line 79, in done
    await shutdown
  File "/home/esune/git-repos/aries-cloudagent-python/aries_cloudagent/commands/start.py", line 35, in shutdown_app
    await conductor.stop()
  File "/home/esune/git-repos/aries-cloudagent-python/aries_cloudagent/core/conductor.py", line 358, in stop
    multitenant_mgr = self.context.inject(MultitenantManager, required=False)
  File "/home/esune/git-repos/aries-cloudagent-python/aries_cloudagent/core/conductor.py", line 83, in context
    return self.root_profile.context
AttributeError: 'NoneType' object has no attribute 'context'
```

andrew.whitehead (Tue, 20 Apr 2021 16:11:07 GMT):

Well the issue there seems to be missing the Indy SDK library?

esune (Tue, 20 Apr 2021 16:12:26 GMT):

`python3-indy 1.16.0` is installed

esune (Tue, 20 Apr 2021 16:13:33 GMT):

this is after running `pip install -r requrements.txt`, `pip install -r requirements.dev.txt`, `pip install -r requirements.indy.txt` so I would expect all dependencies to be satisfied

esune (Tue, 20 Apr 2021 16:15:19 GMT):

I might be missing the "real" SDK though

esune (Tue, 20 Apr 2021 16:18:22 GMT):

Yup, that was it - I'm too used to use the Docker packaged image.

esune (Tue, 20 Apr 2021 16:18:51 GMT):

So indy-adk installed + installing all of the requirements from the `requiement*.txt` files works fine.

sklump (Tue, 20 Apr 2021 17:30:57 GMT):

... hmmm, tricky and vile. It will take a while.

sklump (Tue, 20 Apr 2021 17:30:57 GMT):

... hmmm, tricky and vile. It will take a while, if it works at all.

sklump (Tue, 20 Apr 2021 17:31:41 GMT):

I'll scope out a proof of concept that will tell me if there is a way forward.

GuilhermeFunchal (Tue, 20 Apr 2021 18:25:03 GMT):

Hello

GuilhermeFunchal (Tue, 20 Apr 2021 18:26:54 GMT):

Hello

Whem I'm try to set the DID to public Im receive error :

Traceback (most recent call last):
  File "/usr/local/lib/python3.6/dist-packages/aries_cloudagent/admin/server.py", line 164, in ready_middleware
    return await handler(request)
  File "/usr/local/lib/python3.6/dist-packages/aries_cloudagent/admin/server.py", line 201, in debug_middleware
    return await handler(request)
  File "/usr/local/lib/python3.6/dist-packages/aiohttp_apispec/middlewares.py", line 45, in validation_middleware
    return await handler(request)
  File "/usr/local/lib/python3.6/dist-packages/aries_cloudagent/admin/server.py", line 285, in check_token
    return await handler(request)
  File "/usr/local/lib/python3.6/dist-packages/aries_cloudagent/admin/server.py", line 317, in check_multitenant_authorization
    return await handler(request)
  File "/usr/local/lib/python3.6/dist-packages/aries_cloudagent/admin/server.py", line 362, in setup_context
    return await task
  File "/usr/local/lib/python3.6/dist-packages/aries_cloudagent/wallet/routes.py", line 311, in wallet_set_public_did
    raise web.HTTPNotFound(reason=f"DID {did} is not posted to the ledger")
aiohttp.web_exceptions.HTTPNotFound: DID TRM73xVHaf8X7Zwx69vCgB is not posted to the ledger

GuilhermeFunchal (Tue, 20 Apr 2021 18:28:37 GMT):

I tried 

curl -X POST "http://161.148.151.17:8021/wallet/did/create" -H "accept: application/json" -H "X-API-KEY: vfs#1234567890" -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ3YWxsZXRfaWQiOiI5YmFiNmZiNy0zYjhiLTQxODMtYmY0Yy04OWM1ZmM3ZWE2NzEifQ.qGoAGbLUZ0gHaBpiYuLplficjhjQEe7U2E-UAntkV7I"

GuilhermeFunchal (Tue, 20 Apr 2021 18:28:37 GMT):

I tried 

curl -X POST "http://161.148.151.17:8021/wallet/did/create" -H "accept: application/json" -H "X-API-KEY: vfs#1234567890" -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ3YWxsZXRfaWQiOiI5YmFiNmZiNy0zYjhiLTQxODMtYmY0Yy04OWM1ZmM3ZWE2NzEifQ.qGoAGbLUZ0gHaBpiYuLplficjhjQEe7U2E-UAntkV7I"

curl -X POST "http://161.148.151.17:8021/wallet/did/public?did=TRM73xVHaf8X7Zwx69vCgB" -H "accept: application/json" -H "X-API-KEY: vfs#1234567890" -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ3YWxsZXRfaWQiOiI5YmFiNmZiNy0zYjhiLTQxODMtYmY0Yy04OWM1ZmM3ZWE2NzEifQ.qGoAGbLUZ0gHaBpiYuLplficjhjQEe7U2E-UAntkV7I"

GuilhermeFunchal (Wed, 21 Apr 2021 23:21:03 GMT):

Hello, I am trying to create a DID for a sub wallet using multitenant option.

curl -X POST "http://161.148.151.17:8021/wallet/did/create" -H "accept: application/json" -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ3YWxsZXRfaWQiOiI5YmFiNmZiNy0zYjhiLTQxODMtYmY0Yy04OWM1ZmM3ZWE2NzEifQ.qGoAGbLUZ0gHaBpiYuLplficjhjQEe7U2E-UAntkV7I"

curl -X POST "http://161.148.151.17:8021/wallet/did/public?did=TRM73xVHaf8X7Zwx69vCgB" -H "accept: application/json" -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ3YWxsZXRfaWQiOiI5YmFiNmZiNy0zYjhiLTQxODMtYmY0Yy04OWM1ZmM3ZWE2NzEifQ.qGoAGbLUZ0gHaBpiYuLplficjhjQEe7U2E-UAntkV7I"

Whem I'm try to set the DID to public Im receive error :

DID TRM73xVHaf8X7Zwx69vCgB is not posted to the ledger

GuilhermeFunchal (Wed, 21 Apr 2021 23:21:03 GMT):

Hello, I am trying to create a DID for a sub wallet using multitenant option.

curl -X POST "http://161.148.151.17:8021/wallet/did/create" -H "accept: application/json" -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ3YWxsZXRfaWQiOiI5YmFiNmZiNy0zYjhiLTQxODMtYmY0Yy04OWM1ZmM3ZWE2NzEifQ.qGoAGbLUZ0gHaBpiYuLplficjhjQEe7U2E-UAntkV7I"

curl -X POST "http://161.148.151.17:8021/wallet/did/public?did=TRM73xVHaf8X7Zwx69vCgB" -H "accept: application/json" -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ3YWxsZXRfaWQiOiI5YmFiNmZiNy0zYjhiLTQxODMtYmY0Yy04OWM1ZmM3ZWE2NzEifQ.qGoAGbLUZ0gHaBpiYuLplficjhjQEe7U2E-UAntkV7I"

Whem I'm try to set the DID to public Im receive error :

DID TRM73xVHaf8X7Zwx69vCgB is not posted to the ledger

==========================================================================================
Traceback (most recent call last):
  File "/usr/local/lib/python3.6/dist-packages/aries_cloudagent/admin/server.py", line 164, in ready_middleware
    return await handler(request)
  File "/usr/local/lib/python3.6/dist-packages/aries_cloudagent/admin/server.py", line 201, in debug_middleware
    return await handler(request)
  File "/usr/local/lib/python3.6/dist-packages/aiohttp_apispec/middlewares.py", line 45, in validation_middleware
    return await handler(request)
  File "/usr/local/lib/python3.6/dist-packages/aries_cloudagent/admin/server.py", line 317, in check_multitenant_authorization
    return await handler(request)
  File "/usr/local/lib/python3.6/dist-packages/aries_cloudagent/admin/server.py", line 362, in setup_context
    return await task
  File "/usr/local/lib/python3.6/dist-packages/aries_cloudagent/wallet/routes.py", line 311, in wallet_set_public_did
    raise web.HTTPNotFound(reason=f"DID {did} is not posted to the ledger")
=======================================================================================================

JackyYuan (Thu, 22 Apr 2021 12:13:55 GMT):

Hi, I'm working on ACAPy interop with AFGO and have a Draft PR open for RFC 587, ECDH-1PU encryption. I'd like to set up a quick call with someone from the ACApy team to figure out what changes I should make in preparation for merging my PR, and how to best integrate my API's with the ACApy agent. I'm free Monday the 26 after 1pm PT, and later in the week as well. Thanks!

swcurran (Thu, 22 Apr 2021 14:01:12 GMT):

@ianco @andrew.whitehead ^^^^^

ianco (Thu, 22 Apr 2021 14:14:32 GMT):

You need to write the new DID to the ledger before setting it as the wallet's public DID

GuilhermeFunchal (Thu, 22 Apr 2021 16:08:03 GMT):

Hello Ian, How do I do this via ACA-PY?

GuilhermeFunchal (Thu, 22 Apr 2021 16:08:03 GMT):

Hello Ian, How do I  this via ACA-PY?

ianco (Thu, 22 Apr 2021 16:25:12 GMT):

I'm not sure aca-py supports this.  If you're running a local von network you can add a DID through the web browser.  If you're running on one of the Sovrin networks you need to go through one of the stewards

GuilhermeFunchal (Thu, 22 Apr 2021 17:01:00 GMT):

OK, thanks.

ianco (Thu, 22 Apr 2021 17:03:31 GMT):

This is how it's done in the demo:  https://github.com/hyperledger/aries-cloudagent-python/blob/main/demo/runners/support/agent.py#L440

iammatrix (Thu, 22 Apr 2021 17:09:20 GMT):

I have got a question, about vc-authn-oidc, so after the email cred is verified, it redirects/shows us what is inside Authorize.cshtml, is there any way where I can change the redirection to any other page. This is really important for my projects, any sort of help will be appreciated.

swcurran (Thu, 22 Apr 2021 17:27:47 GMT):

@esune ^^^^

esune (Thu, 22 Apr 2021 17:41:43 GMT):

I don't think I follow what you mean with `redirects/shows us what is inside Authorize.cshtml`.

`vc-authn-oidc` supports/follows a standard OpenID Connect flow, so the request you initially submit for authentication should have a redirect URI that will be honored when redirecting you upon a successful authentication.

esune (Thu, 22 Apr 2021 17:43:14 GMT):

Can you provide examples of what your flow/looks like and what is that you are seeing that is unexpected?

esune (Thu, 22 Apr 2021 18:10:34 GMT):

The configuration of the verifier used for the email-verification demo is here, it's using a Django plugin, but it will be very similar to other OIDC plugins: https://github.com/bcgov/vc-visual-verifier/blob/master/src/vc_visual_verifier/settings.py#L149

esune (Thu, 22 Apr 2021 18:11:14 GMT):

Hope you his helps

esune (Thu, 22 Apr 2021 18:11:14 GMT):

Hope this helps

GuilhermeFunchal (Thu, 22 Apr 2021 18:46:19 GMT):

Hello, how can I get "mediation_id" to create a new connection invitation when I use the multitenant option?

andrew.whitehead (Thu, 22 Apr 2021 19:13:53 GMT):

Sure, we could talk on monday

esune (Thu, 22 Apr 2021 20:02:46 GMT):

I *think* if you omit it and just create the connection invitation in your tenant it will be populated automatically with the default one (the host wallet).

JackyYuan (Thu, 22 Apr 2021 23:42:02 GMT):

Thank you!

konsmosc (Fri, 23 Apr 2021 06:55:00 GMT):

Has joined the channel.

FilipeCapela98 (Fri, 23 Apr 2021 08:53:23 GMT):

Hello is there a way to delegate credentials in aca-py?

GuilhermeFunchal (Fri, 23 Apr 2021 11:58:02 GMT):

curl -X POST "http://161.148.151.17:8021/connections/create-invitation" -H "accept: application/json" -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ3YWxsZXRfaWQiOiI0ZWU2YTE0Yy05NzMwLTQ2ZGYtOWZiNC0yZTY3NDc5MmM5ZDUifQ.-9RdM8LSTxIQyL7rw6jHqp9ECZMkd8GlY0-GxZ0uLHY"
500 Internal Server Error

GuilhermeFunchal (Fri, 23 Apr 2021 11:58:02 GMT):

curl -X POST "http://161.148.151.17:8021/connections/create-invitation" -H "accept: application/json" -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ3YWxsZXRfaWQiOiI0ZWU2YTE0Yy05NzMwLTQ2ZGYtOWZiNC0yZTY3NDc5MmM5ZDUifQ.-9RdM8LSTxIQyL7rw6jHqp9ECZMkd8GlY0-GxZ0uLHY" -H "Content-Type: application/json" -d "{ \"metadata\": {}, \"service_endpoint\": \"http://192.168.2.33:8020\"}"

GuilhermeFunchal (Fri, 23 Apr 2021 11:58:02 GMT):

curl -X POST "http://161.148.151.17:8021/connections/create-invitation" -H "accept: application/json" -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ3YWxsZXRfaWQiOiI0ZWU2YTE0Yy05NzMwLTQ2ZGYtOWZiNC0yZTY3NDc5MmM5ZDUifQ.-9RdM8LSTxIQyL7rw6jHqp9ECZMkd8GlY0-GxZ0uLHY" -H "Content-Type: application/json" -d "{ \"metadata\": {}, \"service_endpoint\": \"http://192.168.2.33:8020\"}"

Works!

GuilhermeFunchal (Fri, 23 Apr 2021 18:32:11 GMT):

Where could I get a timestamp from a NYM record on the ledger via ACA-Py?

swcurran (Fri, 23 Apr 2021 20:37:59 GMT):

@shaanjot.gill and @TimoGlastra -- on Monday there is a meeting for about combining the work we are doing in Aries with work going on in the US DHS SVIP teams.  They would like to see a full example (all of the JSON) of an Aries Present Proof exchange showing the full messages ("request-presentation" and "presentation") using Presentation Exchange (Definition and Submission) using a BBS+ credential (just one).  Would you be able to get a sample of those messages from a live run of ACA-Py?

Bonus points if I can get an example that has the same, but with 2 credentials.

Is that possible given where you are?  If not, how close could you come?  I'd prefer to have an as close to live example as possible.

swcurran (Fri, 23 Apr 2021 20:37:59 GMT):

@shaanjot.gill and @TimoGlastra -- on Monday there is a meeting for about combining the work we are doing in Aries with work going on in the US DHS SVIP group.  They would like to see a full example (all of the JSON) of an Aries Present Proof exchange showing the full messages ("request-presentation" and "presentation") using Presentation Exchange (Definition and Submission) using a BBS+ credential (just one).  Would you be able to get a sample of those messages from a live run of ACA-Py?

Bonus points if I can get an example that has the same, but with 2 credentials.

Is that possible given where you are?  If not, how close could you come?  I'd prefer to have an as close to live example as possible.

swcurran (Fri, 23 Apr 2021 20:37:59 GMT):

@shaanjot.gill and @TimoGlastra -- on Monday there is a meeting for about combining the work we are doing in Aries with work going on in the US DHS SVIP group.  They would like to see a full example (all of the JSON) of an Aries Present Proof exchange showing the full messages ("request-presentation" and "presentation") using Presentation Exchange (Definition and Submission) to convey a presentation containing a BBS+ credential (just one).  Would you be able to get a sample of those messages from a live run of ACA-Py?

Bonus points if I can get an example that has the same, but with 2 credentials.

Is that possible given where you are?  If not, how close could you come?  I'd prefer to have an as close to live example as possible.

shaanjot.gill (Fri, 23 Apr 2021 20:38:00 GMT):

Has joined the channel.

TimoGlastra (Fri, 23 Apr 2021 20:51:16 GMT):

I think Shaanjot is wrapping up with the PE stuff so should be possible

TimoGlastra (Fri, 23 Apr 2021 20:52:15 GMT):

@shaanjot.gill maybe we can get together on Monday (or this weekend?) to get the example documents worked out?

shaanjot.gill (Fri, 23 Apr 2021 20:53:19 GMT):

Sounds good, let me know when we can meet.

TimoGlastra (Fri, 23 Apr 2021 20:55:17 GMT):

@swcurran this is for the Claims and Credentials WG right?

shaanjot.gill (Fri, 23 Apr 2021 21:40:30 GMT):

@swcurran The requirement you have listed is already covered in the tests with 6 bbs+ credentials but the JSON outputs are W3C format [which are essentially added as `AttachDecorator` in `Aries present-proof-v2`. I can leverage upon this to show full messages on Monday as a sure thing.
Meanwhile regarding doing this with live run of ACA-Py, this will be achievable once the PR with present-proof-v2 changes is complete. I will keep working on it and hopefully get it ready for Monday. Timo is also going to take a look at this PR.

shaanjot.gill (Fri, 23 Apr 2021 21:40:55 GMT):

@swcurran  The requirement you have listed is already covered in the tests with 6 bbs+ credentials but the JSON outputs are W3C format [which are essentially added as AttachDecorator in Aries present-proof-v2. I can leverage upon this to show full messages on Monday as a sure thing.
Meanwhile regarding doing this with live run of ACA-Py, this will be achievable once the PR with present-proof-v2 changes is complete. I will keep working on it and hopefully get it ready for Monday. Timo is also going to take a look at this PR.

swcurran (Fri, 23 Apr 2021 22:00:41 GMT):

Right now, I just need the data structures/samples.  The sooner you can send me those the better.

@TimoGlastra -- yes, this is the DIF Claim and Credentials WG.

shaanjot.gill (Fri, 23 Apr 2021 22:47:41 GMT):

Creds

shaanjot.gill (Fri, 23 Apr 2021 22:48:51 GMT):

Creds

shaanjot.gill (Fri, 23 Apr 2021 22:48:58 GMT):



creds.txt

shaanjot.gill (Fri, 23 Apr 2021 22:49:29 GMT):



creds.txt

shaanjot.gill (Fri, 23 Apr 2021 22:50:13 GMT):



pd_1.txt

shaanjot.gill (Fri, 23 Apr 2021 22:50:47 GMT):



vp_1.txt

shaanjot.gill (Fri, 23 Apr 2021 23:05:04 GMT):

Apologies for the `txt` file upload, rocket chat doesn't allow `JSON` upload.

shaanjot.gill (Fri, 23 Apr 2021 23:09:21 GMT):

Limit Disclosure sample below

shaanjot.gill (Fri, 23 Apr 2021 23:10:22 GMT):



pd_2.txt

swcurran (Fri, 23 Apr 2021 23:10:49 GMT):

That's almost what I want.  Do you have available the Aries Presentation V2 protocol messages for which these are attachments?

shaanjot.gill (Fri, 23 Apr 2021 23:10:58 GMT):



pd_2.txt

swcurran (Fri, 23 Apr 2021 23:11:13 GMT):

I should say "That's almost all I want...."

shaanjot.gill (Fri, 23 Apr 2021 23:19:19 GMT):

Something like this

shaanjot.gill (Fri, 23 Apr 2021 23:19:19 GMT):

Something like this?

shaanjot.gill (Fri, 23 Apr 2021 23:19:25 GMT):



pd_2.txt

shaanjot.gill (Fri, 23 Apr 2021 23:19:32 GMT):



vp_2.txt

swcurran (Sat, 24 Apr 2021 00:34:53 GMT):

Nice!!  Pretty sure.  I will put those in a document tomorrow and go through it all.  Thanks!

ye_zi (Sun, 25 Apr 2021 06:06:49 GMT):

Has joined the channel.

ye_zi (Sun, 25 Apr 2021 06:06:50 GMT):

Hello，Does ACA_Py support multiple routing? If I want to use two mediators, what should I do to make my invitation message include multi-route information?  invitation={
     "@type": "did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/connections/1.0/invitation",
     "@id": "id",
     "recipientKeys": [
       "invitation key"
     ],
     "recipientKeys": [
       "key1",
       "key2"
     ],
     "serviceEndpoint": "http://ip:port",
     "label": "label"
   }

JackyYuan (Mon, 26 Apr 2021 18:45:36 GMT):

@andrew.whitehead Just letting you know I sent a PM on rocketchat so we can coordinate what time works best today

jcourt (Tue, 27 Apr 2021 00:13:19 GMT):

This morning when I tried to fire up the VON network docker containers locally it is failing on what looks like some python related issue.  Has anyone else experienced this recently ? I am pulling up from Head in the VON repo and am thinking something in the python version has changed recently.  This is what the ./manage logs is showing : 
```
##########################################################################################
#
#  Cloning https://github.com/bcgov/von-network.git
#
##########################################################################################

Cloning into '/Users/jcourt/git/sudo-decentralized-identity-cloud-agent-sdk/src/clientTools/../devel/von-network'...
remote: Enumerating objects: 1729, done.
remote: Counting objects: 100% (123/123), done.
remote: Compressing objects: 100% (83/83), done.
remote: Total 1729 (delta 54), reused 90 (delta 39), pack-reused 1606
Receiving objects: 100% (1729/1729), 521.32 KiB | 1.00 MiB/s, done.
Resolving deltas: 100% (992/992), done.


##########################################################################################
#
#  Pulling up 'master' branch at HEAD
#
##########################################################################################

Sending build context to Docker daemon  316.4kB
Step 1/10 : FROM bcgovimages/von-image:node-1.12-3
 ---> 860f94308216
Step 2/10 : ENV LOG_LEVEL ${LOG_LEVEL:-info}
 ---> Using cache
 ---> 239d7488e526
Step 3/10 : ENV RUST_LOG ${RUST_LOG:-warning}
 ---> Using cache
 ---> 4528c71f33f8
Step 4/10 : ADD config ./config
 ---> Using cache
 ---> d1d637d6f1f0
Step 5/10 : ADD server/requirements.txt server/
 ---> Using cache
 ---> a16e28f7da84
Step 6/10 : RUN pip install --upgrade pip
 ---> Using cache
 ---> 59e34d2b0854
Step 7/10 : RUN pip install --no-cache-dir -r server/requirements.txt
 ---> Using cache
 ---> 155d1eef607a
Step 8/10 : ADD --chown=indy:indy indy_config.py /etc/indy/
 ---> Using cache
 ---> cef8b39013cc
Step 9/10 : ADD --chown=indy:indy . $HOME
 ---> a8c51db58e7e
Step 10/10 : RUN mkdir -p     $HOME/cli-scripts     && chmod -R ug+rw $HOME/cli-scripts
 ---> Running in 556372fc9340
Removing intermediate container 556372fc9340
 ---> 7fbff219f42a
Successfully built 7fbff219f42a
Successfully tagged von-network-base:latest
Recreating von_node2_1     ... done
Recreating von_node1_1     ... done
Recreating von_node4_1     ... done
Recreating von_node3_1     ... done
Recreating von_webserver_1 ... done
Want to see the scrolling container logs? Run "./manage logs"
^C
jcourt@Anonyomes-MacBook-Pro clientTools % cd ../devel/von-network 
jcourt@Anonyomes-MacBook-Pro von-network % ./manage logs                                                     
Attaching to von_webserver_1, von_node4_1, von_node1_1, von_node2_1, von_node3_1
node2_1      | Ledger does not exist - Creating...
node2_1      | von_generate_transactions -n 2
node2_1      | 
node2_1      | 
node2_1      | ================================================================================================
node2_1      | Generating genesis transaction file:
node2_1      | nodeArg: --nodeNum 2
node2_1      | ipAddresses: 192.168.65.3,192.168.65.3,192.168.65.3,192.168.65.3
node2_1      | genesisFilePath: /home/indy/ledger/sandbox/pool_transactions_genesis
node2_1      | ------------------------------------------------------------------------------------------------
node2_1      | generate_indy_pool_transactions --nodes 4 --clients 0 --nodeNum 2 --ips 192.168.65.3,192.168.65.3,192.168.65.3,192.168.65.3 
node2_1      | 
node2_1      | Traceback (most recent call last):
node2_1      |   File "/home/indy/.pyenv/versions/3.6.9/bin/generate_indy_pool_transactions", line 3, in 
node2_1      |     from plenum.common.test_network_setup import TestNetworkSetup
node2_1      |   File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/plenum/__init__.py", line 87, in 
node2_1      |     setup_plugins()
node2_1      |   File "/home/indy/.pyenv/versions/3.6.9/lib/python3.6/site-packages/plenum/__init__.py", line 60, in setup_plugins
node2_1      |     installed_packages = {p.project_name: p for p in pip.get_installed_distributions()}
node2_1      | AttributeError: module 'pip' has no attribute 'get_installed_distributions'
node2_1      | 
```

andrew.whitehead (Tue, 27 Apr 2021 00:16:54 GMT):

The last PR which upgraded pip broke that, try this branch or go back a commit: https://github.com/bcgov/von-network/pull/144

jcourt (Tue, 27 Apr 2021 00:20:51 GMT):

Right looks like upgrading pip to the latest version has exposed possibly a now unsupported way of getting the installer_distributions

jcourt (Tue, 27 Apr 2021 00:20:51 GMT):

Right looks like upgrading pip to the latest version has exposed possibly a now unsupported way of getting the installed_distributions

jcourt (Tue, 27 Apr 2021 00:21:48 GMT):

Thanks Andrew

jcourt (Tue, 27 Apr 2021 01:45:53 GMT):

Any chance someone could approve the pull to fix this ?

andrew.whitehead (Tue, 27 Apr 2021 01:56:12 GMT):

I merged it

jcourt (Tue, 27 Apr 2021 02:01:47 GMT):

Thanks, I will change my process to better handle freezing on a version of VON if this happens in future

usingetechnology (Tue, 27 Apr 2021 17:27:41 GMT):

Using `bcgovimages/aries-cloudagent:py36-1.16-0_0.6.0`, when my agent issues a credential using `POST /issue-credential/send` with no errors, should my call to `GET /issue-credential/records` return records? I am not getting any results.

usingetechnology (Tue, 27 Apr 2021 17:29:47 GMT):

Also, when I call `GET /issue-credential/records/587100cc-bd7d-49ff-8f40-8a1abad96d3b` with a known credential exchange id, I get `404: credential_exchange_v10 record not found: 587100cc-bd7d-49ff-8f40-8a1abad96d3b. WalletItemNotFound.` - perhaps that is the real issue?

usingetechnology (Tue, 27 Apr 2021 17:31:27 GMT):

auto store credentials flag is true

usingetechnology (Tue, 27 Apr 2021 19:36:11 GMT):

thanks to @swcurran  for the tip, the records are not stored after the exchange is complete, so the answer is no, i should not find an exchange record once the exchange has terminated.

swcurran (Tue, 27 Apr 2021 19:59:36 GMT):

A tweak to that answer -- whether the record is kept around after a VC issue is a config parameters with options, delete, keep as is, keep a minimal amount of data.  The latter is useful for a revocation use case, allowing just the issue event ID to be saved for later revocation.  In general, my $0.02CDN on this is that issuing is a business event, so the long term storage of that event should be kept with the business data (by the controller) not in the agent storage.

sklump (Tue, 27 Apr 2021 20:33:01 GMT):

I've spent quite a bit of time building a this out, but in the end I believe it makes the code base worse overall: another layer of object modelling, and way too much time spent serializing and deserializing. I'm going to park it. Sorry.

sklump (Tue, 27 Apr 2021 20:33:01 GMT):

I've spent quite a bit of time building a this out, but in the end I believe it makes the code base worse overall: another layer of object modelling, and way too much time spent serializing and deserializing. I'm going to park it. Sorry.

I'll keep it on the back burner and when I have cycles I will try to find some more lightweight manner that can bridge the gap to allow for a solution satisfying all desires.

FilipeCapela98 (Wed, 28 Apr 2021 09:54:26 GMT):

Hello all, in Aca-Py, the --mediation-invitation flag requires "a multi-use invitation url from the mediator". What is the format of this invitation and/or which endpoint on my Mediator agent do I need to hit to generate such invitation?

Thank you!

etschelp (Wed, 28 Apr 2021 10:33:56 GMT):

ok. thanks a lot for having a look at this and keeping me posted. i will simply start with the parts that work for me and keep the rest for later.

etschelp (Wed, 28 Apr 2021 10:45:27 GMT):

yes if you do revocation you have to keep track of the exchange records. concerning your previous message i want to add that aca-py also has a websocket endpoint which you can use to directly integrate a frontend. for example if your admin interface runs on localhost:8031 you can connect with: ws://localhost:8031/ws

TimoGlastra (Wed, 28 Apr 2021 10:55:35 GMT):



Screenshot 2021-04-28 at 12.54.06.png

TimoGlastra (Wed, 28 Apr 2021 10:55:51 GMT):

Hi @FilipeCapela98 You should create a invitation with multi use enabled

TimoGlastra (Wed, 28 Apr 2021 10:56:13 GMT):

Depending on how your requirement you can enable auto-accept

TimoGlastra (Wed, 28 Apr 2021 10:56:53 GMT):



Screenshot 2021-04-28 at 12.56.31.png

TimoGlastra (Wed, 28 Apr 2021 10:57:08 GMT):

You then need to use the invitation url from the response

FilipeCapela98 (Wed, 28 Apr 2021 11:03:27 GMT):

Thank you so much @TimoGlastra 
I hadn't realized that.
I am getting an error on the mediator agent after starting the mediated agent with the invitation url in the startup: 

mediator-agent    | 2021-04-28 10:00:30,343 aries_cloudagent.admin.server ERROR Handler error with exception: Configuration does not include public invitations

FilipeCapela98 (Wed, 28 Apr 2021 11:04:09 GMT):

And on the mediated agent I get:

ev-agent            | 
ev-agent            | 2021-04-28 11:01:54,610 aries_cloudagent.core.conductor ERROR Error accepting mediation invitation
ev-agent            | Traceback (most recent call last):
ev-agent            |   File "/home/indy/.pyenv/versions/3.6.13/lib/python3.6/site-packages/aries_cloudagent/core/conductor.py", line 327, in start
ev-agent            |     auto_accept=True,
ev-agent            |   File "/home/indy/.pyenv/versions/3.6.13/lib/python3.6/site-packages/aries_cloudagent/protocols/out_of_band/v1_0/manager.py", line 363, in receive_invitation
ev-agent            |     if len(invi_msg.service_blocks) + len(invi_msg.service_dids) != 1:
ev-agent            | AttributeError: 'NoneType' object has no attribute 'service_blocks'

TimoGlastra (Wed, 28 Apr 2021 11:07:16 GMT):

Ah it's using did exchange / OOB by default. Could you try with the out of band endpoints?

TimoGlastra (Wed, 28 Apr 2021 11:07:20 GMT):



Clipboard - April 28, 2021 1:07 PM

FilipeCapela98 (Wed, 28 Apr 2021 11:16:12 GMT):

Thank you!! It worked :)

swcurran (Wed, 28 Apr 2021 15:30:03 GMT):

Join us for the ACA-Py User Group today (Wednesday) at 11AM Pacific (18:00 UTC) -- the hour before the Aries WG Call. We'll have the core maintainers on the call to answer any questions. We'll have an informal discussion about activities in the community, and talk about the next release of ACA-Py.

Zoom link: https://zoom.us/my/hyperledger.community?pwd=STZQd0xMZU9xRVVOVnpQM3JNQ2dqZz09

Link to meeting agenda page: https://wiki.hyperledger.org/display/ARIES/2021-04-28+Aries+Cloud+Agent+-+Python+Users+Group+Community+Meeting

Everyone is welcome!

esune (Wed, 28 Apr 2021 16:44:33 GMT):

Is there a set of `auto` flags that can be turned on to automatically endorse transactions coming from other agents, or do I need to handle the webhooks for that? I skimmed through `argparse.py` and did not find anything specific, wondering if maybe some of the other flags (e.g.: `--auto_accept-requests`) also turns on auto-endorsing.

andrew.whitehead (Wed, 28 Apr 2021 18:48:29 GMT):

@dbluhm previous problem report work: https://github.com/hyperledger/aries-cloudagent-python/pull/285/files

jcourt (Fri, 30 Apr 2021 05:38:27 GMT):

Has anyone considered the possibility of enhancing the VON network to support the ability to use localhost addresses for the node connections (i.e. v2v) and a specified different/public address for the agent connections (i.e c2v) ?  The reason I ask is that this would allow developers to have a completely temporary environment to develop (i.e using ACA-py and VON locally with ngrok tunnels for the public addresses to other Agents you may want to test against).  I suspect it is more complex in that the VON docker images would need to support 2 interfaces.

RounakGhosh (Fri, 30 Apr 2021 11:12:37 GMT):

Hello Everyone, @swcurran , is there any way, we can pass image along with invitation_url in Hyperledger Indy Aca-Py??

RounakGhosh (Fri, 30 Apr 2021 11:13:39 GMT):



Clipboard - April 30, 2021 4:43 PM

TimoGlastra (Fri, 30 Apr 2021 11:33:09 GMT):

There is a startup parameter `--image-url`: "Specifies the image url for this agent. This image url is publicized (self-attested) to other agents as part of forming a connection."

TimoGlastra (Fri, 30 Apr 2021 11:34:15 GMT):

I'm not sure if you can set it per connectino

TimoGlastra (Fri, 30 Apr 2021 11:34:15 GMT):

I'm not sure if you can set it per connection

RounakGhosh (Fri, 30 Apr 2021 12:31:14 GMT):



Clipboard - April 30, 2021 6:00 PM

RounakGhosh (Fri, 30 Apr 2021 12:31:29 GMT):

@TimoGlastra

TimoGlastra (Fri, 30 Apr 2021 13:22:24 GMT):

Which version of ACA-Py are you using?

TimoGlastra (Fri, 30 Apr 2021 13:22:31 GMT):

Should be 0.6.0 or higher

RounakGhosh (Fri, 30 Apr 2021 14:22:08 GMT):

bcgovimages/aries-cloudagent:py36-1.14-0_0.4.2

RounakGhosh (Fri, 30 Apr 2021 14:22:21 GMT):

@TimoGlastra

swcurran (Fri, 30 Apr 2021 14:42:44 GMT):

^^^ @WadeBarnes

WadeBarnes (Fri, 30 Apr 2021 14:47:17 GMT):

@jcourt, You can spin up `von-network` to listen on the IP address of the machine it's running on.  Example (if how http://dev.bcovrin.vonx.io/ is running):
`./manage start 159.89.115.24 WEB_SERVER_HOST_PORT=80 "LEDGER                                                                              _INSTANCE_NAME=BCovrin Dev" "INFO_SITE_TEXT=vonx.io" "INFO_SITE_URL=https://vonx                                                                              .io/"`

WadeBarnes (Fri, 30 Apr 2021 14:48:08 GMT):

The key bits are `./manage start  WEB_SERVER_HOST_PORT=

WadeBarnes (Fri, 30 Apr 2021 14:48:08 GMT):

The key bits are `./manage start  WEB_SERVER_HOST_PORT=`

WadeBarnes (Fri, 30 Apr 2021 14:49:50 GMT):



Clipboard - April 30, 2021 7:49 AM

WadeBarnes (Fri, 30 Apr 2021 14:52:24 GMT):

That provides you with a temporary environment for development that is available to any machine with access to the given IP.

Jsyro (Fri, 30 Apr 2021 17:10:26 GMT):

Are attribute names globally unique within a given presentation-request? could a presentation-request describe the 'name' field from SCHEMA X and the 'name' field from SCHEMA Y? 
The structure seems like it 'could' allow it, however the `/send-presentation` endpoint structure would not be able to support that. 

I'm writing code the construct the response and am making sure that names are unique during processing?

Jsyro (Fri, 30 Apr 2021 17:10:26 GMT):

Are attribute names globally unique within a given presentation-request? could a presentation-request describe the 'name' field from SCHEMA X and the 'name' field from SCHEMA Y? 
The structure seems like it 'could' allow it, however the `/send-presentation` endpoint structure would not be able to support that. 

I'm writing code the construct the response and am making sure that names are unique?

Jsyro (Fri, 30 Apr 2021 17:10:27 GMT):



Clipboard - April 30, 2021 10:10 AM

esune (Fri, 30 Apr 2021 17:21:08 GMT):

That `additionalPropN` is just a key for the map that holds all of the requested attributes/predicates. You are correct that they need to be unique values, you could use any unique string (e.g.: UUIDs) for them, but must pay attention to have them match whatever was in the request so that the agents can reconcile the values

esune (Fri, 30 Apr 2021 17:21:08 GMT):

That `additionalPropN` is just a key for the map that holds all of the requested attributes/predicates. You are correct that they need to be unique values, you could use any unique string (e.g.: UUIDs) for them, but must pay attention to have them match whatever was in the request so that the agents can reconcile the values appropriately

Jsyro (Fri, 30 Apr 2021 17:23:41 GMT):

Ran into another oddity. 

bpa-agent1_1      | 2021-04-30 17:19:35,221 aries_cloudagent.admin.server ERROR Handler error with exception: Credential 8MzpFrAgGxCFzsiDT84tPu:3:CL:25:test not found in wallet wallet_db.

Jsyro (Fri, 30 Apr 2021 17:23:41 GMT):

Ran into another oddity, using the `/present-proof/records/{pres_ex_id}/send-presentation`endpoint gave me this error. 

bpa-agent1_1      | 2021-04-30 17:19:35,221 aries_cloudagent.admin.server ERROR Handler error with exception: Credential 8MzpFrAgGxCFzsiDT84tPu:3:CL:25:test not found in wallet wallet_db.

Jsyro (Fri, 30 Apr 2021 17:23:41 GMT):

Ran into another oddity, using the `/present-proof/records/{pres_ex_id}/send-presentation`endpoint gave me this error. 

bpa-agent1_1      | 2021-04-30 17:19:35,221 aries_cloudagent.admin.server ERROR Handler error with exception: Credential `8MzpFrAgGxCFzsiDT84tPu:3:CL:25:test` not found in wallet wallet_db.

Jsyro (Fri, 30 Apr 2021 17:23:41 GMT):

Ran into another oddity, using the `/present-proof/records/{pres_ex_id}/send-presentation`endpoint gave me this error. 

bpa-agent1_1      | 2021-04-30 17:19:35,221 aries_cloudagent.admin.server ERROR Handler error with exception: Credential `8MzpFrAgGxCFzsiDT84tPu:3:CL:25:test` not found in wallet wallet_db.

As seen below, it appears i do hold a credential with that cred_def. Any reason why it wouldn't find it?

Jsyro (Fri, 30 Apr 2021 17:23:43 GMT):



Clipboard - April 30, 2021 10:23 AM

Jsyro (Fri, 30 Apr 2021 17:29:31 GMT):

The value of that map `requested_attributes` does not contain the key for the value to get from cred_id so i'm assuming the KEY of the map has to be the KEY of the cred_id? 

is that correct?

domwoe (Fri, 30 Apr 2021 18:12:10 GMT):

What's payload/body you provide to ```/didexchange/create-request``` ?

Jsyro (Fri, 30 Apr 2021 18:15:13 GMT):

I was using the cred_def_id in place of the cred_id.

Jsyro (Fri, 30 Apr 2021 18:15:34 GMT):

I was using the cred_def_id in place of the cred_id.

domwoe (Fri, 30 Apr 2021 18:17:16 GMT):

That's the issue ;) you could have different credentials with the same cred def and in the presentation you want to exatly define from which credential the data comes. So you have to provide the uuid of the credential

Jsyro (Fri, 30 Apr 2021 18:17:38 GMT):

yup, makes sense now! haha.

esune (Fri, 30 Apr 2021 18:19:31 GMT):

I am not 100% sure I understand the question, however: I believe the key in the map and the cred_id are not related at all. The value of the map is used by the agent(s) to identify a specific attribute/restriction in the proof-request, and in the response to identify which value should be used to satisfy what was requested in the proof-request.

esune (Fri, 30 Apr 2021 18:20:14 GMT):

So say your proof-request is only requesting a name, and the key in the map is `12345`, then your response will have a map with a key valued `12345` that will contain the credential details to be used to satisfy the proof.

esune (Fri, 30 Apr 2021 18:20:31 GMT):

I think I am right, I hope I am not mixing up things here :sweat_smile:

domwoe (Fri, 30 Apr 2021 18:21:37 GMT):

I'm a bit lost regarding the DID Exchange API? How is the endpoint ```/didexchange/create-request``` to be used ? From my perspective it would make sense that the endpoint would trigger the sending of a request to another agent identified by the public DID. However, it seems that only a connection record is created and the request is returned. If ``` 
/didexchange/create-request``` and ```
/didexchange/create-request``` are to be used to transfer a request out of band I don't really get the value of this API given we have the out of band API as well

domwoe (Fri, 30 Apr 2021 18:21:37 GMT):

I'm a bit lost regarding the DID Exchange API? How is the endpoint ```/didexchange/create-request``` to be used ? From my perspective it would make sense that the endpoint would trigger the sending of a request to another agent identified by the public DID. However, it seems that only a connection record is created and the request is returned. If `
/didexchange/create-request` and `
/didexchange/create-request` are to be used to transfer a request out of band I don't really get the value of this API given we have the out of band API as well

domwoe (Fri, 30 Apr 2021 18:21:37 GMT):

I'm a bit lost regarding the DID Exchange API? How is the endpoint `/didexchange/create-request` to be used ? From my perspective it would make sense that the endpoint would trigger the sending of a request to another agent identified by the public DID. However, it seems that only a connection record is created and the request is returned. If `
/didexchange/create-request` and `
/didexchange/create-request` are to be used to transfer a request out of band I don't really get the value of this API given we have the out of band API as well

usingetechnology (Fri, 30 Apr 2021 20:25:24 GMT):

Question - I don't see this in the aca-py 0.6.0 swagger... is there a call to decline a connection request? to let the initiator of a connection request know that you declined?

esune (Fri, 30 Apr 2021 20:29:41 GMT):

Nope, I don't think that is a supported scenario as far as I know

usingetechnology (Fri, 30 Apr 2021 20:30:23 GMT):

ok, thanks. didn't see it, just making sure i wasn't missing it.  where would i suggest a discussion about adding this?

usingetechnology (Fri, 30 Apr 2021 20:30:33 GMT):

just an issue in github?

esune (Fri, 30 Apr 2021 20:33:57 GMT):

not sure, let's reel in @swcurran as he probably has additional background on this

swcurran (Fri, 30 Apr 2021 20:54:51 GMT):

I believe the capability is supported in the newer OutOfBand/DIDExchange protocols.  

My thought is that is should be implemented as a "delete" of the connection, with an optional "inform other party".  The action is unilateral, so informing the other side is a courtesy.  The message to the other side is a ProblemReport with a "It's not me, it's you" rejection.

Suggest opening an issue on ACA-Py, with a note that the relevant RFCs should be checked to see what guidance is given, and if none, suggesting that some be added.  I can help with that if needed.

swcurran (Fri, 30 Apr 2021 20:54:51 GMT):

I believe the capability is supported in the newer OutOfBand/DIDExchange protocols, if not in the ACA-Py implementation. Probably not mentioned or supported in the old 0160 Connections protocol.

My thought is that is should be implemented as a "delete" of the connection, with an optional "inform other party".  The action is unilateral, so informing the other side is a courtesy.  The message to the other side is a ProblemReport with a "It's not me, it's you" rejection.

Suggest opening an issue on ACA-Py, with a note that the relevant RFCs should be checked to see what guidance is given, and if none, suggesting that some be added.  I can help with that if needed.

usingetechnology (Fri, 30 Apr 2021 20:56:19 GMT):

ok, that sounds good.

sbirky (Fri, 30 Apr 2021 21:02:14 GMT):

Has joined the channel.

domwoe (Fri, 30 Apr 2021 21:26:47 GMT):

I thought about this some time ago. As I understand the Connection and DID Ex RFCs the protocols are completed when the connection is set up. I still like the approach @swcurran . There's also the following suggestion, but I don't think it's implemented anywhere. https://github.com/hyperledger/aries-rfcs/blob/master/features/0030-sync-connection/abandon-connection-protocol/README.md

TimoGlastra (Sat, 01 May 2021 10:03:25 GMT):

Please try with `bcgovimages/aries-cloudagent:py36-1.16-0_0.6.0`

FilipeCapela98 (Mon, 03 May 2021 00:00:06 GMT):

Hello, is it possible to receive messages using the basic messages protocol? (as in an inbox style)

sklump (Mon, 03 May 2021 10:07:29 GMT):

They come through a webhook: it's up to the application what the webhook does. It could forward them anywhere.

FilipeCapela98 (Mon, 03 May 2021 10:08:19 GMT):

Thank you @sklump, bumped into a nice blog entry on the subject and got my idea already working! :)

sklump (Mon, 03 May 2021 10:09:46 GMT):

Blog?? Who blogs about aca-py?

FilipeCapela98 (Mon, 03 May 2021 10:10:35 GMT):

Here is the entry and the respective blog. To be honest it has helped me quite a lot during my project development: https://ldej.nl/post/aries-cloudagent-python-webhooks/

iammatrix (Mon, 03 May 2021 12:31:47 GMT):

Hello Guys, how can I add user restrictions in vc-authnn-oidc, as to after who can be authorized after scanning the QR code.

swcurran (Mon, 03 May 2021 14:13:57 GMT):

So after the Presentation Request is satisfied with a Proof that is verified, you want to do additional checks?

Currently, that is done by the Relying Party based on the token received.  Very reasonable that the check be done **before** the RP gets the token, but that would have to be added -- including some method of passing in the additional criteria.

esune (Mon, 03 May 2021 15:14:45 GMT):

On that note: `vc-authn` is an `authentication` provider, not an `authorization`.In my opinion, unless we end up making the project a full AIM system, `vc-authn` should be treated as an Identity Provider only, and the additional checks on the token (user roles, etc.) would be performed either in the consuming application (which will realistically have to consume something like roles and adapt its functionality based on that anyway), or by plugging-in `vc-authn` into a more complex AIM system such as Keycloak.

esune (Mon, 03 May 2021 15:14:45 GMT):

On that note: `vc-authn` is an `authentication` provider, not an `authorization` provider.

In my opinion, unless we end up making the project a full AIM system (which I don't think is a good/feasible idea at least at this time), `vc-authn` should be treated as an Identity Provider only, and the additional checks on the token (user roles, etc.) would be performed either in the consuming application (which will realistically have to consume something like roles and adapt its functionality based on that anyway), or by plugging-in `vc-authn` into a more complex AIM system such as Keycloak.

jcourt (Mon, 03 May 2021 21:57:23 GMT):

Thanks Wade, I use von constantly to run ACA-py against in a local environment on my Mac.  The issue is that my MAC doesn't have a public IP that I can let it use for both the v2v and c2v ledger traffic.  I can get a temporary public ngrok address but that will result in a random address and port when the tunnel is started.  So I was after the concept of the VON v2v using the localhost and being able to provide the ngrok address and port for just the c2v configuration.  I am trying to create a complete standalone development environment for people that includes public access to ACA-py and the VON ledger to simplify/speed up development. At the moment that environment works well when just developing with ACA-py but I want to expand it to support interacting with other agents.

jcourt (Tue, 04 May 2021 02:06:33 GMT):

I only just saw this response,  if I was to use websockets where is the protocol defined ?  Can I somehow use the Swagger interface definition as a guide to what goes over the WebSocket ?

etschelp (Tue, 04 May 2021 07:58:13 GMT):

The events and their payloads are exactly the same. e.g. for a connection event:

For the webhook it is a POST to .../connections and with a ConnectionRecord  as the request body

For the websocket it is simply wrapped in a envelope like {"topic": "connections", "payload": {...}} with the ConnectionRecord as the payload.

RounakGhosh (Tue, 04 May 2021 14:52:57 GMT):



Clipboard - May 4, 2021 8:22 PM

RounakGhosh (Tue, 04 May 2021 14:53:01 GMT):

Hello, Guys.  Can anyone help me, resolve this issue please. I am using ACA-PY version bcgovimages/aries-cloudagent:py36-1.16-0_0.6.0 . Could not start aca py.

RounakGhosh (Tue, 04 May 2021 14:53:01 GMT):

Hello, Guys.  Can anyone please help me, resolve this issue please. I am using ACA-PY version bcgovimages/aries-cloudagent:py36-1.16-0_0.6.0 . Could not start aca py.

RounakGhosh (Tue, 04 May 2021 14:53:01 GMT):

Hello, Guys.  Can anyone please help me, resolve this issue please. I am using ACA-PY version bcgovimages/aries-cloudagent:py36-1.16-0_0.6.0 . Could not start aca py. Upon giving --wallet-name test, it gives me the error

RounakGhosh (Tue, 04 May 2021 14:53:01 GMT):

Hello, Guys.  Can anyone please help me, resolve this issue. I am using ACA-PY version bcgovimages/aries-cloudagent:py36-1.16-0_0.6.0 . Could not start aca py. Upon giving --wallet-name test, it gives me the error

etschelp (Tue, 04 May 2021 15:18:17 GMT):

depends on the parameters you have set, but my first guess would be that adding `--auto-provision` to the start command should fix it.

RounakGhosh (Tue, 04 May 2021 15:50:34 GMT):

@etschelp . Thank you so much. It is working fine.

RounakGhosh (Tue, 04 May 2021 17:55:35 GMT):



Clipboard - May 4, 2021 11:25 PM

RounakGhosh (Tue, 04 May 2021 17:56:33 GMT):

Can you please guide, why I am getting this error.??. Thanks.

jcourt (Wed, 05 May 2021 00:03:20 GMT):

Thanks

jcourt (Wed, 05 May 2021 04:40:22 GMT):

Has anyone seen the following Sovrin BuilderNet ledger error when attempting to write to it ?
```
Error: Ledger rejected transaction request: client request invalid: InvalidClientTaaAcceptanceError('Incorrect Txn Author Agreement(digest=6e12ccd435d9d71485af2f57e6101839f8dc68d1f4f80524aac228ab4d94432a) in the request',).
```
Have previous to this attempted to use the swagger interface to both get the TAA and Agree to it via `GET /ledger/taa` then copying the whole text field returned plus specifying "for_session" for the "mechanism" and "2.0" for the version into the `POST /ledger/taa/accept` body.  The POST succeeds with a 200 and when I do another `GET /ledger/taa` it shows 
```
    "taa_required": true,
    "taa_accepted": {
      "mechanism": "for_session",
      "time": 1620172800
    }
```
There must be some difference in what ACA-py is using to generate the digest and what I have sent in the tax/accept post but I am not sure how to determine what that could be.  Is the `text` field NOT supposed to be just a copy and past from the GET /ledger/taa response ?  Thanks

jcourt (Wed, 05 May 2021 04:40:22 GMT):

Has anyone seen the following Sovrin BuilderNet ledger error when attempting to write to it ?
```
Error: Ledger rejected transaction request: client request invalid: InvalidClientTaaAcceptanceError('Incorrect Txn Author Agreement(digest=6e12ccd435d9d71485af2f57e6101839f8dc68d1f4f80524aac228ab4d94432a) in the request',).
```
Have previous to this attempted to use the swagger interface to both get the TAA and Agree to it via `GET /ledger/taa` then copying the whole text field returned plus specifying "for_session" for the "mechanism" and "2.0" for the version into the `POST /ledger/taa/accept` body.  The POST succeeds with a 200 and when I do another `GET /ledger/taa` it shows 
```
    "taa_required": true,
    "taa_accepted": {
      "mechanism": "for_session",
      "time": 1620172800
    }
```
There must be some difference in what ACA-py is using to generate the digest and what I have sent in the taa/accept post but I am not sure how to determine what that could be.  Is the `text` field NOT supposed to be just a copy and past from the GET /ledger/taa response ?  Thanks

jcourt (Wed, 05 May 2021 04:40:22 GMT):

Has anyone seen the following Sovrin BuilderNet ledger error when attempting to write to it ?
```
Error: Ledger rejected transaction request: client request invalid: InvalidClientTaaAcceptanceError('Incorrect Txn Author Agreement(digest=6e12ccd435d9d71485af2f57e6101839f8dc68d1f4f80524aac228ab4d94432a) in the request',).
```
Have previous to this attempted to use the swagger interface to both get the TAA and Agree to it via `GET /ledger/taa` then copying the whole text field returned plus specifying "for_session" for the "mechanism" and "2.0" for the version into the `POST /ledger/taa/accept` body.  The POST succeeds with a 200 and when I do another `GET /ledger/taa` it shows 
```
    "taa_required": true,
    "taa_accepted": {
      "mechanism": "for_session",
      "time": 1620172800
    }
```
There must be some difference in what ACA-py is using to generate the digest and what I have sent in the taa/accept post but I am not sure how to determine what that could be.  Is the `text` field in the accept NOT supposed to be just a copy and paste from the GET /ledger/taa responses  `taa_record.text` field ?  Thanks

TimoGlastra (Wed, 05 May 2021 11:26:55 GMT):

Seems like there is some interest in sending push notifications from ACA-Py for mediation of messages. We have a meeting scheduled for later today (18:00 CEST) to discuss the possibilities of creating an ACA-Py plugin to handle this. If you want to attend the meeting please send me a message and I'll make sure you get invited. Relevant discussion: https://github.com/hyperledger/aries-cloudagent-python/issues/950#issuecomment-829381998

dbluhm (Wed, 05 May 2021 13:45:00 GMT):

Unit tests are failing on the main branch at the moment thanks to a new PyDID release I did last night catching invalid input data for some of our tests that we've treated as valid up until now. Fix submitted: https://github.com/hyperledger/aries-cloudagent-python/pull/1151

@ianco @andrew.whitehead

dbluhm (Wed, 05 May 2021 13:51:08 GMT):

Fix merged; PRs affected by this bug should be back to passing tests after merging in main again. Sorry for the inconvenience!

dbluhm (Wed, 05 May 2021 14:08:07 GMT):

The TAA acceptance is sensitive to invisible characters that lead the text

dbluhm (Wed, 05 May 2021 14:08:44 GMT):

There's a unicode character that is used to denote that the text following is to be interpreted as unicode

dbluhm (Wed, 05 May 2021 14:09:07 GMT):

But it won't show up from copying and pasting from the Swagger UI

etschelp (Wed, 05 May 2021 14:19:10 GMT):

I'm currently testing our code against the 0.7-pre version of aca-py and i believe there is an issue with json-ld sign and verify. I will go through the flow to explain this:

First sign the absolute minimum

```{
    "doc": {
        "credential": {
            "@context": [
                "https://www.w3.org/2018/credentials/v1"
            ],
            "type": [
                "VerifiableCredential"
            ]
        },
        "options": {
            "verificationMethod": "did:sov:123#key-1",
        }
    },
    "verkey": "myKey"
}```

Previously the options had a type, this one has been removed, which makes kind of sense as Ed25519Signature2018 is the only available method anyway. The signed document that is returned looks like:
```
{
    "signed_doc": {
        "@context": [
            "https://www.w3.org/2018/credentials/v1"
        ],
        "type": [
            "VerifiableCredential"
        ],
        "proof": {
            "verificationMethod": "did:sov:123#key-1",
            "created": "2021-05-05T13:54:07Z",
            "jws": "..."
        }
    }
}```

If i now unwrap the signed doc and put it into the verify method I will get the following error: 

error": "in proof, {'verificationMethod', 'created', 'jws'} attributes dropped. Provide definitions in context to correct."

This makes kind of sense as there is now context validation in place and the proof is missing the type to be valid json-ld , so if I add a type to the request


```{
    "doc": {
        "@context": [
            "https://www.w3.org/2018/credentials/v1"
        ],
        "type": [
            "VerifiableCredential"
        ],
        "proof": {
            "verificationMethod": "did:sov:123#key-1",
            "type": "Ed25519Signature2018",
            "jws": "..."
        }
    },
    "verkey": "myKey"
}```

The request is successful, but unfortunately this is not the document that was signed any more so the validation fails.

jcourt (Wed, 05 May 2021 21:49:38 GMT):

Thanks so much for that hint, I will double check everything.  I also saw at one point in an issue report @etschelp indicating it may be necessary to restart acapy to pick up the TAA acceptance is that still likely when accepting via the swagger interface vs using the provision route ?

dbluhm (Wed, 05 May 2021 21:52:39 GMT):

I haven't run into such a problem before when using the swagger interface (or, more commonly in my case, through the toolbox but it is essentially the same system) so I don't think so

andrew.whitehead (Wed, 05 May 2021 21:58:52 GMT):

The type is a required property of the proof, so it shouldn't be producing that credential to begin with: https://www.w3.org/TR/vc-data-model/#proofs-signatures

dbluhm (Wed, 05 May 2021 22:01:34 GMT):

Type is indeed required, as Andrew indicated. This seems to be a problem with the schema definition in the json-ld routes which in function is expecting to receive the type as part of the options object but that's not been declared correctly.

jcourt (Wed, 05 May 2021 22:11:47 GMT):

Thanks

jcourt (Wed, 05 May 2021 22:23:01 GMT):

So on the hidden unicode character point,  are you saying it needs to be removed from the returned taa text or it needs to be added when it is sent in the taa acceptance ?  Is there a safe recipe for achieving taa acceptance using the swagger interface ?

dbluhm (Wed, 05 May 2021 22:32:29 GMT):

In theory you could add it... Off the top of my head, I believe it was a [byte order marker](https://en.wikipedia.org/wiki/Byte_order_mark). When using the Admin API "normally" through a controller, this wouldn't be a problem, it's just when using the UI and using copy-paste. I'd probably recommend just handling it in code if possible and, if all you need is a one-off, perhaps just with curl

jcourt (Wed, 05 May 2021 22:43:51 GMT):

Thanks, I was just walking through it manually before adding It to a UI to check the steps.  I will persist a little longer on the manual steps just to make sure I understand the issue completely

jcourt (Thu, 06 May 2021 01:32:34 GMT):

So for anyone else going down this path and looking for the final solution at using the swagger interface to accept the taa and have it match when you try and subsequently write to the ledger:

1) The magic unicode character that doesn't appear in the `text` when executing `GET /ledger/taa` is `\ufeff`.

2) Probably the safest way atm to do the taa acceptance in the swagger interface is to use the curl command line shown after you execute `GET /ledger/taa` in swagger.  This will show the full `text` that you need to copy and put into the `text` field of the swagger `POST /ledger/taa/accept`

jcourt (Thu, 06 May 2021 01:32:34 GMT):

So for anyone else going down this path and looking for the final solution at using the swagger interface to accept the taa and have it match when you try and subsequently write to the ledger:

1) The magic unicode character that doesn't appear in the `text` when executing `GET /ledger/taa` is `\ufeff`.

2) Probably the safest way atm to do the taa acceptance in the swagger interface is to use the curl command line shown after you execute `GET /ledger/taa` in swagger.  This will return the full `text` that you need to copy and put into the `text` field of the swagger `POST /ledger/taa/accept`

jcourt (Thu, 06 May 2021 01:33:39 GMT):

Thanks to @dbluhm for all the pointers.

TimoGlastra (Thu, 06 May 2021 08:42:06 GMT):

@TelegramSam @dbluhm @JamesEbert could one of you point me to the docs of firebase where it mentions you can send messages to apps you don't 'own'. I've been searching through the docs but everywhere it says you need to register the Apple keys/token/bundle id

TimoGlastra (Thu, 06 May 2021 08:42:09 GMT):

https://firebase.google.com/docs/cloud-messaging/ios/certs

TimoGlastra (Thu, 06 May 2021 08:42:16 GMT):

https://firebase.google.com/docs/cloud-messaging/ios/first-message#register-app

TimoGlastra (Thu, 06 May 2021 08:42:23 GMT):

https://firebase.google.com/docs/cloud-messaging/ios/client#upload_your_apns_authentication_key

etschelp (Thu, 06 May 2021 08:47:37 GMT):

The schema definition is indeed out of sync. Maybe I am looking at the wrong place, but when I look at the code both sign and verify methods are supposed to go through create_verify_data() So basically the exception above should already be raised while trying to sign the credential.

domwoe (Thu, 06 May 2021 09:20:40 GMT):

Sorry for not replying here directly: https://github.com/hyperledger/aries-cloudagent-python/pull/1154

domwoe (Thu, 06 May 2021 09:20:40 GMT):

Sorry for not replying here earlier: https://github.com/hyperledger/aries-cloudagent-python/pull/1154

Yunxi 3 (Thu, 06 May 2021 10:35:10 GMT):

Hello all and @swcurran , i've got 2 questions regarding "recipient keys" generated in invitation creation. Q1. Does each invitation creation by an agent's wallet can only be consumed by another wallet (either in the same agent, e.g. multi-tenancy enabled or different agent) ? Q2. Where can I find right docs regarding what recipient keys are and why acapy use it? Thanks!

iammatrix (Thu, 06 May 2021 13:52:01 GMT):

hey guys what is the deal with webhook error in the new Aca-py version, has anyone faced it yet????

dbluhm (Thu, 06 May 2021 13:58:21 GMT):

Which ACA-Py version and what error?

swcurran (Thu, 06 May 2021 14:37:54 GMT):

Q1 -- Invitations are created to enable a connection from one agent to another.

Q2 -- Aries RFCs repo -- and in particular - https://github.com/hyperledger/aries-rfcs/tree/master/concepts/0094-cross-domain-messaging and https://github.com/hyperledger/aries-rfcs/tree/master/concepts/0046-mediators-and-relays

dbluhm (Thu, 06 May 2021 14:40:10 GMT):

Just had a chat with Matteo where he said he was seeing the same restriction

Yunxi 3 (Thu, 06 May 2021 15:15:43 GMT):

Thanks @swcurran , from my experimentation, I can also set up a connection between two sub wallets in the same agent as long as i turn on the multi-tenancy mode. Does it contradict to your answer: connection is between agent level?

Yunxi 3 (Thu, 06 May 2021 15:15:43 GMT):

Thanks @swcurran , from my experimentation, I can also set up a connection between two sub wallets in the same agent (i can verify this by send a message from one sub wallet to another one) as long as i turn on the multi-tenancy mode. Does it contradict to your answer: connection is between agent level?

Yunxi 3 (Thu, 06 May 2021 15:17:30 GMT):

for your answer 2, i quickly did a search on the word "recipient key", i dont see any clarification on it in either doc

Yunxi 3 (Thu, 06 May 2021 15:57:49 GMT):

Hello all, i've raised a new issue here: https://github.com/hyperledger/aries-cloudagent-python/issues/1158, can anyone help to give an answer? Thanks

swcurran (Thu, 06 May 2021 16:03:13 GMT):

Terminology is fun.  I consider a sub-wallet an agent, so yes, you can connect a sub-wallet to sub-wallet using that.  IMHO - "wallets" are mobile apps.  Multi-tenant hold multiple agents that each have their own secure storage.

I'll check on the docs.

esune (Thu, 06 May 2021 16:06:44 GMT):

I responded on the issue

swcurran (Thu, 06 May 2021 16:08:44 GMT):

Here are the RFCs that reference them: https://github.com/hyperledger/aries-rfcs/search?q=recipientkeys

The 0067 is probably the most useful, but I'm disappointed in the lack of information about them.

JamesEbert (Thu, 06 May 2021 17:45:16 GMT):

This was the information that @TelegramSam and I had found in Firebase: https://firebase.google.com/docs/cloud-messaging/concept-options#receiving-messages-from-multiple-senders
Essentially I think it means you have to register and have your own Firebase project, but are still able to receive push notifications from a different sender. There's potential that it wouldn't work in quite the way we had thought though.

dbluhm (Thu, 06 May 2021 18:05:14 GMT):

@matteo what's your take? Do you think this addresses the issues we talked about ^^

TimoGlastra (Thu, 06 May 2021 18:43:55 GMT):

This look very promising. The protocol would need to include a way for the mediator to send it's `sender ID` to the mediatee so it can register for push notifications from that mediator. Could even work with multiple mediators at the same time

TimoGlastra (Thu, 06 May 2021 18:43:55 GMT):

This look very promising. The protocol would need to include a way for the mediator to send its `sender ID` to the mediatee so it can register for push notifications from that mediator. Could even work with multiple mediators at the same time

TimoGlastra (Thu, 06 May 2021 18:44:10 GMT):

Firebase FTW

JamesEbert (Thu, 06 May 2021 19:05:04 GMT):

That was our exact thoughts!

iammatrix (Fri, 07 May 2021 09:49:32 GMT):



Clipboard - May 4, 2021 11_25 PM.png

iammatrix (Fri, 07 May 2021 09:49:33 GMT):

ACA-PY version =0.60 and error is

RounakGhosh (Fri, 07 May 2021 09:50:14 GMT):

@dbluhm

Yunxi 3 (Fri, 07 May 2021 10:01:17 GMT):

Thanks @swcurran for pointing me to the right doc. Regarding this definition for "recipientKeys : This is an array of did key references used to denote the default recipients of an endpoint.", i'm trying to understand it a bit clearer. If I have an agent as a sender that is generating a connection invitation that includes its own "serviceEndpoint" + "recipientKeys" + other info, does the "default recipient" in the definition refer to this sender agent itself?

Yunxi 3 (Fri, 07 May 2021 10:01:17 GMT):

Thanks @swcurran for pointing me to the right doc. Regarding this definition for "recipientKeys : This is an array of did key references used to denote the default recipients of an endpoint.", i'm trying to understand it a bit clearer. If I have an agent as a sender that is generating a connection invitation that includes its own "serviceEndpoint" + "recipientKeys" + other info, does the "default recipient" in the definition refer to this sender agent itself and does the "endpoint" refer to sender's "serviceEndpoint"?

Luis-GA (Fri, 07 May 2021 13:09:42 GMT):

Has joined the channel.

madhugoundla (Fri, 07 May 2021 19:35:54 GMT):

Has joined the channel.

swcurran (Fri, 07 May 2021 22:03:54 GMT):

In your example, the sender is creating the information about itself.

During the connection establishment process (OOB+DID Exchange), both parties pass the information to the others that says "Here is how I want you to send messages to me".  That consists of three things:

- recipientKeys for the message itself -- e.g. my key.
- the endpoint to send the message. This is where I want you to send the message, and my side will take care of the rest.
- routingKeys -- any other agents on my side (after the endpoint, before it gets to me) that might handle the message. The sender will place the message into forward envelope for each entry, in order.

swcurran (Fri, 07 May 2021 22:03:54 GMT):

In your example, the sender is creating the information about itself.

During the connection establishment process (OOB+DID Exchange), both parties pass the information to the other that says "Here is how I want you to send messages to me".  That consists of three things:

- recipientKeys for the message itself -- e.g. my key.
- the endpoint to send the message. This is where I want you to send the message, and my side will take care of the rest.
- routingKeys -- any other agents on my side (after the endpoint, before it gets to me) that might handle the message. The sender will place the message into forward envelope for each entry, in order.

AkankshaM (Mon, 10 May 2021 03:39:19 GMT):

Has joined the channel.

AkankshaM (Mon, 10 May 2021 03:46:58 GMT):

Hello all,
I am trying to set up aries without docker container.
I can start von-ledger on docker.
For the below command, (including --wallet-type indy), it throws the error that wallet not found.
$ aca-py start -it http '0.0.0.0' 10000 -ot http --admin '0.0.0.0' 5000 -e http://localhost:8080 --genesis-url http://0.0.0.0:9000/genesis --label 'My agent' --admin-insecure-mode --log-level info --wallet-type indy --seed 00000000000000000000000000faber1 --wallet-name "My Wallet" --wallet-key "somekey"
$ aca-py start -it http '0.0.0.0' 10001 -ot http --admin '0.0.0.0' 5001 -e http://localhost:8081 --genesis-url http://0.0.0.0:9000/genesis --label 'My agent' --admin-insecure-mode --log-level info --wallet-type indy --seed 00000000000000000000000000alice1 --wallet-name "Other Wallet" --wallet-key "somekey"
How do I set up that?

I checked https://github.com/hyperledger/aries-cloudagent-python/issues/150. I am getting almost same error, but the solution is confusing me. How do I register DID without starting aca-py.

Without --wallet-type parameter, I am able to start agents. But, while accept-request API call, agent to agent communication is not happening. In the terminal, it throws this error:
'''
raise client_error(req.connection_key, exc) from exc
aiohttp.client_exceptions.ClientConnectorError: Cannot connect to host localhost:8081 ssl:default [Connect call failed ('127.0.0.1', 8081)]
'''
I tried to on ngrok port on 8080 and 8081 as well, but it did not make any difference.
PS: ngrok ports on 10000 and 10001 are up.

What am I missing?
Is there any way to set this up on local machine without ngrok and docker?
Also, can anyone tell if I am doing it correctly?

Thank you in advance

daniel-s 1 (Mon, 10 May 2021 07:32:12 GMT):

Has joined the channel.

FilipeCapela98 (Mon, 10 May 2021 12:19:26 GMT):

Hello, I would like to extract fields from a credential presentation, but for some reason string values are encoded to number formats. Is there a way to get the actual string value instead of the encoded version?

Yunxi 3 (Mon, 10 May 2021 15:23:02 GMT):

thanks @swcurran, just to make sure i understand the effect of the recipientkeys here. Once the sender generates the recipientkeys, my translation is the sender tell others: Hey there, please use this public recipientKeys to encrypt all the messages that will be sent to me from you, and i can decrypt them by using a relevant private key. Is this translation correct?

matteo (Mon, 10 May 2021 15:49:54 GMT):

That looks promising. It needs quite a bit of work on the mobile app but It would add some value if we can get it to work properly. So, would it make sense to use Discover Features Protocol, meaning the app can ask mediator to provide a `sender ID` to which it can then register? The only drawback I see with this solution is that it is only viable with Firebase.

swcurran (Mon, 10 May 2021 16:03:59 GMT):

Yes

JamesEbert (Mon, 10 May 2021 19:28:24 GMT):

Agreed--I think that we don't want to tie ourselves to having to use Firebase exclusively (so allowing/having multiple different push notification protocols), but if you want to run an open source mediator that provides push notifications Firebase would likely work for that capability.

madhugoundla (Mon, 10 May 2021 22:11:51 GMT):

Hi, is there documentation for connecting acapy to postgressql?

madhugoundla (Mon, 10 May 2021 22:13:06 GMT):

Is there also any documentation on running acapy stateless?

swcurran (Tue, 11 May 2021 03:02:55 GMT):

Running ACA-Py with postgres is just some command line options on startup, along with a running instance of postgres.

Not sure what you mean about running stateless.  In general, everything ACA-Py does is persisted, so that you can run it in containers in a scalable environment like Kubernetes.

madhugoundla (Tue, 11 May 2021 04:12:20 GMT):

Do you have any documentation to run in kubernetes? Is the postgress deployed as a kubernetes pod as well?

madhugoundla (Tue, 11 May 2021 04:13:41 GMT):

I am sorry for my stateless question, i thought it was stateless cause how will persistance be maintained if an agent has to scale up by increasing number of pods.

SachinSWN (Tue, 11 May 2021 07:29:27 GMT):

Has joined the channel.

SachinSWN (Tue, 11 May 2021 07:29:27 GMT):

Hey, Is there any way i can establish a secure msging with my mobile app and aries cloud agent. I have tested web-web python demo of aries cloud agent. My requirement is etsblish the same with react-native app - and cloud endpoint?

TimoGlastra (Tue, 11 May 2021 10:18:52 GMT):

That's definitely possible. Normally you would add a mediator in between that receives messages for the mobile wallet. There's currently work going on in Aries Framework JavaScript (https://github.com/hyperledger/aries-framework-javascript/) to support this, after which this can also be used in React Native. (e.g. Aries Mobile Agent React Native: https://github.com/hyperledger/aries-mobile-agent-react-native)

TimoGlastra (Tue, 11 May 2021 10:18:52 GMT):

That's definitely possible. Normally you would add a mediator in between that receives messages for the mobile wallet. There's currently work going on in Aries Framework JavaScript (https://github.com/hyperledger/aries-framework-javascript/) to support the official mediator stuff, after which this can also be used in React Native. (e.g. Aries Mobile Agent React Native: https://github.com/hyperledger/aries-mobile-agent-react-native). However you can already get started using a simple in-memory mediator

TimoGlastra (Tue, 11 May 2021 10:20:12 GMT):

See https://github.com/hyperledger/aries-mobile-agent-react-native/blob/main/docs/MEDIATION.md

dbluhm (Tue, 11 May 2021 16:45:11 GMT):

@swcurran (sorry if this has been raised elsewhere already) we're hoping to discuss inbound/outbound queues, undelivered queues, and the event bus during the ACA-Pug meeting tomorrow, if there's room on the agenda :slight_smile:

swcurran (Tue, 11 May 2021 18:55:37 GMT):

We run with PostgreSQL on k8s pods.  That could be done with a Cluster as well. 

 There is no docs specifically on deploying to k8s.  We have a repo that is an example of running a significant application that uses Aries Agents on k8s -- OrgBook -- https://github.com/bcgov/orgbook-configurations/tree/master/openshift

However, not sure how useful it is in general as it is specific to our app.

madhugoundla (Tue, 11 May 2021 20:16:30 GMT):

I think this is wonderful to start with Stephen. Thank you for your great help.

swcurran (Tue, 11 May 2021 21:15:23 GMT):

Sounds good.  Are you leading?  I can try to get some info from where things got left with the Persistent Queue work.

swcurran (Tue, 11 May 2021 21:15:28 GMT):

O

swcurran (Tue, 11 May 2021 21:15:28 GMT):

I'd like to talk about what's not in ACA-Py for AIP 2.0.

swcurran (Tue, 11 May 2021 21:15:28 GMT):

I'd also like to talk about what's not in ACA-Py for AIP 2.0.

daniel-s 1 (Tue, 11 May 2021 23:01:01 GMT):

I am trying to create a proof request. I have read through RFC37 https://github.com/sklump/aries-rfcs/tree/master/features/0037-present-proof but very few of the fields that are shown in the example on the Swagger UI page for Aries (http://localhost:5002/api/doc#/present-proof/post_present_proof_send_request) are mentioned in the RFC. What is it that I'm missing. I am trying to figure out how to tell specify the fields and predicates to make up the proof request. Is this documented elsewhere?

swcurran (Tue, 11 May 2021 23:25:24 GMT):

There are various ways to create a DID before starting ACA-Py.  It looks like you are using VON-Networ,k and that you can go to http://localhost:8080 and create the DID from the seed using the User Interface (right side). I'd make it an Endorser.

You still need the `--seed` parameter as that will create the DID in the wallet and must match what you create on the ledger.

swcurran (Tue, 11 May 2021 23:50:56 GMT):

Join us for the ACA-Py User Group Wednesday at 11AM Pacific (18:00 UTC) -- the hour before the Aries WG Call. We'll have the core maintainers on the call to answer any questions -- other topics are below.

Zoom link: https://zoom.us/my/hyperledger.community?pwd=STZQd0xMZU9xRVVOVnpQM3JNQ2dqZz09

Link to meeting agenda page: https://wiki.hyperledger.org/display/ARIES/2021-05-11+Aries+Cloud+Agent+-+Python+Users+Group+Community+Meeting

Everyone is welcome!

Topics: 

- Queue Handling In ACA-Py
- When do we release the next ACA-Py?
- What's in AIP 2.0 that we need to add to ACA-Py

dbluhm (Wed, 12 May 2021 01:00:54 GMT):

Sure though I suspect @TimoGlastra and @victor.martinez will likely be contributing as well :slight_smile:

AkankshaM (Wed, 12 May 2021 04:45:15 GMT):

Registering on ledger also means that the agent will have a public DID.
I want one agent to have public DID, but another without public DID. And I want to connect them through pair wise DID (which needs endpoint). Somehow, when I tried this, the agents are not able to discover other agents. 
I am using ngrok, it seems there is some problem with ngrok setup from my side. I want to know if I can run agents without ngrok locally?

sklump (Wed, 12 May 2021 11:14:17 GMT):

Check out main since 
https://github.com/hyperledger/aries-cloudagent-python/pull/1161

swcurran (Wed, 12 May 2021 13:45:10 GMT):

That's found in the Indy docs, but it's not well documented.

Perhaps here: https://hyperledger-indy.readthedocs.io/projects/sdk/en/latest/docs/design/002-anoncreds/README.html

indy_prover_close_credentials_search

swcurran (Wed, 12 May 2021 13:48:37 GMT):

For the one that doesn't have a ledger, leave off the seed parameter. It won't be looked for on the ledger.  The seed is only for public DIDs. The pairwise DIDs for communications are created automatically when needed (from random seeds) on both sides.

Yunxi 3 (Wed, 12 May 2021 19:00:43 GMT):

Hello all, in an issuer agent, when calling this api: issue-credential-2.0/records, i'm able to see  JSON records related to type 1 - *credential proposal* sent from a holder with a "status" field showing "proposal-received" and type 2 - "offer-sent" indicating an new credential is issued and sent to the holder. My question is which field in both JSON records can

Yunxi 3 (Wed, 12 May 2021 19:00:43 GMT):

Hello all, in an issuer agent, when calling this api: issue-credential-2.0/records, i'm able to see  JSON records related to type 1 - *credential proposal* sent from a holder with a "status" field showing "proposal-received" and type 2 - "offer-sent" indicating an new credential is issued and sent to the holder. My question is which field in both JSON records can tell the two records map to each other?

Yunxi 3 (Wed, 12 May 2021 19:00:43 GMT):

Hello all, in an issuer agent, when calling this api: issue-credential-2.0/records, i'm able to see  JSON records related to type 1 - *credential proposal* sent from a holder with a "status" field showing "proposal-received" and type 2 - "offer-sent" indicating an new credential is issued and sent to the holder. My question is which field in both JSON records can tell the two records map to each other, if i consider record 2 (issue a credential) is a response to record 1 (request a credential)?

Yunxi 3 (Wed, 12 May 2021 19:00:43 GMT):

Hello all, in an issuer agent, when calling this api: issue-credential-2.0/records, i'm able to see  JSON records related to record 1 - *credential proposal* sent from a holder with a "status" field showing "proposal-received" and record 2 - "offer-sent" indicating an new credential is issued and sent to the holder. My question is which field in both JSON records can tell the two records map to each other, if i consider record 2 (issue a credential) is a response to record 1 (request a credential)?

jcourt (Thu, 13 May 2021 04:30:18 GMT):

Another question on VON https://github.com/bcgov/von.  Any chance you would consider tagging the current version so that it provides a stable point to pull ?  It rarely has a breaking issue in HEAD but it would be good to have a fallback point if it does.

jcourt (Thu, 13 May 2021 04:30:18 GMT):

Another question on VON Network https://github.com/bcgov/von-network.  Any chance you would consider tagging the current version so that it provides a stable point to pull ?  It rarely has a breaking issue in HEAD but it would be good to have a fallback point if it does.

da3v21 (Thu, 13 May 2021 05:41:39 GMT):

hello everyone!, the *ledger/register-nym* is not registering did's of method key (did:key) on the ledger. I'm testing the *issue-credentialv2.0* of type ld_proof which needs "did:key" to be registered on the ledger.

da3v21 (Thu, 13 May 2021 05:43:31 GMT):

The *out-of-band/receive-invitation* protocol is throwing an 500 internal server error while including attachments. I have tested this before, but it is not working with the 0.7.0-pre version of acapy agents

da3v21 (Thu, 13 May 2021 05:43:31 GMT):

The *out-of-band/receive-invitation* protocol is throwing an *500 internal server* error while including attachments. I have tested this before, but it is not working with the 0.7.0-pre version of acapy agents

dbluhm (Thu, 13 May 2021 14:59:46 GMT):

`did:key`s are not anchored on a ledger. "Resolution" of a `did:key` consists of transforming it into a document based purely on a set algorithm for doing so.

swcurran (Thu, 13 May 2021 15:01:35 GMT):

Could you please add an issue in the repo, including your OOB invitation and stack trace?

FYI @shaanjot.gill

rohitthukral (Thu, 13 May 2021 16:40:17 GMT):

Has joined the channel.

rohitthukral (Thu, 13 May 2021 16:40:18 GMT):

Hello Everyone! we are developing Aries + Xamarin based mobile application, where we want to store user credentials, and public & private key associated with DID. i explored over the google but didn't found any way to retrieve private key for user wallet. It would be really helpful, if you can suggest how to retrieve private key and store that in wallet? Any help would be really appreciated, Thanks

filip.burlacu (Thu, 13 May 2021 22:48:06 GMT):

Has joined the channel.

jcourt (Fri, 14 May 2021 01:11:35 GMT):

added an issue to the repo as that's the right place to discuss something only peripheral to ACA-py

da3v21 (Fri, 14 May 2021 04:45:19 GMT):

Ya sure. I have added it here

da3v21 (Fri, 14 May 2021 04:45:19 GMT):

Ya sure. I added it here: https://github.com/hyperledger/aries-cloudagent-python/issues/1177

da3v21 (Fri, 14 May 2021 05:02:52 GMT):

@swcurran Can you delete this issue, It was my mistake I did not assign *auto-present* to true

da3v21 (Fri, 14 May 2021 05:02:52 GMT):

@swcurran Can you delete this issue, It was my mistake I did not assign *auto-present* to true in present-proof attachment type.

da3v21 (Fri, 14 May 2021 05:09:19 GMT):



Capture.JPG

FilipeCapela98 (Fri, 14 May 2021 12:31:15 GMT):

Hello, are there any benchmarks or stress tests made to the aca-py agents?

sklump (Fri, 14 May 2021 12:37:34 GMT):

aries_cloudagent/demo/run_demo performance

Yunxi 3 (Fri, 14 May 2021 13:07:31 GMT):

Hello, can anyone help look at my ticket here: https://github.com/hyperledger/aries-cloudagent-python/issues/1172? Thanks

sklump (Fri, 14 May 2021 15:10:24 GMT):

I can take a look, probably Monday though

sklump (Fri, 14 May 2021 15:10:24 GMT):

I can take a look, probably ~Monday~ _Tuesday_ though

swcurran (Fri, 14 May 2021 15:13:19 GMT):

Definitely should be -- very suprised it not.  Perhaps a typo?

FilipeCapela98 (Sun, 16 May 2021 09:30:08 GMT):

Thank you @sklump! for some reason I forgot about that script in the demo :)

wip-abramson (Mon, 17 May 2021 14:04:29 GMT):

Hey, I am sure this has come up before but I couldn't find it.

Does anyone know the attribute size limit? I am trying to put an image in an attribute, which issues fine until I come to store the credential which give me a IndyHolderError and complains about WalletStorage. The image I have been messing about with is 2.6 kB and I base64 encode it before offering it like this:

`import base64
encoding = 'utf-8'
with open("headshot.jpg", "rb") as image:
    my_string = base64.b64encode(image.read())
    headshotBase64 = my_string.decode('utf-8')
    print(headshotBase64)`

Anyone got something like this working?

iammatrix (Mon, 17 May 2021 15:26:42 GMT):

how to disable Profile validation with browser flow in keycloak ??

iammatrix (Mon, 17 May 2021 15:28:25 GMT):

@esune

esune (Mon, 17 May 2021 15:31:36 GMT):

What error/issue are you facing exactly? I assume this is when integrating with `vc-authn`?

esune (Mon, 17 May 2021 15:33:21 GMT):

The two things I can think of are:

esune (Mon, 17 May 2021 15:33:55 GMT):

Turn on the "disable user info" switch in the IdP configuration

esune (Mon, 17 May 2021 15:33:59 GMT):



Clipboard - May 17, 2021 8:33 AM

esune (Mon, 17 May 2021 15:35:07 GMT):

Make sure your IdP is added as `OpenID Connect v1.0` and NOT as `Keycloak OpenID Connect` (the latter seems to keep polling the userinfo endpoint regrdless of the settings.

esune (Mon, 17 May 2021 15:45:23 GMT):

Also see: https://github.com/bcgov/vc-authn-oidc/issues/129

iammatrix (Mon, 17 May 2021 16:01:05 GMT):

It was me also, I was the one asking in GitHub, thanks for your help man, the issues with keycloak are finally solved.
Thank you very much

TimoGlastra (Mon, 17 May 2021 18:12:48 GMT):

Hi @wip-abramson we've been doing some research on images in credentials. 2.6kB seems really low for it to fail. The time it takes to issue increases as you issue/verify more credential with attachments (I think due to in-memory usage, or filtering criteria we used), but we were able issue way more than 2.6 kB

TimoGlastra (Mon, 17 May 2021 18:15:03 GMT):

See https://github.com/blu3beri/aries-test-results-large-credentials for some graphs on issuance time per credentrial size

FilipeCapela98 (Mon, 17 May 2021 22:17:05 GMT):

Hello @TimoGlastra, not related to wip's issue, but I was wondering if there are any other repos that contain benchmarks made to aca-py, besides the performance demos and the one you linked in your response. Thank you!

TimoGlastra (Tue, 18 May 2021 07:12:27 GMT):

Not that I'm aware of. Are you looking for a specific type of performance test?

FilipeCapela98 (Tue, 18 May 2021 10:29:19 GMT):

@TimoGlastra It would be interesting to see how an agent handles multiple concurrent requests, for example in 60 seconds getting 200 different requests, ranging from presentation requests, credential requests and connection requests for example. Do you think it would sustain a huge load like that?

Shweta1 (Tue, 18 May 2021 11:14:47 GMT):

Hi Team,
I have set up indy node on first  ec2 and indy webserver is running from below command.
*docker run -dti -v /opt/von-network/:/von-network -p 9000:9000  --name=indy-webserver indy-webserver
*
I tried to up aries cloud agent on sencond ec2 instance and provided genesis url running on  first ec2 but getting error .
*Ledger_url=http://firstIP:9000 ./run_demo faber*

Shweta1 (Tue, 18 May 2021 11:15:53 GMT):



error.png

wip-abramson (Tue, 18 May 2021 12:34:50 GMT):

Thanks @TimoGlastra, must be some other issue perhaps. Does my encoding approach seem correct to you? I seem to be erroring out on this function call - https://github.com/hyperledger/aries-cloudagent-python/blob/abbbd94b17ccacff7e66f1208c6a8de720d8f44c/aries_cloudagent/indy/sdk/holder.py#L109

Using a postgres Db, not sure if that would make any difference

sklump (Tue, 18 May 2021 16:58:37 GMT):

It looks like these changes are not likely to last. They slow down performance an awful lot. So I will likely be backing them out over the next few days. It was worth a look.

jcourt (Wed, 19 May 2021 06:16:59 GMT):

Is there a protocol or indy based reason why a DID with a posture of `wallet_only` can't be deleted from ACA-py ?  These tend to get created every time a new connection is created (i.e. unless you specify to use a public DID) but they don't get removed when connections are deleted.  This tends to result in a lot of orphaned `wallet_only` DIDs ?

sklump (Wed, 19 May 2021 10:03:48 GMT):

write this one up as an issue: probably it should get deleted with connection teardown

sklump (Wed, 19 May 2021 10:03:48 GMT):

Please & thanks, write this one up as an issue: probably it should get deleted with connection teardown

santidediego (Wed, 19 May 2021 13:35:46 GMT):

Has joined the channel.

santidediego (Wed, 19 May 2021 13:35:46 GMT):

Hi team,

I am trying to develop a controller which uses an Aries agent. Under demo/ folder there are some examples of controllers (Faber, etc.) that use the aca-py agent. My question: is in the Aries Cloudagent Python roadmap to develop a generic controller from where we can start building our own controllers?  thanks and excellent job with this project btw!

swcurran (Wed, 19 May 2021 14:38:00 GMT):

By definition, a controller provides the business logic for an agent, so each controller depends on the use case.  But you can definitely have a controller that is generic enough to handle many use cases -- e.g. an issuer/verifier that provides a much simpler API for any enterprise system that just does issuing, or verification or even both.

jaqo (Thu, 20 May 2021 02:52:34 GMT):

Has joined the channel.

gut (Thu, 20 May 2021 08:32:53 GMT):

Has joined the channel.

gut (Thu, 20 May 2021 08:44:29 GMT):

So a higher level (simplified) Agent API is not intended in the roadmap, I think.
Is there a specific reason to provide atomic operations from the API? I see that some of them could be wrapped in more complex actions to complete the lifecycle (use case agnostic, of course) in an easier way for API users.

RounakGhosh (Thu, 20 May 2021 10:14:08 GMT):

@dbluhm dbluhm

RounakGhosh (Thu, 20 May 2021 10:14:08 GMT):

@dbluhm

swcurran (Thu, 20 May 2021 14:35:02 GMT):

Agreed and we'd welcome the contribution.  If you look at the startup options for the "--auto...", you'll see some examples of that, as well as the "/send" endpoint on the issue.

We'd have to decide if such a controller should be part of ACA-Py or a companion repo. Generally, we have gone with companion repos, as the implementations have not been generic enough.

wip-abramson (Thu, 20 May 2021 18:31:20 GMT):

@TimoGlastra FYI I can confirm this is a PostgresDb issue. Same files work great using the standard db sqlite or whatever it is.

On postgres I managed a file of about 1 - 1.5kb max

So the question is really is this a ACA-Py bug do we think? Or just a problem with Postgres as a db for storing cred data.

wip-abramson (Thu, 20 May 2021 18:32:26 GMT):

@swcurran would be interested in your thoughts on this

swcurran (Thu, 20 May 2021 18:44:06 GMT):

Question from @ianco -- maybe he can help.

ianco (Thu, 20 May 2021 18:47:33 GMT):

This issue has come up in the past with Postgres, but AFAIK it has been fixed.  @wip-abramson are you running with the latest indy sdk release?

ianco (Thu, 20 May 2021 18:48:55 GMT):

(Background - the limit in Postgres is the max size allowed for indexes.  Since each attribute becomes a tag, and each tag is indexed, the size of the index depends on the size of the attribute value.  The fix was - we replaced the index with an MD5 so we could support unlimited attribute value size.)

wip-abramson (Thu, 20 May 2021 18:49:57 GMT):

Ah great, most likely not then I imagine. I am using bcgovimages/von-image:py36-1.16-0

wip-abramson (Thu, 20 May 2021 18:51:45 GMT):

Hmm seems to be the latest, unless indy-sdk is set somewhere else

ianco (Thu, 20 May 2021 18:52:12 GMT):

That should be `1.16.0` (based on the image name)

ianco (Thu, 20 May 2021 18:52:27 GMT):

I'll double check that the postgres fix was in the release

ianco (Thu, 20 May 2021 18:54:32 GMT):

It looks like version `1.16.0` should work (this commit illustrates the fix:  https://github.com/hyperledger/indy-sdk/commit/aa23d8658dac2bde767093cc8c625498518554e6)

wip-abramson (Thu, 20 May 2021 18:57:19 GMT):

Thanks @ianco appreciate it. I will keep digging. Pretty certain I am using the 1.16-0 docker image. Let me check the container see if I can find out what is actually installed on it

ianco (Thu, 20 May 2021 18:57:54 GMT):

If you can connect to your postgres database using a sql tool you can verify what indexes are created

ianco (Thu, 20 May 2021 18:59:00 GMT):

I think we just updated the index on the `tags_encrypted` table, so if you have this attribute flagged as "plaintext" then that may cause an issue

wip-abramson (Thu, 20 May 2021 19:00:36 GMT):

I didn't actually know you could flag attributes as any type, I just use a list of attribute names

ianco (Thu, 20 May 2021 19:01:15 GMT):

They should all be encrypted by default then

jcourt (Thu, 20 May 2021 22:42:57 GMT):

Will do thanks for the note.

jcourt (Thu, 20 May 2021 22:57:27 GMT):

@sklump Done

wip-abramson (Fri, 21 May 2021 11:03:05 GMT):

We have attempted to create something along these lines @santidediego. A generic pip installable package that covers all ACA-Py endpoints. Idea being you can focus on business logic and use this package to interface with aca-py rather than reimplementing and managing that code in every new project. It was initially designed so we could interact with ACA-Py from juypter notebooks. Obviously only useful if you are using python.

Code now lives here - https://github.com/didx-xyz/aries-cloudcontroller-python

Although best place to learn how to use it is probably here - https://github.com/OpenMined/PyDentity

gut (Fri, 21 May 2021 13:31:54 GMT):

Thank you @swcurran . We'll start by creating a generic controller with the current cloudagent, and then see if merging some atomic calls is desirable/possible for a contribution. 
We'll have a look to the project by @wip-abramson too :)

gut (Fri, 21 May 2021 13:31:54 GMT):

Thank you @swcurran. We'll start by creating a generic controller with the current cloudagent, and then see if merging some atomic calls is desirable/possible for a contribution. 
We'll have a look to the project by @wip-abramson too :)

gut (Fri, 21 May 2021 13:33:31 GMT):

One last question. Are these thoughts extensible for the edge agent philosophy? Making wrapped calls to the SDK for easier interaction I mean.

Shweta1 (Fri, 21 May 2021 13:54:15 GMT):

Hi Team,How can i integrate aries cloud agent with postgres server

ianco (Fri, 21 May 2021 14:21:48 GMT):

There is an example set of parameters here:  https://github.com/hyperledger/aries-cloudagent-python/blob/main/demo/postgres-indy-args.yml

filip.burlacu (Fri, 21 May 2021 18:18:25 GMT):

looks like a recent change (I suspect this https://github.com/hyperledger/aries-cloudagent-python/pull/1178) has broken aath tests
```
$ ./manage rebuild -a acapy-main
... (success)
$ ./manage run -d acapy-main -t @T003-RFC0023 -v 20
...
When "Bob" sends an explicit invitation with a public DID                                                          # features/steps/0023-did-exchange.py:138 0.013s
      Assertion Failed: resp_status 500 is not 200; 500 Internal Server Error
```
and bob_agent.log contains:
```
2021-05-21 18:03:52,862 aries_cloudagent.core.dispatcher ERROR Handler error: invitation_create
Traceback (most recent call last):
  File "/usr/local/lib/python3.7/site-packages/aries_cloudagent/connections/base_manager.py", line 224, in resolve_invitation
    doc: ResolvedDocument = await resolver.resolve(self._session.profile, did)
  File "/usr/local/lib/python3.7/site-packages/aries_cloudagent/resolver/did_resolver.py", line 60, in resolve
    _, doc = await self._resolve(profile, did)
  File "/usr/local/lib/python3.7/site-packages/aries_cloudagent/resolver/did_resolver.py", line 45, in _resolve
    for resolver in await self._match_did_to_resolver(profile, did):
  File "/usr/local/lib/python3.7/site-packages/aries_cloudagent/resolver/did_resolver.py", line 98, in _match_did_to_resolver
    raise DIDMethodNotSupported(f'No resolver supprting DID "{did}" loaded')
aries_cloudagent.resolver.base.DIDMethodNotSupported: No resolver supprting DID "did:sov:QbQM5ACo2n9HikwVtMaJoW" loaded

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/usr/local/lib/python3.7/site-packages/aries_cloudagent/protocols/out_of_band/v1_0/routes.py", line 182, in invitation_create
    mediation_id=mediation_id,
  File "/usr/local/lib/python3.7/site-packages/aries_cloudagent/protocols/out_of_band/v1_0/manager.py", line 231, in create_invitation
    endpoint, *_ = await self.resolve_invitation(public_did.did)
  File "/usr/local/lib/python3.7/site-packages/aries_cloudagent/connections/base_manager.py", line 228, in resolve_invitation
    ) from error
aries_cloudagent.connections.base_manager.BaseConnectionManagerError: Failed to resolve public DID in invitation
2021-05-21 18:03:52,863 aries_cloudagent.admin.server ERROR Handler error with exception: Failed to resolve public DID in invitation
```

filip.burlacu (Fri, 21 May 2021 18:18:25 GMT):

looks like a recent change (I suspect this https://github.com/hyperledger/aries-cloudagent-python/pull/1178) has broken aath tests
```
$ ./manage rebuild -a acapy-main
... (success)
$ ./manage run -d acapy-main -t @T003-RFC0023 -v 20
...
When "Bob" sends an explicit invitation with a public DID                                                          # features/steps/0023-did-exchange.py:138 0.013s
      Assertion Failed: resp_status 500 is not 200; 500 Internal Server Error
```
and bob_agent.log contains:
```
2021-05-21 18:03:52,862 aries_cloudagent.core.dispatcher ERROR Handler error: invitation_create
Traceback (most recent call last):
  File "/usr/local/lib/python3.7/site-packages/aries_cloudagent/connections/base_manager.py", line 224, in resolve_invitation
    doc: ResolvedDocument = await resolver.resolve(self._session.profile, did)
  File "/usr/local/lib/python3.7/site-packages/aries_cloudagent/resolver/did_resolver.py", line 60, in resolve
    _, doc = await self._resolve(profile, did)
  File "/usr/local/lib/python3.7/site-packages/aries_cloudagent/resolver/did_resolver.py", line 45, in _resolve
    for resolver in await self._match_did_to_resolver(profile, did):
  File "/usr/local/lib/python3.7/site-packages/aries_cloudagent/resolver/did_resolver.py", line 98, in _match_did_to_resolver
    raise DIDMethodNotSupported(f'No resolver supprting DID "{did}" loaded')
aries_cloudagent.resolver.base.DIDMethodNotSupported: No resolver supprting DID "did:sov:QbQM5ACo2n9HikwVtMaJoW" loaded

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/usr/local/lib/python3.7/site-packages/aries_cloudagent/protocols/out_of_band/v1_0/routes.py", line 182, in invitation_create
    mediation_id=mediation_id,
  File "/usr/local/lib/python3.7/site-packages/aries_cloudagent/protocols/out_of_band/v1_0/manager.py", line 231, in create_invitation
    endpoint, *_ = await self.resolve_invitation(public_did.did)
  File "/usr/local/lib/python3.7/site-packages/aries_cloudagent/connections/base_manager.py", line 228, in resolve_invitation
    ) from error
aries_cloudagent.connections.base_manager.BaseConnectionManagerError: Failed to resolve public DID in invitation
2021-05-21 18:03:52,863 aries_cloudagent.admin.server ERROR Handler error with exception: Failed to resolve public DID in invitation
```
Not sure why the Indy Resolver wouldn't be enabled, because if it _was_ enabled, there would be a warning message "BaseResolver.supported_methods is deprecated", and the log doesn't contain any

filip.burlacu (Fri, 21 May 2021 18:21:07 GMT):

```
```

filip.burlacu (Fri, 21 May 2021 18:24:01 GMT):

for context, these are the startup parameters:
```
['./bin/aca-py', 'start', 
'--endpoint', 'http://172.17.0.1:9031',
 '--label', 'aca-py.Bob', 
'--inbound-transport', 'http', '0.0.0.0', '9031', 
'--outbound-transport', 'http', '--admin', '0.0.0.0', '9032', 
'--admin-insecure-mode', '--public-invites',
 '--wallet-type', 'indy',
 '--wallet-name', 'aca-py.bob590812',
 '--wallet-key', 'aca-py.Bob590812',
 '--auto-provision', '--recreate-wallet',
 '--genesis-transactions', '{"reqSignature":{},"txn":{"data":{"data":{"alias":"Node1","blskey":"4N8aUNHSgjQVgkpm8nhNEfDf6txHznoYREg9kirmJrkivgL4oSEimFF6nsQ6M41QvhM2Z33nves5vfSn9n1UwNFJBYtWVnHYMATn76vLuL3zU88KyeAYcHfsih3He6UHcXDxcaecHVz6jhCYz1P2UZn2bDVruL5wXpehgBfBaLKm3Ba","blskey_pop":"RahHYiCvoNCtPTrVtP7nMC5eTYrsUA8WjXbdhNc8debh1agE9bGiJxWBXYNFbnJXoXhWFMvyqhqhRoq737YQemH5ik9oL7R4NTTCz2LEZhkgLJzB3QRQqJyBNyv7acbdHrAT8nQ9UkLbaVL9NBpnWXBTw4LEMePaSHEw66RzPNdAX1","client_ip":"172.17.0.1","client_port":9702,"node_ip":"172.17.0.1","node_port":9701,"services":["VALIDATOR"]},"dest":"Gw6pDLhcBcoQesN72qfotTgFa7cbuqZpkX3Xo6pLhPhv"},"metadata":{"from":"Th7MpTaRZVRYnPiabds81Y"},"type":"0"},"txnMetadata":{"seqNo":1,"txnId":"fea82e10e894419fe2bea7d96296a6d46f50f93f9eeda954ec461b2ed2950b62"},"ver":"1"}\n{"reqSignature":{},"txn":{"data":{"data":{"alias":"Node2","blskey":"37rAPpXVoxzKhz7d9gkUe52XuXryuLXoM6P6LbWDB7LSbG62Lsb33sfG7zqS8TK1MXwuCHj1FKNzVpsnafmqLG1vXN88rt38mNFs9TENzm4QHdBzsvCuoBnPH7rpYYDo9DZNJePaDvRvqJKByCabubJz3XXKbEeshzpz4Ma5QYpJqjk","blskey_pop":"Qr658mWZ2YC8JXGXwMDQTzuZCWF7NK9EwxphGmcBvCh6ybUuLxbG65nsX4JvD4SPNtkJ2w9ug1yLTj6fgmuDg41TgECXjLCij3RMsV8CwewBVgVN67wsA45DFWvqvLtu4rjNnE9JbdFTc1Z4WCPA3Xan44K1HoHAq9EVeaRYs8zoF5","client_ip":"172.17.0.1","client_port":9704,"node_ip":"172.17.0.1","node_port":9703,"services":["VALIDATOR"]},"dest":"8ECVSk179mjsjKRLWiQtssMLgp6EPhWXtaYyStWPSGAb"},"metadata":{"from":"EbP4aYNeTHL6q385GuVpRV"},"type":"0"},"txnMetadata":{"seqNo":2,"txnId":"1ac8aece2a18ced660fef8694b61aac3af08ba875ce3026a160acbc3a3af35fc"},"ver":"1"}\n{"reqSignature":{},"txn":{"data":{"data":{"alias":"Node3","blskey":"3WFpdbg7C5cnLYZwFZevJqhubkFALBfCBBok15GdrKMUhUjGsk3jV6QKj6MZgEubF7oqCafxNdkm7eswgA4sdKTRc82tLGzZBd6vNqU8dupzup6uYUf32KTHTPQbuUM8Yk4QFXjEf2Usu2TJcNkdgpyeUSX42u5LqdDDpNSWUK5deC5","blskey_pop":"QwDeb2CkNSx6r8QC8vGQK3GRv7Yndn84TGNijX8YXHPiagXajyfTjoR87rXUu4G4QLk2cF8NNyqWiYMus1623dELWwx57rLCFqGh7N4ZRbGDRP4fnVcaKg1BcUxQ866Ven4gw8y4N56S5HzxXNBZtLYmhGHvDtk6PFkFwCvxYrNYjh","client_ip":"172.17.0.1","client_port":9706,"node_ip":"172.17.0.1","node_port":9705,"services":["VALIDATOR"]},"dest":"DKVxG2fXXTU8yT5N7hGEbXB3dfdAnYv1JczDUHpmDxya"},"metadata":{"from":"4cU41vWW82ArfxJxHkzXPG"},"type":"0"},"txnMetadata":{"seqNo":3,"txnId":"7e9f355dffa78ed24668f0e0e369fd8c224076571c51e2ea8be5f26479edebe4"},"ver":"1"}\n{"reqSignature":{},"txn":{"data":{"data":{"alias":"Node4","blskey":"2zN3bHM1m4rLz54MJHYSwvqzPchYp8jkHswveCLAEJVcX6Mm1wHQD1SkPYMzUDTZvWvhuE6VNAkK3KxVeEmsanSmvjVkReDeBEMxeDaayjcZjFGPydyey1qxBHmTvAnBKoPydvuTAqx5f7YNNRAdeLmUi99gERUU7TD8KfAa6MpQ9bw","blskey_pop":"RPLagxaR5xdimFzwmzYnz4ZhWtYQEj8iR5ZU53T2gitPCyCHQneUn2Huc4oeLd2B2HzkGnjAff4hWTJT6C7qHYB1Mv2wU5iHHGFWkhnTX9WsEAbunJCV2qcaXScKj4tTfvdDKfLiVuU2av6hbsMztirRze7LvYBkRHV3tGwyCptsrP","client_ip":"172.17.0.1","client_port":9708,"node_ip":"172.17.0.1","node_port":9707,"services":["VALIDATOR"]},"dest":"4PS3EDQ3dW1tci1Bp6543CfuuebjFrg36kLAUcskGfaA"},"metadata":{"from":"TWwCRQRZ2ZHMJFn9TzLp7W"},"type":"0"},"txnMetadata":{"seqNo":4,"txnId":"aa5e817d7cc626170eca175822029339a444eb0ee8f0bd20d3b0b76e566fb008"},"ver":"1"}\n', 
'--seed', 'd_000000000000000000000000590812',
 '--storage-type', 'indy',
 '--webhook-url', 'http://172.17.0.1:9033/webhooks', 
'--tails-server-base-url', 'http://172.17.0.1:6543',
 '--emit-new-didcomm-prefix', '--emit-new-didcomm-mime-type']
```

filip.burlacu (Fri, 21 May 2021 18:24:01 GMT):

for context, these are the startup parameters:
```
['./bin/aca-py', 'start', 
 '--endpoint', 'http://172.17.0.1:9031',
 '--label', 'aca-py.Bob', 
 '--inbound-transport', 'http', '0.0.0.0', '9031', 
 '--outbound-transport', 'http', '--admin', '0.0.0.0', '9032', 
 '--admin-insecure-mode', '--public-invites',
 '--wallet-type', 'indy',
 '--wallet-name', 'aca-py.bob590812',
 '--wallet-key', 'aca-py.Bob590812',
 '--auto-provision', '--recreate-wallet',
 '--genesis-transactions', '{"reqSignature":{},"txn":{"data":{"data":{"alias":"Node1","blskey":"4N8aUNHSgjQVgkpm8nhNEfDf6txHznoYREg9kirmJrkivgL4oSEimFF6nsQ6M41QvhM2Z33nves5vfSn9n1UwNFJBYtWVnHYMATn76vLuL3zU88KyeAYcHfsih3He6UHcXDxcaecHVz6jhCYz1P2UZn2bDVruL5wXpehgBfBaLKm3Ba","blskey_pop":"RahHYiCvoNCtPTrVtP7nMC5eTYrsUA8WjXbdhNc8debh1agE9bGiJxWBXYNFbnJXoXhWFMvyqhqhRoq737YQemH5ik9oL7R4NTTCz2LEZhkgLJzB3QRQqJyBNyv7acbdHrAT8nQ9UkLbaVL9NBpnWXBTw4LEMePaSHEw66RzPNdAX1","client_ip":"172.17.0.1","client_port":9702,"node_ip":"172.17.0.1","node_port":9701,"services":["VALIDATOR"]},"dest":"Gw6pDLhcBcoQesN72qfotTgFa7cbuqZpkX3Xo6pLhPhv"},"metadata":{"from":"Th7MpTaRZVRYnPiabds81Y"},"type":"0"},"txnMetadata":{"seqNo":1,"txnId":"fea82e10e894419fe2bea7d96296a6d46f50f93f9eeda954ec461b2ed2950b62"},"ver":"1"}\n{"reqSignature":{},"txn":{"data":{"data":{"alias":"Node2","blskey":"37rAPpXVoxzKhz7d9gkUe52XuXryuLXoM6P6LbWDB7LSbG62Lsb33sfG7zqS8TK1MXwuCHj1FKNzVpsnafmqLG1vXN88rt38mNFs9TENzm4QHdBzsvCuoBnPH7rpYYDo9DZNJePaDvRvqJKByCabubJz3XXKbEeshzpz4Ma5QYpJqjk","blskey_pop":"Qr658mWZ2YC8JXGXwMDQTzuZCWF7NK9EwxphGmcBvCh6ybUuLxbG65nsX4JvD4SPNtkJ2w9ug1yLTj6fgmuDg41TgECXjLCij3RMsV8CwewBVgVN67wsA45DFWvqvLtu4rjNnE9JbdFTc1Z4WCPA3Xan44K1HoHAq9EVeaRYs8zoF5","client_ip":"172.17.0.1","client_port":9704,"node_ip":"172.17.0.1","node_port":9703,"services":["VALIDATOR"]},"dest":"8ECVSk179mjsjKRLWiQtssMLgp6EPhWXtaYyStWPSGAb"},"metadata":{"from":"EbP4aYNeTHL6q385GuVpRV"},"type":"0"},"txnMetadata":{"seqNo":2,"txnId":"1ac8aece2a18ced660fef8694b61aac3af08ba875ce3026a160acbc3a3af35fc"},"ver":"1"}\n{"reqSignature":{},"txn":{"data":{"data":{"alias":"Node3","blskey":"3WFpdbg7C5cnLYZwFZevJqhubkFALBfCBBok15GdrKMUhUjGsk3jV6QKj6MZgEubF7oqCafxNdkm7eswgA4sdKTRc82tLGzZBd6vNqU8dupzup6uYUf32KTHTPQbuUM8Yk4QFXjEf2Usu2TJcNkdgpyeUSX42u5LqdDDpNSWUK5deC5","blskey_pop":"QwDeb2CkNSx6r8QC8vGQK3GRv7Yndn84TGNijX8YXHPiagXajyfTjoR87rXUu4G4QLk2cF8NNyqWiYMus1623dELWwx57rLCFqGh7N4ZRbGDRP4fnVcaKg1BcUxQ866Ven4gw8y4N56S5HzxXNBZtLYmhGHvDtk6PFkFwCvxYrNYjh","client_ip":"172.17.0.1","client_port":9706,"node_ip":"172.17.0.1","node_port":9705,"services":["VALIDATOR"]},"dest":"DKVxG2fXXTU8yT5N7hGEbXB3dfdAnYv1JczDUHpmDxya"},"metadata":{"from":"4cU41vWW82ArfxJxHkzXPG"},"type":"0"},"txnMetadata":{"seqNo":3,"txnId":"7e9f355dffa78ed24668f0e0e369fd8c224076571c51e2ea8be5f26479edebe4"},"ver":"1"}\n{"reqSignature":{},"txn":{"data":{"data":{"alias":"Node4","blskey":"2zN3bHM1m4rLz54MJHYSwvqzPchYp8jkHswveCLAEJVcX6Mm1wHQD1SkPYMzUDTZvWvhuE6VNAkK3KxVeEmsanSmvjVkReDeBEMxeDaayjcZjFGPydyey1qxBHmTvAnBKoPydvuTAqx5f7YNNRAdeLmUi99gERUU7TD8KfAa6MpQ9bw","blskey_pop":"RPLagxaR5xdimFzwmzYnz4ZhWtYQEj8iR5ZU53T2gitPCyCHQneUn2Huc4oeLd2B2HzkGnjAff4hWTJT6C7qHYB1Mv2wU5iHHGFWkhnTX9WsEAbunJCV2qcaXScKj4tTfvdDKfLiVuU2av6hbsMztirRze7LvYBkRHV3tGwyCptsrP","client_ip":"172.17.0.1","client_port":9708,"node_ip":"172.17.0.1","node_port":9707,"services":["VALIDATOR"]},"dest":"4PS3EDQ3dW1tci1Bp6543CfuuebjFrg36kLAUcskGfaA"},"metadata":{"from":"TWwCRQRZ2ZHMJFn9TzLp7W"},"type":"0"},"txnMetadata":{"seqNo":4,"txnId":"aa5e817d7cc626170eca175822029339a444eb0ee8f0bd20d3b0b76e566fb008"},"ver":"1"}\n', 
 '--seed', 'd_000000000000000000000000590812',
 '--storage-type', 'indy',
 '--webhook-url', 'http://172.17.0.1:9033/webhooks', 
 '--tails-server-base-url', 'http://172.17.0.1:6543',
 '--emit-new-didcomm-prefix', '--emit-new-didcomm-mime-type']
```

esune (Fri, 21 May 2021 18:32:01 GMT):

@shaanjot.gill is this related to the OOB issue you're investigating?

jkrstic (Sat, 22 May 2021 18:11:55 GMT):

Has joined the channel.

mattatkiva (Tue, 25 May 2021 16:57:17 GMT):



Screen Shot 2021-05-25 at 12.56.29 PM.png

mattatkiva (Tue, 25 May 2021 16:57:17 GMT):



Message Attachments

mattatkiva (Tue, 25 May 2021 16:57:55 GMT):



Screen Shot 2021-05-25 at 12.57.31 PM.png

mattatkiva (Tue, 25 May 2021 17:01:13 GMT):

please ignore.  idiot at the console

swcurran (Tue, 25 May 2021 18:15:01 GMT):

Join us for the ACA-Py User Group Wednesday (tomorrow) at 11AM Pacific (18:00 UTC) -- the hour before the Aries WG Call. We'll have the core maintainers on the call to answer any questions -- other topics are below.

Zoom link: https://zoom.us/my/hyperledger.community?pwd=STZQd0xMZU9xRVVOVnpQM3JNQ2dqZz09

Link to meeting agenda page: https://wiki.hyperledger.org/display/ARIES/2021-05-26+Aries+Cloud+Agent+-+Python+Users+Group+Community+Meeting

Everyone is welcome!

Topics:

* Status Check: ACA-Py Release 0.7.0
* Update: Queue Handling In ACA-Py
* If we have time: What's in AIP 2.0 that we need to add to ACA-Py

RounakGhosh (Wed, 26 May 2021 10:25:10 GMT):



Clipboard - May 26, 2021 3:54 PM

RounakGhosh (Wed, 26 May 2021 10:25:10 GMT):



Clipboard - May 26, 2021 3:54 PM

swcurran (Wed, 26 May 2021 13:52:53 GMT):

It's likely a startup parameter you have set -- there was recently an issue where certain parameters produce multiple webhook calls.  @ianco -- do you recall the details?

RounakGhosh (Wed, 26 May 2021 14:13:58 GMT):

--auto-accept-invites --replace-public-did --auto-accept-requests --auto-ping-connection --auto-respond-messages --auto-store-credential --admin-insecure-mode --log-level info are the parameters I am passing while starting ACA-PY  @swcurran

PaulWen (Wed, 26 May 2021 18:53:33 GMT):

Has joined the channel.

ianco (Thu, 27 May 2021 18:33:17 GMT):

I think there are 2 different environment variables that can set the webhook url (one is a "legacy environment variable"), not sure if that's what you are doing?

RounakGhosh (Fri, 28 May 2021 10:09:32 GMT):

@ianco  can you tell us what exactly the legacy environment variable is? . I am currently facing an issue where I am getting multiple proof request being sent to my wallet, on hitting a webhook call /present-proof/send-request just once.

wip-abramson (Fri, 28 May 2021 14:08:58 GMT):

Hey, is there still a BC Gov test tails-server we can use? I tried to use ACAPY_TAILS_SERVER_BASE_URL=https://tails-server-dev.pathfinder.gov.bc.ca but ran into a failed to put error. Max tries exceeded etc

swcurran (Fri, 28 May 2021 14:33:33 GMT):

It's a combination.  Can you share all of your start up parameters?  That would help.

WadeBarnes (Fri, 28 May 2021 14:34:32 GMT):

URLs changed, getting the list for you.

WadeBarnes (Fri, 28 May 2021 14:36:14 GMT):

https://tails-dev.vonx.io
https://tails-test.vonx.io

WadeBarnes (Fri, 28 May 2021 14:36:54 GMT):

All data was migrated from the previous instances.

wip-abramson (Fri, 28 May 2021 14:37:06 GMT):

Decent thanks, appreciate it!

WadeBarnes (Fri, 28 May 2021 14:37:39 GMT):

`prod` instances are here, both URLs point to the same instance:
https://tails.vonx.io
https://tails.orgbook.gov.bc.ca

tgalal (Fri, 28 May 2021 14:53:27 GMT):

Has joined the channel.

ianco (Fri, 28 May 2021 15:23:20 GMT):

The original aca-py used an environment variable called `WEBHOOK_URL` to set the web hook.  This is still supported (should probably be removed though) however at some point we added the `--webhook-url` startup parameter and corresponding env var `ACAPY_WEBHOOK_URL`

ianco (Fri, 28 May 2021 15:23:56 GMT):

If you have both of these set you will get multiple hooks

RounakGhosh (Fri, 28 May 2021 16:18:46 GMT):

Yeah, I have set up WEBHOOK_URL in my environment variable but I did not add any --webhook-url parameters while starting the ACA-PY. However, I am using ACA-Py version -
bcgovimages/aries-cloudagent:py36-1.14-0_0.4.2

ianco (Fri, 28 May 2021 16:21:05 GMT):

I suggest using the `--webhook-url` parameter and delete your WEBHOOK_URL env var

ianco (Fri, 28 May 2021 16:22:07 GMT):

... also suggest updating to the latest aca-py (bcgovimages/aries-cloudagent:py36-1.16-0_0.6.0)

RounakGhosh (Fri, 28 May 2021 16:22:20 GMT):

--wallet-type indy --seed   --genesis-url   --label "KYC Verification Service" --auto-accept-invites --replace-public-did --auto-accept-requests --auto-ping-connection --auto-respond-messages --auto-store-credential --admin-insecure-mode --log-level info

RounakGhosh (Fri, 28 May 2021 16:23:27 GMT):

@swcurran , :point_up:  are the parameters I am passing while starting ACA-PY

RounakGhosh (Fri, 28 May 2021 16:24:26 GMT):

@ianco Thank you for the suggestion.

Shweta1 (Sun, 30 May 2021 14:11:14 GMT):

Thanks a lot inaco!!! but when i try to run with postgress getting error OSError: libindystrgpostgres.so: cannot open shared object file: No such file or directory.Any idea

Shweta1 (Sun, 30 May 2021 14:11:14 GMT):

Thanks a lot inaco!!! but when i try to run with postgress getting error OSError: libindystrgpostgres.so: cannot open shared object file: No such file or directory.Any idea.How i can install this dependency into docker container.

Shweta1 (Sun, 30 May 2021 16:08:29 GMT):

running aries agent  with postgress getting error OSError: libindystrgpostgres.so: cannot open shared object file: No such file or directory.Any idea.How i can install this dependency into docker container.

ianco (Mon, 31 May 2021 13:29:35 GMT):

Are you using the published aca-py docker image or building your own?

Shweta1 (Mon, 31 May 2021 13:53:49 GMT):

Thanks inaco!!! I have created aries agent through ./bin/aca-py start .... command from indy-wevserver docker container and install all python dependencies(requirement.txt,demo/requirement.txt) into this container

ianco (Mon, 31 May 2021 19:03:23 GMT):

You need to build the postgres plug-in from source, there is no distribution available AFAIK

ianco (Mon, 31 May 2021 19:04:13 GMT):

(all the other binaries are available here:  https://repo.sovrin.org/)

ianco (Mon, 31 May 2021 19:05:54 GMT):

This is how it's done in the base images used for the published aca-py image:  https://github.com/PSPC-SPAC-buyandsell/von-image/blob/master/1.10/Dockerfile.ubuntu#L102

da3v21 (Tue, 01 Jun 2021 12:35:37 GMT):

@swcurran this was not implemented I created the pull request https://github.com/hyperledger/aries-cloudagent-python/pull/1216

mattatkiva (Tue, 01 Jun 2021 13:07:48 GMT):

I have created multiple credentials for the same credential schema using the same connection id (values for the credential attributes are different for each credential, if thats important).

How do I do a proof for all of the credentials created?

mattatkiva (Tue, 01 Jun 2021 13:07:48 GMT):

I have created multiple credentials for the same credential schema using the same connection id (values for the credential attributes are different for each credential, if thats important).

How do I do a proof for all of the credentials created?   It looks like `present-proof/send-request` expects one credential per connection id.'

mattatkiva (Tue, 01 Jun 2021 13:07:48 GMT):

I have created multiple credentials for the same credential schema using the same connection id (values for the credential attributes are different for each credential, if thats important).

How do I do a proof for all of the credentials created?   It looks like `present-proof/send-request` expects one credential per connection id.

mattatkiva (Tue, 01 Jun 2021 13:07:48 GMT):

I have created multiple credentials for the same credential schema using the same connection id (values for the credential attributes are different for each credential, if thats important).  [The use case here is cash aid given to a citizen from an NGO on monthly basis.  Each credential is proof the aid was distributed]

How do I do a proof for all of the credentials created?   It looks like `present-proof/send-request` expects one credential per connection id.

swcurran (Tue, 01 Jun 2021 14:41:54 GMT):

AFAIK, there is no good answer for this. I've thought about this a few times (although have not had to work on the use case, so didn't go too deep).

AFAIK -- there is currently no way in the Present Proof protocol for a verifier to say "send me all the proofs that meet these restrictions".  Further, there is no way on the holder/wallet to say, send each of these credentials as a sequence of proofs.

I think a higher level protocol is needed so that both sides are explicit about what is being asked for.

swcurran (Tue, 01 Jun 2021 14:44:29 GMT):

Doh -- sorry.  I wasn't realizing that you meant OOB.  Sorry for my confusion.

We're not big fans of connection-less issuing, as it is very difficult to know that the right person/entity winds up with the credential.  As such, we didn't prioritize work on that.

In your work, were you able to do the end to end issuing, starting from an OOB Credential Offer?

mattatkiva (Tue, 01 Jun 2021 14:57:11 GMT):

thnx.  That was kinda what I was thinking the answer was.

mattatkiva (Tue, 01 Jun 2021 15:36:25 GMT):

@swcurran are you aware if there is a need for this in acapy (aka kiva would commit the work)?

mattatkiva (Tue, 01 Jun 2021 15:36:25 GMT):

@swcurran are you aware if there is a need for this in acapy (aka kiva would commit the work to acheive this)?

iammatrix (Tue, 01 Jun 2021 17:37:10 GMT):

Hello, guys I am setting by tails server using docker, (./manage build -> ./manage up) but when I open the tails server localhost in browser it showing "404: Not Found". Is there any way to fix this or am I missing something?

PS - I am also running von network.

andrew.whitehead (Tue, 01 Jun 2021 17:39:26 GMT):

It doesn't currently have an index page, so that's expected

PaulWen (Tue, 01 Jun 2021 17:52:18 GMT):

Hello, is it possible to accept a connectionless credential offer via the AcaPy Rest API?

PaulWen (Tue, 01 Jun 2021 18:06:01 GMT):

This is currently my credential offer

```
```

PaulWen (Tue, 01 Jun 2021 18:06:01 GMT):

This is currently my credential offer

```
{
    "@type": "did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/issue-credential/1.0/offer-credential",
    "@id": "efb65431-f5f5-4e30-988b-bdfa613e1af6",
    "~thread": {},
    "comment": "create automated credential exchange",
    "offers~attach": [
        {
            "@id": "libindy-cred-offer-0",
            "mime-type": "application/json",
            "data": {
                "base64": "eyJzY2hlbWFfaWQiOiAiNFN1UURjdmNCUHZjaWlzdFc3OXN5VjoyOnZlcmlmaWVkLWVtYWlsOjEuMCIsICJjcmVkX2RlZl9pZCI6ICI0U3VRRGN2Y0JQdmNpaXN0Vzc5c3lWOjM6Q0w6MTMzNjM0OmRlZmF1bHQiLCAia2V5X2NvcnJlY3RuZXNzX3Byb29mIjogeyJjIjogIjMxNzI4NzgzNTIyNDMyNDQ5MTc3NjM0NTYwNzUxNTU0MzI1NDkxODcxMTE4Nzg3MzcyNjYxMzU5NTAyNDQxNDU2NDI5OTI2MTY5NjA0IiwgInh6X2NhcCI6ICIxNTc4Njg4MjIxODU3MjIyODA2MDU5NzMxNzgxMDExMzQyMDYyMTMzNTMxOTg0NTk5OTgzOTkzMjM0Mzc3MjIyNzk0NTE0MDE0NDQzNzkwMzY5NTg0OTA3MDMwOTI1NjgzNDA2MjI0NjYxMjY5MTQ4MTc0MzY2OTE4MzkyMzk4MTYzMjMzOTUyMjcwODgwNjIwNDk2NzU4MDYyMTk1NzYxNTkxNDM2MzM2Mzk4NDI5Mzc0MDExNjQwMzM4MjgwMjc0NTM1NDY0NzQxMzI2NzAyMTgwNDUxMjk2ODg3Njg5MTA1MzY4NzA2NDE5MjEyMjc0MTI1ODkzMDI4ODkzNjcwNTAwNTYzNjQ0NjYzNzY3OTk3MTEwNDg0MDU4ODM1MDY2MTI2NjQ2ODk2NTk3MTg5MjY0NjAwNDY5NDA3ODA2MjMwOTgxMTY3NTE4MTMzNzU5OTAwMjQxNjI4Njk5OTIxNTg0OTY3MjgwOTY2NDk4NzMyNTgwOTg5NjQzNDQzMjg3MDMxMTQ4OTY1NzkyODM4ODM5NzE0OTc0NjIwOTgxMjkyOTcyNjI0NzcwNjUxMjk0MDUzNzU5ODU2NTQ1NTkxODE0OTE3NTQ3Njc1NzM2NDIxMjYzNTYxNTc1NDc3OTg4NzQxNzk3Nzg0MzU4NTE0OTUxNTAyODg4MTUxOTA5MzM4MTMyMzk5NjgzOTcxNzc3ODYxNTQzMzg4NTk1NjEzOTk0NjE1NTQ5MDg5NDYxMDI4MTIyMTUxOTk0NzEwNDEzODYxMjY4Mjg4MzYzNzIxMDMzMzQ2OTk4NjM2MzcyMDg2MTA2MDc0Njk4NzQyNzgyOTQ0ODcyNDYwNDA4NDY2OTE4ODI5NzQ5MjU5NDc1NjA2NTUyMjI0MDI1OTA2MTY4NzM3NzYwMzQ5NTIwMzEwMDA4MjIiLCAieHJfY2FwIjogW1sibWFzdGVyX3NlY3JldCIsICI3Mzk1NTEwMDgxNjY1MzI4MDQxMzgxMzkyNTA0MDA3MDkxMzExMzg3ODk3ODM0MDUyNjgzMDMyNjE0MDcxNjkyMjkzODIxNjI4NTg5MjA2MzY0Njc3ODE3MjExMzg4MDY3NDIzNDM0NTE1MjY3MzM3MjYyMTM0NDAwMjE2OTg4MDEwNjkwMzEzMjE0NTU5MjUyMTEzMDUyMDczMTM3NzMzMzI2NjU1NjY0Nzg1MDEyOTA1MTYzMTQxMzczMTgyNjUxNzcwMzA1ODk3NzQ4OTA1MTE1NjU0MjAwNDgwMjUzMDM4NDQ3MTkzMjc2NTg1MDUzMTAxMDc2Mzc1MzcwMDU0OTEyMTgyNDczODkyMTI3NzI0MzY3Mjk4NzI0NDUzNjgwNzgxODk0MjYxMzE3NjIxNTI1MDQ2NjE1MjU1ODgzNjA4MDEwNDUzMzI3MzM4MDg0NDg5Njk1NjU4NTUyMTEyMzk2NDAwNzgwMzA2NDI4MDA4NzM5ODA2MTY1MzQ4NzA4MDkyMjUwOTcyMzkwNDcxMTA3NDY1NzI1Nzg2ODI1NDg5MTI2NjUzNDkxMjMzNDQ3NTgwMjcyNzM3MzYyMTU0Njc1OTA0MTU1Nzc4MDkzOTA4MTE3NDM3MzA0Nzg5ODE0NzI0ODgzMDcyNzQwNDg4MDk1MzEyNzQ0NDI5MjIyNzkyNjA1MjE2ODA3MDQyNjUyOTAxNDE2NDQ2MTY3MDg0OTQ1MDU4MTExMzIyOTA3NDgyMzU3NjY1NDE0NDE2NjgyODQ5MDg4Mjk4MzM5Mzc3MDMxNzI3MTM1MDY4NTE4MDM4ODg0NTM1MTY4MTY2NjUxODIzMTQ0NjMyODc3NzEwNzg0NTgyNzM3NTM3MjYwNTIzNTYxODM0OTgyNDA0MDEyNTM0NDY4MTc3MTgwNDE0NTc5OCJdLCBbImVtYWlsIiwgIjQwNjExMTg0MjYzMzQ2MDk0ODQzMjM2Mzk1OTk0NzI1OTEyNTM0Njk3NjIyNTI0ODMwNjQ5NjQxNzE0ODUyNjI5MzM1NDU2MjE5Mzc4MjY1ODk5NDgwNTI4NTgwMTc2Nzg5OTY1NDQ4MzIxNTE3NTk2NTEwNDY1MjY0NDMyMzI3NzQ1OTExODI4NDc1NTU4Nzg0Mzc2NjI1MDcxNjYxNzc2MDA0NTczOTE2MTQxMzEzNzY1ODk0Njg3MTA3NjQ5OTQ5MTgwNTY2MDE4MzYyOTU3ODY2Njc1NDA5NTYwMjUzMzc5MDgwMzAyNTg2NzIwNjIyMzQxNjg2MDQwNjc1MTI1MDU5NjY4OTMzNTUzMjE3MTUyNzk3MDcxNDMwOTI1ODE3MzI5MTI4ODU1NzIwODQ2NDk2NzI3MjM4NzkxMDU3NDkwMTU1NDU5Nzk5NzUxODkwMTYzMzg1OTk5MDY1NDA0OTM5MjA2OTA3NjA5MDY1MTYwODgyMjA4MDg3NzQ4ODcyMTEyMjA1NTQ5OTEyNDc4Mjk5MDc4NzQ5NDU3MDQxNTM1ODQ4NzUwNTIwODY1NzM2Mzk2ODY5NjYwOTg4NjM0NTM5MTcyMjY4NTQ4NjkyMjg1NTkzMjM2MTQ3Nzk5MTEwNTI3MTUyNzY2OTM0NDgyMzkwOTE2Nzc5MDY3MDk5OTI4MzUyNTU1NzE4NjgzNzkyMTYxNTI4MjU5MDk1MTE2OTE4MTM0NTAyODQ0NDc0MDE3MDA1Nzc3ODkxMTE0NDIyODQxMTc1MzM4NjQ1MDM1MTMyNTgwNDg3NTE0NzY1ODU5OTc4MTAwNTAyNjg3NTkxODQyMTEwMDg3MDMxNTY2NTY0NTIxMzU1NzQ5MzMzODkwMTUzMTEyNDIyNjE4OTA4MDIwMjY4Nzg3NTU2OTY0MDA4NSJdXX0sICJub25jZSI6ICIxMDM5NzcyODEwNDA0NzA1NTY3MDA5MzU1In0="
            }
        }
    ],
    "credential_preview": {
        "@type": "did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/issue-credential/1.0/credential-preview",
        "attributes": [
            {
                "name": "email",
                "mime-type": "text/plain",
                "value": "test2@test.de"
            }
        ]
    },
    "~service": {
        "recipientKeys": ["2sxLrLVvvfFEawee2PTV1fjbAy8nnoCJjT3JvdWEJ2p8"],
        "serviceEndpoint": "http://c6cc32dc7b39.ngrok.io"
    }
}
```

andrew.whitehead (Tue, 01 Jun 2021 18:06:58 GMT):

Not currently, there's a draft PR to add support

PaulWen (Tue, 01 Jun 2021 18:10:26 GMT):

Which PR do you mean? This one: https://github.com/hyperledger/aries-cloudagent-python/pull/1216 ?

andrew.whitehead (Tue, 01 Jun 2021 18:13:08 GMT):

Sorry, I should have looked closer. We don't support the ~service decorator, but we might support connection requests within the out-of-band protocol. I think it should be possible to parse out that service endpoint, create a connection, and then accept the credential offer using the issue-credential protocol, but ACA-Py won't do that automatically

andrew.whitehead (Tue, 01 Jun 2021 18:13:08 GMT):

Sorry, I should have looked closer. We don't support the ~service decorator, but we might support connection offers within the out-of-band protocol. I think it should be possible to parse out that service endpoint, create a connection, and then accept the credential offer using the issue-credential protocol, but ACA-Py won't do that automatically

swcurran (Tue, 01 Jun 2021 18:13:18 GMT):

The main use case that I've run across for this relates to organizations being asked to prove things.  I had thought that would be an easier situation to manage (e.g. two enterprise/server-based agents), but the same basics are needed -- the agents (and their humans) need to know the intent of the interaction and need to make it happen.

I think the it would be worth figuring out what the protocol would look like to enable a good/great user experience.  Once that's done going from there on implementation.

PaulWen (Tue, 01 Jun 2021 18:21:33 GMT):

I see thank you!

RounakGhosh (Tue, 01 Jun 2021 18:24:20 GMT):



Clipboard - June 1, 2021 11:53 PM

RounakGhosh (Tue, 01 Jun 2021 18:24:20 GMT):



Clipboard - June 1, 2021 11:53 PM

PaulWen (Tue, 01 Jun 2021 18:25:41 GMT):

Is it possible to use the AcaPy to issue a connectionless credential? I am able to create a connectionless credential offer and see the credential request coming from the holders agent. After that I only see an exception stating that `No connection established for credential request`

mattatkiva (Tue, 01 Jun 2021 18:47:40 GMT):

ok.  I will mention it here.  I think we are really "needing" this and will be willing to drive this.  I need to run by nathan first

mattatkiva (Tue, 01 Jun 2021 18:47:40 GMT):

ok.  I will mention it here at kiva.  I think we are really "needing" this and will be willing to drive this.  I need to run by nathan first.  If theres need in the community for it as well, I think it will help the mometum

swcurran (Tue, 01 Jun 2021 20:23:01 GMT):

:thumbsup:

da3v21 (Wed, 02 Jun 2021 01:24:24 GMT):

@andrew.whitehead out of band doesn't support connect credential offers yet. The #1216 pull request i created was related to this. Can you check it once

da3v21 (Wed, 02 Jun 2021 02:02:28 GMT):

I'm implementing the feature of issuing a credential out of band with connection. I mentioned the error i am facing in the pull request.

da3v21 (Wed, 02 Jun 2021 02:06:14 GMT):

Adding to the point i think connectionless issuance will be useful in cases. When someone verifies using the connectionless protocol and then immediately it issues the credential to me. e.g. A club verifies my age in a govt id and issues membership credential.

swcurran (Wed, 02 Jun 2021 02:50:43 GMT):

The problem with that is it allows one person to prove and another person to receive the credential.  If you are going to do both, it's much better (e.g. more secure) to establish a connection and then do both operations (proof then issue) using that connection.  

My $0.02CDN :-)

PaulWen (Wed, 02 Jun 2021 05:04:18 GMT):

I just realised that the same behaviour is outlined in the following PR: https://github.com/hyperledger/aries-cloudagent-python/pull/1216

PaulWen (Wed, 02 Jun 2021 05:04:18 GMT):

I just realised that a similar behaviour is outlined in the following PR when trying to accept a credential response: https://github.com/hyperledger/aries-cloudagent-python/pull/1216

PaulWen (Wed, 02 Jun 2021 05:04:18 GMT):

I just realised that a similar behaviour is outlined in the following PR when trying to process a incoming issue-credential message: https://github.com/hyperledger/aries-cloudagent-python/pull/1216

PaulWen (Wed, 02 Jun 2021 05:04:18 GMT):

I just realised that a similar behaviour is outlined in the following PR when trying to process an inbound issue-credential message: https://github.com/hyperledger/aries-cloudagent-python/pull/1216

PaulWen (Wed, 02 Jun 2021 05:23:33 GMT):

What about the case where I want to issue an email or phone number credential? @swcurran do you think in this scenario it would be finde to send a connectionless credential offer via SMS or Email? In this case I do not send a proof request to the holder anyways and therefore would consider it a one step process.

PaulWen (Wed, 02 Jun 2021 05:23:33 GMT):

What about the case where I want to issue an email or phone number credential? @swcurran do you think in this scenario it would be fine to send a connectionless credential offer via SMS or Email? In this case I do not send a proof request to the holder anyways and therefore would consider it a one step process.

RounakGhosh (Wed, 02 Jun 2021 11:28:01 GMT):



Clipboard - June 2, 2021 4:56 PM

wip-abramson (Wed, 02 Jun 2021 14:50:41 GMT):

This means your webhook server is not running. Or not accessible at the endpoint you specified. Doesn't necessarily mean revocation has not worked

RounakGhosh (Wed, 02 Jun 2021 18:18:20 GMT):

Okay, thanks for the suggestion.

RounakGhosh (Thu, 03 Jun 2021 09:45:12 GMT):

I have already setup --webhook-url parameters while starting aca-py

The parameters I am passing are 

(start -it -ot -e --auto-provision --tails-server-base-url --webhook-url --recreate-wallet --wallet-type indy --wallet-storage-type 'default' --wallet-name test --wallet-key --seed --genesis-url --label "Thrift Bank" --auto-accept-invites --auto-accept-requests --auto-ping-connection --auto-respond-messages --auto-store-credential --admin-insecure-mode --image-url --log-level info)

Is there something I am missing, any help would be appreciated.

RounakGhosh (Thu, 03 Jun 2021 09:45:12 GMT):

@wip-abramson  I have already setup --webhook-url parameters while starting aca-py

The parameters I am passing are 

(start -it -ot -e --auto-provision --tails-server-base-url --webhook-url --recreate-wallet --wallet-type indy --wallet-storage-type 'default' --wallet-name test --wallet-key --seed --genesis-url --label "Thrift Bank" --auto-accept-invites --auto-accept-requests --auto-ping-connection --auto-respond-messages --auto-store-credential --admin-insecure-mode --image-url --log-level info)

Is there something I am missing, any help would be appreciated.

RounakGhosh (Thu, 03 Jun 2021 09:45:12 GMT):

@wip-abramson  I have already setup   --webhook-url parameters while starting aca-py

The parameters I am passing are 

(start -it -ot -e --auto-provision --tails-server-base-url --webhook-url --recreate-wallet --wallet-type indy --wallet-storage-type 'default' --wallet-name test --wallet-key --seed --genesis-url --label "Thrift Bank" --auto-accept-invites --auto-accept-requests --auto-ping-connection --auto-respond-messages --auto-store-credential --admin-insecure-mode --image-url --log-level info)

Is there something I am missing, any help would be appreciated.

RounakGhosh (Thu, 03 Jun 2021 14:50:18 GMT):



Clipboard - June 3, 2021 8:19 PM

wip-abramson (Thu, 03 Jun 2021 17:45:49 GMT):

Well those args you havent set a webhook-url? --webhook-url "http://someserver.com"

But also you need to actually run that server somewhere, so you can receive these webhooks.

Your agent is telling you it tried to post to http://dev-proof-of-account-service... and it failed

RounakGhosh (Thu, 03 Jun 2021 18:42:35 GMT):

@wip-abramson , I have only provided the parameters that I have passed while starting the aca py agent. I have passed someurl along with the parameters mentioned.

Yunxi 3 (Fri, 04 Jun 2021 12:35:18 GMT):

Hello all, which files in ACA-Py have the code to call indy-sdk that deals with wallet/db creation for PostgreSQL?

wip-abramson (Fri, 04 Jun 2021 13:13:30 GMT):

Hey, is this a bug?
https://github.com/hyperledger/aries-cloudagent-python/blob/1c7bc86b91cd10d472ad15cb52c09b9424e8175c/aries_cloudagent/protocols/coordinate_mediation/v1_0/handlers/mediation_request_handler.py#L30
I am sure this has changed recently and it seems odd. If I set ACAPY_MEDIATION_OPEN to true then now I won't automatically grant mediation requests, but if I don't set it at all I will?

wip-abramson (Fri, 04 Jun 2021 13:13:30 GMT):



wip-abramson (Fri, 04 Jun 2021 13:15:43 GMT):

No actually my bad I read this wrong

RounakGhosh (Fri, 04 Jun 2021 13:40:56 GMT):



Clipboard - June 4, 2021 7:10 PM

andrew.whitehead (Fri, 04 Jun 2021 16:38:22 GMT):

That probably indicates that you've recreated your von-network ledger and you're working with an old genesis file

esune (Fri, 04 Jun 2021 16:47:58 GMT):

Thread anwering his questions is in the repo btw: https://github.com/hyperledger/aries-cloudagent-python/issues/1219

esune (Fri, 04 Jun 2021 16:47:58 GMT):

Thread answering his questions is in the repo btw: https://github.com/hyperledger/aries-cloudagent-python/issues/1219

filip.burlacu (Fri, 04 Jun 2021 17:57:56 GMT):

does aca-py have an http-resolver plugin? From what I can tell, an http resolver (for use with uniresolver) was added as a default resolver in a wip branch, then deleted before the branch was merged, so I assume the code must have been moved to a plugin outside aca-py's repo. Is that available somewhere?

dbluhm (Fri, 04 Jun 2021 18:07:01 GMT):

Yep, this was moved to this repo: https://github.com/sicpa-dlab/acapy-resolver-universal

dbluhm (Fri, 04 Jun 2021 18:07:13 GMT):

Underwent a slight rename as well for clarity

dbluhm (Fri, 04 Jun 2021 18:08:48 GMT):

We are planning to add docs to ACA-Py for the DID Resolver that has a simple directory of DID Resolver plugins which should help with discoverability in the future (assuming the universal resolver plugin remains separate from ACA-Py)

swcurran (Fri, 04 Jun 2021 18:09:20 GMT):

Will that go into Hyperledger at some point?

dbluhm (Fri, 04 Jun 2021 18:10:55 GMT):

I think SICPA is open to that if the community would like it moved to Hyperledger. @victor.martinez ?

timbl (Fri, 04 Jun 2021 19:02:38 GMT):

Has joined the channel.

victor.martinez (Fri, 04 Jun 2021 20:05:43 GMT):

We are happy to move them into Hyperledger

Shweta1 (Mon, 07 Jun 2021 06:01:21 GMT):

when i start faber agent,getting pydid module not found

Shweta1 (Mon, 07 Jun 2021 06:01:21 GMT):

when i start faber agent,getting pydid module not found.How I can get pydid module?

dbluhm (Mon, 07 Jun 2021 13:33:09 GMT):

Can you give the command you're running and the specific error you are seeing?

dbluhm (Mon, 07 Jun 2021 13:34:14 GMT):

Also the commit of ACA-Py you're using, please.

dbluhm (Mon, 07 Jun 2021 13:37:01 GMT):

Without knowing your environmnet or what error you're seeing and how you're getting there, this is just a guess but there's a good chance you need to install dependencies again to get the most recent version of PyDID.

RounakGhosh (Mon, 07 Jun 2021 13:40:34 GMT):

@andrew.whitehead Could you please look into the issue once?

https://github.com/hyperledger/aries-cloudagent-python/issues/1219#issuecomment-855900627

RounakGhosh (Mon, 07 Jun 2021 13:40:34 GMT):

@andrew.whitehead , @esune Could you please look into the issue once?

https://github.com/hyperledger/aries-cloudagent-python/issues/1219#issuecomment-855900627

Shweta1 (Mon, 07 Jun 2021 14:23:46 GMT):

Below commands I am running

Shweta1 (Mon, 07 Jun 2021 14:23:46 GMT):

Below commands I am running
cd aries-cloudagent
pip3 install -r demo/requirements.txt
pip3 install -r requirements.txt
cd demo
export PYTHONIOENCODING=utf-8

Also added these libraries(libindy, libnullpay, libvcx, indy-cli )

Shweta1 (Mon, 07 Jun 2021 14:23:46 GMT):

Below commands I am running
cd aries-cloudagent
pip3 install -r demo/requirements.txt
pip3 install -r requirements.txt
cd demo
export PYTHONIOENCODING=utf-8
GENESIS_FILE=../../my_genesis.txn DEFAULT_POSTGRES=true python3 -m runners.faber --port 8020


Also added these libraries(libindy, libnullpay, libvcx, indy-cli )

Shweta1 (Mon, 07 Jun 2021 14:23:46 GMT):

I am using latest relase.
Below commands I am running
cd aries-cloudagent
pip3 install -r demo/requirements.txt
pip3 install -r requirements.txt
cd demo
export PYTHONIOENCODING=utf-8
GENESIS_FILE=../../my_genesis.txn DEFAULT_POSTGRES=true python3 -m runners.faber --port 8020


Also added these libraries(libindy, libnullpay, libvcx, indy-cli )

dbluhm (Mon, 07 Jun 2021 14:30:09 GMT):

When you say latest release, are you referring to version 0.6.0? Are you working from a local git repository?

Shweta1 (Mon, 07 Jun 2021 14:54:49 GMT):

Thanks a lot dbluhm!! it's working with 0.6.0

esune (Mon, 07 Jun 2021 16:26:32 GMT):

Did you try what was suggested - i.e.  starting your agent from scratch?
DId you change the configuration  of your `von-network` since you initially started it (e.g.: adding/removing nodes) and therefore need to create a new genesis file?

wip-abramson (Mon, 07 Jun 2021 17:35:44 GMT):

Hey everyone. @lohan.spies and I are giving a demo tomorrow at the Global Forum - https://hgf2021.sched.com/event/j3f1. Our aim is to get whoever wants to setup with a ACA-Py agent accessible on the public internet and then connect with each other, send messages, design interact flows, issue credential etc. Basically, whatever SSI flows people are motivated to create I reckon the playground we have developed should support it. Once set up all people need to do is write business logic in a juputer notebook interface.

Because we only have 15 minutes, plus it's in the EU morning, I created a configuration walkthrough video - https://www.youtube.com/watch?v=swiA2op3PiQ 

Anyone who wants to run an ACA-Py agent and use it throughout the HGF to interact with others (including any external agents people are demoing) should be able to do so by following the instructions in the video. We are kind of modelling this as a mini hackathon see what people come up with, so if anyone wants to get involved feel welcome. Initially, I have written a basic MessagingService so if you do get setup be sure to share an invite in the #aries-playground channel and Lohan I will connect with you and send you some messages. 

Who knows what other possibilities might be created...

sauveergoel (Mon, 07 Jun 2021 19:12:43 GMT):

How do I use `/present-proof/create-request` ?

sauveergoel (Mon, 07 Jun 2021 19:12:43 GMT):

What do I use `/present-proof/create-request` for? I am not able to send the presentation to a connection_id afterwards

swcurran (Mon, 07 Jun 2021 19:30:51 GMT):

This is for use in a connection-less proof.  You create the request and you convey it out of band to the holder/prover.

swcurran (Mon, 07 Jun 2021 19:45:13 GMT):

This week's ACA-Pug meeting has been cancelled for Hyperledger Global Forum.  See you there!

sauveergoel (Mon, 07 Jun 2021 19:46:32 GMT):

thanks for the clarification, suppose this is the case, then how will a prover react to this request, which endpoint will be used?

swcurran (Mon, 07 Jun 2021 20:19:26 GMT):

This can be used with `service decorator` in AIP 1.0 or Out of Band in AIP 2.0 to send the message in plaintext to the prover.  The prover would have the presentation request and a service block to which a `/present-proof/vx.0/presentation` message can be sent.

deas (Tue, 08 Jun 2021 02:05:52 GMT):

If I'm reading the schedule right, that's at 4:50 AM ET in the US. I'm afraid I'll have to miss that live. Any chance to play along after the fact?

adityasanth (Tue, 08 Jun 2021 07:53:28 GMT):

Has joined the channel.

lohan.spies (Tue, 08 Jun 2021 09:12:37 GMT):

@deas Sure, lets us know

wip-abramson (Tue, 08 Jun 2021 09:13:00 GMT):

Yeah I think it will be recorded. But I would recommend just going through the youtube video and trying to spin up an agent. Once you do post an invitation in #aries-playground

luanafrattini (Tue, 08 Jun 2021 11:57:31 GMT):

f

GuilhermeFunchal (Tue, 08 Jun 2021 13:23:01 GMT):

Hello

GuilhermeFunchal (Tue, 08 Jun 2021 13:26:36 GMT):

Hello, I'm using ACA-PY with multitenant option. Whem I try to create a static connection between two subwallet users the system reply "400: DID already present in wallet" 

curl -X POST "http://161.148.151.16:8021/connections/create-static" -H "accept: application/json" -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ3YWxsZXRfaWQiOiJkMWY0MDAzYS1hNjI1LTQ2NGUtOTNhMy0zYjI1ZGE2ZWMxMjMifQ.LKF9IiwGjlYOcnRjMZNT4HtqfyvV0bw6K-nrPRLgoQA" -H "Content-Type: application/json" -d "{ \"alias\": \"test1\", \"my_did\": \"SWeWWMNuPhT2jChBYHPDrp\", \"their_did\": \"KT1UqbVLEsWnXLCtgcERTv\", \"their_endpoint\": \"https://192.168.2.33:8021\", \"their_label\": \"test2\", \"their_verkey\": \"B4C57mytn94Ltdv6HhdaG9LmZdR5JNEH9Lh4k98VEJBM\"}"

GuilhermeFunchal (Tue, 08 Jun 2021 13:26:36 GMT):

Hello, I'm using ACA-PY with multitenant option. Whem I try to create a static connection between two subwallet users the system reply "400: DID already present in wallet" 

curl -X POST "http://161.148.151.16:8021/connections/create-static" -H "accept: application/json" -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ3YWxsZXRfaWQiOiJkMWY0MDAzYS1hNjI1LTQ2NGUtOTNhMy0zYjI1ZGE2ZWMxMjMifQ.LKF9IiwGjlYOcnRjMZNT4HtqfyvV0bw6K-nrPRLgoQA" -H "Content-Type: application/json" -d "{ \"alias\": \"test1\", \"my_did\": \"SWeWWMNuPhT2jChBYHPDrp\", \"their_did\": \"KT1UqbVLEsWnXLCtgcERTv\", \"their_endpoint\": \"https://192.168.2.33:8021\", \"their_label\": \"test2\", \"their_verkey\": \"B4C57mytn94Ltdv6HhdaG9LmZdR5JNEH9Lh4k98VEJBM\"}"     

what am I doing wrong?

iammatrix (Thu, 10 Jun 2021 10:28:01 GMT):

Hey guys, is there any example of Revocation registry, been working on it, getting some errors, would be good if I get any articles or documentations.

iammatrix (Thu, 10 Jun 2021 10:28:41 GMT):

also, after a connection is setup in mobile wallet is there any way for the user to connect to the same service with the previosu the connecrion

iammatrix (Thu, 10 Jun 2021 10:28:41 GMT):

Also, after a connection is set up in the mobile wallet is there any way for the user to connect to the same service with the previous connection id, without scanning the QR code.?? 
any help will be appreciated.

RounakGhosh (Thu, 10 Jun 2021 11:50:36 GMT):

Hey guys, I am getting multiple proof request coming after scanning QR code, while I should be receiving only 1 proof request per service.? The number of proof request is  a random number, sometimes it is 1, while some other time it is 2 or 3. We are using AWS to host the services.

RounakGhosh (Thu, 10 Jun 2021 11:50:36 GMT):

Hey guys, I am getting multiple proof request coming after scanning QR code, while I should be receiving only 1 proof request per service. The number of proof request is  a random number, sometimes it is 1, while some other time it is 2 or 3. We are using AWS to host the services. Is there any way to fix the issue of ACA-PY sending multiple proof request.?

dbluhm (Thu, 10 Jun 2021 13:36:03 GMT):

I think there's a few locations where revocation is demonstrated but I put one together recently that scripts a flow from connection to failed presentation request after revoking an issued credential and displaying all the Admin API calls made along the way: https://github.com/Indicio-tech/acapy-revocation-demo

dbluhm (Thu, 10 Jun 2021 13:36:57 GMT):

This file captures all the output from the demo, showing all those API calls: https://github.com/Indicio-tech/acapy-revocation-demo/blob/main/output.txt

wip-abramson (Thu, 10 Jun 2021 13:58:18 GMT):

Hey Wade, I finally got round to switching my POC from a local docker service to use the dev vonx you referenced above. Unfortunately this is causing a the same error msg:

Tails file for rev reg TDAbSf3Uqebg8N4XvybMbg:4:TDAbSf3Uqebg8N4XvybMbg:3:CL:37:institution:CL_ACCUM:4314591b-4e00-4444-a6cf-b0a6483e4e6b failed to upload: Exceeded maximum put attempts

I am wondering if this is something to do with my docker networking config? Revocation is working find when I run a indy-tails-server service on the same docker network. Any suggestions on this much appreciated!

wip-abramson (Thu, 10 Jun 2021 13:58:33 GMT):

I actually tried both dev and test urls

WadeBarnes (Thu, 10 Jun 2021 14:45:38 GMT):

@esune, Any thoughts?

wip-abramson (Thu, 10 Jun 2021 14:53:52 GMT):

Ah okay, so writing cred def appears to have worked when using the StagingNet (not tested issuance/revocation yet). Before I was using a local von-network. Could this be the reason

wip-abramson (Thu, 10 Jun 2021 15:12:33 GMT):

Yep can confirm it revocation flows work with the urls when using stagingnet. Probably that is expected behaviour? Does the tails-server need access to the ledger for some validation type requests?

esune (Thu, 10 Jun 2021 19:36:55 GMT):

Yes, it does: it will check that the rev registry and teh creddef info match

esune (Thu, 10 Jun 2021 19:36:55 GMT):

Yes, it does: it will check that the rev registry and the creddef info match

swcurran (Thu, 10 Jun 2021 19:37:03 GMT):

If the the party with whom they connected (e.g. issuer, verifier) saved the connection, that party can reuse the connection.  For example -- one idea I've had is after making the connection, the service give the browser a cookie that links back to the connection.   Then, when the user goes back to the page, the service can use the cookie, know the connection, and reused it for a proof.

Note that with AIP 2.0 and the Out of Band protocol -- on getting an invitation from a service (e.g. via a QR code), the wallet app can see if it has a connection with that service and reuse their connection vs. establishing a new one.

It's painful that this was missing from AIP 1.0.  We should have had that...

esune (Thu, 10 Jun 2021 19:38:42 GMT):

I believe the access to the ledger is so that the public key for the issuer can be verified, I can't remember exactly what 's going on off the top off my head :sweat_smile:

esune (Thu, 10 Jun 2021 19:42:38 GMT):

https://github.com/bcgov/issuer-kit could also help, it supports issuing and revoking credentials.
The bottom line on the calls is:
- creddef needs to be created with revocation support turned on
- when a credential is issued, the webhook will containe `rev_id` and `rev_reg_id`: you need to keep track of tehm as they will be used to revoke the credential
- the `/revocation` API namespace has endpoints to revoke credentials by either using the above `rev-id/rev_reg_id` OR `credential-exchange-id`
- to "apply" the revocation, you need to make sure you publish the revocation entries, this can be done contextually when revoking a credential or batched (see APIs, the flags should be sort of clear)

esune (Thu, 10 Jun 2021 19:48:18 GMT):

This is a writeup of how things could be managed in a web application currently: https://hackmd.io/NqcEApDOQeuczvRXZ3lvSA

As @swcurran explained above it is not the smoothest experience, using OOB and being able to catch if the connection is already available makes things much better/easier for sure.

esune (Thu, 10 Jun 2021 19:49:07 GMT):

Please note the above is a high-level example, depending on your business case and flow you might be able to implement things differently.

wip-abramson (Fri, 11 Jun 2021 09:40:14 GMT):

Makes sense, thanks

sauveergoel (Fri, 11 Jun 2021 18:06:28 GMT):

@swcurran any documentation or demo elated to the same I am not able to figure our the whole flow

sauveergoel (Fri, 11 Jun 2021 18:06:28 GMT):

@swcurran any documentation or demo related to the same I am not able to figure our the whole flow

swcurran (Fri, 11 Jun 2021 18:48:27 GMT):

For the AIP 1.0?  This is used in vc-authn-oidc  (https://github.com/bcgov/vc-authn-oidc)

@esune could provide a pointer to where in the code base the connection-less proof request is handled.

sauveergoel (Fri, 11 Jun 2021 18:49:19 GMT):

what doe AIP stands for?

swcurran (Fri, 11 Jun 2021 18:50:29 GMT):

Ah...sorry -- Aries Interop Profile.

https://github.com/hyperledger/aries-rfcs/tree/master/concepts/0302-aries-interop-profile

swcurran (Fri, 11 Jun 2021 18:50:59 GMT):

That includes a description of what an AIP is, and the definition of AIP 1.0 and AIP 2.0.

swcurran (Fri, 11 Jun 2021 18:53:02 GMT):

ALso -- vc-authn-oidc is an OIDC Identity Provider that tasks standard OIDC requests from a Relying Party, uses verifiable credentials / a presentation request to get a presentation from the entity and then returns an OIDC token to the Relying Party.

swcurran (Fri, 11 Jun 2021 18:53:02 GMT):

Also -- vc-authn-oidc is an OIDC Identity Provider that tasks standard OIDC requests from a Relying Party, uses verifiable credentials / a presentation request to get a presentation from the entity and then returns an OIDC token to the Relying Party.

sauveergoel (Fri, 11 Jun 2021 18:53:42 GMT):

this is helpful, thanks

sauveergoel (Fri, 11 Jun 2021 18:54:41 GMT):

is it only available in c#?

swcurran (Fri, 11 Jun 2021 18:58:44 GMT):

The OidP is written in C#, but uses ACA-Py (Python) to do the Aries interactions.  It's generally just a deployed container in our world, so we don't worry too much about that.  We deploy it in an OpenShift environment using Keycloak, but it can be used with any IAM.

sauveergoel (Fri, 11 Jun 2021 19:02:48 GMT):

I am more interested in how to create the request and use it for further interaction, which is written is C# i guess, any repo that has a python implementation?

sauveergoel (Fri, 11 Jun 2021 19:06:36 GMT):

if I understand it correclty, once i craete a proof request using `/present-proof/create-request` then i have to use the out-of-band `create-invitation` to send it to a agent using their public DID?

sauveergoel (Fri, 11 Jun 2021 19:06:45 GMT):

@swcurran

sauveergoel (Fri, 11 Jun 2021 19:17:41 GMT):

I am getting this error when I try to recieve and out-of bound invitation

sauveergoel (Fri, 11 Jun 2021 19:17:41 GMT):

I am getting this error when I try to receive an out-of-bound invitation

sauveergoel (Fri, 11 Jun 2021 19:17:43 GMT):

AttributeError: 'IndySdkProfileSession' object has no attribute 'session'

sauveergoel (Fri, 11 Jun 2021 19:18:50 GMT):

Any idea what am I missing here

sauveergoel (Fri, 11 Jun 2021 19:27:09 GMT):

it will be great help if you can help with the descriptions of the field in the image below

sauveergoel (Fri, 11 Jun 2021 19:27:19 GMT):



Clipboard - June 12, 2021 12:57 AM

sauveergoel (Fri, 11 Jun 2021 19:30:49 GMT):

> 2021-06-11 19:15:19,385 aries_cloudagent.core.dispatcher ERROR Handler error: invitation_receive
Traceback (most recent call last):
  File "/usr/local/lib/python3.6/dist-packages/aries_cloudagent/protocols/out_of_band/v1_0/routes.py", line 231, in invitation_receive
    mediation_id=mediation_id,
  File "/usr/local/lib/python3.6/dist-packages/aries_cloudagent/protocols/out_of_band/v1_0/manager.py", line 569, in receive_invitation
    presentation_ex_record
  File "/usr/local/lib/python3.6/dist-packages/aries_cloudagent/protocols/present_proof/v1_0/manager.py", line 217, in receive_request
    async with self._profile.session() as session:
AttributeError: 'IndySdkProfileSession' object has no attribute 'session'

swcurran (Fri, 11 Jun 2021 21:20:07 GMT):

I don't have a quick answer for that.  Perhaps @esune will be able to help (connection-less AIP 1.0) or @shaanjot.gill on OOB and AIP 2.0.

Are you trying to do this to work with existing Mobile Agents?  If so, you are going to want to use the AIP 1.0 solution -- which is what is used in vc-authn-oidc.  If you are using ACA-Py to ACA-Py, you can use either.

sauveergoel (Fri, 11 Jun 2021 21:54:16 GMT):

I am trying to do from aca-py to aca-py agent

sauveergoel (Sat, 12 Jun 2021 20:21:05 GMT):

[ ](https://chat.hyperledger.org/channel/aries-cloudagent-python?msg=SsNWSQS8sN5cYG7dB) any help on this is appreciated, It is a critical functionality

sauveergoel (Sat, 12 Jun 2021 20:21:05 GMT):

[ ](https://chat.hyperledger.org/channel/aries-cloudagent-python?msg=SsNWSQS8sN5cYG7dB) any help on this is appreciated, It is a critical functionality @esune @swcurran

sauveergoel (Sat, 12 Jun 2021 20:21:05 GMT):

[ ](https://chat.hyperledger.org/channel/aries-cloudagent-python?msg=SsNWSQS8sN5cYG7dB) any help on this is appreciated, It is a critical functionality @esune @swcurran  |  This is the error I get when doing /out-of-bonds/receive-invitation, ACA-Py to ACA-Py Agents

PaulWen (Sun, 13 Jun 2021 09:56:07 GMT):

Hi guys, is there any best-practice to *recover events send by the AcaPy* to the controller via a Webhook *while the controller was down* and therefore missed the Webhook call?

swcurran (Sun, 13 Jun 2021 14:16:51 GMT):

Connection-less issue is not support in ACA-Py -- it has not been a priority feature.

madhugoundla (Mon, 14 Jun 2021 01:36:03 GMT):

aries_cloudagent.transport.outbound.manager ERROR >>> Error when posting to: http://3.136.17.140:8082/webhooks/topic/connections/; Error: (, ClientConnectorError(ConnectionKey(host='3.136.17.140', port=8082, is_ssl=False, ssl=None, proxy=None, proxy_auth=None, proxy_headers_hash=None), ConnectionRefusedError(111, "Connect call failed ('3.136.17.140', 8082)")), ); Re-queue failed message ...

madhugoundla (Mon, 14 Jun 2021 01:36:18 GMT):

Hi, keep getting this error when webhook URL is enabled.

iammatrix (Mon, 14 Jun 2021 16:21:25 GMT):

Hello Guys,
Can anyone tell me which parameter may be used to stop "multiple proof- requests" in aca-py web-hook requests?

RounakGhosh (Mon, 14 Jun 2021 16:26:09 GMT):

Please do check your webhook parameters and your swagger url. It is not able to connect with your swagger url.

esune (Mon, 14 Jun 2021 17:41:31 GMT):

If you are trying to receive a connection invitation via OOB you need to remove `attachments`, `mediation_id` and `metadata` from that JSON payload as they are used in other scenarios

esune (Mon, 14 Jun 2021 17:42:09 GMT):

`mediation_id` is the connection to the mediator in use - if any.
`attachments` and `metadata` I am not too sure, @shaanjot.gill might be able to answer better

madhugoundla (Mon, 14 Jun 2021 18:28:00 GMT):

Okay, thank you. Let me check

sauveergoel (Tue, 15 Jun 2021 05:53:14 GMT):

I am trying to send a proof-request using OOB

sauveergoel (Tue, 15 Jun 2021 06:00:28 GMT):

can you help how can i share a proof request using OOB?

sauveergoel (Tue, 15 Jun 2021 06:00:57 GMT):

@esune @shaanjot.gill

lohan.spies (Tue, 15 Jun 2021 07:44:42 GMT):

@MichaelWiles

MichaelWiles (Tue, 15 Jun 2021 07:44:42 GMT):

Has joined the channel.

MichaelWiles (Tue, 15 Jun 2021 07:46:59 GMT):

So please excuse this question if it's a "noob" question... We are building an api on top of aca-py to facilitate our use cases...

This question is in the context of ACA-Py...

I am just keen to know why there is a concept of "wallet endpoint" and what it is used for? It does not appear to be the same as the more general endpoints for communicating between agents. I'd assume it has something to do with giving external parties the ability to interact directly with wallet? Not entirely sure what external party that would be... When you create a wallet you can set the endpoint, this can also be read and updated.

pritam_01 (Tue, 15 Jun 2021 10:58:19 GMT):

Has joined the channel.

RounakGhosh (Tue, 15 Jun 2021 13:22:19 GMT):



Clipboard - June 15, 2021 6:50 PM

daidoji (Tue, 15 Jun 2021 13:27:21 GMT):

I think the "wallet endpoint" is acapys way of abstracting out the actual wallet mechanism so that third party wallets may some day take the place of the indy wallet that acapy uses now.  

If I'm wrong on that someone more informed with correct me on this point.

daidoji (Tue, 15 Jun 2021 13:29:01 GMT):

As a general rule though the REST apis/endpoints are acapy's method of abstracting out strict interfaces within their codebase however, so not all (hardly any) endpoints should actually be exposed to the real world.  DIDcomm and the swagger interface you've seen in the tutorials are usually the method you want to use to connect to other agents

ianco (Tue, 15 Jun 2021 17:33:56 GMT):

@TimoGlastra when I (as a holder) issue a credential request (in response to a credential offer from an issuer) can I include additional information into the credential request?  For example I want to give the issuer a did:key (that I the holder created) to use as the `credentialSubject.id` within the credential

TimoGlastra (Tue, 15 Jun 2021 17:37:03 GMT):

Nope, but you can set the `credentialSubject.id` in the request

TimoGlastra (Tue, 15 Jun 2021 17:37:39 GMT):

So issuer sends credential offer, I send back the same content of the offer in the request, but with my `credentialSubject.id` aded

TimoGlastra (Tue, 15 Jun 2021 17:42:52 GMT):

Two reasons why there is no `official` way to do this. First is to keep the protocol simple, it is meant as a temporary protocol until credential manifest is finished. Secondly, AFAIK, you should authentically bind the subject id to the subject, i.e. first verify the holder owns/controls the did in the subject.id, meaning you already have the did so could have already included it in the offer

ianco (Tue, 15 Jun 2021 17:43:15 GMT):

ok I'll give that a try, thanks!

ianco (Tue, 15 Jun 2021 17:43:59 GMT):

I suppose the holder could create a new did:key for each credential?

TimoGlastra (Tue, 15 Jun 2021 17:44:34 GMT):

True! but you should still verify ownership beforehand  in that case

ianco (Tue, 15 Jun 2021 17:45:28 GMT):

If I (the holder) create the did:key when I receive the credential offer, and then include it in the credential request, then ownership is implicit, no?

ianco (Tue, 15 Jun 2021 17:45:45 GMT):

The issuer doesn't need to know it ahead of time

TimoGlastra (Tue, 15 Jun 2021 17:46:19 GMT):

Not really. You could have created the did and passed the did to me afterwards

TimoGlastra (Tue, 15 Jun 2021 17:46:27 GMT):

Then I have a credential bound to your did

TimoGlastra (Tue, 15 Jun 2021 17:46:27 GMT):

Then I have a credential bound to your did (if I present it to the issuer)

swcurran (Tue, 15 Jun 2021 20:25:44 GMT):

Hey folks -- just had a message from the folks working on an AATH backchannel for Aries-VCX and they noted that it looks like the Indy implementation of Present Proof V2 / Request Presentation in ACA-Py is incorrect.  See the reply for details.

@ianco -- can you please take a quick look at the implementation, and see if the message format is indeed incorrect.
If so -- @shaanjot.gill and @andrew.whitehead -- can the two of you decide on how to address this.  Obvs this is something that Stephen Klump would have addressed this.

swcurran (Tue, 15 Jun 2021 20:26:07 GMT):

Hi Stephen, while working on a aries-vcx backchannel for aries interop test harness I noticed that the proof presentation tests use presentation request attachments in the following format:
            "presentation_proposal": {
                "@type": "did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/present-proof/1.0/request-presentation",
                "comment": "This is a comment for the request for presentation.",
                "request_presentations~attach": {
                    "@id": "libindy-request-presentation-0",
                    "mime-type": "application/json",
                    "data":  data
                }
            }

where
        data = {
                    "requested_attributes": {
                        "attr_1": {
                            "name": "attr_1",
                            "restrictions": [
                                {
                                    "schema_name": "test_schema." + context.issuer_name,
                                    "schema_version": "1.0.0"
                                }
                            ]
                        }
                    }
                }
```
The tests are passing e.g. on acapy.

Now, looking into the accepted aries RFC on attachments here, if I am understanding correctly, then
1. request_presentations~attach should be an array, and
2. the data field should contain some of json / base64 / links / jws / sha256 fields.
Is that correct? If so, does that mean that acapy is using incorrect format? If not, what are the expectations on the attachment content according to aries then?

Thanks
```

swcurran (Tue, 15 Jun 2021 20:26:07 GMT):

Hi Stephen, while working on a aries-vcx backchannel for aries interop test harness I noticed that the proof presentation tests use presentation request attachments in the following format:

```
            "presentation_proposal": {
                "@type": "did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/present-proof/1.0/request-presentation",
                "comment": "This is a comment for the request for presentation.",
                "request_presentations~attach": {
                    "@id": "libindy-request-presentation-0",
                    "mime-type": "application/json",
                    "data":  data
                }
            }

where
        data = {
                    "requested_attributes": {
                        "attr_1": {
                            "name": "attr_1",
                            "restrictions": [
                                {
                                    "schema_name": "test_schema." + context.issuer_name,
                                    "schema_version": "1.0.0"
                                }
                            ]
                        }
                    }
                }
```
The tests are passing e.g. on acapy.

Now, looking into the accepted aries RFC on attachments here, if I am understanding correctly, then
1. request_presentations~attach should be an array, and
2. the data field should contain some of json / base64 / links / jws / sha256 fields.
Is that correct? If so, does that mean that acapy is using incorrect format? If not, what are the expectations on the attachment content according to aries then?

Thanks
```

swcurran (Tue, 15 Jun 2021 20:26:07 GMT):

Hi Stephen, while working on a aries-vcx backchannel for aries interop test harness I noticed that the proof presentation tests use presentation request attachments in the following format:

```
            "presentation_proposal": {
                "@type": "did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/present-proof/1.0/request-presentation",
                "comment": "This is a comment for the request for presentation.",
                "request_presentations~attach": {
                    "@id": "libindy-request-presentation-0",
                    "mime-type": "application/json",
                    "data":  data
                }
            }
```

where

```
        data = {
                    "requested_attributes": {
                        "attr_1": {
                            "name": "attr_1",
                            "restrictions": [
                                {
                                    "schema_name": "test_schema." + context.issuer_name,
                                    "schema_version": "1.0.0"
                                }
                            ]
                        }
                    }
                }
```
The tests are passing e.g. on acapy.

Now, looking into the accepted aries RFC on attachments here, if I am understanding correctly, then
1. request_presentations~attach should be an array, and
2. the data field should contain some of json / base64 / links / jws / sha256 fields.
Is that correct? If so, does that mean that acapy is using incorrect format? If not, what are the expectations on the attachment content according to aries then?

Thanks
```

swcurran (Tue, 15 Jun 2021 20:26:07 GMT):

Hi Stephen, while working on a aries-vcx backchannel for aries interop test harness I noticed that the proof presentation tests use presentation request attachments in the following format:

```
            "presentation_proposal": {
                "@type": "did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/present-proof/1.0/request-presentation",
                "comment": "This is a comment for the request for presentation.",
                "request_presentations~attach": {
                    "@id": "libindy-request-presentation-0",
                    "mime-type": "application/json",
                    "data":  data
                }
            }
```

where

```
        data = {
                    "requested_attributes": {
                        "attr_1": {
                            "name": "attr_1",
                            "restrictions": [
                                {
                                    "schema_name": "test_schema." + context.issuer_name,
                                    "schema_version": "1.0.0"
                                }
                            ]
                        }
                    }
                }
```
The tests are passing e.g. on acapy.

Now, looking into the accepted aries RFC on attachments here, if I am understanding correctly, then

1. request_presentations~attach should be an array, and
2. the data field should contain some of json / base64 / links / jws / sha256 fields.

Is that correct? If so, does that mean that acapy is using incorrect format? If not, what are the expectations on the attachment content according to aries then?

Thanks

ianco (Tue, 15 Jun 2021 20:57:00 GMT):

Hi @swcurran is this referring to the payload for the aca-pi API's or the message format that aca-py is generating?

ianco (Tue, 15 Jun 2021 20:57:00 GMT):

Hi @swcurran is this referring to the payload for the aca-py API's or the message format that aca-py is generating?

swcurran (Tue, 15 Jun 2021 20:58:16 GMT):

I believe this is the message format that ACA-Py is generating.  The API input should be the Proof Request, and the ACA-Py protocol implementation should be constructing the right message to be sent to another agent.

swcurran (Tue, 15 Jun 2021 20:59:12 GMT):

Ah..wait -- this is V1, not V2 -- look at the message.  That may be the problem....

ianco (Tue, 15 Jun 2021 21:00:08 GMT):

For V1 we're interoperable with all the mobile apps right?

ianco (Tue, 15 Jun 2021 21:00:36 GMT):

I'll check the message format against the rfc ...

swcurran (Tue, 15 Jun 2021 21:01:20 GMT):

I have to go to a meeting -- I was just about to that.  Remember to check the version of the RFC associated with AIP 1.0 -- not the latest.

ianco (Tue, 15 Jun 2021 21:09:17 GMT):

I think the message is getting built propery

ianco (Tue, 15 Jun 2021 21:09:31 GMT):

The RFC (request presentation v1 from aip 1.0):  https://github.com/hyperledger/aries-rfcs/tree/4fae574c03f9f1013db30bf2c0c676b1122f7149/features/0037-present-proof#request-presentation

swcurran (Tue, 15 Jun 2021 21:09:48 GMT):

I would think so.  Good stuff.

ianco (Tue, 15 Jun 2021 21:10:35 GMT):

Aca-py code to construct the message: https://github.com/hyperledger/aries-cloudagent-python/blob/main/aries_cloudagent/protocols/present_proof/v1_0/routes.py#L466

ianco (Tue, 15 Jun 2021 21:10:54 GMT):

I haven't done any actual testing but the code looks right

swcurran (Tue, 15 Jun 2021 21:11:08 GMT):

Still doesn't look right to me...

ianco (Tue, 15 Jun 2021 21:12:35 GMT):

?

swcurran (Tue, 15 Jun 2021 21:14:02 GMT):

It sucks in RocketChat -- I need to put this into a quick doc.

swcurran (Tue, 15 Jun 2021 21:14:33 GMT):

I don't see why it's not an array and why the value is "data".

ianco (Tue, 15 Jun 2021 21:16:38 GMT):

I don't know about "data" but ...

ianco (Tue, 15 Jun 2021 21:16:46 GMT):

this is an array:  `"request_presentations~attach": [ ...]`

ianco (Tue, 15 Jun 2021 21:17:09 GMT):

... and in our code it's:

ianco (Tue, 15 Jun 2021 21:17:29 GMT):

`self.request_presentations_attach = ( list( ... ) )`

ianco (Tue, 15 Jun 2021 21:17:40 GMT):

... which constructs an array

ianco (Tue, 15 Jun 2021 21:18:12 GMT):

Are they on the AATH channel?  maybe we should take the discussion over there ...

swcurran (Tue, 15 Jun 2021 21:18:48 GMT):

Yup...I'm in a meeting and struggling with the stupid rocketChat reply.  I'll give it a try.

swcurran (Tue, 15 Jun 2021 21:18:48 GMT):

Yup...I'm in a meeting and struggling with the stupid rocketChat reply.  I'll give it a try in a bit to understand it.

ianco (Tue, 15 Jun 2021 21:19:04 GMT):

ok

swcurran (Tue, 15 Jun 2021 21:19:16 GMT):

I'll answer is needed, but hopefully can shut down.

ianco (Tue, 15 Jun 2021 21:24:56 GMT):

who pm'ed you?

ianco (Tue, 15 Jun 2021 22:28:56 GMT):

It looks like the aca-py api endpoint doesn't give the option to override any of the offered credential attributes

ianco (Tue, 15 Jun 2021 22:30:03 GMT):

Should this endpoint `/issue-credential-2.0/records/{cred_ex_id}/send-request` allow an optional json payload (similar to how the send presentation endpoint allows the prover to override/amend the presentation request)?

TimoGlastra (Tue, 15 Jun 2021 22:33:41 GMT):

Hmm right. My brain completely let me down here.

TimoGlastra (Tue, 15 Jun 2021 22:34:04 GMT):

yeah I think that would be the correct approach

ianco (Tue, 15 Jun 2021 22:34:49 GMT):

ko I think I can tackle this

RounakGhosh (Wed, 16 Jun 2021 18:05:32 GMT):

While trying to issue credential, I am getting the error, "The hash of the downloaded tails file does not match."  and as a result the credential is not getting issued. Can anyone please provide suggestion regarding this roadblock. Thanks!!.

mirgee (Wed, 16 Jun 2021 19:06:59 GMT):

@ianco It was me - I was talking about payload sent by AATH to the backchannels. Sorry for the confusion!

ianco (Wed, 16 Jun 2021 20:26:58 GMT):

np I just wasn't sure who to respond to ...  I think Mr Curran moved the discussion to the AATH channel right?

mirgee (Wed, 16 Jun 2021 20:28:36 GMT):

@esune That's correct.

mirgee (Wed, 16 Jun 2021 20:29:02 GMT):

@ianco That's correct

ekubilay (Thu, 17 Jun 2021 08:19:03 GMT):

Hi everyone, I have a short question, could someone tell me what this plugin https://github.com/hyperledger/aries-acapy-plugin-toolbox really offers? And what is the difference with this one; https://github.com/hyperledger/aries-toolbox?

TimoGlastra (Thu, 17 Jun 2021 08:40:08 GMT):

The aries-toolbox repo is an electron application that offers a simple GUI to control an agent. However to be able to control the agent, it needs to understand the custom protocols the GUI uses. The aries-acapy-plugin-toolbox adds support for those protocols to ACA-Py. So you actually need both for it to work.

TimoGlastra (Thu, 17 Jun 2021 08:40:08 GMT):

The aries-toolbox repo is an electron application that offers a simple GUI to control an agent. However to be able to control the agent, the other agent needs to understand the custom protocols the GUI uses. The aries-acapy-plugin-toolbox adds support for those protocols to ACA-Py. So you actually need both for it to work.

ekubilay (Thu, 17 Jun 2021 09:59:42 GMT):

thank you!

etschelp (Thu, 17 Jun 2021 10:37:27 GMT):

One reason might be that the tails server is running without a mapped volume and the original tails file got lost during restarts.

RounakGhosh (Fri, 18 Jun 2021 11:03:20 GMT):

Thank you, I needed to check the volume of the docker-containtand the URL, it is working fine now.

RounakGhosh (Fri, 18 Jun 2021 11:03:20 GMT):

Thank you, I needed to check the volume of the docker-container and the URL, it is working fine now.

fethbita (Fri, 18 Jun 2021 12:15:37 GMT):

Has joined the channel.

RounakGhosh (Fri, 18 Jun 2021 18:23:28 GMT):

After, I create a connection, connect with the service through a QR code, and receive a credential from the service, is it possible to connect with the service later on with the same connection ID, without requiring to scan the QR code again.??. If yes, can anyone suggest how to achieve that.??

daidoji (Fri, 18 Jun 2021 18:37:15 GMT):

if you'll look at the swagger page, generally any of the calls that require a "connection_id" can be resued from that initial invitation's id

daidoji (Fri, 18 Jun 2021 18:37:21 GMT):

so like basic-message for example

daidoji (Fri, 18 Jun 2021 18:37:32 GMT):

no need to scan the QR code except the one time

lwyatt (Sun, 20 Jun 2021 08:13:36 GMT):

Has joined the channel.

tusharbansal (Mon, 21 Jun 2021 04:45:53 GMT):

Has joined the channel.

tusharbansal (Mon, 21 Jun 2021 04:57:48 GMT):

Hello Everyone,

As aca-py uses the VON network, I was curious to know, can the VON network be replaced by the SOVRIN network?

tusharbansal (Mon, 21 Jun 2021 04:57:48 GMT):

Hello Everyone,

As aca-py uses the VON network, I was curious to know, can the VON network be replaced by the SOVRIN network?

If yes, what are the changes going to be made in aca-py to use SOVRIN network?

TimoGlastra (Mon, 21 Jun 2021 10:06:38 GMT):

Hi @tusharbansal The VON network and the Sovrin network are both indy networks. i.e. it are just different instances of the same ledger. Same as with the Sovrin Mainnet and the Sovrin Stagingnet. So you can already connect to both in ACA-Py by specifying a different genesis transaction

tusharbansal (Mon, 21 Jun 2021 10:49:30 GMT):

Hello @TimoGlastra 

Thanks for your reply,

I need one clarification, As you said "it is just different instances of the same ledger". Could you explain it more? What did you mean by that?
I believe different instances of the same ledger would have the same transaction. But when we look at the set of transactions on both the networks they are completely different, I believe this means both are different ledger. Also the working of both the network are different, VON creates and registers new DIDs while SOVRIN just makes a existing DID an endorser DID.

Please validate and help me understand if I'm going wrong, I am new in this tech.

TimoGlastra (Mon, 21 Jun 2021 10:55:20 GMT):

Ah should've used better wording for this. The two are indeed different ledgers, however both use the same ledger implementation (indy-node). So all transactions, nodes, etc... are different between the two. But both are hyperledger indy ledgers

TimoGlastra (Mon, 21 Jun 2021 10:56:56 GMT):

VON and Sovrin can both register new DIDs and make existing DIDs endorser DIDs. The policy on how that is managed is however different. The VON network, by default, allows you to freely register new DIDs as it is meant as a development network

tusharbansal (Mon, 21 Jun 2021 11:28:41 GMT):



CodeSnippetAriesAgent.png

tusharbansal (Mon, 21 Jun 2021 11:29:03 GMT):



CodeSnippetAriesAgent.png

tusharbansal (Mon, 21 Jun 2021 11:29:29 GMT):

Hello @TimoGlastra 

Thanks for the clarification, 

Also, we tried and did some changes from our side as mentioned below. 

We changed the Genesis URL and Ledger URL to reflect the Sovrin "buildernet", also we did some changes to line number 371 of agent.py (aries-dynamic-cloudagent-python/demo/runners/support/agent.py). 

Since the registration process for Sovrin "buildernet" network is different from the VON development network, we have to change the below line number 371 POST call into "https://selfserve.sovrin.org/nym". This call require the body input {"network":"buildernet","did":"JWxuf1qNPwrr27dA8UCEg7","verkey":"~wfMTCLo9TXDS5PhGbux3n","paymentaddr":""}.

We are not able to send the DID and Verkey in this post call before the agent spin up. In case of VON network it was taking seed in the input and we are getting DID and verkey as output but here What could be done to make the Sovrin "buildernet" NYM post-call with DID and Verkey at agent spin up? 

And could you tell me is it good to go with VON network for Production? Is it realiable for production release?

tusharbansal (Mon, 21 Jun 2021 11:29:29 GMT):

Hello @TimoGlastra 

Thanks for the clarification, 

Also, we tried and did some changes from our side as mentioned below. 

We changed the Genesis URL and Ledger URL to reflect the Sovrin "buildernet", 

also we did some changes to line number 371 of agent.py (aries-dynamic-cloudagent-python/demo/runners/support/agent.py). 

Since the registration process for Sovrin "buildernet" network is different from the VON development network,

 we have to change the below line number 371 POST call into "https://selfserve.sovrin.org/nym". This call require the body input {"network":"buildernet","did":"JWxuf1qNPwrr27dA8UCEg7","verkey":"~wfMTCLo9TXDS5PhGbux3n","paymentaddr":""}.

We are not able to send the DID and Verkey in this post call before the agent spin up. 

In case of VON network it was taking seed in the input and we are getting DID and verkey as output but here What could be done to make the Sovrin "buildernet" NYM post-call with DID and Verkey at agent spin up? 

And could you tell me is it good to go with VON network for Production? Is it realiable for production release?

WadeBarnes (Mon, 21 Jun 2021 11:53:47 GMT):

@tusharbansal, Here is some additional information; https://chat.hyperledger.org/channel/indy-node?msg=BHsMhMQ3PqThsXNf7

tusharbansal (Mon, 21 Jun 2021 13:15:42 GMT):

Hello @WadeBarnes 

Thank you for your reply. 

Yes, we came to know the same. that's why we choose to use the VON network for Development and testing purposes and the Sovrin network for Production. We already started the process to use BulderNet of Sovrin(also in discussion with Sovrin help group via email), but We are facing an issue while registering DID in Sovrin builderNet from aca-py. 

With the VON network, we did not change anything in aca-py code and it worked fine because it used 'seed' value as the body to call register DID API and in response, we get DID and other stuff, but we found that to endorse (register) DID they(Sovrin help group) send us portal URL and we are trying to call API with code and we found that it requires DID and other parameters for input to register (endorse) did so we have to change code and somehow it did not work because there is no code therein section to generate DID.

We communicate the same to the Sovrin help desk but they told us to ask a question here since they don't have a clear idea of aca-py. Detail regarding changes we have done is found in this thread. It bit strange that the API structure is not the same for VON and Sovrin networks.

Do we need to change the code to make it work? Is there any Sovrin API to register DID with seed? or can you guide us on the same?

WadeBarnes (Mon, 21 Jun 2021 13:23:52 GMT):

`aca-py` was setup to "auto-register" with `von-network` to speed development.  In the real (Production) world the process of registering your DID on the network and using your DID via an agent, such as `aca-py` are separate concerns and processes.

WadeBarnes (Mon, 21 Jun 2021 13:25:41 GMT):

For that reason "auto-register" features were never build into `aca-py` for any other network.

WadeBarnes (Mon, 21 Jun 2021 13:28:22 GMT):

You can register a DID on either Sovrin BuilderNet (`dev`) or Sovrin StagingNet (`test`) for free here; [Sovrin Self Serve](https://selfserve.sovrin.org/).  Once your DID is registered, you will be able to connect your `aca-py` agent.

WadeBarnes (Mon, 21 Jun 2021 13:28:22 GMT):

You can register a DID on either Sovrin BuilderNet (`dev`) or Sovrin StagingNet (`test`) for free here; [Sovrin Self Serve](https://selfserve.sovrin.org/).  Once your DID is registered, you will be able to connect your `aca-py` agent using the same DID.

WadeBarnes (Mon, 21 Jun 2021 13:29:24 GMT):

More information about how to join the Sovrin MainNet (`prod`) ledger can be found here; [Sovrin](https://sovrin.org/overview/)

WadeBarnes (Mon, 21 Jun 2021 13:31:28 GMT):

No code changes are needed in `aca-py`.

WadeBarnes (Mon, 21 Jun 2021 13:35:09 GMT):

```
We communicate the same to the Sovrin help desk but they told us to ask a question here since they don't have a clear idea of aca-py. Detail regarding changes we have done is found in this thread. It bit strange that the API structure is not the same for VON and Sovrin networks.
``` 
@tusharbansal, I am aware, I'm part of the Sovrin NetOps team, and have been following the emails.  You were directed to ask the questions here since the questions were specific to `aca-py` and this is a more appropriate forum for such questions.

WadeBarnes (Mon, 21 Jun 2021 13:36:48 GMT):

Does what I'm saying so far make sense?

WadeBarnes (Mon, 21 Jun 2021 13:49:31 GMT):

Forgot to mention, the DID and VerKey you need to register will be generated and reported by your `aca-py` agent when you first start it up.  They will be based on the `seed` you used for your `aca-py` instance.

WadeBarnes (Mon, 21 Jun 2021 13:52:40 GMT):

You can also query your `aca-py` agent for it's DID and VerKey using it's admin API interface `/wallet/did/public`.

WadeBarnes (Mon, 21 Jun 2021 13:57:47 GMT):

If you are looking to automate the process a bit more you can use the following scripts as reference.  They were designed for use with `aca-py` instances hosted in OpenShift, but they'll give you a good idea of the process:
- https://github.com/bcgov/a2a-trust-over-ip-configurations/blob/master/openshift/manage#L347-L405
- https://github.com/bcgov/a2a-trust-over-ip-configurations/blob/master/openshift/manage#L272-L345

WadeBarnes (Mon, 21 Jun 2021 13:58:15 GMT):

Just note, you won't be able to self-register on Sovrin MainNet.

RounakGhosh (Mon, 21 Jun 2021 15:15:09 GMT):



Clipboard - June 21, 2021 8:42 PM

c2bo (Mon, 21 Jun 2021 15:23:23 GMT):

That seems to be an error involving a revocation registry. Have you configured a tails server before creating the credential definition? If you don't want/need revocation, you should probably try to create a new credential definition without revocation.

esune (Mon, 21 Jun 2021 15:44:23 GMT):

I have seen this error when the tails server URL was moved after creating the initial revocation registry: because of how the revocation registry definition is managed, you cannot change the base URL of the tails server or bad things happen.

esune (Mon, 21 Jun 2021 15:44:39 GMT):

I think this was also reported/answered recently in the github issues in the repo

esune (Mon, 21 Jun 2021 15:45:11 GMT):

(probably a screenshot reporting the error rather than a formatted snippet, which makes searching for it  hard)

esune (Mon, 21 Jun 2021 15:46:10 GMT):

https://github.com/hyperledger/aries-cloudagent-python/issues/1219#issuecomment-853975093

RounakGhosh (Mon, 21 Jun 2021 15:48:07 GMT):

Thank You very much @esune and @c2bo for your feedback.  I needed to restart the tails server and create new credential_def_id with the running instance of the tail server. It is working fine.

esune (Mon, 21 Jun 2021 15:49:09 GMT):

If you are using ngrok you will see the same error again next time your tails server URL changes

esune (Mon, 21 Jun 2021 15:49:09 GMT):

If you are using ngrok you will see the same error again next time your tails server URL changes - as per comment above in the aca-py issues

RounakGhosh (Mon, 21 Jun 2021 17:20:24 GMT):

@esune, I am using nginx to configure the server.

swcurran (Tue, 22 Jun 2021 13:45:14 GMT):

One idea if this is tied to a browser: Once a connection is established between the server and the wallet, the server puts a cookie with an identifier for the user in the browser.  When the user returns to the page, the cookie is read, providing an association with the user connection.  Then the connection can be reused for whatever needs to be done via the QR code.

tusharbansal (Tue, 22 Jun 2021 14:15:04 GMT):

Hello Team, 

I made few changes in aca-py code. 

1. I am using Sovrin "buildernet" genesis URL instead of "dev.greenlight.bcovrin.vonx.io" 
2. I am providing hard-coded seed value in aca-py value whose did and verkey has been already endorsed using "https://selfserve.sovrin.org/"

But I am getting this error, 

Exception: Error: 400: Ledger rejected transaction request: client request invalid: InvalidClientTaaAcceptanceError('Txn Author Agreement acceptance is required for ledger with id 1',)

As per Sovrin documentation, for TAA, just create a config.json file and put ` { "taaAcceptanceMechanism": "for_session" } ` and pass it in indy-cli. I was wondering how the TAA issue can be resolved in aca-py.

tusharbansal (Tue, 22 Jun 2021 14:15:04 GMT):

Hello Team, 

I made few changes in aca-py code. 

1. I am using Sovrin "buildernet" genesis URL instead of "dev.greenlight.bcovrin.vonx.io" 
2. I am providing hard-coded seed value in aca-py value whose did and verkey has been already endorsed using "https://selfserve.sovrin.org/"

Now I am getting a error, 

Exception: Error: 400: Ledger rejected transaction request: client request invalid: InvalidClientTaaAcceptanceError('Txn Author Agreement acceptance is required for ledger with id 1',)

As per Sovrin documentation, for TAA, just create a config.json file and put ` { "taaAcceptanceMechanism": "for_session" } ` and pass it in indy-cli. I was wondering how the TAA issue can be resolved in aca-py.

WadeBarnes (Tue, 22 Jun 2021 14:28:00 GMT):

Some hints on how to accept the TAA can be found over here; https://chat.hyperledger.org/channel/aries-cloudagent-python?msg=uvNzPTef9QKEpnzpr

swcurran (Tue, 22 Jun 2021 15:45:34 GMT):

We need to get that into ACA-Py docs.  

Should we consider having VON-Network have a TAA option?

WadeBarnes (Tue, 22 Jun 2021 15:51:51 GMT):

It does.  It's just not enabled by default.

WadeBarnes (Tue, 22 Jun 2021 15:53:10 GMT):

The process for enabling TAA; 
The TAA and associated AML can be defined here; https://github.com/bcgov/von-network/tree/master/config
Make copies of the samples and name them aml.json and taa.json , rebuild and start von-network.
Those files will then get registered by; https://github.com/bcgov/von-network/blob/master/server/anchor.py#L225
By default they are ignored by GIT; https://github.com/bcgov/von-network/blob/master/.gitignore#L145-L147

WadeBarnes (Tue, 22 Jun 2021 15:53:45 GMT):

I'll enter a ticket.

WadeBarnes (Tue, 22 Jun 2021 15:58:50 GMT):

https://github.com/bcgov/von-network/issues/150

swcurran (Tue, 22 Jun 2021 23:01:51 GMT):

Join us for the ACA-Py User Group Wednesday (tomorrow) at 11AM Pacific (18:00 UTC) -- the hour before the Aries WG Call. We'll have the core maintainers on the call to answer any questions -- other topics are below.

Zoom link: https://zoom.us/my/hyperledger.community?pwd=STZQd0xMZU9xRVVOVnpQM3JNQ2dqZz09

Link to meeting agenda page: https://wiki.hyperledger.org/display/ARIES/2021-06-23+Aries+Cloud+Agent+-+Python+Users+Group+Community+Meeting

Everyone is welcome!

Topics:

* Status Check: ACA-Py Release 0.7.0
* Performance Issue Update – Public DID Handling
* DIF Presentation Exchange in ACA-Py
* Multi-Tenant Experience: OrgBook Issuer Agency
* AMA (as time permits)

pritam_01 (Wed, 23 Jun 2021 05:35:48 GMT):

What kind of encoding is being used to encode master secret key before pass it as hidden attributes to ursa/cl-signature ?

Mark_Spencer (Wed, 23 Jun 2021 15:09:17 GMT):

Has joined the channel.

Mark_Spencer (Wed, 23 Jun 2021 15:13:04 GMT):

Hi everyone, I am facing an issue with *auto-ping* tag on Acapy (v0.6.0) 

What I want to achieve ?
The connection state shall be set to active when the invitation created from acapy is accepted on the .net edge Agent

Issue
The connection state is set to response, instead of active on the Acapy (v0.6.0)

Other Info
- The connection between Acapy ( v0.5.6) and .net agent was setting to active automatically with auto ping tag, but with 0.6.0 it doesnt.

swcurran (Wed, 23 Jun 2021 15:48:22 GMT):

@andrew.whitehead -- can you please take a look at this issue?

andrew.whitehead (Wed, 23 Jun 2021 17:36:22 GMT):

There’s nothing we can do here, the .net agent is responsible for sending a message after the connection response is sent by aca-py. Any agent message should move the status to active 

swcurran (Wed, 23 Jun 2021 23:31:48 GMT):

Recordings posted from today's ACA-Pug meeting covering the ACA-Py implementation of DIF Presentation Exchange and about the experience's we've had with implementing a multi-tenant instance of ACA-Py.

https://wiki.hyperledger.org/display/ARIES/2021-06-23+Aries+Cloud+Agent+-+Python+Users+Group+Community+Meeting

TimoGlastra (Thu, 24 Jun 2021 08:50:49 GMT):

Unfortunate I missed this call... sounds interesting :)

TimoGlastra (Thu, 24 Jun 2021 08:50:59 GMT):

Will rewatch the recording

RounakGhosh (Thu, 24 Jun 2021 17:47:06 GMT):

I am using Xamarin in Mobile end for wallet, however, when I am not giving any agent image url it is working fine, however when I am using any agent url in the mobile wallet, it is not working with the web agent connection, the connection state is remaining in negotiating state and not getting connected. I am posting the code here. Please guide

public static IHostBuilder BuildHost(Assembly platformSpecific = null) =>
           XamarinHost.CreateDefaultBuilder()
               .ConfigureServices((_, services) =>
               {
                   services.AddAriesFramework(builder => builder.RegisterEdgeAgent(
                       options: options =>
                       {
                           options.EndpointUri = "http://localhost:5000";
                           options.AgentName = "test";
                           options.AgentImageUri = "http://via.placeholder.com/300.png";
                           options.WalletConfiguration.StorageConfiguration =
                               new WalletConfiguration.WalletStorageConfiguration
                               {
                                   Path = Path.Combine(
                                       path1: FileSystem.AppDataDirectory,
                                       path2: ".indy_client",
                                       path3: "wallets")
                               };
                           options.WalletConfiguration.Id = "MobileWallet";
                           options.WalletCredentials.Key = "SecretWalletKey";
                           options.RevocationRegistryDirectory = Path.Combine(
                               path1: FileSystem.AppDataDirectory,
                               path2: ".indy_client",
                               path3: "tails");
                            // Available network configurations (see PoolConfigurator.cs):
                            //   sovrin-live
                            //   sovrin-staging
                            //   sovrin-builder
                            //   bcovrin-test
                            options.PoolName = "sovrin-staging";
                       },
                       delayProvisioning: true));
                   services.AddSingleton();
                   var containerBuilder = new ContainerBuilder();
                   containerBuilder.RegisterAssemblyModules(typeof(CoreModule).Assembly);
                   if (platformSpecific != null)
                   {
                       containerBuilder.RegisterAssemblyModules(platformSpecific);
                   }
                   containerBuilder.Populate(services);
                   Container = containerBuilder.Build();
               });

RounakGhosh (Thu, 24 Jun 2021 17:47:06 GMT):

I am using Xamarin in the Mobile end for configuring the application, however, when I am not giving any agent image URL it is working fine, however when I am using any agent URL in the mobile wallet, it is not working with the web agent connection, the connection state is remaining in negotiating state and not getting connected. I am posting the code here. Please guide @swcurran @TimoGlastra 

public static IHostBuilder BuildHost(Assembly platformSpecific = null) =>
           XamarinHost.CreateDefaultBuilder()
               .ConfigureServices((_, services) =>
               {
                   services.AddAriesFramework(builder => builder.RegisterEdgeAgent(
                       options: options =>
                       {
                           options.EndpointUri = "http://localhost:5000";
                           options.AgentName = "test";
                           options.AgentImageUri = "http://via.placeholder.com/300.png";
                           options.WalletConfiguration.StorageConfiguration =
                               new WalletConfiguration.WalletStorageConfiguration
                               {
                                   Path = Path.Combine(
                                       path1: FileSystem.AppDataDirectory,
                                       path2: ".indy_client",
                                       path3: "wallets")
                               };
                           options.WalletConfiguration.Id = "MobileWallet";
                           options.WalletCredentials.Key = "SecretWalletKey";
                           options.RevocationRegistryDirectory = Path.Combine(
                               path1: FileSystem.AppDataDirectory,
                               path2: ".indy_client",
                               path3: "tails");
                            // Available network configurations (see PoolConfigurator.cs):
                            //   sovrin-live
                            //   sovrin-staging
                            //   sovrin-builder
                            //   bcovrin-test
                            options.PoolName = "sovrin-staging";
                       },
                       delayProvisioning: true));
                   services.AddSingleton();
                   var containerBuilder = new ContainerBuilder();
                   containerBuilder.RegisterAssemblyModules(typeof(CoreModule).Assembly);
                   if (platformSpecific != null)
                   {
                       containerBuilder.RegisterAssemblyModules(platformSpecific);
                   }
                   containerBuilder.Populate(services);
                   Container = containerBuilder.Build();
               });

address-ledger (Thu, 24 Jun 2021 23:32:21 GMT):

Has joined the channel.

fethbita (Mon, 28 Jun 2021 08:33:36 GMT):

Hi everyone, I am trying to test the aca-py and build on it however I think there is some problems in my general understanding. I have started 2 aca-py instances with the following commands
`aca-py start --webhook-url http://0.0.0.0:6050 --endpoint 0.0.0.0:9395 --no-ledger --inbound-transport http 0.0.0.0 9395 --outbound-transport http --admin 0.0.0.0 9396 --admin-insecure-mode --wallet-local-did --wallet-name agent2`
and `aca-py start --webhook-url http://0.0.0.0:6049 --endpoint 0.0.0.0:9393 --no-ledger --inbound-transport http 0.0.0.0 9393 --outbound-transport http --admin 0.0.0.0 9394 --admin-insecure-mode --wallet-local-did --wallet-name agent1`
and started 2 python web servers to see what gets sent when with the following commands `python3 -m http.server 6050` and `python3 -m http.server 6049`.
I can connect to swagger on http://0.0.0.0:9394 and http://0.0.0.0:9396 but I can not create a connection between these two agents. I tried out-of-band connections but when I try to accept the invitation I get a `aries_cloudagent.admin.server ERROR Handler error with exception: No instance provided for class: BaseLedger` error. Why do I need a ledger to create a connection between two agents? afaik nothing is supposed to be written on the ledger in this case, right? Can you point out where my misunderstanding lies? Thank you!

swcurran (Mon, 28 Jun 2021 19:15:47 GMT):

I'm not certain -- I'm wondering if others can weigh in. I am wondering of the DID for the connection is a did:sov, and someone is trying to resolve that on a ledger?

swcurran (Mon, 28 Jun 2021 21:06:51 GMT):

@rjones -- we'd like to add @esune to the Maintainers list from ACA-Py so that as he answers issues (which he does a lot!) he can close them.  Can you please add him to the Hyperledger GitHub organization?  Thanks!

rjones (Mon, 28 Jun 2021 21:06:51 GMT):

Has joined the channel.

thomas_kim (Tue, 29 Jun 2021 01:27:44 GMT):

Hi community! I realized that credential exchange records are removed by the parameter auto_remove. However, I can't find any options or parameters that remove presentation exchange records... Is there a specific reason why ACA-Py doesn't have this feature?

swcurran (Tue, 29 Jun 2021 03:30:58 GMT):

@andrew.whitehead -- can you answer this one?  I definitely think we need that feature!

andrew.whitehead (Tue, 29 Jun 2021 05:11:51 GMT):

The endpoints can’t be 0.0.0.0, that is only used to bind all available addresses for incoming connections. The endpoints should be resolvable addresses

fethbita (Tue, 29 Jun 2021 07:02:40 GMT):

After changing the endpoints to localhost, I still get the same error

fethbita (Tue, 29 Jun 2021 07:07:58 GMT):



Clipboard - June 29, 2021 10:07 AM

rjones (Tue, 29 Jun 2021 14:51:38 GMT):

@swcurran invite extende!

rjones (Tue, 29 Jun 2021 14:51:38 GMT):

@swcurran invite extended!

esune (Tue, 29 Jun 2021 15:02:31 GMT):

Got it, thank you!

RounakGhosh (Tue, 29 Jun 2021 16:53:16 GMT):

Hello Everyone, is there any way to configure --image-url in mobile end. I am using Xamarin in mobile application?. @esune @swcurran

esune (Tue, 29 Jun 2021 16:58:12 GMT):

I am not familiar with the Xamarin agent. Maybe #aries-framework-dotnet could provide better answers?

RounakGhosh (Tue, 29 Jun 2021 17:11:29 GMT):

Thank you for suggesting.

deas (Wed, 30 Jun 2021 15:16:46 GMT):

Is there a way to list public DIDs on a VON Network instance? I'm playing with acapy and the did resolver API is failing me. `/resolver/resolve/{did}` Thought maybe I could just grab all of them and take a gander.

deas (Wed, 30 Jun 2021 15:20:04 GMT):

Update: I am a doofus. I was dropping the 'did:sov:' from the string... Would still be nice to pull a list of all of them, though.

deas (Wed, 30 Jun 2021 15:20:04 GMT):

Update: I am a doofus. I was dropping the `did:sov:` from the string... Would still be nice to pull a list of all of them, though.

daidoji (Wed, 30 Jun 2021 15:20:13 GMT):

https://vonx.io/clickythings/

daidoji (Wed, 30 Jun 2021 15:20:45 GMT):

The "indy network browsers" for the various network you're connecting to are what you want to look for http://dev.bcovrin.vonx.io/

daidoji (Wed, 30 Jun 2021 15:20:45 GMT):

The "indy network browsers" for the various network you're connecting to are what you want to look for ie) http://dev.bcovrin.vonx.io/

daidoji (Wed, 30 Jun 2021 15:21:13 GMT):

if you're running von network for local development there's an equivalent explorer in there too

deas (Wed, 30 Jun 2021 15:24:24 GMT):

Oh yeah! I think it runs by default on port 9000 when I kick it off locally. Good call! Thank you.

andrew.whitehead (Wed, 30 Jun 2021 15:42:04 GMT):

You can point von-network at a public ledger as an explorer, but it takes a while to download the transactions as it has to fetch each one separately

MikeSmith (Thu, 01 Jul 2021 05:22:11 GMT):

Has joined the channel.

gaberasturi (Fri, 02 Jul 2021 11:31:15 GMT):

Has joined the channel.

sghaemi (Fri, 02 Jul 2021 19:20:56 GMT):

Has joined the channel.

sghaemi (Fri, 02 Jul 2021 19:20:57 GMT):

Hello everyone, I'm rather new to Hyperledger Indy and Aries and I appreciate your help in advance. Is there an open-source web UI for aries agents that I could use other that the default Swagger UI?

swcurran (Fri, 02 Jul 2021 21:13:03 GMT):

For general use, Aries Toolbox is probably your best bet -- It's part of Hyperledger.  I just heard about another that I've not looked at yet.  

Are you just looking for something that is equivalent to Swagger, but better?  If so, you can download the Swagger file from the swagger page and then use a UI that is better than Swagger (almost anything would have to be better... :-)  ).

madhugoundla (Fri, 02 Jul 2021 23:23:08 GMT):

Hi, where can i find the location for logs, for aries-cloudagent-python on Ubuntu?

TimoGlastra (Sat, 03 Jul 2021 10:57:02 GMT):

@swcurran what is the other tool you've not looked at yet? Curious :)

rjones (Sat, 03 Jul 2021 14:42:25 GMT):

Has left the channel.

swcurran (Mon, 05 Jul 2021 15:18:13 GMT):

Call for topics for the ACA-Pug call this Wednesday -- anything the community wants to discuss?  We'll have an update on the 0.7.0 Release (spoiler - going really well), askar mode (spoiler - going really well) and we'll have the Devs there to answer questions.  Anything else you want to talk over?  Perhaps

- final(?) 0.7.0 contents
- Persistent queues -- @dbluhm?
- Organizing AIP 2.0 work -- AKA What is Release 1.0.0?
- AATH Updates
- What else do you need?

swcurran (Tue, 06 Jul 2021 06:51:50 GMT):

Join us for the ACA-Py User Group Wednesday (tomorrow) at 11AM Pacific (18:00 UTC) -- the hour before the Aries WG Call. We'll have the core maintainers on the call to answer any questions -- other topics are below.

Zoom link: https://zoom.us/my/hyperledger.community?pwd=STZQd0xMZU9xRVVOVnpQM3JNQ2dqZz09

Link to meeting agenda page: https://wiki.hyperledger.org/display/ARIES/2021-07-07+Aries+Cloud+Agent+-+Python+Users+Group+Community+Meeting

Everyone is welcome!

Topics:

- Status Check: ACA-Py Release 0.7.0
- Performance Issue Update – Public DID Handling
- Discussion: What's next/getting to Release 1.0.0
- AMA (as time permits)

agrawalaman (Tue, 06 Jul 2021 07:27:37 GMT):

Has joined the channel.

agrawalaman (Tue, 06 Jul 2021 07:37:44 GMT):

Hi , I am developing an aries controller for issuing credentials in javascript using aries-cloudagent-python. To start the agent I use the following arguemnts
aca-py start --label Faber \
-it http 0.0.0.0 8000 \
-ot http --admin 0.0.0.0 8021 \
--admin-insecure-mode \
--genesis-url "http://test.bcovrin.vonx.io/genesis" \
--seed {{my_seed}} \
--endpoint "http://localhost:8000/" \
--debug-connections --auto-provision \
--wallet-type indy --wallet-name FABER \
--wallet-key secret --auto-accept-requests \
--auto-accept-invites --auto-ping-connection --auto-respond-credential-proposal \
--auto-respond-credential-offer --auto-respond-credential-request \
--auto-store-credential

Now while issuing the credential through my own controller I get the following error 
{'connection_id': ['Missing data for required field.'], 'credential_proposal': ['Missing data for required field.']}
My credential object looks like this 
{
"comment": "string",
"credential_proposal": {
"@type": "/issue-credential/1.0/credential-preview",
"attributes": [
{
"name": "Name",
"value": "Alice Smith"
},
{
"name": "Date",
"value": "2020-01-01"
},
{
"name": "Degree",
"value": "Maths"
},
{
"name": "Age",
"value": "24"
}
]
},
"schema_issuer_did": "GCezUGKaGXjaeuUrGgN22f",
"connection_id": "804d0219-cd5a-4a1b-8db8-4244ad8dd641",
"schema_version": "2.0",
"schema_id": "GCezUGKaGXjaeuUrGgN22f:2:Vague:2.0",
"issuer_did": "GCezUGKaGXjaeuUrGgN22f",
"cred_def_id": "GCezUGKaGXjaeuUrGgN22f:3:CL:139026:default_vague",
"schema_name": "Vague"
}

But when i try to use the same credential in swagger , the credential is sent. My controller works perfectly fine with the aca-py instance in the aries controller demo on github.

sghaemi (Tue, 06 Jul 2021 22:08:40 GMT):

Thank you so much for your answer, Stephen. Yeah I'm looking for something better than swagger. I'll look into these. I'm also curous to know what the other tool is. Thanks.

sghaemi (Tue, 06 Jul 2021 22:08:40 GMT):

@swcurran Thank you so much for your answer, Stephen. Yeah I'm looking for something better than swagger. I'll look into these. I'm also curous to know what the other tool is. Thanks.

swcurran (Wed, 07 Jul 2021 08:27:04 GMT):

@jcourt -- are you talking publicly about the work you are doing yet?  :-)  People are wondering...

swcurran (Wed, 07 Jul 2021 10:08:22 GMT):

The first ACA-Py 0.7.0 Release Candidate (RC0) is now tagged.  We'll be adding a new docker image later today.  The following is a list of the major updates and additions to be found amongst the 135 PRs that have been merged into the release since 0.6.0 was tagged:

* Support for W3C Standard Verifiable Credentials based on JSON-LD using LD-Signatures and BBS+ Signatures
* Support for DIF Presentation Exchange
* Present Proof V2 Support
* Pluggable DID Resolver (with a did:web resolver) with fallback to an external DID universal resolver
* Endorser Signing Transactions Protocol
* Upgrades to Demos to add support for Credential Exchange 2.0 and W3C Verifiable Credentials
* Alpha support for the Indy/Aries Shared Components (indy-vdr, indy-shared-rs and aries-askar), enabling running ACA-Py without using the Indy-SDK, while still supporting the use of Indy as a ledger, and Indy AnonCreds verifiable credential format
* Feature/Event bus for ACA-Py generated events for controllers
* Initial support for AIP 2.0 DIDComm envelopes (e.g. ECDH-1PU support)
* Enable operation without Indy ledger support if not needed
* Performance fix for deployments with large numbers of DIDs/connections
* Simplify the creation/handling of plugin protocols
* DID Exchange implicit invitation handling
* Add support for Indy 1.16 predicates (restrictions on predicates based on attribute name and value)
* BDD Tests run via GitHub Actions

We'll be testing the tag in the next few days and preparing an official 0.7.0 release.

If you have time, please exercise your ACA-Py implementations with the Release Candidate and let us know what you find.

Thanks!

swcurran (Wed, 07 Jul 2021 10:08:22 GMT):

The first ACA-Py 0.7.0 Release Candidate (RC0) is now tagged.  We'll be adding a new docker image later today.  The following is a list of the major updates and additions to be found amongst the 135 PRs that have been merged into the release since 0.6.0 was tagged:

- Support for W3C Standard Verifiable Credentials based on JSON-LD using LD-Signatures and BBS+ Signatures
- Support for DIF Presentation Exchange
- Present Proof V2 Support
- Pluggable DID Resolver (with a did:web resolver) with fallback to an external DID universal resolver
- Endorser Signing Transactions Protocol
- Upgrades to Demos to add support for Credential Exchange 2.0 and W3C Verifiable Credentials
- Alpha support for the Indy/Aries Shared Components (indy-vdr, indy-shared-rs and aries-askar), enabling running ACA-Py without using the Indy-SDK, while still supporting the use of Indy as a ledger, and Indy AnonCreds verifiable credential format
- Feature/Event bus for ACA-Py generated events for controllers
- Initial support for AIP 2.0 DIDComm envelopes (e.g. ECDH-1PU support)
- Enable operation without Indy ledger support if not needed
- Performance fix for deployments with large numbers of DIDs/connections
- Simplify the creation/handling of plugin protocols
- DID Exchange implicit invitation handling
- Add support for Indy 1.16 predicates (restrictions on predicates based on attribute name and value)
- BDD Tests run via GitHub Actions

We'll be testing the tag in the next few days and preparing an official 0.7.0 release.

If you have time, please exercise your ACA-Py implementations with the Release Candidate and let us know what you find.

Thanks!

swcurran (Wed, 07 Jul 2021 10:08:22 GMT):

The first [ACA-Py 0.7.0 Release Candidate (RC0)](https://github.com/hyperledger/aries-cloudagent-python/releases/tag/0.7.0-rc0) is now tagged.  We'll be adding a new docker image later today.  The following is a list of the major updates and additions to be found amongst the 135 PRs that have been merged into the release since 0.6.0 was tagged:

- Support for W3C Standard Verifiable Credentials based on JSON-LD using LD-Signatures and BBS+ Signatures
- Support for DIF Presentation Exchange
- Present Proof V2 Support
- Pluggable DID Resolver (with a did:web resolver) with fallback to an external DID universal resolver
- Endorser Signing Transactions Protocol
- Upgrades to Demos to add support for Credential Exchange 2.0 and W3C Verifiable Credentials
- Alpha support for the Indy/Aries Shared Components (indy-vdr, indy-shared-rs and aries-askar), enabling running ACA-Py without using the Indy-SDK, while still supporting the use of Indy as a ledger, and Indy AnonCreds verifiable credential format
- Feature/Event bus for ACA-Py generated events for controllers
- Initial support for AIP 2.0 DIDComm envelopes (e.g. ECDH-1PU support)
- Enable operation without Indy ledger support if not needed
- Performance fix for deployments with large numbers of DIDs/connections
- Simplify the creation/handling of plugin protocols
- DID Exchange implicit invitation handling
- Add support for Indy 1.16 predicates (restrictions on predicates based on attribute name and value)
- BDD Tests run via GitHub Actions

We'll be testing the tag in the next few days and preparing an official 0.7.0 release.

If you have time, please exercise your ACA-Py implementations with the Release Candidate and let us know what you find.

Thanks!

dbluhm (Wed, 07 Jul 2021 16:52:11 GMT):

Sorry for the late notice -- happy to give an update on persistent queues but I don't have anything to formally present on this besides perhaps our currently open PR and some of our reasoning

swcurran (Wed, 07 Jul 2021 17:36:28 GMT):

That would be good. No pressure though.

Jsyro (Wed, 07 Jul 2021 20:00:12 GMT):

Is there a description of the 0.7 changes to ProofExchange problem reports?  I'm tracking down a bug.

jcourt (Wed, 07 Jul 2021 21:56:08 GMT):

@swcurran thanks for the prod.  We have been working on a few tools and a REACT UI that we hope will make it easier for developers to get started with ACA-py and develop Web Controllers.  The idea is that you can run everything on a MacOS machine to do local development, then move to using the Sovrin/Indicio or other Indy based Ledger.

jcourt (Wed, 07 Jul 2021 21:56:08 GMT):

@swcurran thanks for the prod.  We have been working on a few tools and a REACT UI that we hope will make it easier for developers to get started with ACA-py and develop Web Controllers.  The idea is that you can run everything on a MacOS machine to do local development, then move to using the Sovrin/Indicio or other Indy based Ledger.

You can find details on the Anonyome Labs web page : 
https://docs.sudoplatform.com/sudo-labs/decentralized-identity/cloud-agent-sdk

jcourt (Wed, 07 Jul 2021 22:01:17 GMT):

The SDK and REACT WebUI are publicly available on GitHub : 
SDK - https://github.com/sudoplatform-labs/sudo-di-cloud-agent-js
REACT UI - https://github.com/sudoplatform-labs/sudo-di-cloud-agent-admin-console-js

jcourt (Wed, 07 Jul 2021 22:02:05 GMT):

If you just want to play with the UI it will automatically install the SDK as a part of the setup process, see the GitHub directions for this.

jcourt (Wed, 07 Jul 2021 22:02:05 GMT):

If you just want to play with the UI it will automatically install the correct SDK version as a part of the setup process, see the GitHub directions for this.

jcourt (Wed, 07 Jul 2021 22:05:35 GMT):

A couple of comments around this release : 
* This is pre-production hence the version being 0.x.x at the moment.  We are working to make it better but it currently doesn't support revocation or persistent storage or hooks.
* It is completely based on the most excellent work done by BC gov on ACA-py and the VON-Network for local ledger testing environment.
* It is currently using 0.5.6 of ACA-py. We will be looking to pull it up to 0.7.0 when that is released. We are skipping 0.6.0 just because I was too busy with the SDK and UI first versions to track the current verision.

jcourt (Wed, 07 Jul 2021 22:05:35 GMT):

A couple of comments around this release : 
* This is pre-production hence the version being 0.x.x at the moment.  We are working to make it better but it currently doesn't support revocation or persistent storage or hooks.
* It is completely based on the most excellent work done by BC gov and the Aries community, on ACA-py and the VON-Network for local ledger testing environment.
* It is currently using 0.5.6 of ACA-py. We will be looking to pull it up to 0.7.0 when that is released. We are skipping 0.6.0 just because I was too busy with the SDK and UI first versions to track the current verision.

jcourt (Wed, 07 Jul 2021 22:06:51 GMT):

The hope is that this will make it easier for people to see and start developing Controllers with the ACA-py cloud agent.

thomas_kim (Thu, 08 Jul 2021 02:38:48 GMT):

@andrew.whitehead -- any thoughts?

agrawalaman (Thu, 08 Jul 2021 13:29:00 GMT):

Hi, can someone tell me how to send proof presentations and other things required for proof. I can't find proper documentation. Also is it compulsory to have a revocation registry for proof presentation?

domwoe (Thu, 08 Jul 2021 14:09:39 GMT):

Question present-proof 2.0 to be sure: In v1 there was a presentation preview object that was part of a presentation proposal (https://github.com/hyperledger/aries-rfcs/blob/master/features/0037-present-proof/README.md#presentation-preview). Is it correct that this object is not used anymore in v2 and instead a normal indy proof request object is part of the proposal? This means also that the actual values won't be shared in the v2 proposal in contrast to the v1 proposal, does it?

domwoe (Thu, 08 Jul 2021 14:09:39 GMT):

Question on present-proof 2.0: In v1 there was a presentation preview object that was part of a presentation proposal (https://github.com/hyperledger/aries-rfcs/blob/master/features/0037-present-proof/README.md#presentation-preview). Is it correct that this object is not used anymore in v2 and instead a normal indy proof request object is part of the proposal? This means also that the actual values won't be shared in the v2 proposal in contrast to the v1 proposal, does it?

swcurran (Thu, 08 Jul 2021 15:18:40 GMT):

That's correct -- the decision was made to not make up a new object for the proposal.  That said, I believe the values you are seeing in the example in 0037 are what would be used in a presentation request, so I don't think there is any loss/change in functionality.

domwoe (Thu, 08 Jul 2021 15:21:42 GMT):

If I understand correctly there is a difference. In v1 you'd disclose the actual values in the proposal/preview, in v2 it seems you don't

swcurran (Thu, 08 Jul 2021 15:23:17 GMT):

Are you talking Indy proof requests?  There is not great documentation ( :-( ). Mostly examples are used to learn the structure -- especially the test cases that are in the indy-sdk.

A revocation registry is not compulsory.  There have been some issues with this, but a presentation that specifies a revocation interval can be satisfied by a credential that is non-revocable, and vice versa -- no revocation interval satisfied with a revocable credential.

swcurran (Thu, 08 Jul 2021 15:25:34 GMT):

Not really.  In a proof request, you can specify restrictions based on data values of claims.  In v1 that was specified in a custom object that mimicked a proof request. In v2 that is specified as the actual the proof request format. 

The semantics are the same for both.

swcurran (Thu, 08 Jul 2021 15:25:34 GMT):

Not really.  In a proof request, you can specify restrictions based on data values of claims.  In v1 that was specified in a custom object that mimicked a proof request. In v2 that is specified as the actual  proof request format. 

The semantics are the same for both.

domwoe (Thu, 08 Jul 2021 15:37:31 GMT):

I'm not sure if we're talking past each other :) I'm not talking of a proof request but a proposal initiated by the prover. I'm pretty sure that you already disclose the attribute values in a proposal that you would like to prove in a presentation. We use this in the BPA and I'm pretty sure I've seen this behaviour. This is the object you send as part of a proposal `{
    "@type": "https://didcomm.org/present-proof/1.0/presentation-preview",
    "attributes": [
        {
            "name": "",
            "cred_def_id": "",
            "mime-type": "",
            "value": "",
            "referent": ""
        },
        // more attributes
    ],
    "predicates": [
        {
            "name": "",
            "cred_def_id": "",
            "predicate": "",
            "threshold": 
        },
        // more predicates
    ]
}`

domwoe (Thu, 08 Jul 2021 15:45:07 GMT):

But anyways, the more important part of my question got answered. v2 just uses the proof request format :)

madhugoundla (Thu, 08 Jul 2021 18:12:08 GMT):

What parameters to use to start a mediator agent? can i get an example with the whole parameters after aca-py start?

TimoGlastra (Thu, 08 Jul 2021 22:13:46 GMT):

This is awesome, thanks @jcourt. Definitely gonna give this a try

agrawalaman (Fri, 09 Jul 2021 04:46:31 GMT):

Yes I am talking about indy proof requests indeed. I tried following the demo from aries-controller demo on github but was confused why my own implementation in node.js was not working. I couldn't find a good demo or document on creating a proof request and creating a presentation to present. I'll look into indy-sdk test cases though.

swcurran (Fri, 09 Jul 2021 07:48:40 GMT):

I've not tried this, but is there enough info here?  https://github.com/hyperledger/aries-cloudagent-python/blob/main/Mediation.md

swcurran (Fri, 09 Jul 2021 07:49:16 GMT):

If not, perhaps @dbluhm or @burdettadam can help.  We definitely should have that in that doc.

ianco (Fri, 09 Jul 2021 13:35:32 GMT):

It's also built into the alice/faber demo, you can run the demo with the `--mediation` option and it will start a separate mediator agent

madhugoundla (Fri, 09 Jul 2021 16:45:11 GMT):

Thank you @swcurran and @ianco. I am looking to standup a separate mediator, do we need to pass the seed and wallet type Indy etc. parameters? For Example: aca-py start --label wiagent --open-mediation -it http 0.0.0.0 8000 -ot http --admin 0.0.0.0 8081 --admin-insecure-mode --genesis-url http://dev.greenlight.bcovrin.vonx.io/genesis --seed 000000000000000000000000000AGENT --wallet-type indy --wallet-name agent01 -e http://localhost:8000 --wallet-key secret

madhugoundla (Fri, 09 Jul 2021 16:53:33 GMT):

Also would be great have documentation for how Alice can connect to Mediator and an Agent connection to Mediator and have agent issue credential via mediator. I haven't found any demo documentation for mediator specific.

madhugoundla (Fri, 09 Jul 2021 16:53:33 GMT):

Also would be great to have documentation for how Alice can connect to Mediator and an Agent connection to Mediator and have agent issue credential via mediator. I haven't found any demo documentation for mediator specific.

madhugoundla (Fri, 09 Jul 2021 17:02:51 GMT):

Hi, where can I find the log location on the file system, for aries-cloudagent-python on Ubuntu?

wip-abramson (Fri, 09 Jul 2021 17:13:30 GMT):

Hey, I just opened a few issues around some bugs I think I spotted whilst playing with 0.7.0. Pretty minor but I wanted to capture them. Apologies for not just submitting a P.R. :)

ianco (Fri, 09 Jul 2021 17:17:05 GMT):

If you run alice and/or faber with the `--mediation` option it does all that, there's no documentation other than the python code, but at least you can be sure that the python code is up-to-date!

madhugoundla (Fri, 09 Jul 2021 17:23:40 GMT):

Got it @ianco. Let me try that and figure it out. Thank you.

madhugoundla (Fri, 09 Jul 2021 17:56:14 GMT):

Thanks @ianco, I found the parameters in --mediation with Faber demo.

agrawalaman (Sun, 11 Jul 2021 07:34:16 GMT):

Can someone please tell me how to send an indy presentation using aca-py apis when the revocation registry is not set?
I always get the error 400: Error when constructing proof: Error: Invalid structure. Caused by: Revocation Registry Id not found. CommonInvalidStructure.

agrawalaman (Sun, 11 Jul 2021 07:48:57 GMT):

Also, when the verifier sends a proof request to prover, how would the prover controller know when to send the presentation?

swcurran (Sun, 11 Jul 2021 08:20:22 GMT):

We probably need more information.  Perhaps open an issue so you can include the info about the credential def (does it have revocation set?) , the proof request sent, and the error.  Likely there is some inconsistency some where.

swcurran (Sun, 11 Jul 2021 08:22:23 GMT):

Not sure what you mean.  The prover sends the presentation when it is ready -- which could be a second or a month after the request is received.  There are no hard and fast rules, as it could depend on the use cases.  The request may go to a human who is on vacation and does authorize the presentation be sent until after they are back at work.

agrawalaman (Sun, 11 Jul 2021 08:24:40 GMT):

Yeah i guess i have figured that out, i was including a timestamp as was shown in swagger example, removing that worked.

agrawalaman (Sun, 11 Jul 2021 08:27:27 GMT):

So from what I understand, the flow is like, first the verifier sends a presentation request to the holder, so now there's a proof request at the side of prover, with state request-sent, so now it's up to the prover to create a proof and send that to verifier anytime he wishes. 
And if so, what is the use of --auto-respond-presentation-request argument

swcurran (Sun, 11 Jul 2021 10:29:03 GMT):

Remember that with an Agent there is the framework (ACA-Py, in this case) and the Controller -- the business logic for telling the framework what to do. In normal operations, the prover would receive the request, find the credentials to use in the proof and then ask the controller (via a webhook) "Hey, here is the proof request and the credentials that I can use to respond -- what should I do?".  ACA-Py then waits for the controller to respond.

In "--auto..." mode, the framework skips asking the Controller what to do and just sends a response based on the credentials that could work. By default, it picks the most recently issued credentials if there are multiple.  The controller is notified only when it's done. You wouldn't normally use "--auto" in production.

agrawalaman (Sun, 11 Jul 2021 13:12:22 GMT):

Ok, so I am using the --auto mode, so when I am requesting proof through verifier, the prover should automatically send the credential, but in my case this doesn't seem to happen. 
My request object looks like
`{
    "connection_id": "",
    "proof_request": {
      "name": "Proof of Education",
      "version": "1.0",
      "requested_attributes": {
        "0_name_uuid": {
          "name": "name",
          "restrictions": [
            {
              "cred_def_id": ""
            }
          ]
        },
        "0_date_uuid": {
          "name": "date",
          "restrictions": [
            {
              "cred_def_id": ""
            }
          ]
        },
        "0_degree_uuid": {
          "name": "degree",
          "restrictions": [
            {
              "cred_def_id": ""
            }
          ]
        },
        "0_self_attested_thing_uuid": {
          "name": "self_attested_thing"
        }
      },
      "requested_predicates": {
        "0_age_GE_uuid": {
          "name": "age",
          "p_type": ">=",
          "p_value": 18,
          "restrictions": [
            {
              "cred_def_id": ""
            }
          ]
        }
      }
    }
  }`

agrawalaman (Sun, 11 Jul 2021 13:13:23 GMT):

So in this case I would not need to create a presentation like this
{
    "requested_attributes":{
        "0_degree_uuid":{
            "cred_id":"0716efbb-837b-4a98-a707-5dc95cbc67af",
            "revealed":true
        },
        "0_name_uuid":{
            "cred_id":"0716efbb-837b-4a98-a707-5dc95cbc67af",
            "revealed":true
        },
        "0_date_uuid":{
            "cred_id":"0716efbb-837b-4a98-a707-5dc95cbc67af",
            "revealed":true
        }
    },
    "requested_predicates":{
        "0_age_GE_uuid":{
            "cred_id":"0716efbb-837b-4a98-a707-5dc95cbc67af"
        }
    },
    "self_attested_attributes":{
        "0_self_attested_thing_uuid":"self_attested_thing"
    },
    "trace":false
}

madhugoundla (Mon, 12 Jul 2021 00:04:36 GMT):

Hi, when i am trying to run the agent in AWS EC2 instance, with passing Public IP for admin and webhooks. I am getting the following error. Firewalls are open, Ports are open. 

2021-07-11 17:48:16,836 aries_cloudagent.core.conductor ERROR Unable to start administration API
Traceback (most recent call last):
  File "/usr/lib/python3.6/asyncio/base_events.py", line 1062, in create_server
    sock.bind(sa)
OSError: [Errno 99] Cannot assign requested address

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/home/ubuntu/.local/lib/python3.6/site-packages/aries_cloudagent/admin/server.py", line 459, in start
    await self.site.start()
  File "/home/ubuntu/.local/lib/python3.6/site-packages/aiohttp/web_runner.py", line 104, in start
    reuse_port=self._reuse_port)
  File "/usr/lib/python3.6/asyncio/base_events.py", line 1066, in create_server
    % (sa, err.strerror.lower()))
OSError: [Errno 99] error while attempting to bind on address ('18.189.69.66', 8081): cannot assign requested address

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/home/ubuntu/.local/lib/python3.6/site-packages/aries_cloudagent/core/conductor.py", line 194, in start
    await self.admin_server.start()
  File "/home/ubuntu/.local/lib/python3.6/site-packages/aries_cloudagent/admin/server.py", line 465, in start
    + f"'{self.host}' and port '{self.port}'\n"
aries_cloudagent.admin.error.AdminSetupError: Unable to start webserver with host '18.189.69.66' and port '8081'

Here is the parameters i am running.
 
aca-py start --label agent1 -it http 0.0.0.0 8000 -ot http -e http://18.189.69.66:8000 --admin 18.189.69.66 8081 --admin-insecure-mode --genesis-url http://dev.greenlight.bcovrin.vonx.io/genesis --seed 000000000000000000000000000AGENT --wallet-type indy --wallet-name wiagent01 --wallet-key secret --webhook-url http://18.189.69.66:8082/webhooks --trace-target log --trace-tag mediator.events --trace-label mediator.trace

madhugoundla (Mon, 12 Jul 2021 00:04:36 GMT):

Hi, when I am trying to run the agent in AWS EC2 instance, with passing Public IP for admin and webhooks. I am getting the following error. Firewalls are open, ports are open. 

2021-07-11 17:48:16,836 aries_cloudagent.core.conductor ERROR Unable to start administration API
Traceback (most recent call last):
  File "/usr/lib/python3.6/asyncio/base_events.py", line 1062, in create_server
    sock.bind(sa)
OSError: [Errno 99] Cannot assign requested address

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/home/ubuntu/.local/lib/python3.6/site-packages/aries_cloudagent/admin/server.py", line 459, in start
    await self.site.start()
  File "/home/ubuntu/.local/lib/python3.6/site-packages/aiohttp/web_runner.py", line 104, in start
    reuse_port=self._reuse_port)
  File "/usr/lib/python3.6/asyncio/base_events.py", line 1066, in create_server
    % (sa, err.strerror.lower()))
OSError: [Errno 99] error while attempting to bind on address ('18.189.69.66', 8081): cannot assign requested address

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/home/ubuntu/.local/lib/python3.6/site-packages/aries_cloudagent/core/conductor.py", line 194, in start
    await self.admin_server.start()
  File "/home/ubuntu/.local/lib/python3.6/site-packages/aries_cloudagent/admin/server.py", line 465, in start
    + f"'{self.host}' and port '{self.port}'\n"
aries_cloudagent.admin.error.AdminSetupError: Unable to start webserver with host '18.189.69.66' and port '8081'

*Here are the parameters I am running.*
 
*aca-py start --label agent1 -it http 0.0.0.0 8000 -ot http -e http://18.189.69.66:8000 --admin 18.189.69.66 8081 --admin-insecure-mode --genesis-url http://dev.greenlight.bcovrin.vonx.io/genesis --seed 000000000000000000000000000AGENT --wallet-type indy --wallet-name wiagent01 --wallet-key secret --webhook-url http://18.189.69.66:8082/webhooks --trace-target log --trace-tag mediator.events --trace-label mediator.trace*

c2bo (Mon, 12 Jul 2021 06:41:31 GMT):

I would try running --admin 0.0.0.0 8081 and check if port 8081 is already used by some other process if that doesn't work

sghaemi (Mon, 12 Jul 2021 14:20:03 GMT):

@jcourt This is amazing. Thank you so much!

madhugoundla (Mon, 12 Jul 2021 14:48:53 GMT):

When I am running with 0.0.0.0, i am getting following error from webhooks.*aries_cloudagent.transport.outbound.manager ERROR >>> Error when posting to: http://18.189.69.66:8082/webhooks/topic/connections/; Error: (, ClientConnectorError(ConnectionKey(host='18.189.69.66', port=8082, is_ssl=False, ssl=None, proxy=None, proxy_auth=None, proxy_headers_hash=None), ConnectionRefusedError(111, "Connect call failed ('18.189.69.66', 8082)")), ); Re-queue failed message ...*

madhugoundla (Mon, 12 Jul 2021 14:58:15 GMT):

@ianco, do I have to run my own webhook server or is that included with aca-py and is brought up with --webhook-url parameter?

ianco (Mon, 12 Jul 2021 15:10:21 GMT):

You have to run your own webhook server (usually this is part of the controller)

madhugoundla (Mon, 12 Jul 2021 15:18:18 GMT):

Got it, Thank you @ianco  I was using Trinsic Wallet and an Agent running on EC2. Connection is successful between the wallet and the agent but Credentials briefly show up and disappear with an error in Trinsic Wallet. May also need Mediation Turned on probably.

ianco (Mon, 12 Jul 2021 15:26:47 GMT):

Trinsic connects to its own mediator, as far as I know, you don't need to enable a mediator on aca-py

madhugoundla (Mon, 12 Jul 2021 15:27:51 GMT):

Got it, does webhooks have to be enabled for issuing credentials?

madhugoundla (Mon, 12 Jul 2021 15:28:43 GMT):

in this scenario?

ianco (Mon, 12 Jul 2021 15:29:13 GMT):

Webhooks don't need to be enabled, but you may want to set all the `--auto` flags to make sure the protocol goes through all the steps (otherwise you need to manually make the calls through the admin api - see https://github.com/hyperledger/aries-cloudagent-python/blob/main/demo/AriesOpenAPIDemo.md)

ianco (Mon, 12 Jul 2021 15:29:31 GMT):

If the credential is appearing and then disappearing in Trinsic then I suspect the issue is on the Trinsic side

madhugoundla (Mon, 12 Jul 2021 15:31:24 GMT):

Okay that make sense. If i have Alice Mobile --> Mediator --> Agent, does mediator needs to have webhooks enabled?

ianco (Mon, 12 Jul 2021 15:57:34 GMT):

I don't think so but that's a good question.

madhugoundla (Mon, 12 Jul 2021 16:01:20 GMT):

Thanks for your help and time @ianco

dbluhm (Mon, 12 Jul 2021 18:18:42 GMT):

For those running ACA-Py with Postgres, I'm curious what kind of performance you're getting. We're running a single ACA-Py agent with a single Postgres instance (shared with other applications) and are getting ~ 8 seconds to establish a connection. This seems high to me but I'm used to running in memory. Any input is appreciated.

dbluhm (Mon, 12 Jul 2021 18:18:42 GMT):

For those running ACA-Py with Postgres, I'm curious what kind of performance you're getting. We're running a single ACA-Py agent with a single Postgres instance (shared with other applications) and we are getting ~ 8 seconds to establish a connection. This seems high to me but I'm used to running in memory. Any input is appreciated.

dbluhm (Mon, 12 Jul 2021 18:18:42 GMT):

For those running ACA-Py with Postgres, I'm curious what kind of performance you're getting. We're running a single ACA-Py agent with a single Postgres instance (shared with other applications) and we are getting ~ 8 seconds to establish a connection (from a multi-use connection invitation). This seems high to me but I'm used to running in memory. Any input is appreciated.

dbluhm (Mon, 12 Jul 2021 18:18:42 GMT):

For those running ACA-Py with Postgres, I'm curious what kind of performance you're getting. We're running a single ACA-Py (0.6.0) agent with a single Postgres instance (shared with other applications) and we are getting ~ 8 seconds to establish a connection (from a multi-use connection invitation). This seems high to me but I'm used to running in memory. Any input is appreciated.

ianco (Mon, 12 Jul 2021 18:40:08 GMT):

We run all our aca-py deployments with a postgres back-end.  I don't have any specific numbers but 8 seconds is a crazy long time.  Try enabling sql debugging to see what kind of query performance you are getting

ianco (Mon, 12 Jul 2021 18:41:02 GMT):

I know there was an issue reported with slow performance when a large number of connections were created (due to DID query issues I think)

ianco (Mon, 12 Jul 2021 18:41:14 GMT):

How many connections have you created?

dbluhm (Mon, 12 Jul 2021 18:43:07 GMT):

I think heard about that issue -- we're in the 50-100 range. The DID query performance issue was more in the tens of thousands, right?

dbluhm (Mon, 12 Jul 2021 18:43:07 GMT):

I think I heard about that issue -- we're in the 50-100 range. The DID query performance issue was more in the tens of thousands, right?

ianco (Mon, 12 Jul 2021 18:45:06 GMT):

I don't know the details offhand

ianco (Mon, 12 Jul 2021 18:45:30 GMT):

If you enable sql debugging on your postgres instance it will let you know (either slow slow queries to many many queries)

ianco (Mon, 12 Jul 2021 18:45:30 GMT):

If you enable sql debugging on your postgres instance it will let you know (either slow slow queries or many many queries)

surajsingla333 (Tue, 13 Jul 2021 07:04:19 GMT):

Has joined the channel.

surajsingla333 (Tue, 13 Jul 2021 07:28:54 GMT):

Hey all, I am trying to locally run von network and aries cloud agents. So to begin with, I am using sovrin network - stagging network genesis block to start the von network locally. Now when I start the aries-cloud-agent with the local LEDGER_URL and it gives me TAA error while creating schema. The did is registered on the sovrin staging network using https://selfserve.sovrin.org/nym. Not sure why I am still facing the TAA error since von network code was recently updated to incorporate those changes.
Anyone has any idea about this?

jcourt (Tue, 13 Jul 2021 07:37:50 GMT):

```So to begin with, I am using sovrin network - stagging network genesis block to start the von network locally.```
That statement doesn't make a lot of sense.  If you are specifying the Sovrin Staging genesis file to von network I can only assume you are meaning you are starting the VON Web Server and pointing it at the Sovrin Staging network.  If that is the case then YOU ARE talking to the Sovrin network not any local host VON Network.  All the Sovrin Ledgers will require you to accept the TAA to do any writes. It doesn't matter that you have a DID the TAA is required for all Writes depending on how you have executed the accept (i.e. based on the options in the AML sent when you get the TAA).

jcourt (Tue, 13 Jul 2021 07:42:51 GMT):

The recent changes to VON to look more like the Sovrin Ledgers was simply to add a switch --taa-sample which will force the VON-Network to install a sample TAA and then it will require you to do the same Accept process on writes as the real Sovrin Ledgers.  This was to make it easier to do development locally and not have to make the jump understanding TAA processing when you move to one of the Sovrin ledgers.  If you don't start VON Network with --taa-sample it will behave as it did before that change and not require TAA processing.

surajsingla333 (Tue, 13 Jul 2021 08:55:38 GMT):

[ ](https://chat.hyperledger.org/channel/aries-cloudagent-python?msg=qonG8NDydikKdMZuf) Oh! This explains the new changes on VON network.

surajsingla333 (Tue, 13 Jul 2021 08:58:04 GMT):

[ ](https://chat.hyperledger.org/channel/aries-cloudagent-python?msg=PNqxCtbMeA4dzhwji) Okay, so if the DID is registered on sovrin staging network thorough https://selfserve.sovrin.org/nym, then to create a schema what should be the TAA for that? I mean sovrin network will have their own AML, right?

swcurran (Tue, 13 Jul 2021 09:50:09 GMT):

There is an endpoint in ACA-Py to retrieve the TAA information from the connected network, and that can be used to send the "signed" TAA transaction -- the acknolwedgment.

swcurran (Tue, 13 Jul 2021 10:01:34 GMT):

I posted a new issue on the ACA-Py site for those using Indy ledgers with ACA-Py.  The issue is a request to update the DIDDoc returned from resolving a "did:sov" DID to comply with some new rules added to the did:sov DID Method specification.  The issue is here: https://github.com/hyperledger/aries-cloudagent-python/issues/1313

It's tagged with "Help Wanted" and "Good First Issue" if anyone is interested in grabbing it.

surajsingla333 (Tue, 13 Jul 2021 10:40:28 GMT):

Oh1 will look intot it, thanks

surajsingla333 (Tue, 13 Jul 2021 10:40:28 GMT):

Oh! will look into it, thanks

bt333 (Tue, 13 Jul 2021 11:44:31 GMT):

Has joined the channel.

bt333 (Tue, 13 Jul 2021 11:44:31 GMT):

Could you please tell more about the endpoint? We are having difficulty to find it.

jcourt (Tue, 13 Jul 2021 20:20:19 GMT):

I am still on 0.5.6 but the `GET /ledger/taa` to fetch the TAA and `POST /ledger/taa/accept` endpoints are what I use.

swcurran (Wed, 14 Jul 2021 06:22:29 GMT):

Thanks @jcourt --- I was looking into it and ....  squirrel.

jcourt (Wed, 14 Jul 2021 06:23:24 GMT):

:-)

surajsingla333 (Wed, 14 Jul 2021 07:06:24 GMT):

Thanks @jcourt

fethbita (Wed, 14 Jul 2021 15:07:18 GMT):

When I use the `issue-credential-2.0/send-offer` to send an offer, the other party doesn't receive any messages in its webhook. However the credential exchange record is received. Is there an additional setting that I need to activate for the agent to contact the webhook on this event?

fethbita (Wed, 14 Jul 2021 15:07:18 GMT):

When I use the `issue-credential-2.0/send-offer` to send an offer, the other party doesn't receive any messages in its controller webhook. However the credential exchange record is received. Is there an additional setting that I need to activate for the agent to contact the webhook on this event?

fethbita (Wed, 14 Jul 2021 15:14:46 GMT):

It's just me being a bit slow. I haven't given the webhook to the agent so nothing was sent to my controller webhook.

Jsyro (Wed, 14 Jul 2021 21:53:09 GMT):

Trying credential offer with `0.7rc1`aca-py is throwing this error. 

```
2021-07-14 21:49:36,018 aries_cloudagent.core.dispatcher ERROR Handler error: credential_exchange_send
Traceback (most recent call last):
  File "/home/indy/.pyenv/versions/3.6.13/lib/python3.6/site-packages/aries_cloudagent/protocols/issue_credential/v1_0/routes.py", line 469, in credential_exchange_send
    connection_record = await ConnRecord.retrieve_by_id(session, connection_id)
  File "/home/indy/.pyenv/versions/3.6.13/lib/python3.6/site-packages/aries_cloudagent/messaging/models/base_record.py", line 214, in retrieve_by_id
    return cls.from_storage(record_id, vals)
  File "/home/indy/.pyenv/versions/3.6.13/lib/python3.6/site-packages/aries_cloudagent/messaging/models/base_record.py", line 111, in from_storage
    return cls(**params)
  File "/home/indy/.pyenv/versions/3.6.13/lib/python3.6/site-packages/aries_cloudagent/connections/models/conn_record.py", line 192, in __init__
    **kwargs,
TypeError: __init__() got an unexpected keyword argument 'connection_protocol'
2021-07-14 21:49:36,019 aries_cloudagent.admin.server ERROR Handler error with exception: __init__() got an unexpected keyword argument 'connection_protocol'
```
Is this something out app has to change, or just a bug in aca-py?

jcourt (Thu, 15 Jul 2021 05:41:20 GMT):

@swcurran or @andrew.whitehead, I just ran the Codegen for Typescript on the 0.7.0-rc1.  There is a model type of `Date` that seems to have been defined for the `POST /transactions/create-request` endpoints body.  It is the ONLY place I can see this being used and it results in a keyword clash in typescript.  In general it would seem to be a good idea not to use these generic names unless they really are some generic type. The description for the `Date` type seems to be `Expiry Date` and format is `date-time`.  Would it be possible to change this to a name like `ExpirationDate` that is unlikely to conflict with any Language Keywords ?

jcourt (Thu, 15 Jul 2021 05:44:26 GMT):

I will log an issue for it so if it proves to be not worthwhile it can be closed

Shweta1 (Thu, 15 Jul 2021 13:26:22 GMT):

I have mobile wallet created through osma application.i have issuer aries cloud agent.Is it possible to create aries mediator cloud agent which connects to this mobile agent.if yes,could you pls suggest.

TimoGlastra (Thu, 15 Jul 2021 13:43:36 GMT):

Hi @Shweta1 this is not possible to do with ACA-Py at the moment. OSMA is built on top Aries Framework .NET, which doesn't support the mediator coordination protocol. You will need to use the Aries Framework .NET mediator functionality for this

Shweta1 (Thu, 15 Jul 2021 14:20:29 GMT):

Thanks a lot timoGlastra

swcurran (Thu, 15 Jul 2021 15:09:16 GMT):

The ACA-Py team is happy to announce that Release 0.7.0 became official today. This is a huge upgrade with a significant list of big, new capabilities:

* Support for W3C Standard Verifiable Credentials based on JSON-LD using LD-Signatures and BBS+ Signatures, contributed by Animo Solutions - #1061
* Present Proof V2 including support for DIF Presentation Exchange - #1125
* Pluggable DID Resolver (with a did:web resolver) with fallback to an external DID universal resolver, contributed by Indicio - #1070
* Alpha support for the Indy/Aries Shared Components (indy-vdr, indy-credx and aries-askar), which enable running ACA-Py without using Indy-SDK, while still supporting the use of Indy as a ledger, and Indy AnonCreds verifiable credentials #1267
* Updates and extensions to ledger transaction endorsement via the Sign Attachment Protocol, contributed by AyanWorks - #1134, #1200
* Upgrades to Demos to add support for Credential Exchange 2.0 and W3C Verifiable Credentials #1235

Thanks to all the maintainers and contributors -- there was a lot of community participation in this one!

Release notes are here: https://github.com/hyperledger/aries-cloudagent-python/releases/tag/0.7.0
Documentation is here: https://aries-cloud-agent-python.readthedocs.io/en/0.7.0/

TimoGlastra (Thu, 15 Jul 2021 18:15:21 GMT):

Not sure what your requirements are, but we recently added this to Aries Framework JavaScript. So if you’re okay with working in React Native you can take a look. We intend to update aries mobile agent react native (https://github.com/hyperledger/aries-mobile-agent-react-native) soon with those capabilities.

Shweta1 (Fri, 16 Jul 2021 12:57:17 GMT):

Thanks TimoGlastra!!Actually we are trying to run mediator agent somewhere on cloud.We have restriction with mediatior agent running on IIS server.so try to look another alternative

dbluhm (Mon, 19 Jul 2021 17:34:53 GMT):

@ianco (tagging you since your name is recently associated with the changes) Is the endorser protocol as implemented in ACA-Py documented anywhere? We dug up this hackmd document but from cursory scans of the protocol in code, it doesn't seem to line up exactly. We're feeling out adding support for transaction endorser stuff in the toolbox but wrapping our heads around this protocol is proving to be a bit of a hurdle

dbluhm (Mon, 19 Jul 2021 17:34:53 GMT):

@ianco (tagging you since your name is recently associated with the changes) Is the endorser protocol as implemented in ACA-Py documented anywhere? We dug up this [hackmd document](https://hackmd.io/5LzMhfsMQBevB5V2tKz4hA?view) but from cursory scans of the protocol in code, it doesn't seem to line up exactly. We're feeling out adding support for transaction endorser stuff in the toolbox but wrapping our heads around this protocol is proving to be a bit of a hurdle

andrew.whitehead (Mon, 19 Jul 2021 17:39:00 GMT):

I think this PR might be the latest version? Although there might be differences there as well.  https://github.com/hyperledger/aries-rfcs/pull/586

dbluhm (Mon, 19 Jul 2021 17:41:46 GMT):

Hm, yeah, judging from the `message_types.py` [here](https://github.com/hyperledger/aries-cloudagent-python/blob/9e786f38110f3f8410337008c569d55d6f3da4d7/aries_cloudagent/protocols/endorse_transaction/v1_0/message_types.py), it seems to be using a different protocol altogether

andrew.whitehead (Mon, 19 Jul 2021 17:44:05 GMT):

Looks like the old message types are still referenced in a couple places, probably in error

esune (Mon, 19 Jul 2021 17:45:53 GMT):

You could also look at [this set of BDD tests](https://github.com/hyperledger/aries-cloudagent-python/blob/main/demo/features/0586-sign-transaction.feature) for guidance on how the different steps work.

esune (Mon, 19 Jul 2021 17:46:38 GMT):

Keeping in mind things might/will get tweaked further based on [this issue](https://github.com/hyperledger/aries-cloudagent-python/issues/1238)

esune (Mon, 19 Jul 2021 17:47:58 GMT):

Another resource you could poke at is this: https://github.com/bcgov/aries-vcr-issuer-agency
There's a controller for the endorser (all automatic) and one for the author (running in multitenancy mode). The BDD test is best for understanding the flow, this code could be used to see how it can be implemented right now.

dbluhm (Mon, 19 Jul 2021 17:48:31 GMT):

Thanks for the resources!

dbluhm (Mon, 19 Jul 2021 17:59:44 GMT):

@CharHowland  ^^

swcurran (Mon, 19 Jul 2021 18:07:37 GMT):

Let's keep in sync on this.  Biggest thing needed is to make it REALLY easy for the Controller -- config only and no change to the protocol.

swcurran (Mon, 19 Jul 2021 18:07:37 GMT):

Let's keep in sync on this.  Biggest thing needed is to make it REALLY easy for the Controller -- config only and no change to the admin api for creating Indy objects..

dbluhm (Mon, 19 Jul 2021 18:36:56 GMT):

User User_1 added by dbluhm.

thomas_kim (Tue, 20 Jul 2021 06:31:22 GMT):

Hi community, we are doing the performance testing of ACA-Py, and found that if we send a request `present-proof/records` after tons of presentation proof requests, ACA-Py stops working with the following log
`aca-py-664656b5f4-fm95x aca-py Killed`. I think this API needs a pagination.

thomas_kim (Tue, 20 Jul 2021 06:31:22 GMT):

Hi community, we are doing the performance testing of ACA-Py, and found that if we send a request GET `present-proof/records` after tons of presentation proof requests, ACA-Py stops working with the following log
`aca-py-664656b5f4-fm95x aca-py Killed`. I think this API needs a pagination.

thomas_kim (Tue, 20 Jul 2021 06:31:22 GMT):

Hi community, we are doing the performance testing of ACA-Py, and found that if we send a request GET `present-proof/records` after tons of presentation proof requests, ACA-Py stops working with the following log
`aca-py Killed`. I think this API needs a pagination

thomas_kim (Tue, 20 Jul 2021 06:31:22 GMT):

Hi community, we are doing the performance testing of ACA-Py, and found that if we send a request `GET present-proof/records` after tons of presentation proof requests, ACA-Py stops working with the following log
`aca-py Killed`. I think this API needs a pagination

swcurran (Tue, 20 Jul 2021 07:48:10 GMT):

Makes sense --- want to do a PR?

IMHO -- the secure storage of an ACA-Py instance should only hold in-flight protocol data. Anything that needs to be kept after a protocol completes should be in controller storage and deleted from ACA-Py storage.  Still likely needs pagination, but less of any issue.

swcurran (Wed, 21 Jul 2021 17:27:13 GMT):

Join us for the ACA-Py User Group Wednesday (today!) at 11AM Pacific (18:00 UTC) -- the hour before the Aries WG Call. We'll have the core maintainers on the call to answer any questions -- other topics are below.

Zoom link: https://zoom.us/my/hyperledger.community?pwd=STZQd0xMZU9xRVVOVnpQM3JNQ2dqZz09

Link to meeting agenda page: https://wiki.hyperledger.org/display/ARIES/2021-07-21+Aries+Cloud+Agent+-+Python+Users+Group+Community+Meeting

Everyone is welcome!

Planned Topics:

- ACA-Py Release 0.7.0
- Accessing Multiple Indy Ledgers from a single ACA-Py instance
- AMA (as time permits)

GuilhermeFunchal (Wed, 21 Jul 2021 18:48:55 GMT):

Hello, How I can start aca-py with webhook option ? I'm trying to set --webhook-url to http://192.168.0.1/webhooks but the tcp port dont't open. 
How I can get all messages from agent and multitenant clients ?

GuilhermeFunchal (Wed, 21 Jul 2021 18:48:55 GMT):

Hello, How I can start aca-py with webhook option ? I'm trying to set --webhook-url to http://192.168.0.1:8022/webhooks but the tcp port dont't open. 
How I can get all messages from agent and multitenant clients ?

esune (Wed, 21 Jul 2021 18:52:57 GMT):

Are you running aca-py natively, or in Docker?
The webhook URL must reference another service that is exposing an endpoint (in your case, `/webhooks`) that is able to receive POST requests from the agent. Requests will be of many types, in the form `/webhooks/{topic}` and provide different payloads depending on the type and action/state being reported.

esune (Wed, 21 Jul 2021 18:53:07 GMT):

The webhook endpoint is NOT on the agent itself.

GuilhermeFunchal (Wed, 21 Jul 2021 18:54:59 GMT):

I'm running without docker.  What could I use to capture the messages?

esune (Wed, 21 Jul 2021 18:58:11 GMT):

Assuming the IP address you used is correct, you seem to be missing a port. You can setup a service that responds to POST requests on the URL you want using your preferred language.

esune (Wed, 21 Jul 2021 18:58:24 GMT):

An example of something we are using is here (in NodeJS): https://github.com/bcgov/aries-vcr-issuer-agency/blob/main/agency/src/services/webhooks/webhooks.class.ts

GuilhermeFunchal (Wed, 21 Jul 2021 19:03:01 GMT):

thank you very much for your help, i will try to use. I forgot to put the port in the Post URL..

GuilhermeFunchal (Thu, 22 Jul 2021 12:55:00 GMT):

How is this done in the ACA-Py demos?

esune (Thu, 22 Jul 2021 15:36:44 GMT):

Some demos do not sed webhooks to a specific endpoint, others have it configured (see [this example](https://github.com/hyperledger/aries-cloudagent-python/blob/main/demo/local-indy-args.yaml#L12)). You will need to dig through the code to figure out which does what, I do not know off the top of my head.

dbluhm (Thu, 22 Jul 2021 19:32:14 GMT):

Sanity check, has anyone successfully configured inbound transports through environment variable? I don't think it's possible due to limitations in ConfigArgParse but willing to accept that I've missed something. Relevant issue I opened up: https://github.com/hyperledger/aries-cloudagent-python/issues/1330

ianco (Thu, 22 Jul 2021 20:52:11 GMT):

Hi @dbluhm I believe you are correct, we should probably drop the environment variable for this parameter (at least until your ConfigArgParse PR is accepted)

dbluhm (Thu, 22 Jul 2021 20:52:44 GMT):

Okay, thanks for the confirmation!

fethbita (Fri, 23 Jul 2021 07:38:26 GMT):

When I run the faber demo with revocation, why does it write 2 REVOC_REG_DEFs and REVOC_REG_ENTRY in the ledger back to back? When the revocation is used, only the first one is used and it's as if second one is written by mistake. Creating a credential definition on the admin URL also causes the same thing, 2 REVOC_REG_DEFs and REVOC_REG_ENTRY are written.

fethbita (Fri, 23 Jul 2021 07:39:28 GMT):



Duplicate REVOC_REG_DEF writes on ledger

fethbita (Fri, 23 Jul 2021 07:47:18 GMT):



Tails server logs

c2bo (Fri, 23 Jul 2021 09:17:50 GMT):

Are there plans to create an acapy image that does not have dependencies to indy-sdk anymore (with the new alpha support for indy-vdr and indy-credx) ? Is anyone currently working on that?

c2bo (Fri, 23 Jul 2021 11:14:03 GMT):

As far as I know acapy always creates a "next" revocation registry --> when your current registry is full, the next one will be used (at this point a new "next" revocation registry would be created).

fethbita (Fri, 23 Jul 2021 11:39:59 GMT):

Oh that makes sense, I will try to create a registry with size 4 and revoke 5 credentials to see what will happen

fethbita (Fri, 23 Jul 2021 12:29:45 GMT):

Yes, you are right! acapy automatically creates the next registry as well. I was suspicious because when I checked indyscan.io, I didn't see this behavior.

fethbita (Fri, 23 Jul 2021 12:35:53 GMT):

Is it possible to disable this so acapy only creates a single revocation registry? Or should I create it on demand

WadeBarnes (Fri, 23 Jul 2021 12:55:10 GMT):

You're better off to just let `aca-py` manage the revocation registries for you. The functionality you've discovered is there on purpose to avoid issues when the first revocation registry gets full.  `aca-py` ensures there is always one waiting in the wings.

WadeBarnes (Fri, 23 Jul 2021 12:55:31 GMT):

@esune, do you have some additional details you can provide.

WadeBarnes (Fri, 23 Jul 2021 12:55:31 GMT):

@esune, do you have some additional details you can provide?

fethbita (Fri, 23 Jul 2021 12:57:38 GMT):

I agree actually. I think just letting aca-py handle it is the best move. I just was surprised when I saw the duplicate registry and thought there was a problem somewhere on my system. I also couldn't find an explanation behind it. But now that I know for sure, I understand. Thank you

GuilhermeFunchal (Fri, 23 Jul 2021 14:20:52 GMT):

I think I found a bug in local execution via aca-py shell, apparently it ignores "--webhook-url" and always points to the port defined in "--inbound-transport" plus 2. For example if I set port 8020 it sends the web-hooks to port 8022 always in the /webhooks/topic

Look at my agent's call:
/usr/local/bin/aca-py start --endpoint https://7fd942fe5107.ngrok.io --genesis-url http://192.168.2.12:9000/genesis --endpoint http://192.168.2.33:8020 --inbound-transport http 0.0.0.0 8020 --outbound-transport http --webhook-url http://0.0.0.0:8080 --auto-respond-credential-proposal --auto-respond-credential-request --auto-respond-presentation-proposal --auto-respond-credential-offer --auto-respond-presentation-request --auto-accept-invites --auto-accept-requests --auto-store-credential --auto-verify-presentation --auto-store-credential --auto-ping-connection --auto-provision --auto-respond-messages --preserve-exchange-records --admin 0.0.0.0 8021 --seed 0000000000000000000000SerproNode --enable-undelivered-queue --jwt-secret very_secret_secret --wallet-type indy --storage-type indy --wallet-name credencial-serv-1 --wallet-key credencial-serv-1 --wallet-storage-type postgres_storage --wallet-storage-config {"url":"192.168.2.16:5432"} --wallet-storage-creds {"account":"postgres","password":"79inVct","admin_account":"postgres","admin_password":"79inVct"} --trace --log-file aca-py.log --log-level debug --trace-target log --trace-tag acapy.events --label credencial-serv.agent --trace-label credencial-serv.agent.trace --tails-server-base-url https://7fd942fe5107.ngrok.io --admin-insecure-mode --multitenant --multitenant-admin

Look at the Aca-py log : 

dd_wallet_record: <<< res: None
 acapy.events {"msg_id": "N/A", "thread_id": "98109dd0-9c24-4954-8e74-527788a310ae", "traced_type": "dict:Exchange", "timestamp": 1627046035.7047746, "str_time": "2021-07-23 13:13:55.704775", "handler": "credencial-serv.agent.trace", "ellapsed_milli": 0, "outcome": "OutboundTransportManager.DELIVER.START.http://192.168.2.33:8022/webhooks/topic/present_proof/"}
 acapy.events {"msg_id": "N/A", "thread_id": "98109dd0-9c24-4954-8e74-527788a310ae", "traced_type": "dict:Exchange", "timestamp": 1627046035.7050254, "str_time": "2021-07-23 13:13:55.705025", "handler": "credencial-serv.agent.trace", "ellapsed_milli": 0, "outcome": "OutboundTransportManager.DELIVER.END.http://192.168.2.33:8022/webhooks/topic/present_proof/"}
get_wallet_record: >>> wallet_handle: 12, type_: 'connection', id: '359920c3-dc39-47a9-917d-ec548b354885', options_json: '{"retrieveType": false, "retrieveValue": true, "retrieveTags": false}'
do_call: >>> name: indy_get_wallet_record, args: (c_int(12), c_char_p(140439527792720), c_char_p(140439528271384), c_char_p(140439528463384), )
do_call: Function indy_get_wallet_record returned err: 0

GuilhermeFunchal (Fri, 23 Jul 2021 14:20:52 GMT):

I think I found a bug in local execution via aca-py shell, apparently it ignores "--webhook-url" and always points to the port defined in "--inbound-transport" plus 2. For example if I set port 8020 it sends the web-hooks to port 8022 always in the /webhooks/topic

Look at my agent's call:
/usr/local/bin/aca-py start --endpoint https://7fd942fe5107.ngrok.io --genesis-url http://192.168.2.12:9000/genesis --endpoint http://192.168.2.33:8020 --inbound-transport http 0.0.0.0 8020 --outbound-transport http --webhook-url http://0.0.0.0:8080 --auto-respond-credential-proposal --auto-respond-credential-request --auto-respond-presentation-proposal --auto-respond-credential-offer --auto-respond-presentation-request --auto-accept-invites --auto-accept-requests --auto-store-credential --auto-verify-presentation --auto-store-credential --auto-ping-connection --auto-provision --auto-respond-messages --preserve-exchange-records --admin 0.0.0.0 8021 --seed 0000000000000000000000SerproNode --enable-undelivered-queue --jwt-secret very_secret_secret --wallet-type indy --storage-type indy --wallet-name credencial-serv-1 --wallet-key credencial-serv-1 --wallet-storage-type postgres_storage --wallet-storage-config {"url":"192.168.2.16:5432"} --wallet-storage-creds {"account":"postgres","password":"79inVct","admin_account":"postgres","admin_password":"79inVct"} --trace --log-file aca-py.log --log-level debug --trace-target log --trace-tag acapy.events --label credencial-serv.agent --trace-label credencial-serv.agent.trace --tails-server-base-url https://7fd942fe5107.ngrok.io --admin-insecure-mode --multitenant --multitenant-admin

Look at the Aca-py log : 
dd_wallet_record: <<< res: None
 acapy.events {"msg_id": "N/A", "thread_id": "98109dd0-9c24-4954-8e74-527788a310ae", "traced_type": "dict:Exchange", "timestamp": 1627046035.7047746, "str_time": "2021-07-23 13:13:55.704775", "handler": "credencial-serv.agent.trace", "ellapsed_milli": 0, "outcome": "OutboundTransportManager.DELIVER.START.http://192.168.2.33:8022/webhooks/topic/present_proof/"}
 acapy.events {"msg_id": "N/A", "thread_id": "98109dd0-9c24-4954-8e74-527788a310ae", "traced_type": "dict:Exchange", "timestamp": 1627046035.7050254, "str_time": "2021-07-23 13:13:55.705025", "handler": "credencial-serv.agent.trace", "ellapsed_milli": 0, "outcome": "OutboundTransportManager.DELIVER.END.http://192.168.2.33:8022/webhooks/topic/present_proof/"}
get_wallet_record: >>> wallet_handle: 12, type_: 'connection', id: '359920c3-dc39-47a9-917d-ec548b354885', options_json: '{"retrieveType": false, "retrieveValue": true, "retrieveTags": false}'
do_call: >>> name: indy_get_wallet_record, args: (c_int(12), c_char_p(140439527792720), c_char_p(140439528271384), c_char_p(140439528463384), )
do_call: Function indy_get_wallet_record returned err: 0

dbluhm (Fri, 23 Jul 2021 14:39:20 GMT):

These values match up with default values that are populated in the multi-tenancy subwallet create Admin API call in the Swagger UI-- when you create subwallets, it might be worth double checking that no values are passed in the `webhook_urls` array

dbluhm (Fri, 23 Jul 2021 15:11:49 GMT):

I can't speak to whether someone is preparing an official "askar-only" image but I was curious how things were working in terms of dependencies and was pleased to find that the following minimal Dockerfile worked as expected:

```
FROM python:3.7
RUN pip3 install aries-cloudagent[askar]
ENTRYPOINT ["/bin/sh", "-c", "aca-py \"$@\"", "--"]
CMD ["start", "-it", "http", "0.0.0.0", "3000", "-ot", "http", "-e http://localhost:3000", "--genesis-url", "https://raw.githubusercontent.com/Indicio-tech/indicio-network/master/genesis_files/pool_transactions_testnet_genesis", "--wallet-type", "askar", "--auto-provision", "--admin", "0.0.0.0", "3001", "--admin-insecure-mode"]
```

So if nothing else, rolling your own is pretty trivial

dbluhm (Fri, 23 Jul 2021 15:11:49 GMT):

I can't speak to whether someone is preparing an official "askar-only" image but I was curious how things were working in terms of dependencies and was pleased to find that the following minimal Dockerfile worked as expected:

```
FROM python:3.7
RUN pip3 install aries-cloudagent[askar]
ENTRYPOINT ["/bin/sh", "-c", "aca-py \"$@\"", "--"]
```

So if nothing else, rolling your own is pretty trivial

(I tested this with the following default CMD:
```
CMD ["start", "-it", "http", "0.0.0.0", "3000", "-ot", "http", "-e http://localhost:3000", "--genesis-url", "https://raw.githubusercontent.com/Indicio-tech/indicio-network/master/genesis_files/pool_transactions_testnet_genesis", "--wallet-type", "askar", "--auto-provision", "--admin", "0.0.0.0", "3001", "--admin-insecure-mode"]
```
)

swcurran (Fri, 23 Jul 2021 15:13:51 GMT):

We will be doing that eventual, but we want a little more experience with askar as an option first.

Thanks @dbluhm for guidance on how to do it yourself for now!

dbluhm (Fri, 23 Jul 2021 15:42:55 GMT):

I'm just glad Andrew made it so easy! I'd become accustomed to compiling the Indy SDK lol

aspannag (Mon, 26 Jul 2021 11:52:26 GMT):

Has joined the channel.

ianco (Mon, 26 Jul 2021 23:38:43 GMT):

Hi folks, for this endpoint:  `GET /revocation/credential-record` and passing in a `rev_reg_id` and `cred_rev_id`, the endpoint seems to work if I'm the `issuer` of the credential, but if I'm the `holder` of the credential then this api gives me a `404`:

```
404: IssuerCredRevRecord record not found for {'rev_reg_id': 'WLdcdepo5mU8HFaEmrq5AA:4:WLdcdepo5mU8HFaEmrq5AA:3:CL:145823:Ethics_Compliance_Certificate:CL_ACCUM:dd3cd0ed-3d73-405b-b6ce-ae92b7c772e9'}, {'cred_rev_id': '1'}.
```

Is this correct?  How can I check if a credential has been revoked if I'm the `holder` of the credential?

esune (Mon, 26 Jul 2021 23:42:55 GMT):

You could use `/credential/revoked/{credential_id}` maybe?

ianco (Mon, 26 Jul 2021 23:45:08 GMT):

Aha you are correct sir!

ianco (Mon, 26 Jul 2021 23:45:11 GMT):

Thanks

esune (Mon, 26 Jul 2021 23:45:52 GMT):

No problem! :slight_smile:

fethbita (Tue, 27 Jul 2021 15:09:47 GMT):

Is it possible to have a separate JWT token for the base wallet in the `--multitenant-admin` option? So for example, I can create a sub wallet only if I have the JWT token for the base wallet

swcurran (Tue, 27 Jul 2021 15:19:55 GMT):

@TimoGlastra ^^^

TimoGlastra (Tue, 27 Jul 2021 15:22:50 GMT):

Sort of. You need the base api token to do anything on the ACA-Py instance, this also applies to the base wallet. However, there is not a separate JWT token / API key just for the base wallet, only for the sub wallets

fethbita (Tue, 27 Jul 2021 15:23:15 GMT):

I see. I already use the base api token but the base wallets need to use that too

fethbita (Tue, 27 Jul 2021 15:23:15 GMT):

I see. I already use the base api token but the ~base~ sub-wallets need to use that too

fethbita (Tue, 27 Jul 2021 15:25:07 GMT):

So for security purposes, I would like to run aca-py without `--multitenant-admin` and whenever I need to do anything related to administration of tenant wallets, I would like to use the option. However this requires me to restart the agent. I thought if the base wallet had a separate JWT token, separate from the tenants and the base API token, I could use that

TimoGlastra (Tue, 27 Jul 2021 15:26:26 GMT):

The reasoning at the time was that you'd always put the ACA-Py instance behind a firewall/proxy and would not directly expose the ACA-Py endpoints. This way you can build your authentication/authorization logic on top of it yourself

esune (Tue, 27 Jul 2021 15:29:50 GMT):

We dealt with it that way in [aries-vcr-issuer-agency](https://github.com/bcgov/aries-vcr-issuer-agency) and use a controller tht acts as proxy, and generates its own api-keys for tenants. This allows us to be flexible and rotate the authentication key without having to go through the process (if it is even possible) of changing a tenant's JWT. I can however see how it could be useful to have the admin key decoupled from the tenant key for some deployments.

fethbita (Tue, 27 Jul 2021 15:32:02 GMT):

I see. Thank you @TimoGlastra and @esune I'll look at the aries-vcr-issuer-agency as an example.

ShashankKulkarni1 (Wed, 28 Jul 2021 05:48:24 GMT):

Has joined the channel.

ShashankKulkarni1 (Wed, 28 Jul 2021 05:48:26 GMT):

I have looked at the aries-cloudagent 0.7.0 version. I am trying to test the BBS+ signature locally & update my existing controller accordingly. Very first, we have to publish schema, do we have to submit PR every time on https://github.com/perma-id/w3id.org for using new schema?
Can we fork above repository, create server locally to use the credential schema IRI and use the same in @context

Can anyone suggest how to proceed with testing this implementation of  BBS+ signature locally? Do we have to use only these(yaha pe wo jo do credentialSchema ka example diya h wo daal) while testing locally as well?

ShashankKulkarni1 (Wed, 28 Jul 2021 05:52:31 GMT):

I have looked at the aries-cloudagent 0.7.0 version. I am trying to test the BBS+ signature locally & update my existing controller accordingly. Very first, we have to publish schema, do we have to submit PR every time on https://github.com/perma-id/w3id.org for using new schema?
Can we fork the above repository, create a server locally to use the credential schema IRI and use the same in @context

Can anyone suggest how to proceed with testing this implementation of  BBS+ signature locally? Do we have to use only these ("familyName":"SMITH", "gender": "Male","givenName": "JOHN") while testing locally as well?

swcurran (Wed, 28 Jul 2021 14:35:12 GMT):

The `@context` is an array and can be whatever you want.  You need to use the VC @context, but after that, you can add others.  Your question is about understanding JSON-LD more than ACA-Py or BBS+ Signatures.  You can use any JSON-LD contexts, so learning about how to assemble a schema from multiple contexts is what you are looking to do.

swcurran (Wed, 28 Jul 2021 14:35:12 GMT):

The `@context` is an array and can be whatever you want.  You need to use the VC @context (https://www.w3.org/2018/credentials/v1), but after that, you can add others.  Your question is about understanding JSON-LD more than ACA-Py or BBS+ Signatures.  You can use any JSON-LD contexts, so learning about how to assemble a schema from multiple contexts is what you are looking to do.

c2bo (Thu, 29 Jul 2021 07:35:50 GMT):

I played around with the indy-sdk-free setup a bit and that looks really promising imho! The only thing that seemed a bit strange to me was that the rust libraries are bundled into the python packages. Is that the "normal" way for python packages? Nonetheless really nice!

dbluhm (Thu, 29 Jul 2021 14:04:00 GMT):

I don't think it's an uncommon practice among at least crypto libraries. For example, pynacl includes the required binaries in the python package.

SuneetBendre (Thu, 29 Jul 2021 14:23:48 GMT):

Has joined the channel.

swcurran (Sun, 01 Aug 2021 19:36:37 GMT):

Hey folks -- question about the DID Resolver in ACA-Py.  Can you specify/configure an external DID Resolver?  For example, is it possible to specify that you want to use https://dev.uniresolver.io/?

@dbluhm ?

swcurran (Sun, 01 Aug 2021 21:27:32 GMT):

Doh -- look at the docs.

https://github.com/hyperledger/aries-cloudagent-python/blob/main/DIDResolution.md

And in particular:

https://github.com/hyperledger/aries-cloudagent-python/blob/main/DIDResolution.md#using-resolver-plugins

swcurran (Sun, 01 Aug 2021 21:38:19 GMT):

The docs don't provide a way to do a universal resolver. Is there a way to do that?

swcurran (Sun, 01 Aug 2021 21:38:19 GMT):

The docs don't provide a way to do a universal resolver. Is there a way to do that existing -- or a pointer on how to do it?

victor.martinez (Mon, 02 Aug 2021 09:04:59 GMT):

you have 2 options @swcurran  you can use the Http Universal Resolver Plugin if you want HTTP binding https://github.com/sicpa-dlab/acapy-resolver-universal or via didcomm binding https://github.com/sicpa-dlab/acapy-resolver-didcomm

victor.martinez (Mon, 02 Aug 2021 09:08:32 GMT):

if you want to use the http binding by default is using the dev.uniresolver.io . https://github.com/sicpa-dlab/acapy-resolver-universal/blob/3292b6a59338643ac20d85999413b4825666981a/universal_resolver/resolver.py#L19

etschelp (Mon, 02 Aug 2021 10:48:19 GMT):

How is the resolver plugin concept supposed to work in the long run? As I understand the documentation I would have to build my own custom aca-py image with all the resolvers that I need. It would be really cool to have the http binding directly available within aca-py, are there any plans to integrate it?

victor.martinez (Mon, 02 Aug 2021 10:58:54 GMT):

As a first step, we plan to transfer the two plugins under the Hyperledger umbrella to foster collaboration. My personal preference is to keep did resolution functionality modular as a plugin. I guess adding build-in plugins to aca-py should be something possible.  @dbluhm ^^^

RounakGhosh (Mon, 02 Aug 2021 13:33:41 GMT):



Clipboard - August 2, 2021 7:03 PM

RounakGhosh (Mon, 02 Aug 2021 13:34:47 GMT):

It is giving me this error, after credential has been issued and acknowledged to the wallet.

RounakGhosh (Mon, 02 Aug 2021 13:34:47 GMT):

It is giving me this error, after credential has been issued and acknowledged to the wallet. Please, do guide, as to what might be the reason behind this error.

dbluhm (Mon, 02 Aug 2021 15:01:16 GMT):

Apologies, this is definitely something that should be better documented in the acapy-resolver-universal repository. With this being an external plugin and the current state of plugin configuration loading in ACA-Py, the method to specify the universal resolver instance to talk to is to load a yaml file containing:
```
http_uniresolver:
  endpoint: https://my-uniresolver.example.com/1.0/identifiers
```
using the `--plugin-config` flag.

dbluhm (Mon, 02 Aug 2021 15:02:27 GMT):

For clarity, the default endpoint used is: `https://dev.uniresolver.io/1.0/identifiers`

dbluhm (Mon, 02 Aug 2021 15:02:57 GMT):

(Remaining default configuration can be found here: https://github.com/sicpa-dlab/acapy-resolver-universal/blob/main/universal_resolver/resolver.py#L19)

fethbita (Mon, 02 Aug 2021 15:07:16 GMT):

Is your controller listening on /webhooks/topic/issuer_cred_rev?

fethbita (Mon, 02 Aug 2021 15:07:16 GMT):

Is your controller listening on `/webhooks/topic/issuer_cred_rev`?

RounakGhosh (Mon, 02 Aug 2021 15:30:24 GMT):

@fethbita, controller is not listening on /webhooks/topic/issuer_cred_rev

fethbita (Mon, 02 Aug 2021 15:32:04 GMT):

So if you listen on `/webhooks/topic/issuer_cred_rev` and return 200? This is an error  you get on your controller, right? Not on aca-py

TimoGlastra (Mon, 02 Aug 2021 16:00:28 GMT):

test.bcovrin.vonx.io keeps loading indefinitely on the /browse/domain page, while dev.greenlight.vonx.io seems to load just fine, is there something wrong with the service?

fethbita (Tue, 03 Aug 2021 09:25:20 GMT):

If I want to use proof request without creating a connection first, what are the steps that I need to do?
Right now, I create a request and add ~service to the pres_request (I will reply to this and show how it looks)
However I can't figure out how to receive this on the prover side and present a proof.

fethbita (Tue, 03 Aug 2021 09:25:41 GMT):

```{
    "@type": "did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/present-proof/2.0/request-presentation",
    "@id": "07147905-925d-45fb-b455-213879ee37a3",
    "~trace": {
        "target": "log",
        "full_thread": true,
        "trace_reports": []
    },
    "formats": [
        {
            "attach_id": "indy",
            "format": "hlindy/proof-req@v2.0"
        }
    ],
    "request_presentations~attach": [
        {
            "@id": "indy",
            "mime-type": "application/json",
            "data": {
                "base64": "eyJuYW1lIjogIlByb29mIFJlcXVlc3QiLCAidmVyc2lvbiI6ICIxLjAiLCAicmVxdWVzdGVkX2F0dHJpYnV0ZXMiOiB7IjBfZmlyc3RuYW1lX3V1aWQiOiB7Im5hbWUiOiAiZmlyc3RuYW1lIiwgInJlc3RyaWN0aW9ucyI6IFt7ImNyZWRfZGVmX2lkIjogIkttYzVOa1Y3NnB6bjk1RnU0dzJtQmU6MzpDTDoxMDpkZWZhdWx0MTIzMTIzMTIzMSJ9XX0sICIwX3RpbWVzdGFtcF91dWlkIjogeyJuYW1lIjogInRpbWVzdGFtcCIsICJyZXN0cmljdGlvbnMiOiBbeyJjcmVkX2RlZl9pZCI6ICJLbWM1TmtWNzZwem45NUZ1NHcybUJlOjM6Q0w6MTA6ZGVmYXVsdDEyMzEyMzEyMzEifV19LCAiMF9sYXN0bmFtZV91dWlkIjogeyJuYW1lIjogImxhc3RuYW1lIiwgInJlc3RyaWN0aW9ucyI6IFt7ImNyZWRfZGVmX2lkIjogIkttYzVOa1Y3NnB6bjk1RnU0dzJtQmU6MzpDTDoxMDpkZWZhdWx0MTIzMTIzMTIzMSJ9XX19LCAicmVxdWVzdGVkX3ByZWRpY2F0ZXMiOiB7fSwgIm5vbl9yZXZva2VkIjogeyJ0byI6IDE2Mjc5ODE0MTl9LCAibm9uY2UiOiAiMTM2NjA4NDAxOTE2MTA5NDA0ODA2NTA1In0="
            }
        }
    ],
    "will_confirm": true,
    "~service": {
        "recipientKeys": [
            "Kmc5NkV76pzn95Fu4w2mBe"
        ],
        "routingKeys": null,
        "serviceEndpoint": "http://user-hospital-agent:8201"
    }
}```

fethbita (Tue, 03 Aug 2021 09:25:41 GMT):

```{
    "@type": "did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/present-proof/2.0/request-presentation",
    "@id": "07147905-925d-45fb-b455-213879ee37a3",
    "~trace": {
        "target": "log",
        "full_thread": true,
        "trace_reports": []
    },
    "formats": [
        {
            "attach_id": "indy",
            "format": "hlindy/proof-req@v2.0"
        }
    ],
    "request_presentations~attach": [
        {
            "@id": "indy",
            "mime-type": "application/json",
            "data": {
                "base64": "eyJuYW1lIjogIlByb29mIFJlcXVlc3QiLCAidmVyc2lvbiI6ICIxLjAiLCAicmVxdWVzdGVkX2F0dHJpYnV0ZXMiOiB7IjBfZmlyc3RuYW1lX3V1aWQiOiB7Im5hbWUiOiAiZmlyc3RuYW1lIiwgInJlc3RyaWN0aW9ucyI6IFt7ImNyZWRfZGVmX2lkIjogIkttYzVOa1Y3NnB6bjk1RnU0dzJtQmU6MzpDTDoxMDpkZWZhdWx0MTIzMTIzMTIzMSJ9XX0sICIwX3RpbWVzdGFtcF91dWlkIjogeyJuYW1lIjogInRpbWVzdGFtcCIsICJyZXN0cmljdGlvbnMiOiBbeyJjcmVkX2RlZl9pZCI6ICJLbWM1TmtWNzZwem45NUZ1NHcybUJlOjM6Q0w6MTA6ZGVmYXVsdDEyMzEyMzEyMzEifV19LCAiMF9sYXN0bmFtZV91dWlkIjogeyJuYW1lIjogImxhc3RuYW1lIiwgInJlc3RyaWN0aW9ucyI6IFt7ImNyZWRfZGVmX2lkIjogIkttYzVOa1Y3NnB6bjk1RnU0dzJtQmU6MzpDTDoxMDpkZWZhdWx0MTIzMTIzMTIzMSJ9XX19LCAicmVxdWVzdGVkX3ByZWRpY2F0ZXMiOiB7fSwgIm5vbl9yZXZva2VkIjogeyJ0byI6IDE2Mjc5ODE0MTl9LCAibm9uY2UiOiAiMTM2NjA4NDAxOTE2MTA5NDA0ODA2NTA1In0="
            }
        }
    ],
    "will_confirm": true,
    "~service": {
        "recipientKeys": [
            "Kmc5NkV76pzn95Fu4w2mBe"
        ],
        "routingKeys": null,
        "serviceEndpoint": "http://user-test-agent:8201"
    }
}```

swcurran (Wed, 04 Aug 2021 12:55:22 GMT):

Join us for the ACA-Py User Group Wednesday (today) at 11AM Pacific (18:00 UTC) -- the hour before the Aries WG Call. We'll have the core maintainers on the call to answer any questions -- other topics are below.

Zoom link: https://zoom.us/my/hyperledger.community?pwd=STZQd0xMZU9xRVVOVnpQM3JNQ2dqZz09

Link to meeting agenda page: https://wiki.hyperledger.org/display/ARIES/2021-07-21+Aries+Cloud+Agent+-+Python+Users+Group+Community+Meeting

Everyone is welcome!

Planned Topics:

- Persistent Queues -- a discussion about what is needed for handling queues for "standard" ACA-Py and ACA-Py as a Mediator Service use cases
- AMA (as time permits)

@dbluhm -- hoping you can make it.  I've got some drawings to start the conversation on queues.

swcurran (Wed, 04 Aug 2021 12:55:22 GMT):

Join us for the ACA-Py User Group Wednesday (today) at 11AM Pacific (18:00 UTC) -- the hour before the Aries WG Call. We'll have the core maintainers on the call to answer any questions -- other topics are below.

Zoom link: https://zoom.us/my/hyperledger.community?pwd=STZQd0xMZU9xRVVOVnpQM3JNQ2dqZz09

Link to meeting agenda page: https://wiki.hyperledger.org/display/ARIES/2021-08-04+Aries+Cloud+Agent+-+Python+Users+Group+Community+Meeting

Everyone is welcome!

Planned Topics:

- Persistent Queues -- a discussion about what is needed for handling queues for "standard" ACA-Py and ACA-Py as a Mediator Service use cases
- AMA (as time permits)

@dbluhm -- hoping you can make it.  I've got some drawings to start the conversation on queues.

dbluhm (Wed, 04 Aug 2021 14:49:11 GMT):

Hello BC Gov Team and ACA-Py Contributors, just wanted to quickly call attention to "[DIDComm Gemini](https://github.com/sicpa-dlab/didcomm-gemini)" in case you have not already seen it. It's an initiative started by SICPA to implement libraries supporting DIDComm V2. You can, of course, read more in depth in the repo but the goal is to produce libraries that make few assumptions, minimize dependencies, and therefore should be usable in a variety of architectures for a pretty good spread of languages, including of course python. This is especially relevant to [this PR](https://github.com/hyperledger/aries-cloudagent-python/pull/1331) @andrew.whitehead opened up recently as their may be some opportunities to combine efforts to add DIDComm V2 support to ACA-Py with an Askar backend.
cc: @victor.martinez @swcurran @danielhardman

dbluhm (Wed, 04 Aug 2021 14:49:11 GMT):

Hello BC Gov Team and ACA-Py Contributors, just wanted to quickly call attention to "[DIDComm Gemini](https://github.com/sicpa-dlab/didcomm-gemini)" in case you have not already seen it. It's an initiative started by SICPA to implement libraries supporting DIDComm V2. You can read more in depth in the repo but the goal is to produce libraries that make few assumptions, minimize dependencies, and therefore should be usable in a variety of architectures for a pretty good spread of languages, including of course python. This is especially relevant to [this PR](https://github.com/hyperledger/aries-cloudagent-python/pull/1331) @andrew.whitehead opened up recently as their may be some opportunities to combine efforts to add DIDComm V2 support to ACA-Py with an Askar backend.
cc: @victor.martinez @swcurran @danielhardman

danielhardman (Wed, 04 Aug 2021 14:49:11 GMT):

Has joined the channel.

victor.martinez (Wed, 04 Aug 2021 14:56:22 GMT):

Thank you @dbluhm . To complement Daniel's comment, we are currently in the API design phase and we would like to make sure that python didcomm v2 library can be easily integrated in aca-py and there is not overlap / duplicated work with aca-py base code.

swcurran (Wed, 04 Aug 2021 15:00:40 GMT):

Sounds good.  Definitely talk to Andrew on this as he has already implemented (or is well underway implementing) the DIDComm 2 envelope, as defined in RFC 587 (I think that's the one...).

andrew.whitehead (Wed, 04 Aug 2021 15:53:08 GMT):

I checked out the latest call, I think the current Gemini plan for python was to build on the authlib library. At the moment we use a custom JWE encoder/decoder because it is shared by the DIDComm v1 envelope encoding which is a little idiosyncratic

dbluhm (Wed, 04 Aug 2021 17:45:48 GMT):

Agenda page doesn't seem to be live yet -- I'm getting a 404

swcurran (Wed, 04 Aug 2021 17:46:43 GMT):

So perhaps I need to remember to hit publish?

swcurran (Wed, 04 Aug 2021 17:46:46 GMT):

Done...

swcurran (Wed, 04 Aug 2021 17:48:24 GMT):

HackMD document to start the discussion: https://hackmd.io/1ydlDK9dS6KNysaJDruJig

dbluhm (Wed, 04 Aug 2021 18:52:35 GMT):

Link to the PR I shared on zoom during ACA-PUG meeting RE DIDComm V2 API proposal for a python library: https://github.com/sicpa-dlab/didcomm-python/pull/1

dbluhm (Wed, 04 Aug 2021 19:19:41 GMT):

Anyone working on Present Proof v2.1 support in ACA-Py?

l-wegner (Thu, 05 Aug 2021 07:26:50 GMT):

Has joined the channel.

jaredweinfurtner (Fri, 06 Aug 2021 07:19:10 GMT):

Has joined the channel.

jaredweinfurtner (Fri, 06 Aug 2021 07:27:32 GMT):

I was llooking for the docker image on the bcgov docker hub for the von-network (https://github.com/bcgov/von-network) and couldn't find it.  Am I missing something?  I wanted to avoid needing to build that image locally to spin up a local network

jaredweinfurtner (Fri, 06 Aug 2021 07:27:32 GMT):

I was looking for the docker image on the bcgov docker hub for the von-network (https://github.com/bcgov/von-network) and couldn't find it.  Am I missing something?  I wanted to avoid needing to build that image locally to spin up a local network

RounakGhosh (Fri, 06 Aug 2021 15:23:33 GMT):



Clipboard - August 6, 2021 8:52 PM

RounakGhosh (Fri, 06 Aug 2021 15:23:33 GMT):



Clipboard - August 6, 2021 8:52 PM

jcourt (Sun, 08 Aug 2021 21:49:23 GMT):

This doesn't look like an Agent issue.  Consensus impossible seems to suggest that whatever `Ledger` you are pointing at to get the credential definition is in a bad state.  If its a local VON-Ledger you could try restarting it, if it is one of the public Sovrin or Indicio test networks then that is a problem I can't help with.

swcurran (Fri, 13 Aug 2021 23:17:07 GMT):

Folks -- a conversation for the next ACA-Pug meeting next Wednesday: What if we created a separate repo from ACA-Py to implement a dedicated Mediator Service project?  What are the top Mediator Service features missing from what we have today in ACA-Py?  What would the value be for ACA-Py of not having to include those new capabilities? What about the benefit of removing the current Mediator Service capabilities? 

Looking at a new product, what should the architecture of such a service be?  What components would be needed?  How much of ACA-Py would we need to include?

A few of us had a brief conversation on this today, so I plan on doing a "conversation starter" slide show to get the discussion started.

Please let me know if you have other topics that you would like to have discussed at the meeting this coming Wednesday.

phearaeun (Sat, 14 Aug 2021 06:24:50 GMT):

Has joined the channel.

phearaeun (Sat, 14 Aug 2021 07:53:10 GMT):

I have one issue. My purpose is to connect an agent (base wallet with multitenancy) to a mediator, as suggested here (Solution 1) https://github.com/hyperledger/aries-cloudagent-python/blob/main/Multitenancy.md.   However, authorization is required before accepting mediator's invitation. 

Some help, please?

etschelp (Mon, 16 Aug 2021 08:24:11 GMT):

I think this really makes sense. To me mediator/relay functionality is a different feature set then a cloud wallet. As this feature is mostly (but not solely) used to connect mobile wallets I see the need to have better support for the various massaging architectures that are out there. But I think it does not stop here. One thing I get ask a lot for example is if there is the possibility to plug in a key management service into aca-py. So, from the architectural side I see three main challenges ahead: 1. Interoperability 2.  Support for upcoming protocol/transport changes 3. Modularity (enterprise readiness). To come back to your original questions. It’s always better to do one thing and do it well, as this reduces complexity and hence test effort. Breaking the stack down into libraries that wrap transport, aries-protocols, storage helps a lot to tackle the mentioned challenges. Where I’m not sure is the relation between aca-py and aries-vcx. Why not build on top of the later?

etschelp (Mon, 16 Aug 2021 13:17:40 GMT):

Not sure what your flow is. But to accept an invitation in the subwallet you need to set a Bearer token in the request (either via Authorization header, or swagger), see Authentication section in the link you provided.

GuilhermeFunchal (Mon, 16 Aug 2021 13:34:24 GMT):

Hello, How can I know that a proof  came from a revoked credential?

phearaeun (Mon, 16 Aug 2021 13:57:53 GMT):

Sub-wallet is fine. As suggested by solution 1 from the provided link, there is a base wallet that has a mediator set. Is the base wallet sub-wallet?

etschelp (Mon, 16 Aug 2021 16:04:19 GMT):

Scenario 1 uses the base wallet. So if you are testing with swagger my first guess is that you need to switch from Bearer back to x-api-key because otherwise you are talking to the wrong wallet.

dbluhm (Mon, 16 Aug 2021 23:02:08 GMT):

When requesting proof, the verifier must specify a time period over which the prover must prove "non-revocation"

dbluhm (Mon, 16 Aug 2021 23:03:36 GMT):

This doc gives a general overview of that process: https://github.com/hyperledger/aries-cloudagent-python/blob/main/docs/GettingStartedAriesDev/CredentialRevocation.md

dbluhm (Mon, 16 Aug 2021 23:22:45 GMT):

A few thoughts that I'm sure we'll have opportunity to discuss in greater detail on the call:
- This mediator *must* (in my opinion) support coordinate mediation protocol (Aries VCX does not seem to use this protocol?)
- Splitting this from ACA-Py, we can focus on servicing mobile agents without complicating the transports in ACA-Py further which in turn could be tuned to focus on "cloud-to-cloud" communication
- Some buzzwords: state-less, scalable, pluggable
- Using Aries Askar seems like an easy win for secure storage

phearaeun (Tue, 17 Aug 2021 02:13:37 GMT):

Thank you. Let me try that

phearaeun (Tue, 17 Aug 2021 05:17:14 GMT):

I tried that but now it requires both x-api-key and token for sub-wallet. I tried to call to base wallet using only x-api-key, but authorization still required.
Something like this ` curl -X GET http://localhost:4001/connections -H "accept: application/json" -H "X-API-KEY: myapikey"`

c2bo (Tue, 17 Aug 2021 05:58:39 GMT):

In the aca-py event you can then check the "verified" state (or in a proof record) that will be false if you requested a proof of non-revocation and it failed.

PrasadKatkar (Tue, 17 Aug 2021 08:34:53 GMT):

Has joined the channel.

PrasadKatkar (Tue, 17 Aug 2021 08:34:54 GMT):

Hello,  I'm running a python agent with private Indy Network. I'm intend to use another ledger. Is there any option to dynamically change the pool and ledger configuration without restarting the agent.
@andrew.whitehead @swcurran 
Thanks in advance!

PrasadKatkar (Tue, 17 Aug 2021 08:34:54 GMT):

Hello,  I'm running a python agent with private Indy Network. There is a requirement where we need to switch between the ledgers (private & public Indy network) for cloudagent such that agent can issue credential to connected holder on selected ledger (Private or Public ledger). Is this feature available in aca-py where we can dynamically change the pool and ledger configuration without restarting the agent.
@andrew.whitehead @swcurran 
Thanks in advance!

etschelp (Tue, 17 Aug 2021 08:38:31 GMT):

Yes, subwallets need both keys.

etschelp (Tue, 17 Aug 2021 08:40:55 GMT):

I see what your problem is. If you have multitenancy enabled the only purpose of the base wallet is to create subwallets and all other functionality is disabled. So if you want to add the mediator connection you have to do this via the --mediator-xxx startup parameters

phearaeun (Tue, 17 Aug 2021 10:35:26 GMT):

Do you mean --mediator-invitation which the base wallet needs to enable?  I guess, I got it. Let me try this one more time. 
Thank you again.

KevinKerkhoven (Tue, 17 Aug 2021 11:43:07 GMT):

Has joined the channel.

KevinKerkhoven (Tue, 17 Aug 2021 11:44:11 GMT):

Dear Hyperledger Aries community,
We are trying to verify a connectionless proof which state has been set to “presentation_received”. We are using the release 0.7.0 of aca-py (also tried with 0.6.0) to spin up an agent, accompanied by the tails server for revocation functionality.

We use the following startup params:
`--endpoint http://:8020
--label Hyper42MandateService
--auto-ping-connection
--auto-respond-messages
--auto-accept-invites
--inbound-transport http 0.0.0.0 8020
--outbound-transport http
--admin aries-cloudagent-runner 8021
--admin-insecure-mode
--auto-provision
--wallet-type indy
--wallet-name 
--wallet-key 
--seed 
--preserve-exchange-records
--genesis-url http://test.bcovrin.vonx.io/genesis
--webhook-url http://mandate-webhook-service:8022/webhooks
--tails-server-base-url http://docker_tails-server_1:6543
--trace-target log
--trace-tag acapy.events
--trace-label localAriesCloudAgent.trace`

However, we are receiving a 400: Record ID not provided when we try to verify a connectionless proof request (when calling POST /present-proof/records/{pres_ex_id}/verify-presentation).
Logging which we found in the agent has been added as an attachment (agentlogging.txt).
We looked through Aries agent code on how it handles presentation verification (present-proof v1.0, file routes.py, method presentation_exchange_verify_presentation) and it seems that it tries to fetch Presentation Exchange by given pres_ex_id, which should be fine, and it doesn't actually fail right there. But on line 820 it wants a connection ID, and then it tries to fetch a connection record, and it fails, which seems to result in a Bad Request error. Present-proof v2.0 seems not to differ too much in this regard, but we have not tested that yet.

So our question: is this the expected behaviour? Are connectionless proof requests not able to be verified at this time or ever, or could it be something else?
Thanks in advance for the reply.

KevinKerkhoven (Tue, 17 Aug 2021 11:44:37 GMT):



agentlogging.txt

GuilhermeFunchal (Tue, 17 Aug 2021 13:45:16 GMT):

Hello, thanks i'm trying to check but the state is same "true".  In the proof request i'm sending non_revoked":{"to": 1629201865}.  is It correct ?

GuilhermeFunchal (Tue, 17 Aug 2021 13:47:33 GMT):

I created the schema with revocation enabled, and I have tails_server running. At the destination of the credential I can verify that it is revoked but at the origin of the request for proof it is not. Am I passing an incorrect parameter?

phearaeun (Tue, 17 Aug 2021 14:11:59 GMT):

I still can't figure it out. I already enable the following:
```
--open-mediation
--mediator-invitation 
--mediator-connections-invite
```
to the base wallet.
I still face the same issue.

Could you give some more ideas?

phearaeun (Tue, 17 Aug 2021 14:15:47 GMT):

I have another doubt too. Once `--admin-insecure-mode` is enabled, we don't even need x-api-key. However, I tried either way but not working.

etschelp (Tue, 17 Aug 2021 14:17:45 GMT):

First of all if these flags are set than all endpoints except the ones that are related to /mediation will return unauthorized. Disabling security wont fix that.

etschelp (Tue, 17 Aug 2021 14:17:45 GMT):

First of all if these flags are set than all endpoints except the ones that are related to /multitenancy will return unauthorized. Disabling security wont fix that.

phearaeun (Tue, 17 Aug 2021 14:24:05 GMT):

Even I don't use --admin-insecure-mode and use only --admin-api-key, the access is still not granted.

phearaeun (Tue, 17 Aug 2021 14:25:53 GMT):

Let's forget about connection to mediator. Let just try to get /connections for the base wallet. I want to be able to access to /connections with x-api-key. If this is accessible, I can connect to mediator for sure.

phearaeun (Tue, 17 Aug 2021 14:37:45 GMT):

I can now connect to mediator on start-up service with `--mediator-invitation `

phearaeun (Tue, 17 Aug 2021 14:37:54 GMT):

Let me figure out more

etschelp (Tue, 17 Aug 2021 15:10:47 GMT):

Yes thats how it is supposed to work. If you are running with the mutlitenancy flags, you can not use the rest api to make the connection to the mediator you have to use the startup flags.

etschelp (Tue, 17 Aug 2021 15:11:31 GMT):

```
Mediation:
  --open-mediation      Enables didcomm mediation. After establishing a
                        connection, if enabled, an agent may request message
                        mediation, which will allow the mediator to forward
                        messages on behalf of the recipient. See aries-
                        rfc:0211. [env var: ACAPY_MEDIATION_OPEN]
  --mediator-invitation 
                        Connect to mediator through provided invitation and
                        send mediation request and set as default mediator.
                        [env var: ACAPY_MEDIATION_INVITATION]
  --mediator-connections-invite
                        Connect to mediator through a connection invitation.
                        If not specified, connect using an OOB invitation.
                        Default: false. [env var:
                        ACAPY_MEDIATION_CONNECTIONS_INVITE]
  --default-mediator-id 
                        Set the default mediator by ID [env var:
                        ACAPY_DEFAULT_MEDIATION_ID]
```

phearaeun (Tue, 17 Aug 2021 15:29:01 GMT):

I got it now. However, how can we check default mediator since we can't connect to API except multitenancy?

phearaeun (Tue, 17 Aug 2021 15:31:36 GMT):

Now I send both Authorization and X-API-KEY to sub-wallets while only X-API-KEY to multitenancy. But if I want to check current mediator, how can we achieve that?

etschelp (Tue, 17 Aug 2021 15:39:54 GMT):

Call /mediation/default-mediator in the sub wallet?

phearaeun (Tue, 17 Aug 2021 15:58:56 GMT):

It returns empty results

phearaeun (Tue, 17 Aug 2021 16:07:16 GMT):

I should have asked if the agent (base wallet) service down and we need to restart the service, should we keep the old connection or create a new connection with the mediator since it can't connect to the API ?

GuilhermeFunchal (Tue, 17 Aug 2021 18:35:58 GMT):

My proof is : {"connection_id":"abe9d695-1129-4ec6-973c-9da632ed7452","proof_request":{"name":"Data-test", "non_revoked":{"to": 1629235433, "from": 1629149033},"version":"1.0","requested_attributes":{"chassi_referent":{"name":"chassi"}},"requested_predicates":{}}}

GuilhermeFunchal (Tue, 17 Aug 2021 18:37:32 GMT):

Response body : {
  "presentation_request": {
    "name": "Dados_pessoais-Serpro-guilherme.funchal@gmail.com",
    "version": "1.0",
    "requested_attributes": {
      "chassi_referent": {
        "name": "chassi"
      }
    },
    "requested_predicates": {},
    "nonce": "14334360275902049994593"
  },
  "thread_id": "a7007bcf-5632-4478-940b-e1c249c538ae",
  "presentation_exchange_id": "a2de147d-4143-4803-9707-bec7f7c54f13",
  "initiator": "self",
  "state": "verified",
  "connection_id": "abe9d695-1129-4ec6-973c-9da632ed7452",
  "updated_at": "2021-08-17 18:33:42.078429Z",
  "role": "verifier",
  "trace": false,
  "verified": "true",
  "created_at": "2021-08-17 18:33:41.896048Z",
  "presentation": {
    "proof": {
      "proofs": [],
      "aggregated_proof": {
        "c_hash": "33424303786755314991689009293544850751068097367763413943203517032258946184033",
        "c_list": []
      }
    },
    "requested_proof": {
      "revealed_attrs": {},
      "self_attested_attrs": {
        "chassi_referent": "teste"
      },
      "unrevealed_attrs": {},
      "predicates": {}
    },
    "identifiers": []
  },
  "auto_present": false,
  "presentation_request_dict": {
    "@type": "did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/present-proof/1.0/request-presentation",
    "@id": "a7007bcf-5632-4478-940b-e1c249c538ae",
    "request_presentations~attach": [
      {
        "@id": "libindy-request-presentation-0",
        "mime-type": "application/json",
        "data": {
          "base64": "eyJuYW1lIjogIkRhZG9zX3Blc3NvYWlzLVNlcnByby1ndWlsaGVybWUuZnVuY2hhbEBnbWFpbC5jb20iLCAibm9uX3Jldm9rZWQiOiB7InRvIjogMTYyOTIzNTQzMywgImZyb20iOiAxNjI5MTQ5MDMzfSwgInZlcnNpb24iOiAiMS4wIiwgInJlcXVlc3RlZF9hdHRyaWJ1dGVzIjogeyJjaGFzc2lfcmVmZXJlbnQiOiB7Im5hbWUiOiAiY2hhc3NpIn19LCAicmVxdWVzdGVkX3ByZWRpY2F0ZXMiOiB7fSwgIm5vbmNlIjogIjE0MzM0MzYwMjc1OTAyMDQ5OTk0NTkzIn0="
        }
      }
    ]
  }
}

GuilhermeFunchal (Tue, 17 Aug 2021 18:38:35 GMT):

What will my error be, because the credential has revoked status: true ?

swcurran (Tue, 17 Aug 2021 19:20:15 GMT):

This definitely works as it is used in vc-authn-oidc https://github.com/bcgov/vc-authn-oidc

Perhaps looking at that demo will help.  We are a little short on folks monitoring the chats with holidays.

@andrew.whitehead -- anything obvious that you can see with this?

etschelp (Wed, 18 Aug 2021 08:29:49 GMT):

If you set  --mediator-connections-invite there is no need to recreate the connection manually.

GuilhermeFunchal (Wed, 18 Aug 2021 14:08:52 GMT):

Hello, I'm trying to check if a test contains data from a revoked credential with the call rest :

GuilhermeFunchal (Wed, 18 Aug 2021 14:08:52 GMT):

Hello, I'm trying to check if a test contains data from a revoked credential with the call rest : /present-proof/send-request  
json: {"connection_id":"26272a30-a3c9-46e6-b58d-e2d59ff10747","proof_request":{"name":"Data-test", "non_revoked":{"to": 1629294054, "from": 1629292145},"version":"1.0","requested_attributes":{"chassi_referent":{"name":"chassi"}},"requested_predicates":{}}}

GuilhermeFunchal (Wed, 18 Aug 2021 14:08:52 GMT):

Hello, I'm trying to check if a test contains data from a revoked credential with the call rest : /present-proof/send-request  json: {"connection_id":"26272a30-a3c9-46e6-b58d-e2d59ff10747","proof_request":{"name":"Data-test", "non_revoked":{"to": 1629294054, "from": 1629292145},"version":"1.0","requested_attributes":{"chassi_referent":{"name":"chassi"}},"requested_predicates":{}}}  But the answer does not return any difference between a revoked credential or not. REST calls to verify revocation is working and server tails are OK.

GuilhermeFunchal (Wed, 18 Aug 2021 14:08:52 GMT):

Hello, I'm trying to check if a test contains data from a revoked credential with the call rest : 

/present-proof/send-request  

json: 

{"connection_id":"26272a30-a3c9-46e6-b58d-e2d59ff10747","proof_request":{"name":"Data-test", "non_revoked":{"to": 1629294054, "from": 1629292145},"version":"1.0","requested_attributes":{"chassi_referent":{"name":"chassi"}},"requested_predicates":{}}}  

But the answer does not return any difference between a revoked credential or not. REST calls to verify revocation is working and server tails are OK.

dbluhm (Wed, 18 Aug 2021 17:44:36 GMT):

It is not currently possible to dynamically switch ledgers at run time but it's a frequently requested feature. I believe the development of the `did:indy` method is at least in part seeking to address the multiple indy ledger question (in addition to bringing indy networks up to speed on the DID spec).

swcurran (Wed, 18 Aug 2021 23:16:51 GMT):

We're working on that in ACA-Py.  An implementation will be available Real Soon Now -- any day.  It will allow you to specify multiple ledgers at start up and be able to do a parallel check for an ID across all of the instances, with some handling for collisions (same object on multiple ledgers).

swcurran (Wed, 18 Aug 2021 23:17:07 GMT):

Being worked by @shaanjot.gill

PrasadKatkar (Thu, 19 Aug 2021 08:11:03 GMT):

Thanks @swcurran @dbluhm

amitpadmani-awts (Thu, 19 Aug 2021 10:36:14 GMT):

Has joined the channel.

JSedlmeir (Thu, 19 Aug 2021 11:01:16 GMT):

Can you share what the connectionless proof request looks like before it is encoded? Maybe this helps detect the issue =)

RounakGhosh (Thu, 19 Aug 2021 12:40:10 GMT):

@swcurran , Everyone.  I am trying to revoke my credentials dynamically, however, if I do it, from the swagger page, I am able to do revoke my credentials, however, from the code, I am not able to revoke my credentials. Here I am posting my code, please do have a look.
`request_body=json.dumps({
            "cred_rev_id":credential_revocation_id,
            "rev_reg_id": REVOCATION_REGISTRY_ID,
            "publish": True
        })
        logger.info(f"Request Body is {request_body}")
        try:
            response_from_revocated_credential = requests.post(
                f"{AGENT_URL}/revocation/revoke",
                json=request_body,
            )`

Please do guide, what I am doing wrong as the credential is not getting revoked. Thanks.!!

RounakGhosh (Thu, 19 Aug 2021 12:40:10 GMT):

@swcurran , Everyone.  I am trying to revoke my credentials dynamically, however, if I do it, from the swagger page, I am able to do revoke my credentials, however, from the code, I am not able to revoke my credentials. Here I am posting my code, please do have a look.
```
request_body=json.dumps({
            "cred_rev_id":credential_revocation_id,
            "rev_reg_id": REVOCATION_REGISTRY_ID,
            "publish": True
        })
        logger.info(f"Request Body is {request_body}")
        try:
            response_from_revocated_credential = requests.post(
                f"{AGENT_URL}/revocation/revoke",
                json=request_body,
            )
``` 

Please do guide, what I am doing wrong as the credential is not getting revoked. Thanks.!!

RounakGhosh (Thu, 19 Aug 2021 12:40:10 GMT):

@swcurran , Everyone.  I am trying to revoke my credentials dynamically, however, if I do it, from the swagger page, I am able to do revoke my credentials, however, while doing it dynamically, I am not able to revoke my credentials. Here I am posting my code, please do have a look.
```
request_body=json.dumps({
            "cred_rev_id":credential_revocation_id,
            "rev_reg_id": REVOCATION_REGISTRY_ID,
            "publish": True
        })
        logger.info(f"Request Body is {request_body}")
        try:
            response_from_revocated_credential = requests.post(
                f"{AGENT_URL}/revocation/revoke",
                json=request_body,
            )
``` 

Please do guide, what I am doing wrong as the credential is not getting revoked. Thanks.!!

RounakGhosh (Thu, 19 Aug 2021 12:59:49 GMT):



Clipboard - August 19, 2021 6:29 PM

RounakGhosh (Thu, 19 Aug 2021 12:59:49 GMT):



Clipboard - August 19, 2021 6:29 PM

KevinKerkhoven (Thu, 19 Aug 2021 14:31:20 GMT):

Of course! Here it is:

`{
   "~service":{
      "serviceEndpoint":"http://:8020",
      "recipientKeys":[
         "HocWiwbYhFrWDeeCGYfgUwYzSZfFWGxobdWMhFZdH9nV"
      ]
   },
   "request_presentations~attach":[
      {
         "@id":"libindy-request-presentation-0",
         "mime-type":"application/json",
         "data":{
            "base64":"eyJuYW1lIjogIm1hbmRhdGUgcHJvb2YiLCAibm9uY2UiOiAiMjY5Njk2ODU4NSIsICJyZXF1ZXN0ZWRfYXR0cmlidXRlcyI6IHsiODEyNmVhMDQtYTc0Mi00ZjQwLWFmMTQtZTI2ZGE4ZDgyNDEwIjogeyJuYW1lcyI6IFsiYXV0aG9yaXphdGlvbiJdLCAicmVzdHJpY3Rpb25zIjogW3siY3JlZF9kZWZfaWQiOiAiQ2FEM2JtUEo5Q01GN0VGNWRSSEZkRjozOkNMOjE0ODczMTpkZWZhdWx0IiwgInNjaGVtYV9pZCI6ICJDYUQzYm1QSjlDTUY3RUY1ZFJIRmRGOjI6bWFuZGF0ZS1zaWduaW5nLWJhc2ljOjEuMCJ9XX19LCAicmVxdWVzdGVkX3ByZWRpY2F0ZXMiOiB7ImRkNGM1NGJkLTJhNTYtNGNjNy1hM2M1LWFhOWY0NjQ2Y2RjMCI6IHsibmFtZSI6ICJzcGVuZGluZy1saW1pdCIsICJwX3R5cGUiOiAiPj0iLCAicF92YWx1ZSI6IDE1LCAicmVzdHJpY3Rpb25zIjogW3siY3JlZF9kZWZfaWQiOiAiQ2FEM2JtUEo5Q01GN0VGNWRSSEZkRjozOkNMOjE0ODczMTpkZWZhdWx0IiwgInNjaGVtYV9pZCI6ICJDYUQzYm1QSjlDTUY3RUY1ZFJIRmRGOjI6bWFuZGF0ZS1zaWduaW5nLWJhc2ljOjEuMCJ9XX19LCAidmVyc2lvbiI6ICIxLjAifQ=="
         }
      }
   ],
   "@type":"did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/present-proof/1.0/request-presentation",
   "@id":"35f6395f-138f-4822-a1c3-a813b66cfba9"
}`

swcurran (Thu, 19 Aug 2021 14:53:17 GMT):

Here is the attachment:

```
{
  "name": "mandate proof",
  "nonce": "2696968585",
  "requested_attributes": {
    "8126ea04-a742-4f40-af14-e26da8d82410": {
      "names": [
        "authorization"
      ],
      "restrictions": [
        {
          "cred_def_id": "CaD3bmPJ9CMF7EF5dRHFdF:3:CL:148731:default",
          "schema_id": "CaD3bmPJ9CMF7EF5dRHFdF:2:mandate-signing-basic:1.0"
        }
      ]
    }
  },
  "requested_predicates": {
    "dd4c54bd-2a56-4cc7-a3c5-aa9f4646cdc0": {
      "name": "spending-limit",
      "p_type": ">=",
      "p_value": 15,
      "restrictions": [
        {
          "cred_def_id": "CaD3bmPJ9CMF7EF5dRHFdF:3:CL:148731:default",
          "schema_id": "CaD3bmPJ9CMF7EF5dRHFdF:2:mandate-signing-basic:1.0"
        }
      ]
    }
  },
  "version": "1.0"
}
```

swcurran (Thu, 19 Aug 2021 14:57:23 GMT):

I hate to tell you what the likely issue is.  We were forced to reset the BCovrin Test Instance the other day.  My guess is that you created the Schema and Cred Def before the reset, and now those items are not on the ledger.

swcurran (Thu, 19 Aug 2021 14:57:44 GMT):

My guess is that if you reset your app, it will work fine.

swcurran (Thu, 19 Aug 2021 14:58:08 GMT):

:man_facepalming_light_skin_tone:

phearaeun (Thu, 19 Aug 2021 15:34:24 GMT):

Hello, I need some helps or ideas, please.
My need holds two scenarios:
1. From aca-py agent connects to aca-py agent (Mediator), the endpoint can be set as local port and the two agents can make a communication
2. From mobile agent(Bifold) connects to aca-py agent (Mediator), the endpoint must be a publicly accessible web url

For 1 is already working fine but it is not applicable to 2. So I am trying to put endpoint as publicly accessible web url, but 1 will stop working.

I set the following for 1 (This is really working):
--endpoint http://127.0.0.1:8001
--inbound-transport http 127.0.0.1 8001

I set the following for 2:
--endpoint http://web-url:8001
--inbound-transport http web-url 8001

If I change endpoint and inbound to use public ip or web url, it will not work. I mean the connection will not be promoted to active.

phearaeun (Thu, 19 Aug 2021 16:31:25 GMT):

Another issue, please.
```
Handler error with exception: Ledger rejected transaction request: client request invalid: insufficient number of valid signatures, 1 is required but 0 valid and 1 invalid have been provided. The following signatures are invalid: did=QppWypYVwr8vSV9RHBgrzY, signature=3wmZwRKz5BLagHdpJDZyYJgZSmmvEFWdEcVJrpChBFJaK1NaTKUS29Y3ouXPg73879xNhor8KqvwsdZFzdSgFhS4.
```

swcurran (Thu, 19 Aug 2021 16:57:52 GMT):

Are you using BCovrin Test?

phearaeun (Thu, 19 Aug 2021 17:00:13 GMT):

I am using von-network.

RounakGhosh (Thu, 19 Aug 2021 17:01:43 GMT):



Clipboard - August 19, 2021 8:16 PM

phearaeun (Thu, 19 Aug 2021 17:20:34 GMT):

On localhost was working fine. I installed von-network on a VPS and try to switch sub-wallet. This error returns during assigning public did `/wallet/did/public`.

GuilhermeFunchal (Thu, 19 Aug 2021 17:40:05 GMT):

Hello, Apparently the revocation works for me, but I can't get the status of a revoked credential in the proof with non_revoke clause, which remains with Verified=true after revoke some credential.

GuilhermeFunchal (Thu, 19 Aug 2021 17:40:05 GMT):

Hello, Apparently the revocation works for me, but I can't get the status of a revoked credential in the proof with non_revoke clause, which remains with Verified=true after revoke some credential.

Does anyone have any idea where I might be going wrong?

deas (Thu, 19 Aug 2021 18:27:12 GMT):

Are you publishing the revocations?

swcurran (Thu, 19 Aug 2021 18:32:15 GMT):

One theory down re: BCovrin -- not applicable in your case.  The Invalid signature suggests that transactions was signed by a DID that is not on the ledger. Was the sub-wallet trying to write the transaction?

I'm not sure what the flow needs to be for a sub-wallet trying to write to the ledger.

@amanji -- any ideas on this?  I think more questions about the scenario are needed.

GuilhermeFunchal (Thu, 19 Aug 2021 19:01:26 GMT):

I solved the problem, missing ""restrictions": [{"schema_name": "name_of_schema}] in json

GuilhermeFunchal (Thu, 19 Aug 2021 19:01:40 GMT):

Thanks

phearaeun (Fri, 20 Aug 2021 02:31:21 GMT):

This is about multitenancy. Base wallet is not applicable but sub-wallet needs to be used instead in order do something like issue credential, check proof, or revoke credential in the later purpose. 

Most of the flows I followed the demo codes on switching wallet. I don't understand why it doesn't work on the VPS while it is working on local implementation.

I will inspect more on the two environments. Perhaps, I miss something. But if you can have some ideas on this, it would be useful.

KevinKerkhoven (Fri, 20 Aug 2021 09:11:53 GMT):

Thanks for the replies and help thus far all!

We tried to start from scratch with a complete fresh deployment of the agent, re-created the schema's and credential definitions, and then tried to verify new given credential again. Sadly, we get the same error back: 400: record ID not provided.

I will be off the next two weeks due to vacation, so I

KevinKerkhoven (Fri, 20 Aug 2021 09:11:53 GMT):

Thanks for the replies and help thus far all!

We tried to start from scratch with a complete fresh deployment of the agent, re-created the schema's and credential definitions, and then tried to verify new given credential again. Sadly, we get the same error back: 400: record ID not provided.

I will be off the next two weeks due to vacation, so I'm unsure if I will still be able to reply in time. But my colleagues will in the meantime look at the working example and keep working on this :) Will keep you updated if we find the issue in the meantime

KevinKerkhoven (Fri, 20 Aug 2021 09:11:53 GMT):

Thanks for the replies and help thus far all!

We tried to start from scratch with a complete fresh deployment of the agent (new wallet, new seed), re-created the schema's and credential definitions, and then tried to verify new given credential again. Sadly, we get the same error back: 400: record ID not provided. Other things like revocation still seem to work fine.

I will be off the next two weeks due to vacation, so I'm unsure if I will still be able to reply in time. But my colleagues will in the meantime look at the working example and keep working on this :) Will keep you updated if we find the issue in the meantime

michawensveen (Fri, 20 Aug 2021 13:17:37 GMT):

Hi all, colleague of Kevin (OP) here.

I see one big difference between our implementation and vc-authn-oidc.
For vc-authn-oidc aca-py is started with the option auto-verify-presentation. We do not use that option.
We do the POST to localhost:8021/present-proof/records/{pres_ex_id}/verify-presentation ourself. And on this call the error (400: Record ID not provided) occures.

swcurran (Fri, 20 Aug 2021 16:49:02 GMT):

Sorry about that -- I hope I didn't send you down a wrong path on the BCovrin piece. 

My colleague @ianco is away right now and back Monday, and is probably the best person to look at this.  It sounds like you have hit a bug in the process, but he'd be far better to look at it.

swcurran (Fri, 20 Aug 2021 16:56:20 GMT):

Added issue to GitHub: https://github.com/hyperledger/aries-cloudagent-python/issues/1365

smithbk (Fri, 20 Aug 2021 18:58:14 GMT):

Hi, I just ran into a problem with ACA-Py in which my agent sends a return_route header (with "thread" scope) for the ACK of the issue credential v1 protocol.  The HTTP response is not sent, presumably because it is waiting for another message to send on the thread.  My agent times out waiting for the HTTP response.
I assume this "long poll" is done to make more efficient use of connections, but I would expect that to only be done for the "no-op" message type.  In this case, the ACK is by definition the final message of the thread.
I can of course change my agent to not send a return_route header in this case if I have to, but am wondering if this behavior is perhaps configurable in ACAPy.
Thanks

andrew.whitehead (Fri, 20 Aug 2021 19:35:33 GMT):

I don’t think we have any specific support for return-route: thread, only all.

dbluhm (Fri, 20 Aug 2021 21:57:11 GMT):

When using `return_route: all`, the intended behavior is for ACA-Py to hang up after processing the incoming message if there is not an outbound message for the connection immediately generated as a response and there is no message in the undelivered queue (which must be explicitly activated with a flag on startup)

dbluhm (Fri, 20 Aug 2021 21:58:42 GMT):

The toolbox uses this to poll for new messages (when using a websocket is not possible) and I'm pretty sure an empty response is basically immediately returned when it finds the undelivered queue is empty

phearaeun (Sat, 21 Aug 2021 02:01:29 GMT):

On aca-py, how to remove sub-wallet while it is stored in memory?

phearaeun (Sat, 21 Aug 2021 04:57:16 GMT):

Once mobile agent (bifold) connected to the mediator, the following error appears: `Message parsing failed: Unrecognized message type https://didcomm.org/messagepickup/1.0/batch-pickup, sending problem report`.

Please advise!

SahilK 6 (Sun, 22 Aug 2021 07:52:41 GMT):

Has joined the channel.

SahilK 6 (Sun, 22 Aug 2021 07:52:42 GMT):

Hi,

We are using ACA-Py v0.6.0 (Cloud Agent) and the Hyperledger Aries DotNet framework (Mobile Agent). The ACA-Py is configured to use PostGres for persistence.

At times, when a new connection is established from the Mobile Agent with ACA-Py (mobile app accepts the invitation of ACA-Py), the connection state doesn't change from `response` to `active` even after sending a Trust Ping.

Looking at the logs of ACA-Py, I noticed a strange message as `aries_cloudagent.messaging.base_handler INFO Received trust ping from: None`. This is when the connection doesn't change to `active`.

Can anyone give clues to get to the root cause of the issue?

JSedlmeir (Sun, 22 Aug 2021 08:12:00 GMT):

I always include a "routingKeys": [] in the ~service decorator, but  I am not sure whether this is mandatory or not.

JSedlmeir (Sun, 22 Aug 2021 20:45:23 GMT):

I was following the instructions on https://ldej.nl/post/building-an-acapy-controller-accounts/ for a connectionless credential and a connectionless proof request. The connectionless proof request works totally fine with the esatus and the trinsic wallet; both with and without an initial connection invitation for the recipientKeys in the ~service decorator. However, for the connectionless credential, in both cases I get the following error in the aca-py: 

`Traceback (most recent call last):
  File "/home/indy/aries_cloudagent/core/dispatcher.py", line 198, in handle_message
    await handler(context, responder)
  File "/home/indy/aries_cloudagent/protocols/issue_credential/v1_0/handlers/credential_request_handler.py", line 40, in handle
    raise HandlerException("No connection established for credential request")
aries_cloudagent.messaging.base_handler.HandlerException: No connection established for credential request`

Are there any ideas what could go wrong here? Help is heavily appreciated =)

JSedlmeir (Sun, 22 Aug 2021 20:45:23 GMT):

I was following the instructions on https://ldej.nl/post/building-an-acapy-controller-accounts/ for a connectionless credential and a connectionless proof request. The connectionless proof request works totally fine with the esatus and the trinsic wallet; both with and without an initial connection invitation for the recipientKeys in the ~service decorator. However, for the connectionless credential, in both cases I get the following error in the aca-py (tested with 0.6.0 and 0.7.0): 

`Traceback (most recent call last):
  File "/home/indy/aries_cloudagent/core/dispatcher.py", line 198, in handle_message
    await handler(context, responder)
  File "/home/indy/aries_cloudagent/protocols/issue_credential/v1_0/handlers/credential_request_handler.py", line 40, in handle
    raise HandlerException("No connection established for credential request")
aries_cloudagent.messaging.base_handler.HandlerException: No connection established for credential request`

Are there any ideas what could go wrong here? Help is heavily appreciated =)

JSedlmeir (Sun, 22 Aug 2021 20:45:23 GMT):

I was following the instructions on https://ldej.nl/post/building-an-acapy-controller-accounts/ for a connectionless credential and a connectionless proof request. The connectionless proof request works totally fine with the esatus and the trinsic wallet; both with and without an initial connection invitation for the recipientKeys in the ~service decorator (without a new connection invitation, I used the agent's public verkey). However, for the connectionless credential, in both cases I get the following error in the aca-py (tested with 0.6.0 and 0.7.0): 

`Traceback (most recent call last):
  File "/home/indy/aries_cloudagent/core/dispatcher.py", line 198, in handle_message
    await handler(context, responder)
  File "/home/indy/aries_cloudagent/protocols/issue_credential/v1_0/handlers/credential_request_handler.py", line 40, in handle
    raise HandlerException("No connection established for credential request")
aries_cloudagent.messaging.base_handler.HandlerException: No connection established for credential request`

Are there any ideas what could go wrong here? Help is heavily appreciated =)

ekubilay (Mon, 23 Aug 2021 08:37:09 GMT):

Hi all! I would like to know if it's necessary to upgrade to aca-py 0.7.0 or would it be fine to stick with version 0.6.0 for the moment?

ekubilay (Mon, 23 Aug 2021 08:38:52 GMT):

I generated a client using swagger-codegen for version 0.7.0, however i have issues such as some models not being generated, v20CredentialExchangeRecord for example.

ekubilay (Mon, 23 Aug 2021 08:39:04 GMT):

Thank you for your help in advance! :)

TimoGlastra (Mon, 23 Aug 2021 09:47:25 GMT):

Hi @ekubilay 0.7.0 includes some nice additions mostly targeted at utilizing W3C credentials instead of indy credentials and a transaction endorser plugin. I think you're fine with staying at 0.6.0 for now

TimoGlastra (Mon, 23 Aug 2021 09:49:07 GMT):

Are you using swagger-codegen or openapi-generator? I personally use openapi-generator, it may have different results?

TimoGlastra (Mon, 23 Aug 2021 09:49:28 GMT):

Which language are you generating the client for?

ekubilay (Mon, 23 Aug 2021 10:02:29 GMT):

Hi @TimoGlastra , thank you for your response. I am using swagger-codegen and the language I'm generating is Go.

smithbk (Mon, 23 Aug 2021 11:44:53 GMT):

That isn't the behavior that I saw.  acapy would hang if there was a return_route header sent and no other message was available.  I changed my agent to NOT send the return_route in this case and it fixed the hang, so it is no longer a problem for me, but thought you would want to know

dbluhm (Mon, 23 Aug 2021 13:40:59 GMT):

The batch-pickup protocol is not supported by ACA-Py. @JamesEbert any advice on how to get Bifold talking to an ACA-Py mediator?

jacobsaur (Mon, 23 Aug 2021 15:15:31 GMT):

Hi all! I noticed an issue when upgrading from 0.6.0 to 0.7.0 with regards to predicates. We have some integration tests that check when a predicate is true and when it's false (ie the credential has a value 10 and we have 2 tests one for > 5 (true) one for < 5 (false)). After the 0.7.0 upgrade we noticed that the false predicate test was failing by not completing the proof exchange, and in aca-py logs there was the error:

File "/home/indy/.pyenv/versions/3.6.13/lib/python3.6/site-packages/aries_cloudagent/indy/verifier.py", line 186, in check_timestamps
    index = pred_spec["sub_proof_index"]
TypeError: 'NoneType' object is not subscriptable

I saw that there was a recent (post 0.7.0) change around that line here: https://github.com/hyperledger/aries-cloudagent-python/pull/1364/files
So I tested against that version and our tests pass! Is there an estimated time when 0.7.1 will be released with that fix in it? (We will hold off on fully updating to 0.7.0 until the fix is in)

jacobsaur (Mon, 23 Aug 2021 15:31:03 GMT):

Also just as a PSA for others upgrading from 0.6.0 to 0.7.0 there is a breaking change with the /problem_report APIs - before the POST data required one field 'explain_ltxt' and it has now changed to 'description'. Any previous controller code that send problem reports will need to be updated to use 'description'. This is reflected in the swagger documentation but I didn't see any mention of it in the release notes.

swcurran (Mon, 23 Aug 2021 15:40:44 GMT):

We are planning on 0.7.1 this week.  I think it is ready to go -- will check at our standup in 20 minutes. Ideally RC1 will come out today.

swcurran (Mon, 23 Aug 2021 15:42:32 GMT):

A key in the routingKeys array is only needed if you have a mediator.  If the connection is direct to the agent, the routingKeys array would empty.

jacobsaur (Mon, 23 Aug 2021 16:46:38 GMT):

Awesome - thanks!

ffendt (Tue, 24 Aug 2021 04:57:11 GMT):

Has joined the channel.

ffendt (Tue, 24 Aug 2021 04:57:12 GMT):

Hi all,

I am quite new to ACA-py and got a question, to which I didn't find an answer yet. My goal is to connect a mobile agent (which isn't able to provide an endpoint) with a cloud agent (in my case configured as mediator with an undelivered-queue), so that the mobile agent can communicate with other agents via the mediator.

As far as I understood, I would be able to retrieve undelivered messages by using trust ping messages. However, still unclear to me is how I can create the initial connection between mobile and cloud agent. From what I see, the mediator at some point will try to send a message to the endpoint provided by the mobile agent. That won't work in my case, as there is no endpoint available. Is my desired use-case possible out of the box? Can you point me to some documentation where I can find out more on this?

Thank you in advance!

ffendt (Tue, 24 Aug 2021 05:11:52 GMT):

Just for clarification: In my case the mediator is the inviter. The mobile agent receives and accepts the invitation. The mediator tries to accept the connection request and fails because it isn't able to send the response to an endpoint.

SahilK 6 (Tue, 24 Aug 2021 05:33:45 GMT):

[ ](https://chat.hyperledger.org/channel/aries-cloudagent-python?msg=vM59TcKkBSsD6L5Bv) Can anyone help me with this, please?

TimoGlastra (Tue, 24 Aug 2021 06:58:51 GMT):

Hi @ffendt 
You're use-case is definitely possible, and you describe the flow correctly. What you're looking for is return routing: https://github.com/hyperledger/aries-rfcs/blob/main/features/0092-transport-return-route/README.md It allows the agent you're sending a message to, to reply with a message over the same transport channel (so in the HTTP response of your HTTP request). This allows to communicate without having an endpoint

TimoGlastra (Tue, 24 Aug 2021 06:59:13 GMT):

Please see this overview: https://github.com/hyperledger/aries-framework-javascript/issues/40

TimoGlastra (Tue, 24 Aug 2021 06:59:36 GMT):

It describes all the steps involved from making a connection with the mediator to using the mediator with other agents

ffendt (Tue, 24 Aug 2021 07:08:06 GMT):

Hi @TimoGlastra, thank you very much. I think I tried it that way, but somehow the mediator wasn't using the same transport channel using the transport decorator. I'll give it another shot and will try to provide some debug logs if I can't manage to make it run.

TimoGlastra (Tue, 24 Aug 2021 07:11:20 GMT):

What are you using to build the mobile agent?

ffendt (Tue, 24 Aug 2021 07:13:54 GMT):

Also ACA-py

TimoGlastra (Tue, 24 Aug 2021 07:15:15 GMT):

In that case you would have an endpoint right? Or are you running ACA-Py directly on a mobile device (not sure that's even possible)

ffendt (Tue, 24 Aug 2021 07:17:27 GMT):

I have to provide the endpoint when starting the ACA-py instance, but as said, its not reachable from the internet. It's not a mobile phone, but e.g. a raspberry, so no problem to start an ACA-py.

ffendt (Tue, 24 Aug 2021 07:18:55 GMT):

So you'd suggest switching to e.g. aries-framework-javascript? Is there any up-to-date roadmap for it?

TimoGlastra (Tue, 24 Aug 2021 08:04:19 GMT):

Not necessarily! Just trying to understand your setup. I'm not sure if ACA-Py supports this particular use case (not using an endpoint, but rather return routing). It would need to add this before sending messages.

TimoGlastra (Tue, 24 Aug 2021 08:04:36 GMT):

@dbluhm do you know whether this is supported by ACA-Py for outbound messages?

michawensveen (Tue, 24 Aug 2021 09:16:16 GMT):

@swcurran Thank you for the info. I'll be watching the github issue.

michawensveen (Tue, 24 Aug 2021 09:16:56 GMT):

For now we'll put the auto-verify-presentation in the startup of aca-py.

TimoGlastra (Tue, 24 Aug 2021 12:50:35 GMT):

Has anyone used the transaction endorser feature to provide new agents with a public DID? I'm looking for something like the following:
1. Start new ACA-Py agent without a public did
2. Create a connection with another agent
3. Create a new DID
4. Request the new connection to endorse the NYM transaction for the new DID
5. Submit the DID to the ledger
6. Set the DID as public DID

This would allow for an automated provisioning process of new agents. I know the endorse feature is integrated with the schemas and cred defs endpoints, however I couldn't find anything in the register nym endpoint. Has anyone used this for something like I described above?

TimoGlastra (Tue, 24 Aug 2021 12:51:14 GMT):

@esune I know you were working on providing subwallets with public dids through the endorser protocol

TimoGlastra (Tue, 24 Aug 2021 12:51:22 GMT):

Any insights on this?

dbluhm (Tue, 24 Aug 2021 13:06:29 GMT):

ACA-Py supports communicating with agents that operate without endpoints but ACA-Py itself does not support this mode of operation. In other words, ACA-Py can't operate as a mobile agent yet. It doesn't know how to retrieve messages from a mediator though this is something on Indicio's to-do list.

dbluhm (Tue, 24 Aug 2021 13:06:56 GMT):

If I understood the question correctly lol

ffendt (Tue, 24 Aug 2021 13:15:24 GMT):

Hi @dbluhm, yes you got the question correctly. Thank you for your help. I'll look into other mobile agents for now.

TimoGlastra (Tue, 24 Aug 2021 13:59:25 GMT):

We’ve made a lot of progress on mediation in Aries Framework JavaScript lately. You should be able to use it with a mediator from ACA-Py

dbluhm (Tue, 24 Aug 2021 15:12:59 GMT):

When using postgres with ACA-Py and working through initial setup, we're finding that when there are issues with the `wallet-storage-config` or `wallet-storage-creds` config options, there's no indication in the backtrace whether it was an authentication issue, connection issue, etc. just a 210 which corresponds to the also rather general "wallet storage error". Is there a way to retrieve more error details/trigger more logging from the postgres plugin? I think @ianco is the one to ask?

dbluhm (Tue, 24 Aug 2021 15:20:12 GMT):

Perhaps I should try setting ACA-Py's log-level to debug before I ask :grimacing:

JamesEbert (Tue, 24 Aug 2021 16:11:58 GMT):

We're actually in the process of updating Bifold to the most recent AFJ version--which includes support for coordinate mediation / implicit mediation. There's an open PR that should accomplish this: https://github.com/hyperledger/aries-mobile-agent-react-native/pull/75

esune (Tue, 24 Aug 2021 16:36:44 GMT):

There currently is no way of "endorsing" the NYM transaction, as a workaround, we are having the endorser write the NYM transaction directly.

GuilhermeFunchal (Tue, 24 Aug 2021 20:09:19 GMT):

is It possible to create some document or image to save in the wallet indy with Aca-py ?

swcurran (Tue, 24 Aug 2021 21:25:06 GMT):

FYI: Aries Cloud Agent Python [Release 0.7.1 RC0](https://github.com/hyperledger/aries-cloudagent-python/releases/tag/0.7.1-rc0) has been tagged and is available on [PyPi](https://pypi.org/project/aries-cloudagent/0.7.1rc0/) this is a pre-release for testing.  We think it is complete and ready, and don't anticipate a lot of changes.  BC Gov will have images posted for use Real Soon Now, and we'll be testing the release with our apps.

Let us know if you note anything, and if there is anything pending that you would like to see in the final Release 0.7.1.

Thanks!

ianco (Tue, 24 Aug 2021 22:54:01 GMT):

lol

ianco (Tue, 24 Aug 2021 22:54:32 GMT):

Did you get an answer on this?  I don't recall offhand but I can dig into it ...

ianco (Tue, 24 Aug 2021 22:57:37 GMT):

Just catching up on RC, is this still an outstanding issue?

ianco (Tue, 24 Aug 2021 22:58:11 GMT):

"It should work", so if there is a 400 error getting thrown I suspect there's a bug

ianco (Tue, 24 Aug 2021 22:58:29 GMT):

(esp if it's trying to find a connection record for a connectionless proof request)

swcurran (Tue, 24 Aug 2021 22:58:53 GMT):

Still an issue -- it's Issue 1365 in the ACA-Py repo

dbluhm (Wed, 25 Aug 2021 02:24:00 GMT):

Well, as it turns out, `--log-level debug` didn't show any more information. Given that it's either the config or the creds that are the issue, I'm sure we'll narrow it down eventually lol but if there is a way to get any more details, that would be helpful.

TimoGlastra (Wed, 25 Aug 2021 11:28:34 GMT):

I'd like to get this very tiny PR in if that's possible: https://github.com/hyperledger/aries-cloudagent-python/pull/1377

JSedlmeir (Sat, 28 Aug 2021 10:05:05 GMT):

@swcurran, do you know whether issuing connectionless credentials is supposed to work with aca-py?

swcurran (Sat, 28 Aug 2021 14:11:34 GMT):

It has not been a priority for us, so I'm not sure.  I know some work was recently done on adding the start of the process to OutOfBand, but I as I think about it, that would probably only work for AIP 2.0, which isn't supported in the wallets.  So my guess is probably not.

Sorry about that.

JSedlmeir (Sat, 28 Aug 2021 19:11:43 GMT):

Okay, thanks a lot for clarifying =)

phearaeun (Mon, 30 Aug 2021 06:20:11 GMT):

Hello, everyone. I have one issue with LEDGER_URL to my installed ledger on Azure VPS. My problem is it shows `Timed out waiting for agent process to start...` all the time when we run aca-py demo: `LEDGER_URL=my_url ./run_demo faber`.
Anyone used to do it successfully, please advise. Thanks!

RounakGhosh (Mon, 30 Aug 2021 13:23:03 GMT):

Anybody, has any idea how to revoke an issued credential dynamically.?.

c2bo (Mon, 30 Aug 2021 13:50:11 GMT):

Perhaps a bit of an addition why I think that edge functionality would be quite interesting for acapy: For on-premise deployments, it would be quite beneficial to have the possibility to have a local acapy that handles all the cryptographic functionality while not being exposed directly (open port) to the internet (e.g. behind a corporate proxy). In this case we could use an acapy locally to store all relevant data and have a second acapy function as a mediator with a public endpoint (without relevant cryptographic or personal data).

c2bo (Mon, 30 Aug 2021 13:54:44 GMT):

My current understanding would be that we need to add/modify 3 different aspects:
- Enable support for a decorator requesting a direct answer in the http response --> addition to outbound http protocol ?
- Handle direct responses within http posts --> also outbound http protocol ?
- Support for trustping messages to query and read mediator queue (e.g. some sort of poller task if you specified that you want to use a mediator and set a flag to not expose a public endpoint) --> I guess this would be a more fundamental change

Does this sound about right for someone with more knowledge about the internals of acapy and the mediator protocol or am I missing something?

dbluhm (Mon, 30 Aug 2021 14:10:17 GMT):

I think your assessment is accurate. I think it makes sense for the poller task to be modeled as an `InboundTransport`... but this presents some challenges with the `--inbound-transport` flag since it expects a host and port in addition to the transport module/string and that doesn't map onto this scenario.

dbluhm (Mon, 30 Aug 2021 14:12:03 GMT):

For the outbound changes, I think this also makes sense as a separate `OutboundTransport`. You could probably make all of this work as a plugin without modifying ACA-Py if you're willing to kludge it a bit -- might make a good POC

dbluhm (Mon, 30 Aug 2021 14:13:46 GMT):

Oh wait, `~transport` decorator addition would have to happen before hitting the outbound transport since it arrives as bytes when encrypted...

JSedlmeir (Mon, 30 Aug 2021 15:35:30 GMT):

Can you please specify what exactly you mean? I do not understand what you need yet.

RounakGhosh (Mon, 30 Aug 2021 15:43:20 GMT):

I want to revoke a credential with {AGENT_URL}/revocation/revoke  by calling this API, but could not do so, in my code. However, when i was making this request in swagger, I could easily do so.

RounakGhosh (Mon, 30 Aug 2021 15:44:24 GMT):

@JSedlmeir , please have a look. I have attached the code, here. Thanks.!!

RounakGhosh (Mon, 30 Aug 2021 15:45:14 GMT):

@JSedlmeir , this is the Error, we are getting while making this post request. Thanks.!!

jcourt (Mon, 30 Aug 2021 22:07:18 GMT):

I would suspect there is a missing field that Swagger is causing to be filled in.  Easiest approach would be to trace in the browser the network traffic being sent from the swagger interface when it is successful.  I suspect it will be some sort of flag or revocation time limit value that may be missing from your API call.

JSedlmeir (Tue, 31 Aug 2021 06:43:02 GMT):

Just to make sure, is there a working and active revocation registry definition? Did you take the cred_rev_id and rev_reg_id from the credential_exchange_records?

JSedlmeir (Tue, 31 Aug 2021 06:46:27 GMT):

Hmm the only difference to what I do is to write true instead of True, but not sure whether this makes a difference..

mattatkiva (Tue, 31 Aug 2021 15:12:58 GMT):

any thoughts on when 0.7.1-rc0 will be made as an offiical release?

swcurran (Tue, 31 Aug 2021 19:38:56 GMT):

Checking with @andrew.whitehead

swcurran (Tue, 31 Aug 2021 19:39:00 GMT):

I think we are ready to go.

swcurran (Tue, 31 Aug 2021 19:44:58 GMT):

Join us for the ACA-Py User Group Wednesday (tomorrow - Sept. 1) at 11AM Pacific (18:00 UTC). We'll have the core maintainers on the call to answer any questions -- other topics are below.

Zoom link: https://zoom.us/my/hyperledger.community?pwd=STZQd0xMZU9xRVVOVnpQM3JNQ2dqZz09

Link to meeting agenda page: https://wiki.hyperledger.org/display/ARIES/2021-09-01+Aries+Cloud+Agent+-+Python+Users+Group+Community+Meeting

Everyone is welcome!

Planned Topics:

A long overdue review of some open issues, playing the "Can we close this" game.
Feel free to bring the issues that you want discussed -- I have a good list!

domwoe (Wed, 01 Sep 2021 11:58:43 GMT):

The recording from last session seems to be missing. Could you post it?

mattatkiva (Wed, 01 Sep 2021 12:01:28 GMT):

will you be making a new docker image for 0.7.1?

swcurran (Wed, 01 Sep 2021 13:48:24 GMT):

Sorry about that --- I posted it and didn't hit "Publish".  It's there now.

swcurran (Wed, 01 Sep 2021 13:48:36 GMT):

:man_facepalming_medium_light_skin_tone:

dbluhm (Wed, 01 Sep 2021 14:19:11 GMT):

Speaking with SICPA this morning about the Aries WG call time change, there was interest expressed in perhaps also moving the ACA-PUG meeting to a more Europe friendly time. Given our increasing number of Europe based attendees, it definitely seems like a good suggestion to consider at least. Perhaps we could add it to the agenda as a brief discussion item?

swcurran (Wed, 01 Sep 2021 21:36:42 GMT):

Happy to move it -- I think that would be a good idea.

swcurran (Wed, 01 Sep 2021 21:36:51 GMT):

What time are you thinking?

dbluhm (Thu, 02 Sep 2021 02:18:09 GMT):

I'll check in with SICPA to get their suggestions

michawensveen (Thu, 02 Sep 2021 07:14:37 GMT):

I send a credential offer to a connection. When the offer is accepted I see an error in the aca-py log.
And Connect.me cannot process the credential.
2021-09-01 12:47:16,618 aries_cloudagent.messaging.models.base ERROR CredentialProblemReport message validation error:
Traceback (most recent call last):
  File "/home/indy/aries_cloudagent/messaging/models/base.py", line 137, in deserialize
    return schema.loads(obj) if isinstance(obj, str) else schema.load(obj)
  File "/home/indy/.pyenv/versions/3.6.13/lib/python3.6/site-packages/marshmallow/schema.py", line 723, in load
    data, many=many, partial=partial, unknown=unknown, postprocess=True
  File "/home/indy/.pyenv/versions/3.6.13/lib/python3.6/site-packages/marshmallow/schema.py", line 904, in _do_load
    raise exc
marshmallow.exceptions.ValidationError: {'_schema': ['Value for description.code must be issuance-abandoned']}
Does anybody have an idea what is wrong?

etschelp (Thu, 02 Sep 2021 10:41:33 GMT):

Hey, I just tested aca-py on tag 0.7.1 with aksar enabled and I noticed that the GET /credentials endpoint does not return any results here. The reason is that this endpoint simply has no implementation in askar.

etschelp (Thu, 02 Sep 2021 10:49:06 GMT):

And will this image have askar enabled? Currently the images on docker hub have different modules installed and fail with askar.

PatrikStas (Thu, 02 Sep 2021 14:11:26 GMT):

Has joined the channel.

PatrikStas (Thu, 02 Sep 2021 14:11:27 GMT):

Hi, I am reaching out to you guys, together with @agentcooper75 for help to troubleshoot an interop issue. 

AgentCooper75 is using `aries-vcx` to talk to acapy instance. It seems that while aries connection is basically established, however when invitee on `aries-vcx` side receives connection response, he sends sends `ack` message. But acapy seems not recognize the message `@type`. He observes following error: `Unrecognized message type https://didcomm.org/notification/1.0/ack, sending problem report"`

Do you have any thoughts on what the problem might be?

PatrikStas (Thu, 02 Sep 2021 14:11:27 GMT):

Hi, I am reaching out to you guys, together with @agentcooper75 for help to troubleshoot an interop issue. 

AgentCooper75 is using `aries-vcx` to talk to `acapy` instance. It seems that while aries connection is basically established, however when invitee on `aries-vcx` side receives connection response, he sends sends `ack` message. But acapy seems not recognize the message `@type`. He observes following error: `Unrecognized message type https://didcomm.org/notification/1.0/ack, sending problem report"`

Do you have any thoughts on what the problem might be?

PatrikStas (Thu, 02 Sep 2021 14:11:27 GMT):

Hi, I am reaching out to you guys, together with @agentcooper75 for help to troubleshoot an interop issue. 

AgentCooper75 is using `aries-vcx` to talk to `acapy` instance. It seems that while aries connection is basically established, however when invitee on `aries-vcx` side receives connection response, he sends sends `ack` message. But `acapy` seems not recognize the message `@type`. He observes following error: `Unrecognized message type https://didcomm.org/notification/1.0/ack, sending problem report"`

Do you have any thoughts on what the problem might be?

agentcooper75 (Thu, 02 Sep 2021 14:11:27 GMT):

Has joined the channel.

andrew.whitehead (Thu, 02 Sep 2021 14:24:40 GMT):

I believe it’s meant to be an ‘adopted’ ack in the did-exchange family 

PatrikStas (Thu, 02 Sep 2021 14:38:43 GMT):

`aries-vcx` implements only  `connection` protocol 0160 so far, which specifies:
> The invitee sends the inviter an ack or any other message that confirms the response was received.

So we send standard ack after receiving connection response
https://github.com/hyperledger/aries-rfcs/blob/main/features/0015-acks/README.md

dbluhm (Thu, 02 Sep 2021 15:08:56 GMT):

The proposed time we came up with is Wednesdays at 5 PM CEST / 11 AM EDT / 9 AM MT

andrew.whitehead (Thu, 02 Sep 2021 16:57:32 GMT):

Ah, yes that statement has been in there a while, but in practice we send a trust ping if confirmation of the connection is required. ACA-Py could support the standard ack message type, and it would be sufficient to mark a connection as 'active' but would never do anything else

swcurran (Thu, 02 Sep 2021 23:30:08 GMT):

Suggest maybe an issue for this in ACA-Py?   Details I'd want to know -- what are the start up options?  What ledger are you running on?  Are both agents using the same ledger?

I'm guessing it is a ledger issue, Connect.Me is sending back an error, and ACA-Py is not agreeing with Connect.Me about what state to use in the Problem Report.

swcurran (Thu, 02 Sep 2021 23:30:32 GMT):

@andrew.whitehead ^^^

swcurran (Thu, 02 Sep 2021 23:31:02 GMT):

New image is created.  Good idea on the Askar idea.  Let me check on how to do that.

swcurran (Thu, 02 Sep 2021 23:36:04 GMT):

So could aries-vcx send a trust-ping as is convention?  Or is that painful?

swcurran (Thu, 02 Sep 2021 23:37:58 GMT):

I have a standing meeting at that time and couldn't change that.

Could we go with Tuesdays at that time?

dbluhm (Fri, 03 Sep 2021 01:19:33 GMT):

@victor.martinez ^^^

ManojTaleka (Fri, 03 Sep 2021 03:21:39 GMT):

Has joined the channel.

ManojTaleka (Fri, 03 Sep 2021 04:04:32 GMT):

Hi everyone. I am a newbie to Aries Protocols. *Can someone answer my query related to Entry Point for Aries Protocols in ACA-Py Code?* Query : The Aries controller logic does await self.admin_POST("xxxxx") then a particular API will start talking to the underlying Aries Agent at Admin URL. Once the Admin URL receives the request to initiate a particular protocol then which is the entry point for execution in ACA-Py code?

ManojTaleka (Fri, 03 Sep 2021 05:01:37 GMT):

*I have query related to issuing the credential to a specific holder* : Suppose if Alice is a student receiving her education degree credentials from Faber University then how does Faber University can ascertain that the credential is issued to Alice only not anyone else? I have understood following two options are possible but not very sure whether my understanding is correct (i) Faber university can use peer-DID and associated DIDDoc of the Alice to ascertain it is issued to Alice only (ii) Link Secrets given by the Alice can be anchored to the credential issued so that if one more request in guise of Alice comes it can be cross verified with link secret.

ekubilay (Fri, 03 Sep 2021 07:40:14 GMT):

Hi all! I'm getting an error when trying to verify presentation and it is as follows:                                                                                                                                                                                                                                           File "home/indy/aries_cloudagent/indy/sdk/verifier.py, line 52, in verify_presentation await self.check_timestamps(self.ledger, pres_req, pres, rev_reg_defs) index = pred_spec["sub_proof_index"] TypeError: 'NoneType' object is not subscriptable. Do you have any ideas what the issue might be? Thanks in advance!

michawensveen (Fri, 03 Sep 2021 10:23:44 GMT):

@swcurran Thanks for your response. I put the aca-py logging to debug and now see the error we receive.
aries_cloudagent.transport.pack_format DEBUG Expanded message: {'@id': '9d661ea0-2336-41fe-b3af-db12b3c2438f', '@type': 'did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/issue-credential/1.0/problem-report', 'comment': 'error occurred: VcxError { inner: \n\nCould not find Credential Definition on the connected Ledger networks\n\nCredential Definition not found on the Ledger }', 'description': {'code': 'invalid-credential-offer', 'en': "Couldn't create credential-request for received credential-offer."}, '~thread': {'received_orders': {'did:sov:Cst5jmVuTpyQGgs7hg3Ybt': 0}, 'sender_order': 0, 'thid': 'd8655eb0-cbf5-43fb-be86-fea8c10b23f9'}}
So it looks like connect.me does not support the BCovrin Test ledger.

dbluhm (Fri, 03 Sep 2021 14:26:50 GMT):

Tuesdays at 5PM CEST work :slight_smile:

swcurran (Fri, 03 Sep 2021 15:23:51 GMT):

It does not.  AFAIK, when you first install the connect.me app, you can choose to use Sovrin Staging, or it defaults to Sovrin MainNet.  You can't use any other ledgers.

It would be good to report this as an issue as although you found the underlying issue -- it would be good if we can figure out why the problem-report was not handled smoothly.

swcurran (Fri, 03 Sep 2021 15:24:17 GMT):

I'll send out a notice and we'll plan for that.  I like that time better.

swcurran (Fri, 03 Sep 2021 15:24:35 GMT):

Especially with the Aries WG moving.

swcurran (Fri, 03 Sep 2021 15:55:30 GMT):

Looks like Andrew has added something to ACA-Py that I think addresses this -- https://github.com/hyperledger/aries-cloudagent-python/pull/1390

andrew.whitehead (Fri, 03 Sep 2021 21:50:31 GMT):

It looks like you're using an older version, this seems to be fixed (and the code for it has moved to indy/verifier.py)

andrew.whitehead (Fri, 03 Sep 2021 21:51:57 GMT):

But also, it looks like one of the requested predicates is not being fulfilled

andrew.whitehead (Fri, 03 Sep 2021 22:01:04 GMT):

I think that should be fixed by this PR: https://github.com/hyperledger/aries-cloudagent-python/pull/1394

swcurran (Sat, 04 Sep 2021 16:40:05 GMT):

Every issuing service needs to determine for the credentials they issue what identity proofing they need to do before issuing a credential.  For example, Faber might included in their Web Portal for students a link to get a VC based on the assumption that they know the identity of the logged in student. Whatever access control to the Web Portal is “good enough”.

Or in the future, when the student arrives at the school, Faber issues the credential as part of an in-person event, and then they use that to enable access to the Web Portal — flipping the scenario.

If the students have gov’t issued identity VCs, they could request that as a proof, connect that to the students record in their system, and then issue a student ID verifiable credential.

So there are many ways, and it’s about mitigating the risk of issuing to the wrong person.

ManojTaleka (Mon, 06 Sep 2021 04:00:41 GMT):

Suppose if we are thinking of issuing-holding-verifying triangle for IoT devices then before issuing an credential to a specific IoT device the identity proofing can be done by registration of IoT device's information in the cloud of the issuer?

ManojTaleka (Mon, 06 Sep 2021 04:01:27 GMT):

Suppose if we are thinking of issuing-holding-verifying triangle for IoT devices then before issuing the credential to a specific IoT device the identity proofing can be done by registration of IoT device's information in the cloud of the issuer?

michawensveen (Mon, 06 Sep 2021 06:59:52 GMT):

Created an issue:

michawensveen (Mon, 06 Sep 2021 06:59:54 GMT):

https://github.com/hyperledger/aries-cloudagent-python/issues/1397

ekubilay (Mon, 06 Sep 2021 09:27:30 GMT):

this was very helpful, thank you:)

DenverNaicker (Mon, 06 Sep 2021 15:17:11 GMT):

Has joined the channel.

DenverNaicker (Mon, 06 Sep 2021 15:35:39 GMT):



Clipboard - September 6, 2021 5:35 PM

DenverNaicker (Mon, 06 Sep 2021 15:35:39 GMT):

Was just wondering if this is a common error, if I use --wallet-type indy I get ledger pool timeout error, without --wallet-type indy, the aries cloud agent starts up although when publishing to ledger it says Error 403 ledger not found

DenverNaicker (Mon, 06 Sep 2021 15:35:39 GMT):

Was just wondering if this is a common error, when I use --wallet-type indy to startup agent I get ledger pool timeout error. 
If I remove --wallet-type indy, the aries cloud agent starts up although when publishing to ledger it says Error 403 ledger not found?

DenverNaicker (Mon, 06 Sep 2021 15:35:39 GMT):

Was just wondering if this is a common error, when I use --wallet-type indy to startup agent I get ledger pool timeout error. 
If I remove --wallet-type indy, the aries cloud agent starts up although when publishing to ledger it says Error 403 ledger not found? This also error also appears: in schemas_send_schema
    raise web.HTTPForbidden(reason=reason)
aiohttp.web_exceptions.HTTPForbidden: No ledger available

DenverNaicker (Mon, 06 Sep 2021 15:35:39 GMT):

Was just wondering if this is a common error, when I use --wallet-type indy to startup agent I get ledger pool timeout error. 
If I remove --wallet-type indy, the aries cloud agent starts up although when publishing to ledger it says Error 403 ledger not found? 

This also error also appears: in schemas_send_schema raise web.HTTPForbidden(reason=reason) aiohttp.web_exceptions.HTTPForbidden: No ledger available

DenverNaicker (Mon, 06 Sep 2021 15:35:39 GMT):

Was just wondering if this is a common error, when I use --wallet-type indy to startup agent I get ledger pool timeout error. 
If I remove --wallet-type indy, the aries cloud agent starts up although when publishing to ledger it says Error 403 ledger not found? 
This also error also appears: in schemas_send_schema raise web.HTTPForbidden(reason=reason) aiohttp.web_exceptions.HTTPForbidden: No ledger available

DenverNaicker (Mon, 06 Sep 2021 15:35:39 GMT):

Was just wondering if this is a common error, when I use --wallet-type indy to startup agent I get ledger pool timeout error. 
If I remove --wallet-type indy, the aries cloud agent starts up although when publishing to ledger it says Error 403 ledger not found? 
This also error also appears: in schemas_send_schema raise web.HTTPForbidden(reason=reason) aiohttp.web_exceptions.HTTPForbidden: No ledger available. Would I need HTTPS?

DenverNaicker (Mon, 06 Sep 2021 15:35:39 GMT):

Was just wondering if this is a common error, when I use --wallet-type indy to startup agent I get ledger pool timeout error. 
If I remove --wallet-type indy, the aries cloud agent starts up although when publishing to ledger it says Error 403 ledger not found? 
This also error also appears: in schemas_send_schema raise web.HTTPForbidden(reason=reason) aiohttp.web_exceptions.HTTPForbidden: No ledger available. Would I need HTTPS? I am able to register Alice as an issuer using localhost:9000/register but localhost:9000/schemas returns ledger not found, which is linked to --wallet-type indy not being provided as I get an pool timeout error. This was working yesterday on aca-py 0.7.1.

DenverNaicker (Mon, 06 Sep 2021 15:35:39 GMT):

Was just wondering if this is a common error, when I use --wallet-type indy to startup agent I get ledger pool timeout error. 
If I remove --wallet-type indy, the aries cloud agent starts up although when publishing to ledger it says Error 403 ledger not found? 
This also error also appears: in schemas_send_schema raise web.HTTPForbidden(reason=reason) aiohttp.web_exceptions.HTTPForbidden: No ledger available. Would I need HTTPS? I am able to register Alice as an issuer using localhost:9000/register but localhost:9000/schemas returns ledger not found, which is linked to --wallet-type indy not being provided as I get an pool timeout error. This was working yesterday on aca-py 0.7.1. I added a github issue: https://github.com/hyperledger/aries-cloudagent-python/issues/1398

jcourt (Mon, 06 Sep 2021 20:59:22 GMT):

Without seeing what your complete set of start command arguments to ACA-Py are, its hard to understand what could be happening.  My first guess would be that you haven't pointed it correctly at your ledger to get the genesis transactions from the locally running VON Ledger (i.e. the --genesis-url parameter or config file option).

jcourt (Mon, 06 Sep 2021 21:00:31 GMT):

Without seeing what your complete set of start command arguments to ACA-Py are, its hard to understand what could be happening. My first guess would be that you haven't pointed it correctly at your ledger to get the genesis transactions from the locally running VON Ledger (i.e. the --genesis-url parameter or config file option).

DenverNaicker (Tue, 07 Sep 2021 03:41:22 GMT):



Steps to ACA-PY.pdf

DenverNaicker (Tue, 07 Sep 2021 03:41:53 GMT):

Hi Jcourt, I have provided the steps I am using in the pdf attache. Thank you for responding to my message.

DenverNaicker (Tue, 07 Sep 2021 03:41:53 GMT):

Hi Jcourt, I have provided the steps I am using in the pdf attached. Thank you for responding to my message.

DenverNaicker (Tue, 07 Sep 2021 03:51:30 GMT):



Steps to ACA-PY.pdf

DenverNaicker (Tue, 07 Sep 2021 03:51:46 GMT):

I added the von-network start steps

DenverNaicker (Tue, 07 Sep 2021 04:53:42 GMT):

i think the main error is the '--wallet-type indy' returning 'ledger pool timeout' 

Are there other '--wallet-types' one could use?

DenverNaicker (Tue, 07 Sep 2021 04:53:42 GMT):

i think the main error is the '--wallet-type indy' returning 'ledger pool timeout'. Is there a list of '--wallet-types' one could use?

DenverNaicker (Tue, 07 Sep 2021 04:56:29 GMT):

I just noticed aca-py --help and the --wallet-type 'basic' or 'indy' can be used

DenverNaicker (Tue, 07 Sep 2021 09:05:32 GMT):



Clipboard - September 7, 2021 11:05 AM

DenverNaicker (Tue, 07 Sep 2021 09:05:57 GMT):

it is primarily this, upon adding --wallet-type basic it still returns error 403 ledger not found for /schemas

DenverNaicker (Tue, 07 Sep 2021 09:10:06 GMT):

I updated the github issue with a better detail of the error after retrying: https://github.com/hyperledger/aries-cloudagent-python/issues/1398#issuecomment-914131497

DenverNaicker (Tue, 07 Sep 2021 09:21:09 GMT):

the issue seems to be reflected as not having '--wallet-type indy' in agent args, even if one uses '--wallet-type basic' it does not like it, if i add '--wallet-type indy' I get connection pool errors, those are the ones I am going to try and resolve now. Previous github issuing noting the change in the message displayed for the error but still it could be more helpful error message on trying to resolve https://github.com/hyperledger/aries-cloudagent-python/issues/518

DenverNaicker (Tue, 07 Sep 2021 09:21:09 GMT):

the issue seems to be reflected as not having '--wallet-type indy' in agent args, even if one uses '--wallet-type basic' it does not like it, if i add '--wallet-type indy' I get connection pool errors, those are the ones I am going to try and resolve now. Previous github issuing noting the change in the message displayed for the error  https://github.com/hyperledger/aries-cloudagent-python/issues/518

swcurran (Tue, 07 Sep 2021 14:22:36 GMT):

Thanks.

RounakGhosh (Tue, 07 Sep 2021 14:49:30 GMT):

Yes, I saved cred_rev_id in environment variable and rev_reg_id from wallet, and made request by calling the api.

Previously I was using credential_exchange_id and publish=true , but it failed to revoke credential

RounakGhosh (Tue, 07 Sep 2021 14:52:31 GMT):

Also, here I have used json.dumps , which while making the post ultimately changes the body from "publish":True to "publish":true.

DenverNaicker (Tue, 07 Sep 2021 15:05:01 GMT):

I messed up my system trying to get indy node pool error resolved by installing packages. I am a bit frustrated with the documentation. The packages and the version management and just being forced to use the demo again. I would really like to use aca-py connect to von-network and conduct the api tests, why is this soo hard?

swcurran (Tue, 07 Sep 2021 15:24:59 GMT):

Is it that you are trying to use everything on bare-metal vs. docker. Containers are far better to start with as otherwise you get messages like above.  The /demo folder has the guidance for trying out the API, and von-network let's you spin up a network in seconds.  From there you can see how everything is working on docker and from there to bare metal.  But bare-metal is a pain.

DenverNaicker (Tue, 07 Sep 2021 16:08:36 GMT):

Thanks Stephen, I will try that. I clean installed windows subsystem linux virtual machines and am going to start the process again using the docker demo. I am doing the edx courses as well, I am hoping to create a mobile app interface to aca-py agents and have everything publish to a ledger. Thank you for replying.

DenverNaicker (Tue, 07 Sep 2021 16:08:36 GMT):

Thanks Stephen, I will try that. I cleaned installed windows subsystem linux virtual machines and am going to start the process again using the docker demo. I am doing the edx courses as well, I am hoping to create a mobile app interface to aca-py agents and have everything publish to a ledger. Thank you for replying.

DenverNaicker (Tue, 07 Sep 2021 16:08:36 GMT):

Thanks Stephen, I will try that. I cleaned installed windows subsystem linux virtual machines and am going to start the process again using the docker demo. I am doing the edx courses as well, I am hoping to create a mobile app interface to aca-py agents and have everything publish to a ledger. Thanks again.

DenverNaicker (Tue, 07 Sep 2021 16:08:36 GMT):

Thanks Stephen, I will try that. I cleaned installed windows subsystem linux virtual machines and am going to start the process again using the docker demo. I am doing the edx courses as well, I am hoping to create a mobile app interface to aca-py agents and have everything publish to a ledger.

DenverNaicker (Tue, 07 Sep 2021 18:41:52 GMT):

Tried running the openapi docker demo https://github.com/hyperledger/aries-cloudagent-python/blob/main/demo/AriesOpenAPIDemo.md, but am encountering this error https://github.com/hyperledger/aries-cloudagent-python/issues/1399 when using accept-request api says can't connect to host 192.168.56.102:8020

DenverNaicker (Tue, 07 Sep 2021 18:41:52 GMT):

Tried running the openapi docker demo https://github.com/hyperledger/aries-cloudagent-python/blob/main/demo/AriesOpenAPIDemo.md, but am encountering this error https://github.com/hyperledger/aries-cloudagent-python/issues/1399 when using accept-request api says can't connect to host 192.168.56.102:8020. I tried to use ngrok to tunnel in using http 80, but that could not connect to endpoint

DenverNaicker (Tue, 07 Sep 2021 18:41:52 GMT):

Tried running the openapi docker demo https://github.com/hyperledger/aries-cloudagent-python/blob/main/demo/AriesOpenAPIDemo.md, but am encountering this error https://github.com/hyperledger/aries-cloudagent-python/issues/1399 when using accept-request api says can't connect to host 192.168.56.102:8020. I tried to use ngrok to tunnel in using http 80, but that could not connect to endpoint. I tried using play.with.docker.online and encountered the error wallet not found when running the docker scripts and calling accept-request on faber's side, I added a github issue: https://github.com/hyperledger/aries-cloudagent-python/issues/1399#issuecomment-914872893

DenverNaicker (Tue, 07 Sep 2021 18:41:52 GMT):

Tried running the openapi docker demo https://github.com/hyperledger/aries-cloudagent-python/blob/main/demo/AriesOpenAPIDemo.md, but am encountering this error https://github.com/hyperledger/aries-cloudagent-python/issues/1399 when using accept-request api says can't connect to host 192.168.56.102:8020. I tried to use ngrok to tunnel in using http 80, but that could not connect to endpoint. I tried using play.with.docker.online and encountered the error wallet not found when running the docker scripts and calling accept-request on faber's side, I added a comment to github issue: https://github.com/hyperledger/aries-cloudagent-python/issues/1399#issuecomment-914872893

DenverNaicker (Tue, 07 Sep 2021 18:41:52 GMT):

Tried running the openapi docker demo https://github.com/hyperledger/aries-cloudagent-python/blob/main/demo/AriesOpenAPIDemo.md, but am encountering this error https://github.com/hyperledger/aries-cloudagent-python/issues/1399 when using accept-request api says can't connect to host 192.168.56.102:8020. I tried to use ngrok to tunnel in using http 80, but that could not connect to endpoint. I tried using play.with.docker.online and encountered the error wallet not found when running the docker scripts and calling accept-request on faber's side, I added a comment to github issue: https://github.com/hyperledger/aries-cloudagent-python/issues/1399#issuecomment-914872893. I am using the documentation from https://github.com/hyperledger/aries-cloudagent-python/blob/main/demo/AriesOpenAPIDemo.md#use-the-alice-agent-to-receive-fabers-invitation which is part of the chapter aries developer edx

ianco (Tue, 07 Sep 2021 20:48:24 GMT):

@michawensveen this should be fixed now, can you re-test?

DenverNaicker (Wed, 08 Sep 2021 06:40:44 GMT):

I tried running the start local pools with docker https://github.com/hyperledger/indy-sdk/blob/master/README.md#how-to-start-local-nodes-pool-with-docker 

but when starting aca-py agent aca-py start --label Alice -it http 0.0.0.0 8000 -ot http --admin 0.0.0.0 11000 --admin-insecure-mode --genesis-url http://localhost:9701/genesis --seed Alice000000000000000000000000001 --endpoint http://localhost:8000/ --debug-connections --auto-provision --wallet-name Alice1 --wallet-key secret --auto-accept-invites --auto-accept-requests --wallet-type indy 

receiving 'aries_cloudagent.config.base.ConfigError: Error retrieving ledger genesis transactions' when starting aca-py agents

DenverNaicker (Wed, 08 Sep 2021 06:40:44 GMT):

I tried running the start local pools with docker https://github.com/hyperledger/indy-sdk/blob/master/README.md#how-to-start-local-nodes-pool-with-docker 

but when starting aca-py: agent aca-py start --label Alice -it http 0.0.0.0 8000 -ot http --admin 0.0.0.0 11000 --admin-insecure-mode --genesis-url http://localhost:9701/genesis --seed Alice000000000000000000000000001 --endpoint http://localhost:8000/ --debug-connections --auto-provision --wallet-name Alice1 --wallet-key secret --auto-accept-invites --auto-accept-requests --wallet-type indy 

receiving 'aries_cloudagent.config.base.ConfigError: Error retrieving ledger genesis transactions' when starting aca-py agents

DenverNaicker (Wed, 08 Sep 2021 06:40:44 GMT):

I tried running the start local pools with docker https://github.com/hyperledger/indy-sdk/blob/master/README.md#how-to-start-local-nodes-pool-with-docker 

but when starting aca-py: agent aca-py start --label Alice -it http 0.0.0.0 8000 -ot http --admin 0.0.0.0 11000 --admin-insecure-mode --genesis-url http://localhost:9701/genesis --seed Alice000000000000000000000000001 --endpoint http://localhost:8000/ --debug-connections --auto-provision --wallet-name Alice1 --wallet-key secret --auto-accept-invites --auto-accept-requests --wallet-type indy 

receiving 'aries_cloudagent.config.base.ConfigError: Error retrieving ledger genesis transactions'

DenverNaicker (Wed, 08 Sep 2021 06:40:44 GMT):

I tried running the start local pools with docker https://github.com/hyperledger/indy-sdk/blob/master/README.md#how-to-start-local-nodes-pool-with-docker. I tried all three steps, local, wifi and docker subnet. I tried to access webserver to see ledger but could not. I tried running aca-py with access points to localhost:9701 but returned with error. Is it perhaps I am accessing a port or ip not available?

but when starting aca-py: agent aca-py start --label Alice -it http 0.0.0.0 8000 -ot http --admin 0.0.0.0 11000 --admin-insecure-mode --genesis-url http://localhost:9701/genesis --seed Alice000000000000000000000000001 --endpoint http://localhost:8000/ --debug-connections --auto-provision --wallet-name Alice1 --wallet-key secret --auto-accept-invites --auto-accept-requests --wallet-type indy 

receiving 'aries_cloudagent.config.base.ConfigError: Error retrieving ledger genesis transactions'

DenverNaicker (Wed, 08 Sep 2021 06:40:44 GMT):

I tried running the start local pools with docker https://github.com/hyperledger/indy-sdk/blob/master/README.md#how-to-start-local-nodes-pool-with-docker. I tried all three steps, local, wifi and docker subnet. I tried to access webserver to see ledger but could not. I tried running aca-py with access points to localhost:9701 but returned with error. Is it perhaps I am accessing a port or ip not available?

when starting aca-py: agent aca-py start --label Alice -it http 0.0.0.0 8000 -ot http --admin 0.0.0.0 11000 --admin-insecure-mode --genesis-url http://localhost:9701/genesis --seed Alice000000000000000000000000001 --endpoint http://localhost:8000/ --debug-connections --auto-provision --wallet-name Alice1 --wallet-key secret --auto-accept-invites --auto-accept-requests --wallet-type indy 

receiving 'aries_cloudagent.config.base.ConfigError: Error retrieving ledger genesis transactions'

DenverNaicker (Wed, 08 Sep 2021 06:40:44 GMT):

I tried running the start local pools with docker https://github.com/hyperledger/indy-sdk/blob/master/README.md#how-to-start-local-nodes-pool-with-docker. I tried all three steps, local, wifi and docker subnet, they built and ran successfully and can see it in docker container status. I tried to access webserver to see ledger but could not. I tried running aca-py with access points to localhost:9701 but returned with error. Is it perhaps I am accessing a port or ip not available?

when starting aca-py: agent aca-py start --label Alice -it http 0.0.0.0 8000 -ot http --admin 0.0.0.0 11000 --admin-insecure-mode --genesis-url http://localhost:9701/genesis --seed Alice000000000000000000000000001 --endpoint http://localhost:8000/ --debug-connections --auto-provision --wallet-name Alice1 --wallet-key secret --auto-accept-invites --auto-accept-requests --wallet-type indy 

receiving 'aries_cloudagent.config.base.ConfigError: Error retrieving ledger genesis transactions'

DenverNaicker (Wed, 08 Sep 2021 06:40:44 GMT):

I tried running the start local pools with docker https://github.com/hyperledger/indy-sdk/blob/master/README.md#how-to-start-local-nodes-pool-with-docker. I tried all three steps, local, wifi and docker subnet, they built and ran successfully and can see it in docker container status. I tried to access webserver to see ledger but could not. I tried running aca-py with access points to localhost:9701 but returned with error. Is it perhaps I am accessing a port or ip not available?

starting docker with: 
docker run -itd -p 192.168.8.102:9701-9708:9701-9708 indy_pool
or 
docker run -d --ip="10.0.0.2" --net=indy_pool_network indy_pool

when starting aca-py: agent aca-py start --label Alice -it http 0.0.0.0 8000 -ot http --admin 0.0.0.0 11000 --admin-insecure-mode --genesis-url http://localhost:9701/genesis --seed Alice000000000000000000000000001 --endpoint http://localhost:8000/ --debug-connections --auto-provision --wallet-name Alice1 --wallet-key secret --auto-accept-invites --auto-accept-requests --wallet-type indy 

receiving 'aries_cloudagent.config.base.ConfigError: Error retrieving ledger genesis transactions'

DenverNaicker (Wed, 08 Sep 2021 06:40:44 GMT):

I tried running the start local pools with docker https://github.com/hyperledger/indy-sdk/blob/master/README.md#how-to-start-local-nodes-pool-with-docker. I tried all three steps, local, wifi and docker subnet, they built and ran successfully and can see it in docker container status. I tried to access webserver to see ledger but could not. I tried running aca-py with access points to localhost:9701 but returned with error. Is it perhaps I am accessing a port or ip not available?

starting docker with: 
docker run -itd -p 192.168.8.102:9701-9708:9701-9708 indy_pool
or 
docker run -d --ip="10.0.0.2" --net=indy_pool_network indy_pool

when starting aca-py: 
agent aca-py start --label Alice -it http 0.0.0.0 8000 -ot http --admin 0.0.0.0 11000 --admin-insecure-mode --genesis-url http://localhost:9701/genesis --seed Alice000000000000000000000000001 --endpoint http://localhost:8000/ --debug-connections --auto-provision --wallet-name Alice1 --wallet-key secret --auto-accept-invites --auto-accept-requests --wallet-type indy 

receiving 'aries_cloudagent.config.base.ConfigError: Error retrieving ledger genesis transactions'

DenverNaicker (Wed, 08 Sep 2021 06:40:44 GMT):

I tried running the start local pools with docker https://github.com/hyperledger/indy-sdk/blob/master/README.md#how-to-start-local-nodes-pool-with-docker. I tried all three steps, local, wifi and docker subnet, they built and ran successfully and can see it in docker container status. I tried to access webserver to see ledger but could not. I tried running aca-py with access points to localhost:9701 but returned with error. Is it perhaps I am accessing a port or ip not available?

starting docker with: 
docker run -itd -p 192.168.8.102:9701-9708:9701-9708 indy_pool
or 
docker run -d --ip="10.0.0.2" --net=indy_pool_network indy_pool

when starting aca-py: 
agent aca-py start --label Alice -it http 0.0.0.0 8000 -ot http --admin 0.0.0.0 11000 --admin-insecure-mode --genesis-url http://localhost:9701/genesis --seed Alice000000000000000000000000001 --endpoint http://localhost:8000/ --debug-connections --auto-provision --wallet-name Alice1 --wallet-key secret --auto-accept-invites --auto-accept-requests --wallet-type indy 

receiving 'aries_cloudagent.config.base.ConfigError: Error retrieving ledger genesis transactions'

I think the main question is where do I find the genesis url after starting the docker image?

DenverNaicker (Wed, 08 Sep 2021 06:40:44 GMT):

I tried running the start local pools with docker https://github.com/hyperledger/indy-sdk/blob/master/README.md#how-to-start-local-nodes-pool-with-docker. I tried all three steps, local, wifi and docker subnet, they built and ran successfully and can see it in docker container status. I tried to access webserver to see ledger but could not. I tried running aca-py with access points to localhost:9701 but returned with error. Is it perhaps I am accessing a port or ip not available?

starting docker with: 
docker run -itd -p 192.168.8.102:9701-9708:9701-9708 indy_pool
or 
docker run -d --ip="10.0.0.2" --net=indy_pool_network indy_pool

when starting aca-py: 
agent aca-py start --label Alice -it http 0.0.0.0 8000 -ot http --admin 0.0.0.0 11000 --admin-insecure-mode --genesis-url http://localhost:9701/genesis --seed Alice000000000000000000000000001 --endpoint http://localhost:8000/ --debug-connections --auto-provision --wallet-name Alice1 --wallet-key secret --auto-accept-invites --auto-accept-requests --wallet-type indy 

receiving 'aries_cloudagent.config.base.ConfigError: Error retrieving ledger genesis transactions'

I think the primary question is where do I find the genesis url after starting the docker image?

DenverNaicker (Wed, 08 Sep 2021 06:40:44 GMT):

I tried running the start local pools with docker https://github.com/hyperledger/indy-sdk/blob/master/README.md#how-to-start-local-nodes-pool-with-docker. I tried all three steps, local, wifi and docker subnet, they built and ran successfully and can see it in docker container status. I tried to access webserver to see ledger but could not. I tried running aca-py with access points to localhost:9701 but returned with error. Is it perhaps I am accessing a port or ip not available?

starting docker with: 
docker run -itd -p 192.168.8.102:9701-9708:9701-9708 indy_pool
or 
docker run -d --ip="10.0.0.2" --net=indy_pool_network indy_pool

when starting aca-py: 
agent aca-py start --label Alice -it http 0.0.0.0 8000 -ot http --admin 0.0.0.0 11000 --admin-insecure-mode --genesis-url http://localhost:9701/genesis --seed Alice000000000000000000000000001 --endpoint http://localhost:8000/ --debug-connections --auto-provision --wallet-name Alice1 --wallet-key secret --auto-accept-invites --auto-accept-requests --wallet-type indy 

receiving 'aries_cloudagent.config.base.ConfigError: Error retrieving ledger genesis transactions'

I think the primary question is where do I find the genesis url after starting the docker image which I can use to startup the Alice agent?

DenverNaicker (Wed, 08 Sep 2021 06:55:08 GMT):

using http://dev.greenlight.bcovrin.vonx.io/genesis to replace localhost:9000/genesis and aca-py agent connects

DenverNaicker (Wed, 08 Sep 2021 06:55:08 GMT):

using http://dev.greenlight.bcovrin.vonx.io/genesis to replace localhost:9000/genesis and aca-py agent connects.

i am able to conduct curl tests against localhost:11000 and 11001 but am not able to view the openapi/swagger interface if visiting localhost:11000 on the browser

DenverNaicker (Wed, 08 Sep 2021 08:12:42 GMT):

i started getting no schema id errors when creating credential definition even though schema created with schema_id on bcovrin, came across github issue https://github.com/hyperledger/aries-cloudagent-python/issues/506 but not sure if it is directly related with wallet sync?

> post
curl -X POST http://localhost:11000/schemas -H 'Content-Type: application/json' -d '{ "attributes": ["name", "age"], "schema_name": "my-schema", "schema_version": "1.0"}'

> result
{"schema_id": "PLEVLDPJQMJvPLyX3LgB6S:2:my-schema:1.0", "schema": {"ver": "1.0", "id": "PLEVLDPJQMJvPLyX3LgB6S:2:my-schema:1.0", "name": "my-schema", "version": "1.0", "attrNames": ["age", "name"], "seqNo": null}}

> post
curl -X POST http://localhost:11000/credential-definitionsson' -d '{"schema_id": "PLEVLDPJQMJvPLyX3LgB6S:2:my-schema:1.0", "tag": "default"}'

> result
400: Ledger default has no schema PLEVLDPJQMJvPLyX3LgB6S:2:my-schema:1.0

DenverNaicker (Wed, 08 Sep 2021 08:12:42 GMT):

i started getting no schema id errors when creating credential definition even though schema created with schema_id on bcovrin, came across github issue https://github.com/hyperledger/aries-cloudagent-python/issues/506 but not sure if it is directly related:

> post
curl -X POST http://localhost:11000/schemas -H 'Content-Type: application/json' -d '{ "attributes": ["name", "age"], "schema_name": "my-schema", "schema_version": "1.0"}'

> result
{"schema_id": "PLEVLDPJQMJvPLyX3LgB6S:2:my-schema:1.0", "schema": {"ver": "1.0", "id": "PLEVLDPJQMJvPLyX3LgB6S:2:my-schema:1.0", "name": "my-schema", "version": "1.0", "attrNames": ["age", "name"], "seqNo": null}}

> post
curl -X POST http://localhost:11000/credential-definitionsson' -d '{"schema_id": "PLEVLDPJQMJvPLyX3LgB6S:2:my-schema:1.0", "tag": "default"}'

> result
400: Ledger default has no schema PLEVLDPJQMJvPLyX3LgB6S:2:my-schema:1.0

DenverNaicker (Wed, 08 Sep 2021 08:12:42 GMT):

i started getting no schema id errors when creating credential definition even though schema created with schema_id on bcovrin, came across github issue https://github.com/hyperledger/aries-cloudagent-python/issues/506 but not sure if it is directly related:

post:
> curl -X POST http://localhost:11000/schemas -H 'Content-Type: application/json' -d '{ "attributes": ["name", "age"], "schema_name": "my-schema", "schema_version": "1.0"}'

result:
> {"schema_id": "PLEVLDPJQMJvPLyX3LgB6S:2:my-schema:1.0", "schema": {"ver": "1.0", "id": "PLEVLDPJQMJvPLyX3LgB6S:2:my-schema:1.0", "name": "my-schema", "version": "1.0", "attrNames": ["age", "name"], "seqNo": null}}

post:
> curl -X POST http://localhost:11000/credential-definitionsson' -d '{"schema_id": "PLEVLDPJQMJvPLyX3LgB6S:2:my-schema:1.0", "tag": "default"}'

result:
> 400: Ledger default has no schema PLEVLDPJQMJvPLyX3LgB6S:2:my-schema:1.0

DenverNaicker (Wed, 08 Sep 2021 08:12:42 GMT):

i started getting no schema id errors when creating credential definition even though schema created with schema_id on bcovrin, came across github issue https://github.com/hyperledger/aries-cloudagent-python/issues/506 but not sure if it is directly related:

post:
> curl -X POST http://localhost:11000/schemas -H 'Content-Type: application/json' -d '{ "attributes": ["name", "age"], "schema_name": "my-schema", "schema_version": "1.0"}'

result:
> {"schema_id": "PLEVLDPJQMJvPLyX3LgB6S:2:my-schema:1.0", "schema": {"ver": "1.0", "id": "PLEVLDPJQMJvPLyX3LgB6S:2:my-schema:1.0", "name": "my-schema", "version": "1.0", "attrNames": ["age", "name"], "seqNo": null}}

post:
> curl -X POST http://localhost:11000/credential-definitions' -d '{"schema_id": "PLEVLDPJQMJvPLyX3LgB6S:2:my-schema:1.0", "tag": "default"}'

result:
> 400: Ledger default has no schema PLEVLDPJQMJvPLyX3LgB6S:2:my-schema:1.0

DenverNaicker (Wed, 08 Sep 2021 08:12:42 GMT):

i started getting no schema id errors when creating credential definition even though schema created with schema_id on bcovrin, came across github issue https://github.com/hyperledger/aries-cloudagent-python/issues/506 but not sure if it is directly related:

post:
> curl -X POST http://localhost:11000/schemas -H 'Content-Type: application/json' -d '{ "attributes": ["name", "age"], "schema_name": "my-schema", "schema_version": "1.0"}'

result:
> {"schema_id": "PLEVLDPJQMJvPLyX3LgB6S:2:my-schema:1.0", "schema": {"ver": "1.0", "id": "PLEVLDPJQMJvPLyX3LgB6S:2:my-schema:1.0", "name": "my-schema", "version": "1.0", "attrNames": ["age", "name"], "seqNo": null}}

post:
> curl -X POST http://localhost:11000/credential-definitions' -d '{"schema_id": "PLEVLDPJQMJvPLyX3LgB6S:2:my-schema:1.0", "tag": "default"}'

result:
> 400: Ledger default has no schema PLEVLDPJQMJvPLyX3LgB6S:2:my-schema:1.0

just noticing that but seqNo should not be null

DenverNaicker (Wed, 08 Sep 2021 08:12:42 GMT):

i started getting no schema id errors when creating credential definition even though schema created with schema_id on bcovrin, came across github issue https://github.com/hyperledger/aries-cloudagent-python/issues/506 but not sure if it is directly related:

post:
> curl -X POST http://localhost:11000/schemas -H 'Content-Type: application/json' -d '{ "attributes": ["name", "age"], "schema_name": "my-schema", "schema_version": "1.0"}'

result:
> {"schema_id": "PLEVLDPJQMJvPLyX3LgB6S:2:my-schema:1.0", "schema": {"ver": "1.0", "id": "PLEVLDPJQMJvPLyX3LgB6S:2:my-schema:1.0", "name": "my-schema", "version": "1.0", "attrNames": ["age", "name"], "seqNo": null}}

post:
> curl -X POST http://localhost:11000/credential-definitions' -d '{"schema_id": "PLEVLDPJQMJvPLyX3LgB6S:2:my-schema:1.0", "tag": "default"}'

result:
> 400: Ledger default has no schema PLEVLDPJQMJvPLyX3LgB6S:2:my-schema:1.0

just noticing that seqNo should not be null

DenverNaicker (Wed, 08 Sep 2021 11:15:39 GMT):

Just curious why does https://github.com/hyperledger/aries-acapy-controllers/blob/main/AliceFaberAcmeDemo/README.md work with no issues....?

DenverNaicker (Wed, 08 Sep 2021 11:15:39 GMT):

Was able to complete transaction scenarios using amajji repo https://github.com/hyperledger/aries-acapy-controllers/blob/main/AliceFaberAcmeDemo/README.md but its only demo related, not sure why the other options are not functional, can one take this demo repo and use it for more production ready applications and if not what would need to change?

DenverNaicker (Wed, 08 Sep 2021 11:15:39 GMT):

Was able to complete transaction scenarios using amajji repo https://github.com/hyperledger/aries-acapy-controllers/blob/main/AliceFaberAcmeDemo/README.md

michawensveen (Wed, 08 Sep 2021 11:16:14 GMT):

Yes, we will test the fix. Will let you know the result after testing.

KevinKerkhoven (Thu, 09 Sep 2021 13:37:03 GMT):

Hi all,

Tested the newest version of aca-py (main branch), and I have great news: manual validation of proofs works now! So thanks for the help! :smiley: 

State is now verified!

DenverNaicker (Fri, 10 Sep 2021 15:01:52 GMT):

I was trying to setup Aries Dotnet Xamarin and one of the requirements was the static libraries for iOS and Android. The link is broken on the github repo and there is a pre-existing issue opened for 15 days, was wondering if anyone has an alternative link?

https://github.com/hyperledger/aries-mobile-agent-xamarin#working-with-public-endpoint

https://hyperledger-org.bintray.com/aries/

The actual error says 'Forbidden'

https://github.com/hyperledger/aries-mobile-agent-xamarin/issues/44

phearaeun (Fri, 10 Sep 2021 17:21:04 GMT):

Sorry, I used to ask this question once before and I still can't manage to solve it.
```
Handler error with exception: Ledger rejected transaction request: client request invalid: insufficient number of valid signatures, 1 is required but 0 valid and 1 invalid have been provided. The following signatures are invalid: did=QppWypYVwr8vSV9RHBgrzY, signature=3wmZwRKz5BLagHdpJDZyYJgZSmmvEFWdEcVJrpChBFJaK1NaTKUS29Y3ouXPg73879xNhor8KqvwsdZFzdSgFhS4.
```

Recently, I have been testing this several times. I am still not sure if my guess was right.

I have one aca-py instance with `multitenancy` enabled. The  agent was created using `seed`, the base wallet. However, sub-wallets were created using `verkey` and `did`. I guess that the `invalid signature` issue was because of the base wallet was using seed while sub-wallets were using verkey and did. If that's the case, I would use seed instead of public did. But those sub-wallets will need to have `cred def id` in order to issue credential to holders. 

Is it possible if all sub-wallets use the same `cred def id` from the base wallet?

RounakGhosh (Fri, 10 Sep 2021 18:52:36 GMT):

Hello, My credential is not getting issued onto the ledger, can anyone help.??

requests.exceptions.HTTPError: 400 Client Error: Error when issuing credential: Error: Invalid structure. Caused b
y: UrsaCryptoError: Invalid len of bytes representation for PoingG2. CommonInvalidStructure. for url: http://dev-t
hrift-agent:5001/issue-credential/records/3e9555b6-412b-4b6a-b388-554c869dbe7b/issue 

facing this issue while trying to execute the api, any help.??

RounakGhosh (Fri, 10 Sep 2021 18:52:36 GMT):

Hello, could not make credential issued onto the ledger, can anyone help.??

requests.exceptions.HTTPError: 400 Client Error: Error when issuing credential: Error: Invalid structure. Caused b
y: UrsaCryptoError: Invalid len of bytes representation for PoingG2. CommonInvalidStructure. for url: http://dev-t
hrift-agent:5001/issue-credential/records/3e9555b6-412b-4b6a-b388-554c869dbe7b/issue 

facing this issue while trying to execute the api, any help.??

GuilhermeFunchal (Fri, 10 Sep 2021 23:51:40 GMT):

How can I test the json-ld signature and verification on version 0.7.1 ?

ianco (Sat, 11 Sep 2021 02:39:32 GMT):

It's all built into the demo:  https://github.com/hyperledger/aries-cloudagent-python/blob/main/demo/AliceWantsAJsonCredential.md

phearaeun (Sat, 11 Sep 2021 04:20:37 GMT):

Could someone help me, please?
I am trying to make did public for sub-wallet but it's impossible?
endpoint: `wallet/did/public`

Error:
```
Ledger rejected transaction request: client request invalid: insufficient number of valid signatures, 1 is required but 0 valid and 1 invalid have been provided. The following signatures are invalid: did=FABxaLMTvL6ZHttEy2FHZQ, signature=FaiCEcPZs5udQY7Sh3yNfmfj9wBb1TWbYqVdcCw2VcuKP1fLUNccrmtXZsGQDPUrgFvRbcf8xiQrFcwHCHsQtwg.
```
It is said that the did is invalid but how to get valid did from sub-wallet?

urkizu (Mon, 13 Sep 2021 09:06:07 GMT):

Has joined the channel.

urkizu (Mon, 13 Sep 2021 09:06:08 GMT):

urkaitz

fethbita (Mon, 13 Sep 2021 16:02:17 GMT):

Is there a way to import a public DID that's already published in the ledger to the multitenancy tenants? In short I want all the tenants to use the same public DID.

fethbita (Mon, 13 Sep 2021 16:07:06 GMT):

Kind of related: https://github.com/hyperledger/aries-cloudagent-python/issues/974

swcurran (Mon, 13 Sep 2021 23:40:37 GMT):

Join us for the ACA-Py User Group Wednesday (Sept. 15) at 11AM Pacific (18:00 UTC). We'll have the core maintainers on the call to answer any questions -- other topics are below.

**NOTE: THE MEETING IS AT THE SAME TIME AS PREVIOUSLY -- LAST TIME**

Zoom link: https://zoom.us/my/hyperledger.community?pwd=STZQd0xMZU9xRVVOVnpQM3JNQ2dqZz09

Link to meeting agenda page: https://wiki.hyperledger.org/display/ARIES/2021-09-15+Aries+Cloud+Agent+-+Python+Users+Group+Community+Meeting

Everyone is welcome!

Planned Topics:

- When to hold this meeting -- goal is a Europe-friendlier time
- Release 0.7.2 -- when and what?
- TBD -- **if you have a topic you want to discuss, please reply to this message**

swcurran (Mon, 13 Sep 2021 23:40:37 GMT):

Join us for the ACA-Py User Group Wednesday (Sept. 15) at 11AM Pacific (18:00 UTC). We'll have the core maintainers on the call to answer any questions -- other topics are below.

**NOTE: THE MEETING IS AT THE SAME TIME AS PREVIOUS ACA-Pug MEETING -- LAST TIME**

Zoom link: https://zoom.us/my/hyperledger.community?pwd=STZQd0xMZU9xRVVOVnpQM3JNQ2dqZz09

Link to meeting agenda page: https://wiki.hyperledger.org/display/ARIES/2021-09-15+Aries+Cloud+Agent+-+Python+Users+Group+Community+Meeting

Everyone is welcome!

Planned Topics:

- When to hold this meeting -- goal is a Europe-friendlier time
- Release 0.7.2 -- when and what?
- TBD -- **if you have a topic you want to discuss, please reply to this message**

swcurran (Mon, 13 Sep 2021 23:41:54 GMT):

@dbluhm, @TimoGlastra @victor.martinez  -- note that I didn't get a chance to change the meeting time yet -- there are conflicts with the times being considered.

michawensveen (Tue, 14 Sep 2021 11:13:56 GMT):

Hi all,

michawensveen (Tue, 14 Sep 2021 11:14:34 GMT):

Is it possible to run a tailsserver on kubernetes. Ie run more than one instance?

etschelp (Tue, 14 Sep 2021 11:57:51 GMT):

As long as they all use the same persistent volume mount.

WadeBarnes (Tue, 14 Sep 2021 12:20:49 GMT):

We (BC Gov hat on) host our tails servers in OpenShift.  Configurations can be found here; https://github.com/bcgov/a2a-trust-over-ip-configurations/tree/master/openshift/templates/tails-server

michawensveen (Tue, 14 Sep 2021 12:21:22 GMT):

Thanks.

WadeBarnes (Tue, 14 Sep 2021 12:25:28 GMT):

Those are the configuration for the following tails servers:
- https://tails-dev.vonx.io
- https://tails-test.vonx.io
- https://tails.vonx.io
- https://tails.orgbook.gov.bc.ca

`tails.vonx.io`, and `tails.orgbook.gov.bc.ca` are the same server.

WadeBarnes (Tue, 14 Sep 2021 12:30:16 GMT):

You'll note we have it auto-scale from 2 to 4 instances.

GuilhermeFunchal (Tue, 14 Sep 2021 23:06:18 GMT):

Thanks Ian

GuilhermeFunchal (Wed, 15 Sep 2021 16:10:01 GMT):

Hello, I generated the credential in w3c format with the command:

curl -X POST "http://IP-ADDRESS:8021/issue-credential-2.0/send-offer" -H "accept: application/json" -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ3YWxsZXRfaWQiOiI1YjJhZWQxOS04YzllLTRiZjctODc2Ny0wNjA1NDAxYTliOWQifQ.C1-fRBTHIL3NvGQlBuPL5Tqjd23akl-BHLziCeOaI5Q" -H "Content-Type: application/json" -d "{ \"connection_id\": \"729f50ae-458f-45fa-8593-9979a0d4a270\", \"filter\": { \"ld_proof\": { \"credential\": { \"@context\": [ \"https://www.w3.org/2018/credentials/v1\", \"https://www.w3.org/2018/credentials/examples/v1\" ], \"type\": [\"VerifiableCredential\", \"UniversityDegreeCredential\"], \"issuer\": \"did:key:z6MkeYRqD9C53B4ZPWKr5Ro2npvQgGmTv6uKHeLKqXzpK3XD\", \"issuanceDate\": \"2020-01-01T12:00:00Z\", \"credentialSubject\": { \"id\": \"did:key:123dkajshdkajhsdkjahsdkjahsdj\", \"givenName\": \"Sally\", \"familyName\": \"Student\", \"degree\": { \"type\": \"BachelorDegree\", \"degreeType\": \"Undergraduate\", \"name\": \"Bachelor of Science and Arts\" }, \"college\": \"Faber College\" } }, \"options\": { \"proofType\": \"Ed25519Signature2018\" } } }}

GuilhermeFunchal (Wed, 15 Sep 2021 16:10:01 GMT):

Hello, I generated the credential in w3c format with the command:

curl -X POST "http://IP-ADDRESS:8021/issue-credential-2.0/send-offer" -H "accept: application/json" -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ3YWxsZXRfaWQiOiI1YjJhZWQxOS04YzllLTRiZjctODc2Ny0wNjA1NDAxYTliOWQifQ.C1-fRBTHIL3NvGQlBuPL5Tqjd23akl-BHLziCeOaI5Q" -H "Content-Type: application/json" -d "{ \"connection_id\": \"729f50ae-458f-45fa-8593-9979a0d4a270\", \"filter\": { \"ld_proof\": { \"credential\": { \"@context\": [ \"https://www.w3.org/2018/credentials/v1\", \"https://www.w3.org/2018/credentials/examples/v1\" ], \"type\": [\"VerifiableCredential\", \"UniversityDegreeCredential\"], \"issuer\": \"did:key:z6MkeYRqD9C53B4ZPWKr5Ro2npvQgGmTv6uKHeLKqXzpK3XD\", \"issuanceDate\": \"2020-01-01T12:00:00Z\", \"credentialSubject\": { \"id\": \"did:key:123dkajshdkajhsdkjahsdkjahsdj\", \"givenName\": \"Sally\", \"familyName\": \"Student\", \"degree\": { \"type\": \"BachelorDegree\", \"degreeType\": \"Undergraduate\", \"name\": \"Bachelor of Science and Arts\" }, \"college\": \"Faber College\" } }, \"options\": { \"proofType\": \"Ed25519Signature2018\" } } }}

But, When I try to verify that the credential reached the recipient with the call wirh command 

curl -X GET "http://IP_ADDRESS:8021/credentials/w3c" -H "accept: application/json" -H "Authorization: Bearer TOKEN"

the system responds with : 405: Method Not Allowed

How should I do ?

GuilhermeFunchal (Wed, 15 Sep 2021 16:10:01 GMT):

Hello, I generated the credential in w3c format with the command:

curl -X POST "http://IP-ADDRESS:8021/issue-credential-2.0/send-offer" -H "accept: application/json" -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ3YWxsZXRfaWQiOiI1YjJhZWQxOS04YzllLTRiZjctODc2Ny0wNjA1NDAxYTliOWQifQ.C1-fRBTHIL3NvGQlBuPL5Tqjd23akl-BHLziCeOaI5Q" -H "Content-Type: application/json" -d "{ \"connection_id\": \"729f50ae-458f-45fa-8593-9979a0d4a270\", \"filter\": { \"ld_proof\": { \"credential\": { \"@context\": [ \"https://www.w3.org/2018/credentials/v1\", \"https://www.w3.org/2018/credentials/examples/v1\" ], \"type\": [\"VerifiableCredential\", \"UniversityDegreeCredential\"], \"issuer\": \"did:key:z6MkeYRqD9C53B4ZPWKr5Ro2npvQgGmTv6uKHeLKqXzpK3XD\", \"issuanceDate\": \"2020-01-01T12:00:00Z\", \"credentialSubject\": { \"id\": \"did:key:123dkajshdkajhsdkjahsdkjahsdj\", \"givenName\": \"Sally\", \"familyName\": \"Student\", \"degree\": { \"type\": \"BachelorDegree\", \"degreeType\": \"Undergraduate\", \"name\": \"Bachelor of Science and Arts\" }, \"college\": \"Faber College\" } }, \"options\": { \"proofType\": \"Ed25519Signature2018\" } } }}

But, When I try to verify that the credential reached the recipient with the call wirh command 

curl -X GET "http://IP_ADDRESS:8021/credentials/w3c" -H "accept: application/json" -H "Authorization: Bearer TOKEN"

the system responds with : 405: Method Not Allowed

How should I do ?

I'm using https://github.com/hyperledger/aries-cloudagent-python/blob/main/demo/AliceWantsAJsonCredential.md to simulate.

ianco (Wed, 15 Sep 2021 16:56:25 GMT):

I'm not sure about the `405` error (I expect you should be able to clal the method) however it looks like you're calling the wrong agent?  port `8021` is the issuer, the holder will either be on a different port # or use a different JWT token

GuilhermeFunchal (Wed, 15 Sep 2021 17:04:50 GMT):

I'm use multitenant and I'm use diferente token to issuer and for recipient from credential

GuilhermeFunchal (Wed, 15 Sep 2021 17:06:39 GMT):

Sending the credential happens normally...but I can't get credential in another user

ianco (Wed, 15 Sep 2021 17:37:12 GMT):

For some reason the endpoint ""http://IP_ADDRESS:8021/credentials/w3c"" needs to use POST

GuilhermeFunchal (Wed, 15 Sep 2021 17:46:55 GMT):

Yes I'm using POST, but I can't see any credential with json-ld format...in the indy format everithing works...

GuilhermeFunchal (Wed, 15 Sep 2021 17:47:25 GMT):

The state of issuer is offer-sent

ianco (Wed, 15 Sep 2021 17:48:23 GMT):

If the issuer state is `offer-sent` then the holder needs to respond to the request

GuilhermeFunchal (Wed, 15 Sep 2021 18:02:34 GMT):

Yes, but When I try to receive, I receive  answer : 



Error: credential_exchange_v10 record not found WalletItemNotFound.

ianco (Wed, 15 Sep 2021 18:15:52 GMT):

I think you need to use the v2.0 credential endpoints

GuilhermeFunchal (Wed, 15 Sep 2021 18:26:04 GMT):

Yes, I'm using all options with v2.0

GuilhermeFunchal (Wed, 15 Sep 2021 18:26:47 GMT):

Do I need to make any changes to the agent startup?

GuilhermeFunchal (Wed, 15 Sep 2021 18:27:03 GMT):

I'm using --multitenant option

ianco (Wed, 15 Sep 2021 18:27:09 GMT):

... but this error is from a v1.0 endpoint:  Error: `credential_exchange_v10 record not found WalletItemNotFound.`

ianco (Wed, 15 Sep 2021 18:27:33 GMT):

Can you post the full scenario you are running (how do you start the agents, how do you connect agents, issue credentials etc?)

GuilhermeFunchal (Wed, 15 Sep 2021 18:33:02 GMT):



screen1.png

GuilhermeFunchal (Wed, 15 Sep 2021 18:34:29 GMT):

Have I created the following credential on an issuer : 



curl -X POST "http://161.148.151.46:8021/issue-credential-2.0/send-offer" -H "accept: application/json" -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ3YWxsZXRfaWQiOiI1YjJhZWQxOS04YzllLTRiZjctODc2Ny0wNjA1NDAxYTliOWQifQ.C1-fRBTHIL3NvGQlBuPL5Tqjd23akl-BHLziCeOaI5Q" -H "Content-Type: application/json" -d "{ \"connection_id\": \"729f50ae-458f-45fa-8593-9979a0d4a270\", \"filter\": { \"ld_proof\": { \"credential\": { \"@context\": [ \"https://www.w3.org/2018/credentials/v1\", \"https://www.w3.org/2018/credentials/examples/v1\" ], \"type\": [\"VerifiableCredential\", \"UniversityDegreeCredential\"], \"issuer\": \"did:key:z6MkeYRqD9C53B4ZPWKr5Ro2npvQgGmTv6uKHeLKqXzpK3XD\", \"issuanceDate\": \"2020-01-01T12:00:00Z\", \"credentialSubject\": { \"id\": \"did:key:123dkajshdkajhsdkjahsdkjahsdj\", \"givenName\": \"Sally\", \"familyName\": \"Student\", \"degree\": { \"type\": \"BachelorDegree\", \"degreeType\": \"Undergraduate\", \"name\": \"Bachelor of Science and Arts\" }, \"college\": \"Faber College\" } }, \"options\": { \"proofType\": \"Ed25519Signature2018\" } } }}"

GuilhermeFunchal (Wed, 15 Sep 2021 18:35:02 GMT):

ACA-PY accepted and sent normally

GuilhermeFunchal (Wed, 15 Sep 2021 18:35:58 GMT):

I log into Swagger with the recipient with another token and I can't get the credential

GuilhermeFunchal (Wed, 15 Sep 2021 18:37:20 GMT):

To start ACA-Py 0.7.1 I'm using this options : 


aca-py start --endpoint "http://bf73-189-9-61-70.ngrok.io" \
--genesis-url $GENESIS \
--endpoint 'http://192.168.3.4:8020' \
--inbound-transport $INBOUND_TRANSPORT \
--outbound-transport http \
--webhook-url 'http://0.0.0.0:8080' \
--auto-respond-credential-proposal \
--auto-respond-credential-request \
--auto-respond-presentation-proposal \
--auto-respond-credential-offer \
--auto-respond-presentation-request \
--auto-accept-invites \
--auto-accept-requests \
--auto-store-credential \
--auto-verify-presentation \
--auto-ping-connection \
--auto-provision \
--auto-respond-messages \
--preserve-exchange-records \
--admin $ADMIN \
--seed $SEED \
--enable-undelivered-queue \
--jwt-secret $JWTSECRET \
--wallet-type indy \
--storage-type indy \
--wallet-name $AGENT_NAME \
--wallet-key $AGENT_NAME \
--wallet-storage-type 'postgres_storage' \
--wallet-storage-config $WALLET_STORAGE_CONFIG \
--wallet-storage-creds $WALLET_STORAGE_CREDS \
--trace \
--log-file aca-py.log \
--log-level debug \
--trace-target log \
--trace-tag acapy.events \
--label $LABEL \
--trace-label credencial-serv.agent.trace \
--tails-server-base-url $TAILS_SERVER_BASE_URL \
--admin-insecure-mode \
--multitenant \
--multitenant-admin \

fethbita (Wed, 15 Sep 2021 18:39:00 GMT):

This meeting was really really short :D I thought I could make it a little late but it's a shame, just watched the recording

GuilhermeFunchal (Wed, 15 Sep 2021 18:39:24 GMT):

To generate keys I'm using  


curl -X POST "http://161.148.151.46:8021/wallet/did/create" -H "accept: application/json" -H "Authorization: Bearer TOKEN" -H "Content-Type: application/json" -d "{ \"method\": \"key\", \"options\": { \"key_type\": \"ed25519\" }}"

GuilhermeFunchal (Wed, 15 Sep 2021 19:32:32 GMT):

In the document https://github.com/hyperledger/aries-cloudagent-python/blob/main/demo/AliceWantsAJsonCredential.md

GuilhermeFunchal (Wed, 15 Sep 2021 19:32:40 GMT):

To issue a credential, use the /issue-credential-2.0/send (or /issue-credential-2.0/create-offer) endpoint, you can test with this example payload (just replace the "connection_id", "issuer" key, "credentialSubject.id" and "proofType" with appropriate values:

GuilhermeFunchal (Wed, 15 Sep 2021 19:33:29 GMT):

Where do I get the value of "issuer" key ?

ianco (Wed, 15 Sep 2021 21:12:39 GMT):

Hi @GuilhermeFunchal  I don't see anything obvious that you're doing wrong ...  I just tested with the alice/faber demo and everything is working file.  You can try running this demo and follow through the code to compare what the demo is doing vs what you're doing

ianco (Wed, 15 Sep 2021 21:12:55 GMT):

Start faber with `./run_demo faber --multitenant --cred-type json-ld`

ianco (Wed, 15 Sep 2021 21:13:12 GMT):

Start alice with `./run_demo alice --multitenant`

ianco (Wed, 15 Sep 2021 21:13:38 GMT):

Both alice and faber will use managed sub-wallets, and faber will issue json-ld format credentials

ianco (Wed, 15 Sep 2021 21:14:28 GMT):

Note you need to use my fork `https://github.com/ianco/aries-cloudagent-python` as I've just opened a PR to fix a faber startup error when using this combination of parameters ...

fethbita (Thu, 16 Sep 2021 10:36:05 GMT):

In aca-py, is there an endpoint for unrevoking a credential?

GuilhermeFunchal (Thu, 16 Sep 2021 14:46:10 GMT):

Why using version 0.7.1 with option "--multitenancy" does the subwallet remain "posted" after assigning to public ? what do i need to do to create the subwallet correctly?

GuilhermeFunchal (Thu, 16 Sep 2021 15:46:53 GMT):

Thanks Ian,  i will test

GuilhermeFunchal (Thu, 16 Sep 2021 15:46:53 GMT):

What branch should i choose?

swcurran (Thu, 16 Sep 2021 17:48:32 GMT):

Sorry about that. My fault for not getting something lined up.

swcurran (Thu, 16 Sep 2021 17:48:49 GMT):

See you next Tuesday at the new time!

andrew.whitehead (Thu, 16 Sep 2021 18:12:32 GMT):

Posted is equivalent to public, now

andrew.whitehead (Thu, 16 Sep 2021 18:12:56 GMT):

That just means that it's been written to the ledger

jcourt (Fri, 17 Sep 2021 07:04:12 GMT):

Can anyone tell me why when I create a revocable credential definition, there seems to be 2 tails files created on the tails file server ?  I guess I only expected one.

TimoGlastra (Fri, 17 Sep 2021 07:54:35 GMT):

As I understand the revocation implementation, ACA-Py creates two tails files to always have a backup. So if the registry is full it can immediately use the new one and asynchronously create a new one in the background

TimoGlastra (Fri, 17 Sep 2021 07:54:42 GMT):

But I'm not 100% sure on this

WadeBarnes (Fri, 17 Sep 2021 13:06:56 GMT):

That is correct.  `aca-py` tries to stay one step ahead with the revocation registry definitions and associated tails files.

GuilhermeFunchal (Fri, 17 Sep 2021 15:22:45 GMT):

thanks

regiseloi (Fri, 17 Sep 2021 19:10:22 GMT):

Has joined the channel.

swcurran (Fri, 17 Sep 2021 23:06:21 GMT):

Join us for the ACA-Py User Group *THIS TUESDAY (NEW DAY!!!)* (Sept. 21) at *8AM Pacific (18:00 UTC)  (NEW DAY!!!)*. We'll have the core maintainers on the call to answer any questions -- other topics are below.

Zoom link: https://zoom.us/my/hyperledger.community?pwd=STZQd0xMZU9xRVVOVnpQM3JNQ2dqZz09

Link to meeting agenda page: https://wiki.hyperledger.org/display/ARIES/2021-09-15+Aries+Cloud+Agent+-+Python+Users+Group+Community+Meeting

Everyone is welcome!

Planned Topics:

- NEW TIME: Every second Tuesday at 8AM Canada Pacific time starting this coming Tuesday, Sept. 21, 2021.
- Release 0.7.2 PRs merged since 0.7.1
- The Business Partner Agent (BPA) – An overview from Mines Digital Trust, BC Gov
    - Business Partner Agent is a "wallet for businesses" (and a lot more!) that was started by Bosch - https://github.com/hyperledger-labs/business-partner-agent
    - The BC Gov Mines Digital Trust team has been collaborating on BPA to create a way for business in the BC Natural Resources sector to be able to share trusted information about their operation for businesses.
    - BPA is built on ACA-Py and is a great demonstration of how Verifiable Credential-based systems can be implemented for complex, business to business use cases.
- Questions – AMA

swcurran (Fri, 17 Sep 2021 23:06:21 GMT):

Join us for the ACA-Py User Group *THIS TUESDAY (NEW DAY!!!)* (Sept. 21) at *8AM Pacific (18:00 UTC)  (NEW DAY!!!)*. We'll have the core maintainers on the call to answer any questions -- other topics are below.

Zoom link: https://zoom.us/my/hyperledger.community?pwd=STZQd0xMZU9xRVVOVnpQM3JNQ2dqZz09

Link to meeting agenda page: https://wiki.hyperledger.org/display/ARIES/2021-09-15+Aries+Cloud+Agent+-+Python+Users+Group+Community+Meeting

Everyone is welcome!

Planned Topics:

- NEW TIME: Every second Tuesday at 8AM Canada Pacific time starting this coming Tuesday, Sept. 21, 2021.
- Release 0.7.2 PRs merged since 0.7.1
- The Business Partner Agent (BPA) – An overview from Mines Digital Trust, BC Gov
> Business Partner Agent is a "wallet for businesses" (and a lot more!) that was started by Bosch - https://github.com/hyperledger-labs/business-partner-agent
> The BC Gov Mines Digital Trust team has been collaborating on BPA to create a way for business in the BC Natural Resources sector to be able to share trusted information about their operation for businesses.
> BPA is built on ACA-Py and is a great demonstration of how Verifiable Credential-based systems can be implemented for complex, business to business use cases.
- Questions – AMA

swcurran (Fri, 17 Sep 2021 23:06:21 GMT):

Join us for the ACA-Py User Group *THIS TUESDAY (NEW DAY!!!)* (Sept. 21) at *8AM Pacific (18:00 UTC)  (NEW DAY!!!)*. We'll have the core maintainers on the call to answer any questions -- other topics are below.

Zoom link: https://zoom.us/my/hyperledger.community?pwd=STZQd0xMZU9xRVVOVnpQM3JNQ2dqZz09

Link to meeting agenda page: https://wiki.hyperledger.org/display/ARIES/2021-09-15+Aries+Cloud+Agent+-+Python+Users+Group+Community+Meeting

Everyone is welcome!

Planned Topics:

- NEW TIME: Every second Tuesday at 8AM Canada Pacific time starting this coming Tuesday, Sept. 21, 2021.
- Release 0.7.2 PRs merged since 0.7.1
- The Business Partner Agent (BPA) – An overview from Mines Digital Trust, BC Gov
> Business Partner Agent is a "wallet for businesses" (and a lot more!) that was started by Bosch - https://github.com/hyperledger-labs/business-partner-agent The BC Gov Mines Digital Trust team has been collaborating on BPA to create a way for business in the BC Natural Resources sector to be able to share trusted information about their operation for businesses. BPA is built on ACA-Py and is a great demonstration of how Verifiable Credential-based systems can be implemented for complex, business to business use cases.
- Questions – AMA

swcurran (Fri, 17 Sep 2021 23:06:21 GMT):

Join us for the ACA-Py User Group *THIS TUESDAY (NEW DAY!!!)* (Sept. 21) at *8AM Pacific (18:00 UTC)  (NEW DAY!!!)*. We'll have the core maintainers on the call to answer any questions -- other topics are below.

Zoom link: https://zoom.us/my/hyperledger.community?pwd=STZQd0xMZU9xRVVOVnpQM3JNQ2dqZz09

Link to meeting agenda page: https://wiki.hyperledger.org/display/ARIES/2021-09-15+Aries+Cloud+Agent+-+Python+Users+Group+Community+Meeting

Everyone is welcome!

Planned Topics:

- NEW TIME: Every second Tuesday at 8AM Canada Pacific time starting this coming Tuesday, Sept. 21, 2021.
- Release 0.7.2 PRs merged since 0.7.1
- The Business Partner Agent (BPA) – An overview from Mines Digital Trust, BC Gov
>Business Partner Agent is a "wallet for businesses" (and a lot more!) that was started by Bosch - https://github.com/hyperledger-labs/business-partner-agent The BC Gov Mines Digital Trust team has been collaborating on BPA to create a way for business in the BC Natural Resources sector to be able to share trusted information about their operation for businesses. BPA is built on ACA-Py and is a great demonstration of how Verifiable Credential-based systems can be implemented for complex, business to business use cases.
- Questions – AMA

swcurran (Fri, 17 Sep 2021 23:06:21 GMT):

Join us for the ACA-Py User Group *THIS TUESDAY (NEW DAY!!!)* (Sept. 21) at *8AM Pacific (18:00 UTC)  (NEW DAY!!!)*. We'll have the core maintainers on the call to answer any questions -- other topics are below.

Zoom link: https://zoom.us/my/hyperledger.community?pwd=STZQd0xMZU9xRVVOVnpQM3JNQ2dqZz09

Link to meeting agenda page: https://wiki.hyperledger.org/display/ARIES/2021-09-15+Aries+Cloud+Agent+-+Python+Users+Group+Community+Meeting

Everyone is welcome!

Planned Topics:

- NEW TIME: Every second Tuesday at 8AM Canada Pacific time starting this coming Tuesday, Sept. 21, 2021.
- Release 0.7.2 PRs merged since 0.7.1
- The Business Partner Agent (BPA) – An overview from Mines Digital Trust, BC Gov
>Business Partner Agent is a "wallet for businesses" (and a lot more!) that was started by Bosch - https://github.com/hyperledger-labs/business-partner-agent The BC Gov Mines Digital Trust team has been collaborating on BPA to create a way for business in the BC Natural Resources sector to be able to share trusted information about their operation to other businesses (partners, customers, etc.). BPA is built on ACA-Py and is a great demonstration of how Verifiable Credential-based systems can be implemented for complex, business to business use cases.
- Questions – AMA

swcurran (Fri, 17 Sep 2021 23:06:21 GMT):

Join us for the ACA-Py User Group *THIS TUESDAY (NEW DAY!!!)* (Sept. 21) at *8AM Pacific (18:00 UTC)  (NEW TIME!!!)*. We'll have the core maintainers on the call to answer any questions -- other topics are below.

Zoom link: https://zoom.us/my/hyperledger.community?pwd=STZQd0xMZU9xRVVOVnpQM3JNQ2dqZz09

Link to meeting agenda page: https://wiki.hyperledger.org/display/ARIES/2021-09-15+Aries+Cloud+Agent+-+Python+Users+Group+Community+Meeting

Everyone is welcome!

Planned Topics:

- NEW TIME: Every second Tuesday at 8AM Canada Pacific time starting this coming Tuesday, Sept. 21, 2021.
- Release 0.7.2 PRs merged since 0.7.1
- The Business Partner Agent (BPA) – An overview from Mines Digital Trust, BC Gov
>Business Partner Agent is a "wallet for businesses" (and a lot more!) that was started by Bosch - https://github.com/hyperledger-labs/business-partner-agent The BC Gov Mines Digital Trust team has been collaborating on BPA to create a way for business in the BC Natural Resources sector to be able to share trusted information about their operation to other businesses (partners, customers, etc.). BPA is built on ACA-Py and is a great demonstration of how Verifiable Credential-based systems can be implemented for complex, business to business use cases.
- Questions – AMA

swcurran (Fri, 17 Sep 2021 23:06:21 GMT):

Join us for the ACA-Py User Group *THIS TUESDAY (NEW DAY!!!)* (Sept. 21) at *8AM Pacific (18:00 UTC)  (NEW TIME!!!)*. We'll have the core maintainers on the call to answer any questions -- other topics are below.

Zoom link: https://us02web.zoom.us/j/83049816627?pwd=MzF1UFdQV1FtZ1Jia3J1NVpYTDYvdz09

Link to meeting agenda page: https://wiki.hyperledger.org/display/ARIES/2021-09-15+Aries+Cloud+Agent+-+Python+Users+Group+Community+Meeting

Everyone is welcome!

Planned Topics:

- NEW TIME: Every second Tuesday at 8AM Canada Pacific time starting this coming Tuesday, Sept. 21, 2021.
- Release 0.7.2 PRs merged since 0.7.1
- The Business Partner Agent (BPA) – An overview from Mines Digital Trust, BC Gov
>Business Partner Agent is a "wallet for businesses" (and a lot more!) that was started by Bosch - https://github.com/hyperledger-labs/business-partner-agent The BC Gov Mines Digital Trust team has been collaborating on BPA to create a way for business in the BC Natural Resources sector to be able to share trusted information about their operation to other businesses (partners, customers, etc.). BPA is built on ACA-Py and is a great demonstration of how Verifiable Credential-based systems can be implemented for complex, business to business use cases.
- Questions – AM

usingetechnology (Fri, 17 Sep 2021 23:32:52 GMT):

Question for those in the know.  Connection between A and B.  When B receives a credential offer over that connection, is it the credential definition always going to contain A's DID? Could A ever do a credential offer using another agent's credential definition? As in offer on behalf of C?

swcurran (Fri, 17 Sep 2021 23:37:37 GMT):

There is some subtlety in that question.  The DIDs in the connection between A&B are not (likely) the DID that A uses when issuing credentials. The communication DIDs and the issuing DIDs are separate.

That said, for A to issue a credential to B, it must have control over the credential definition to be able to generate the credential that includes data provided by B to be put into the credential.

In theory it could have another piece of software do the generation, but they would have to collaborate (or collude?) to do that.

Does that help?

usingetechnology (Fri, 17 Sep 2021 23:40:33 GMT):

yes, very helpful, thanks. was just looking for another avenue for the BPA to set its partner's public DID. I didn't realize there were different DIDs for communicating and issuing.  Thanks!

jcourt (Sun, 19 Sep 2021 21:35:46 GMT):

Ok so that's something I mis-understood.  Thanks for the info.  That leads to the question though on size ?   I thought when I specified the `revocation_registry_size` at credential definition time, that was the ABSOLUTE limit on the number of credentials that could be issued for that definition.  Your explanation seems to suggest that is not the case ?  Is the registry updated with multiple tails files for a single credential definition so that the actual number of credentials is unlimited ?  Sorry I don't already know all this it is probably down in the details of an Indy HIPE somewhere.

jcourt (Mon, 20 Sep 2021 03:34:37 GMT):

Ok, a little bit of playing with my ACA-py UI and the answer was obvious :-) I had assumed that the credential definition bound the REVOC_REG_DEF in a 1:1 relationship. That is incorrect, the REVOC_REG_DEF is bound to the credential definition but each Issued credential from a given credential definition can be bound to a a different REVOC_REF_DEF.  So the revocation_registry_size controls how large the tails file is that each prover has to download.  It does NOT limit how many total credentials can be created for a single credential definition.  The counter point is the smaller the tails file, the more updates that must be done to the ledger to add new REVOC_REG_DEF entries ....... well that's MUCH more scalable than I was thinking whew !
Also ACA-py stays one tails file and REVOC_REG_DEF entry ahead of currently issued credentials.

versus (Mon, 20 Sep 2021 13:30:54 GMT):

Has joined the channel.

swcurran (Tue, 21 Sep 2021 15:03:41 GMT):

New Zoom: https://us02web.zoom.us/j/83049816627?pwd=MzF1UFdQV1FtZ1Jia3J1NVpYTDYvdz09

swcurran (Tue, 21 Sep 2021 15:03:41 GMT):

New Zoom: https://us02web.zoom.us/j/83049816627?pwd=MzF1UFdQV1FtZ1Jia3J1NVpYTDYvdz09 for ACA-Pug meeting.

dbluhm (Tue, 21 Sep 2021 17:11:05 GMT):

This would explain why I got meeting reports back about governance :laughing:

swcurran (Tue, 21 Sep 2021 17:35:03 GMT):

Climate Action SIG Zoom Channel :man_facepalming_light_skin_tone: 

Need to fix that...

jcourt (Tue, 21 Sep 2021 22:06:58 GMT):

Having some issues with spaces in the Credential Definition `tag` field when defining a revocable credential  The `tag` model indicates it is a `string` however it appears the when the `PUT` is done to the indy-tails-file server an escaped format is sent resulting in the tails server failing to find the Ledger entry for for the REVOC_REG_DEF.  Has anyone else encountered this and have a suggested approach which avoids it ?

jcourt (Tue, 21 Sep 2021 22:40:30 GMT):

So the way I am going to work around is to URI encode the `tag` at the model layer when creating the Credential Definition and URI decode whenever displaying the field.  I am also thinking to do the same for Schema Definitions just top be consistent however still interested in thoughts on whether  this is actually a bug that should be logged ?

swcurran (Tue, 21 Sep 2021 23:06:00 GMT):

@ianco @andrew.whitehead ^^

ianco (Tue, 21 Sep 2021 23:08:14 GMT):

I seem to recall having issues with spaces in the cred def `tag`, don't recall the details, but I use underscore in place of spaces

ianco (Tue, 21 Sep 2021 23:08:23 GMT):

It's an indy issue

jcourt (Tue, 21 Sep 2021 23:12:50 GMT):

@ianco I thought of restricting the fields that way but these are likely to be displayed in a variety of places so opted instead to encode/decode.  Maybe the model should just be changed to indicate the restriction. FWIW my e2e tests are working for revocable credentials with this workaround.

jcourt (Wed, 22 Sep 2021 02:11:11 GMT):

Turned out there were too many ripple effects in the proof presentation areas to make the encode/decode consistent.  Ended up restricting input of Credential and Schema tag/name to `/^[0-9a-zA-Z_-]+$/`

da3v21 (Wed, 22 Sep 2021 07:05:22 GMT):

hi everyone can *aca-py mediator* be used as a mediator for a *dotnet mobile agent* ?

IgorSim (Wed, 22 Sep 2021 08:22:15 GMT):

Has joined the channel.

agrawalaman (Wed, 22 Sep 2021 10:40:55 GMT):

Hi, what is the difference between removing a credential from a wallet and revocation of the credential?

fethbita (Wed, 22 Sep 2021 11:04:47 GMT):

Removing a credential destroys it from the wallet and if it is not stored anywhere else (e.g. issuer) the data will be lost. Revoking a credential makes it so that verification in the proof exchange fails, but the data still exists

versus (Wed, 22 Sep 2021 12:46:30 GMT):

Hi everyone. First of all, great job working on ACA-Py! Keep up with it :-) One question: we see that it is possible to issue W3C VC (https://github.com/hyperledger/aries-rfcs/blob/main/features/0593-json-ld-cred-attach/README.md) via ACA-Py and the VC is retrieved via /credentials/w3c endpoint. However, can one use this VC during the Present Proof Protocol 2.0? We don't see this among the supported attachment formats (indy, dif) for this protocol. We are aware of https://docs.google.com/document/d/1ntLZGMah8iJ_TWQdbrNNW9OVwPbIWkkCMiid7Be1PrA/edit#, but currently it is not clear to us whether this is possible or it's part of ACA-Py roadmap. Any reference will be highly appreciated.

GuilhermeFunchal (Wed, 22 Sep 2021 14:31:42 GMT):

I believe the command to get the W3C type credentials should be a Get. Why are they on Swagger with a Post??

POST
/credentials/w3c

GuilhermeFunchal (Wed, 22 Sep 2021 14:31:42 GMT):

I believe the command to get the W3C type credentials should be a Get. Why are they on Swagger with a Post??

POST
/credentials/w3c 

To work : 

curl -X POST "http://IP_ADDRESS:8021/credentials/w3c" -H "accept: application/json" -H "Authorization: Bearer token" -H "Content-Type: application/json" -d "{ }"

phearaeun (Wed, 22 Sep 2021 15:25:03 GMT):

`Handler error with exception: Unprocessable Entity` in presenting proof (v1). Is there any way to know which field is exactly the issue?

ianco (Wed, 22 Sep 2021 16:10:26 GMT):

Yes this works with the present proof protocol.  It's implemented in the alice/faber demo (run with `--cred-type json-ld`)

GuilhermeFunchal (Wed, 22 Sep 2021 16:31:22 GMT):

How can I get credential_id from json-ld credential ? 

For example, I get the credential received :

GuilhermeFunchal (Wed, 22 Sep 2021 16:31:22 GMT):

How can I get credential_id from json-ld credential ? 

For example, I get the credential received


GuilhermeFunchal (Wed, 22 Sep 2021 16:31:22 GMT):

How can I get credential_id from json-ld credential ? 

For example, I get the credential received, but I can see.

GuilhermeFunchal (Wed, 22 Sep 2021 16:47:34 GMT):

the credential_id is record_id  to get and delete credential...

TimoGlastra (Wed, 22 Sep 2021 17:29:31 GMT):

GET requests doesn't allow for a body and the parameters to filter the credentials are too complex to put in query parameters

TimoGlastra (Wed, 22 Sep 2021 17:29:46 GMT):

AFAIK that's the reason for POST over GET

agrawalaman (Thu, 23 Sep 2021 09:18:54 GMT):

Okay, thank you

versus (Thu, 23 Sep 2021 12:27:36 GMT):

thank you, will take a look :-)

kthomas (Thu, 23 Sep 2021 15:51:49 GMT):

Does anybody know of a mobile app that works with the demo? Trinsic doesn't work - it doesn't scan the QR code for connection

ianco (Thu, 23 Sep 2021 15:59:07 GMT):

Which demo are you running?

ianco (Thu, 23 Sep 2021 15:59:32 GMT):

Trinsic should work. AFAIK, also esatus

kthomas (Thu, 23 Sep 2021 15:59:34 GMT):

The one on HL - Aries

kthomas (Thu, 23 Sep 2021 15:59:59 GMT):

Faber-Alice-Acme

ianco (Thu, 23 Sep 2021 16:00:28 GMT):

https://github.com/hyperledger/aries-cloudagent-python/blob/main/demo/AliceGetsAPhone.md

kthomas (Thu, 23 Sep 2021 16:01:05 GMT):

Thats right

kthomas (Thu, 23 Sep 2021 16:02:08 GMT):

The Trinsic mobile app wouldn't recognise the QR code generated by the Aries agent

ianco (Thu, 23 Sep 2021 16:03:13 GMT):

Try it with esatus, as far as I know both should work.  Otherwise please provide a bit more detail about what you are doing (e.g. ngrok vs play with docker, provide some log files etc)

kthomas (Thu, 23 Sep 2021 16:06:45 GMT):

Thanks, I will re-run the demo. As described on the demo, I exposed the endpoint using nrok and tried connecting with Trinsic. I will try with esatus

ianco (Thu, 23 Sep 2021 16:19:00 GMT):

You can also paste the invitation contents here (json) and there may be some clue there

kthomas (Thu, 23 Sep 2021 16:20:36 GMT):

Ianco, I can connect two cloud agents ... it seems to work. I tried to copy the invitation into a QR code generator and even that doesn't work.

ianco (Thu, 23 Sep 2021 16:20:56 GMT):

What does the json look like?

kthomas (Thu, 23 Sep 2021 16:27:55 GMT):

Here is a sample invite `{"@type": "did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/connections/1.0/invitation", "@id": "4a3939f5-21f3-47d9-a45f-a51aca5f607e", "recipientKeys": ["8FhZ5wWRPrDCB5rcKwAfFauhgJtH9LYCH4T9RQ7CKLxS"], "serviceEndpoint": "http://192.168.65.3:8020", "label": "faber.agent"}`

ianco (Thu, 23 Sep 2021 16:33:02 GMT):

The endpoint doesn't look correct:  `http://192.168.65.3:8020`

ianco (Thu, 23 Sep 2021 16:33:40 GMT):

If you're using ngrok, then the endpoint should look something like `https://abc123.ngrok.io`

ianco (Thu, 23 Sep 2021 16:35:09 GMT):

I'm guessing that `192.168.65.3` is the internal IP for your docker network, so the mobile apps won't recognize that

ianco (Thu, 23 Sep 2021 16:36:36 GMT):

For example if I open up a shell and run:  `ngrok http 8020`

ianco (Thu, 23 Sep 2021 16:36:58 GMT):

... and then run faber:  `./run_demo faber`

ianco (Thu, 23 Sep 2021 16:36:58 GMT):

... and then in another shell run faber:  `./run_demo faber`

ianco (Thu, 23 Sep 2021 16:37:12 GMT):

... then my invitation looks like this:  `{"@type": "https://didcomm.org/connections/1.0/invitation", "@id": "d8aaa363-ff4c-47ee-b903-a04f7ad3ffa0", "recipientKeys": ["ARRsPXJ7NdVNMw2bijPUfFiexWjDNzZgpbqzJKYmEzrx"], "serviceEndpoint": "http://9cb4-70-66-161-1.ngrok.io", "label": "faber.agent"}`

kthomas (Thu, 23 Sep 2021 16:54:59 GMT):

Sorry, here is the one with ngrok: `{"@type": "did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/connections/1.0/invitation", "@id": "0f230aff-d785-4930-9d19-9059a7768782", "recipientKeys": ["G9agJzgqDaUz73sbk5JeUxdY4T8Dr13tJL9Hv47EJGqu"], "serviceEndpoint": "https://501d-84-65-227-144.ngrok.io", "label": "faber.agent"}`

kthomas (Thu, 23 Sep 2021 16:56:04 GMT):

Are you able to use Trinsic app though?

ianco (Thu, 23 Sep 2021 17:00:26 GMT):

Hmmm the trinsic wallet seems to "hang" after scannign the QR code

ianco (Thu, 23 Sep 2021 17:00:34 GMT):

esatus wallet is working though

ianco (Thu, 23 Sep 2021 17:01:01 GMT):

Prob something to report to the trinsic folks

kthomas (Thu, 23 Sep 2021 17:01:16 GMT):

Thank you so much. Let me try with esatus wallet

kthomas (Thu, 23 Sep 2021 17:01:33 GMT):

really appreciate your help

ianco (Thu, 23 Sep 2021 17:01:41 GMT):

np

ianco (Thu, 23 Sep 2021 17:02:00 GMT):

I would expect the endpoint to use the `https:` version of the ngrok endpoint, so that may be an issue

kthomas (Thu, 23 Sep 2021 18:14:33 GMT):

Ianco, can you tell me which mobile platform are you using. Esatus wallet after putting in the pin just keeps circling... I tried to install the app on both S8 and S20

ianco (Thu, 23 Sep 2021 18:15:06 GMT):

I'm on an iPhone

GuilhermeFunchal (Fri, 24 Sep 2021 01:01:38 GMT):

Thanks

da3v21 (Mon, 27 Sep 2021 06:23:52 GMT):

hello everyone!, should we include a **decline** message in agents, whenever a proof request is declined, issue credential is denied the other party should be aware of it . The decline message can contain the reason for declining the request

da3v21 (Mon, 27 Sep 2021 12:49:02 GMT):

hello, I am using aca-deliver to send outbound messages, when I try to connect with an another acapy agent I am receiving this error .The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/home/indy/aries_cloudagent/core/dispatcher.py", line 198, in handle_message
    await handler(context, responder)
  File "/home/indy/aries_cloudagent/protocols/connections/v1_0/handlers/connection_request_handler.py", line 43, in handle
    mediation_id=mediation_metadata.get("id"),
  File "/home/indy/aries_cloudagent/protocols/connections/v1_0/manager.py", line 491, in receive_request
    their_role=ConnRecord.Role.REQUESTER.rfc160,
  File "/home/indy/aries_cloudagent/connections/models/conn_record.py", line 323, in retrieve_by_invitation_key
    return await cls.retrieve_by_tag_filter(session, tag_filter, post_filter)
  File "/home/indy/aries_cloudagent/messaging/models/base_record.py", line 253, in retrieve_by_tag_filter
    options={"retrieveTags": False},
  File "/home/indy/aries_cloudagent/storage/indy.py", line 181, in find_all_records
    buf = await search.fetch()
  File "/home/indy/aries_cloudagent/storage/indy.py", line 268, in fetch
    await self._open()
  File "/home/indy/aries_cloudagent/storage/indy.py", line 315, in _open
    raise StorageSearchError(str(x_indy)) from x_indy
aries_cloudagent.storage.error.StorageSearchError
2021-09-27 12:46:25,517 aries_cloudagent.core.conductor ERROR DON'T shutdown on StorageSearchError 
2021-09-27 12:46:25,519 aries_cloudagent.core.dispatcher ERROR Handler error: Dispatcher.handle_message
Traceback (most recent call last):
  File "/home/indy/aries_cloudagent/storage/indy.py", line 312, in _open
    self.store.wallet.handle, self.type_filter, query_json, options_json
  File "/home/indy/.pyenv/versions/3.6.13/lib/python3.6/site-packages/indy/non_secrets.py", line 376, in open_wallet_search
    open_wallet_search.cb)
indy.error.WalletQueryError

da3v21 (Mon, 27 Sep 2021 12:49:02 GMT):

hello, I am using *aca-deliver* https://github.com/andrewwhitehead/aca-deliver  to send outbound messages, when I try to connect with an another acapy agent I am receiving this error . The agent with aca-deliver sends a request after receiving invitation.  Then I receive this error on the other agent.                                                                                                                                             
 `The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/home/indy/aries_cloudagent/core/dispatcher.py", line 198, in handle_message
    await handler(context, responder)
  File "/home/indy/aries_cloudagent/protocols/connections/v1_0/handlers/connection_request_handler.py", line 43, in handle
    mediation_id=mediation_metadata.get("id"),
  File "/home/indy/aries_cloudagent/protocols/connections/v1_0/manager.py", line 491, in receive_request
    their_role=ConnRecord.Role.REQUESTER.rfc160,
  File "/home/indy/aries_cloudagent/connections/models/conn_record.py", line 323, in retrieve_by_invitation_key
    return await cls.retrieve_by_tag_filter(session, tag_filter, post_filter)
  File "/home/indy/aries_cloudagent/messaging/models/base_record.py", line 253, in retrieve_by_tag_filter
    options={"retrieveTags": False},
  File "/home/indy/aries_cloudagent/storage/indy.py", line 181, in find_all_records
    buf = await search.fetch()
  File "/home/indy/aries_cloudagent/storage/indy.py", line 268, in fetch
    await self._open()
  File "/home/indy/aries_cloudagent/storage/indy.py", line 315, in _open
    raise StorageSearchError(str(x_indy)) from x_indy
aries_cloudagent.storage.error.StorageSearchError
2021-09-27 12:46:25,517 aries_cloudagent.core.conductor ERROR DON'T shutdown on StorageSearchError 
2021-09-27 12:46:25,519 aries_cloudagent.core.dispatcher ERROR Handler error: Dispatcher.handle_message
Traceback (most recent call last):
  File "/home/indy/aries_cloudagent/storage/indy.py", line 312, in _open
    self.store.wallet.handle, self.type_filter, query_json, options_json
  File "/home/indy/.pyenv/versions/3.6.13/lib/python3.6/site-packages/indy/non_secrets.py", line 376, in open_wallet_search
    open_wallet_search.cb)
indy.error.WalletQueryError`

da3v21 (Mon, 27 Sep 2021 12:49:02 GMT):

hello, I am using *aca-deliver* https://github.com/andrewwhitehead/aca-deliver  to send outbound messages, when I try to connect with an another acapy agent I am receiving this error . The agent with aca-deliver sends a request after receiving invitation.  Then I receive this error on the other agent.                                                                                                                                                                                                                                                                                
`The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/home/indy/aries_cloudagent/core/dispatcher.py", line 198, in handle_message
    await handler(context, responder)
  File "/home/indy/aries_cloudagent/protocols/connections/v1_0/handlers/connection_request_handler.py", line 43, in handle
    mediation_id=mediation_metadata.get("id"),
  File "/home/indy/aries_cloudagent/protocols/connections/v1_0/manager.py", line 491, in receive_request
    their_role=ConnRecord.Role.REQUESTER.rfc160,
  File "/home/indy/aries_cloudagent/connections/models/conn_record.py", line 323, in retrieve_by_invitation_key
    return await cls.retrieve_by_tag_filter(session, tag_filter, post_filter)
  File "/home/indy/aries_cloudagent/messaging/models/base_record.py", line 253, in retrieve_by_tag_filter
    options={"retrieveTags": False},
  File "/home/indy/aries_cloudagent/storage/indy.py", line 181, in find_all_records
    buf = await search.fetch()
  File "/home/indy/aries_cloudagent/storage/indy.py", line 268, in fetch
    await self._open()
  File "/home/indy/aries_cloudagent/storage/indy.py", line 315, in _open
    raise StorageSearchError(str(x_indy)) from x_indy
aries_cloudagent.storage.error.StorageSearchError
2021-09-27 12:46:25,517 aries_cloudagent.core.conductor ERROR DON'T shutdown on StorageSearchError 
2021-09-27 12:46:25,519 aries_cloudagent.core.dispatcher ERROR Handler error: Dispatcher.handle_message
Traceback (most recent call last):
  File "/home/indy/aries_cloudagent/storage/indy.py", line 312, in _open
    self.store.wallet.handle, self.type_filter, query_json, options_json
  File "/home/indy/.pyenv/versions/3.6.13/lib/python3.6/site-packages/indy/non_secrets.py", line 376, in open_wallet_search
    open_wallet_search.cb)
indy.error.WalletQueryError`

weiiv (Mon, 27 Sep 2021 15:04:22 GMT):

Has joined the channel.

Yunxi 3 (Mon, 27 Sep 2021 15:06:11 GMT):

Hello @swcurran , are there any plans for ACA-Py's wallet to move to aries-askar in the next couple of months? In other words, how mature is aries-askar compared to indy-sdk in terms of wallet capability?

swcurran (Mon, 27 Sep 2021 17:01:54 GMT):

askar is supported in the latest release -- 0.7.1.  I believe the parameter is "--wallet-type askar" and make sure you include the required dependencies.

swcurran (Mon, 27 Sep 2021 17:03:02 GMT):

askar and related tools (indy-vdr and indy-shared-rs) are being run regularly, but I don't know who are how much they are being used in production/volume use cases.

swcurran (Mon, 27 Sep 2021 17:03:29 GMT):

They seem to be in use, and all of our testing with them has been positive.

weiiv (Tue, 28 Sep 2021 02:31:30 GMT):

Hello community, Ontario has a special requirement of using single DID for all issuers (ministries). We know ACA-Py does have Multitenancy mode, but that requires each issuer to maintain its own wallet and DID. Single DID for the entire province will dramatically increase the usability for end users, as they don’t need to maintain multiple connections to each issuer. Once the connection is established, user can then store all kinds of credentials issued from different ministries but under single Ontario connection. We were wondering if ACA-Py currently supports such scenario, or if the community is interested in supporting it in the near future, we can help on a PR. Our timeline to make this available is November. Thanks.

da3v21 (Tue, 28 Sep 2021 09:37:45 GMT):

@andrew.whitehead can you help me with this?

andrew.whitehead (Tue, 28 Sep 2021 15:13:24 GMT):

I haven't tested that in a while, what version of aca-py are you testing with>?

andrew.whitehead (Tue, 28 Sep 2021 15:13:24 GMT):

I haven't tested that in a while, what version of aca-py are you testing with?

Yunxi 3 (Tue, 28 Sep 2021 15:51:19 GMT):

Thanks for the response @swcurran , do you know if askar/acapy provisions any detailed docs for how db schema is defined in askar?

Yunxi 3 (Tue, 28 Sep 2021 15:51:19 GMT):

Thanks for the response @swcurran , do you know if askar/acapy provisions any detailed docs for how db schema is defined in askar? the current readme in askar doesn't show too much design info

da3v21 (Tue, 28 Sep 2021 16:36:14 GMT):

I was testing it using 0.7.0

vsadriano (Wed, 29 Sep 2021 10:30:21 GMT):

Has left the channel.

mattatkiva (Wed, 29 Sep 2021 15:49:16 GMT):

I was trying some volume testing with acapy and I noticed these errors when I got above 30 simultaneous requests:
```
multitenant                      | 2021-09-29 14:25:19,981 indy.libindy WARNING _indy_loop_callback: Function returned error
multitenant                      | 2021-09-29 14:25:19,984 aries_cloudagent.indy.sdk.wallet_setup INFO Creating master secret...
multitenant                      | 2021-09-29 14:25:19,993 indy.libindy.native.r2d2 ERROR 	/home/indy/.cargo/registry/src/github.com-1ecc6299db9ec823/r2d2-0.8.7/src/lib.rs:121 | database error: FATAL: sorry, too many clients already
multitenant                      | 2021-09-29 14:25:20,396 indy.libindy.native.r2d2 ERROR 	/home/indy/.cargo/registry/src/github.com-1ecc6299db9ec823/r2d2-0.8.7/src/lib.rs:121 | database error: FATAL: sorry, too many clients already
multitenant                      | 2021-09-29 14:25:21,200 indy.libindy.native.r2d2 ERROR 	/home/indy/.cargo/registry/src/github.com-1ecc6299db9ec823/r2d2-0.8.7/src/lib.rs:121 | database error: FATAL: sorry, too many clients already
multitenant                      | 2021-09-29 14:25:22,804 indy.libindy.native.r2d2 ERROR 	/home/indy/.cargo/registry/src/github.com-1ecc6299db9ec823/r2d2-0.8.7/src/lib.rs:121 | database error: FATAL: sorry, too many clients already
multitenant                      | 2021-09-29 14:25:26,006 indy.libindy.native.r2d2 ERROR 	/home/indy/.cargo/registry/src/github.com-1ecc6299db9ec823/r2d2-0.8.7/src/lib.rs:121 | database error: FATAL: sorry, too many clients already
```

Is this an error I should be concerned with?

swcurran (Wed, 29 Sep 2021 16:03:19 GMT):

@TimoGlastra @andrew.whitehead ^^^

andrew.whitehead (Wed, 29 Sep 2021 16:12:04 GMT):

I think it means that the number of connections the pool is allowed to open exceeds the maximum number the database is allowing

swcurran (Wed, 29 Sep 2021 16:13:43 GMT):

What can be done about that?

andrew.whitehead (Wed, 29 Sep 2021 16:20:22 GMT):

A max_connections setting is supported by the postgres storage backend but I don't see a way to configure it in aca-py, @ianco ?

mattatkiva (Wed, 29 Sep 2021 16:27:53 GMT):

thnx.   

since I opened the topic, are there any known limits with acapy (like the # active requests) we should be considering?

ianco (Wed, 29 Sep 2021 16:37:13 GMT):

You can pass the extra postgres parameters in the storage config, see for example: https://github.com/bcgov/aries-vcr/blob/master/docker/docker-compose.yml#L152

ianco (Wed, 29 Sep 2021 16:38:37 GMT):

This is the max connections that Indy will use on a per-request basis (it uses a connection pool for reasons), you also need to configure your postgres server to allow some max based on the number of concurrent requests you are expecting

mattatkiva (Wed, 29 Sep 2021 16:52:20 GMT):

yes I understand that issue.  Thank you for the help.

mattatkiva (Wed, 29 Sep 2021 19:12:32 GMT):

does acapy have retry logic when db connections fail?

andrew.whitehead (Wed, 29 Sep 2021 19:19:16 GMT):

No, it doesn't

mattatkiva (Wed, 29 Sep 2021 19:30:08 GMT):

it looks like that acapy is still returning connection info even when the database errors.  I made 50 calls, I see the database connection errors, yet I have the connection invite information returned,

mattatkiva (Wed, 29 Sep 2021 19:30:08 GMT):

it looks like that acapy is still returning connection info even when the database errors.  I made 50 calls, I see the database connection errors, yet I have the connection invite information returned for each of the 50 calls

RounakGhosh (Thu, 30 Sep 2021 07:40:40 GMT):

Hello, Can anyone please provide some help,??, I am currently trying to revoke a credential and executed the API {AGENT_URL}/revocation/revoke but the API is not revoking the credential, and the state is remaining as issued.

I had provided the correct revocation_reg_id and Cred_rev_id.

It would be really helpful if someone would be able to provide some help. Been stuck in this issue for the last couple of days. Thanks!!.

jcourt (Thu, 30 Sep 2021 23:23:34 GMT):

So some basic questions first, have  you set up a tails-file server and created the credential definition as being a revocable one ?  
POST /credential-definitions setting up both the revocation_registry_size and support_revocation ?
Was this successful and you saw the tails file created and the Ledger updated with a REVOC_REG_DEF ?

Until all that is proven to have worked you can't issue a revocable credential and subsequently revoke it.

jcourt (Thu, 30 Sep 2021 23:25:35 GMT):

I am assuming the answers to the questions above are yes since you talk about a revocation_reg_id and cred_rev_id

jcourt (Thu, 30 Sep 2021 23:27:55 GMT):

So I have always revoked credentials using the cred_ex_id rather than the alternate of specifying the revocation_reg_id and cred_rev_id.  I do know that you can't specify all the parameters at once in that specifying the cred_ex_id and revocation_reg_id at the same time fails for me

jcourt (Thu, 30 Sep 2021 23:30:56 GMT):

Also do you get any error on your "revoke" call ? If it is successful have you checked that the accumulator on the Ledger changed since that's the only way to tell indicate a credential was revoked.

jcourt (Thu, 30 Sep 2021 23:30:56 GMT):

Also do you get any error on your "revoke" call ? If it is successful have you checked that the accumulator on the Ledger changed since that's the only way to indicate a credential was revoked.

jcourt (Thu, 30 Sep 2021 23:33:55 GMT):

Ohh wait one other thing is are you telling it to publish to the register on the revoke ?   That is the `publish` field on the revoke call.  If you DON'T do this the credential isn't really revoked until you later push the update to the ledger.

jcourt (Thu, 30 Sep 2021 23:47:41 GMT):

Ok one last point, you say the state says "issued".  Even if you do all the above steps correctly, the credential state itself remains `issued`.  To tell if a credential has been revoked you have to actually call the `GET /revocation/credential-record` to determine its state.  The credential is only held by the HOLDER so I suspect this method is doing a proof attempt and returning the status but haven't looked into it.   
Sorry for the firehose responses but you didn't give me much to go on :-)

jcourt (Thu, 30 Sep 2021 23:47:41 GMT):

Ok one last point, you say the state says "issued".  Even if you do all the above steps correctly, the credential state itself remains `issued`.  To tell if a credential has been revoked you have to actually call the `GET /revocation/credential-record` to determine its state.  The credential is only held by the HOLDER so I suspect this method is either doing a proof attempt or checking an internal list and returning the status but haven't looked into it.   
Sorry for the firehose responses but you didn't give me much to go on :-)

jcourt (Thu, 30 Sep 2021 23:47:41 GMT):

Ok one last point, you say the state says "issued".  Even if you do all the above steps correctly, the credential state itself remains `issued`.  
To tell if a credential has been revoked on the `ISSUER` you have to actually call the `GET /revocation/credential-record` to determine its state.  

On the `HOLDER` you can call `GET /credential/revoked/{credential_id}`

The credential is only held by the HOLDER so I suspect these methods are either doing a proof attempt or checking an internal list and returning the status but haven't looked into it.   
Sorry for the firehose responses but you didn't give me much to go on :-)

jcourt (Thu, 30 Sep 2021 23:47:41 GMT):

Ok one last point, you say the state says "issued".  Even if you do all the above steps correctly, the credential state itself remains `issued`.  

To tell if a credential has been revoked on the `ISSUER` you have to actually call the `GET /revocation/credential-record` to determine its state.  

On the `HOLDER` you can call `GET /credential/revoked/{credential_id}`

The credential is only held by the HOLDER so I suspect these methods are either doing a proof attempt or checking an internal list and returning the status but haven't looked into it.   
Sorry for the firehose responses but you didn't give me much to go on :-)

RounakGhosh (Fri, 01 Oct 2021 07:48:25 GMT):

@jcourt , I had set up tail server and had created credential_def_id with field support revocation=true, 

Now, previously when i was manually making a POST request on to the  swagger API , it would revoke the credential and the state would change to revoked

Now, when I am executing the same process, the credential is not getting revoked and the state is remaining as issued.

RounakGhosh (Fri, 01 Oct 2021 07:50:47 GMT):

I am not getting any error, upon executing the API /revocation/revoke.

RounakGhosh (Fri, 01 Oct 2021 07:52:07 GMT):

[ ](https://chat.hyperledger.org/channel/aries-cloudagent-python?msg=cCHR6yygkN8R9wDzh) Yes, from the issuer, I had tried executing revocation/credential-record API, and got the status as issued.

dmckay (Fri, 01 Oct 2021 14:20:54 GMT):

Has joined the channel.

dmckay (Fri, 01 Oct 2021 14:28:30 GMT):

I see this same pattern with large organizations.  They will want a single connection with holders, but be able to issue and verify from multiple internal stakeholders.  For example a large company may have multiple divisions.  Currently the multi-tenancy is for multiple orgs using one copy of ACA-py but with multiple wallets and matching controllers.  This pattern requires one copy of ACA-py with a single wallet, but multiple controllers.

jcourt (Fri, 01 Oct 2021 21:17:05 GMT):

You didn't indicate if you were explicitly publishing the revocation either on the revoke operation with the boolean flag (i.e. it defaults to false), or via a seperate call later on ?  If you are doing all that, then I got nothing.

phearaeun (Sat, 02 Oct 2021 06:47:19 GMT):

Hello all, please help check this error message.
```
Cannot queue message for delivery, no supported transport
  {"msg_id": "bf859ac5-3c21-470a-9e8c-6c32210a51e9", "thread_id": "bf859ac5-3c21-470a-9e8c-6c32210a51e9", "traced_type": "did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/issue-credential/1.0/offer-credential", "timestamp": 1633157143.244531, "str_time": "2021-10-02 06:45:43.244531", "handler": "Demo", "ellapsed_milli": 406, "outcome": "credential_exchange_send_free_offer.END"}
127.0.0.1 [02/Oct/2021:06:45:42 +0000] "POST /issue-credential/send-offer HTTP/1.0" 200 14306 "-" "python-httpx/0.19.0"
```

analia_meira (Mon, 04 Oct 2021 18:37:05 GMT):

Has joined the channel.

analia_meira (Mon, 04 Oct 2021 18:37:06 GMT):

Hi @all. I'm new here. Can anyone please provide some help?

When sending a connection invitation (POST /connections/create-invitation) and clicking on TRY IT OUT, aca-py suggests passing a "metadata" (a JSON).
I entered a metadata, examplo: 
{"metadata": {"nome":"analia"}}
I would like it to be seen when receiving the connection invitation, but when the other user receives the invitation, the metadata does not appear.
I noticed there is a GET endpoint /connections/{conn_id}/metadata, I entered the connection id but it returns empty {}

analia_meira (Mon, 04 Oct 2021 18:37:06 GMT):

Hi @all. I'm new here. Can anyone please provide some help?

When sending a connection invitation (POST /connections/create-invitation) and clicking on TRY IT OUT, aca-py suggests passing a "metadata" (a JSON).
I entered a metadata, examplo: 
{"metadata": {"nome":"analia"}}
I would like it to be seen when receiving the connection invitation, but when the other user receives the invitation, the metadata does not appear.
I noticed there is a endpoint GET /connections/{conn_id}/metadata, I entered the connection id but it returns empty {}

swcurran (Mon, 04 Oct 2021 22:06:05 GMT):

Join us for the ACA-Py User Group THIS TUESDAY (Oct. 5) at 8AM Pacific (18:00 UTC) (NEW TIME!!!). We'll have the core maintainers on the call to answer any questions -- other topics are below.

Zoom link: https://us02web.zoom.us/j/83049816627?pwd=MzF1UFdQV1FtZ1Jia3J1NVpYTDYvdz09

Link to meeting agenda page: https://wiki.hyperledger.org/display/ARIES/2021-09-15+Aries+Cloud+Agent+-+Python+Users+Group+Community+Meeting

Everyone is welcome!

*Planned Topics:*

- Development Updates / PRs
- Endorser Protocol Updates – making it easy for Controller Writers
- AMA (as time permits)

swcurran (Mon, 04 Oct 2021 22:06:05 GMT):

Join us for the ACA-Py User Group THIS TUESDAY (Oct. 5) at 8AM Pacific (18:00 UTC) (NEW TIME!!!). We'll have the core maintainers on the call to answer any questions -- other topics are below.

Zoom link: https://zoom.us/my/hyperledger.community.backup?pwd=dkJKdHRlc3dNZEdKR1JYdW40R2pDUT09

Link to meeting agenda page: https://wiki.hyperledger.org/display/ARIES/2021-09-15+Aries+Cloud+Agent+-+Python+Users+Group+Community+Meeting

Everyone is welcome!

*Planned Topics:*

- Development Updates / PRs
- Endorser Protocol Updates – making it easy for Controller Writers
- AMA (as time permits)

swcurran (Mon, 04 Oct 2021 22:11:45 GMT):

Join us for the ACA-Py User Group THIS TUESDAY (Oct. 5) at 8AM Pacific (18:00 UTC) (NEW TIME!!!). We'll have the core maintainers on the call to answer any questions -- other topics are below.

Zoom link: https://zoom.us/j/6223336701?pwd=dkJKdHRlc3dNZEdKR1JYdW40R2pDUT09

Link to meeting agenda page: https://wiki.hyperledger.org/display/ARIES/2021-09-15+Aries+Cloud+Agent+-+Python+Users+Group+Community+Meeting

Everyone is welcome!

*Planned Topics:*

- Development Updates / PRs
- Endorser Protocol Updates – making it easy for Controller Writers
- AMA (as time permits)

RounakGhosh (Tue, 05 Oct 2021 07:43:39 GMT):

@jcourt , I had published the revocation, with the revoke operation with the boolean flag. 

{"cred_rev_id": _____,
 "publish":true,
 "rev_reg_id": _____
}

The Json Structure goes something like this. Thanks!!.

dbluhm (Tue, 05 Oct 2021 19:29:00 GMT):

@swcurran as a result of recent fee changes on Sovrin StagingNet, we're working to move to BuilderNet but are getting the following errors on startup:

```
agent_1   | aries_cloudagent.ledger.error.LedgerConfigError: Exception when opening pool ledger default: Error: Invalid library state
agent_1   |   Caused by: MerkleTree contains invalid item
agent_1   |   Caused by: error while decoding value
```

Any insights?

dbluhm (Tue, 05 Oct 2021 19:29:00 GMT):

@swcurran as a result of recent fee changes on Sovrin StagingNet, we're working to move to BuilderNet but are getting the following errors on startup in ACA-Py:

```
agent_1   | aries_cloudagent.ledger.error.LedgerConfigError: Exception when opening pool ledger default: Error: Invalid library state
agent_1   |   Caused by: MerkleTree contains invalid item
agent_1   |   Caused by: error while decoding value
```

Any insights?

dbluhm (Tue, 05 Oct 2021 19:29:00 GMT):

@swcurran as a result of recent fee changes on Sovrin StagingNet, we're working to move to BuilderNet but are getting the following errors on startup in ACA-Py:

```
agent_1   | aries_cloudagent.ledger.error.LedgerConfigError: Exception when opening pool ledger default: Error: Invalid library state
agent_1   |   Caused by: MerkleTree contains invalid item
agent_1   |   Caused by: error while decoding value
```

Any insights?

Update: we were using the wrong URL for the BuilderNet genesis file. This is the correct one for anyone that happens to run into the same issue: https://raw.githubusercontent.com/sovrin-foundation/sovrin/master/sovrin/pool_transactions_builder_genesis

swcurran (Tue, 05 Oct 2021 19:38:03 GMT):

No -- that's a new one.  Can you confirm the genesis file, so we're sure we're trying with the same one?

@ianco -- you can try your Endorser changes by trying this :-). Get a BuilderNet endorser for Faber and then run Alice / Faber.  Perhaps through some instructions out on that.

dbluhm (Tue, 05 Oct 2021 19:38:56 GMT):

Thanks for the quick response, just discovered that this is (of course) a mistake on our part lol -- we used the URL to the domain rather than pool transaction

dbluhm (Tue, 05 Oct 2021 19:39:18 GMT):

Using this URL resolved the above issue
https://raw.githubusercontent.com/sovrin-foundation/sovrin/master/sovrin/pool_transactions_builder_genesis

swcurran (Tue, 05 Oct 2021 19:39:19 GMT):

:-)

eugenluft (Thu, 07 Oct 2021 12:25:35 GMT):

Has joined the channel.

jcourt (Thu, 07 Oct 2021 23:50:09 GMT):

I am having a little trouble trying to work out how to get to the Schema definition starting from the Credential Definition.  I know the credential Id includes the Ledger schema transaction number but there is no API I can see to get the Schema Definition using the ledger transaction sequence number ?

jcourt (Thu, 07 Oct 2021 23:53:43 GMT):

Ahh wait  i am miss-interpreting what can be passed to the GET /schemas/{schema_id} .... I have always passed a full schemaId string .... to also accepts just the sequence number too !

jcourt (Thu, 07 Oct 2021 23:53:43 GMT):

Ahh wait  i am miss-interpreting what can be passed to the GET /schemas/{schema_id} .... I have always passed a full schemaId string .... it also accepts just the sequence number too !

swcurran (Fri, 08 Oct 2021 15:09:43 GMT):

FYI: Aries Cloud Agent Python Release 0.7.2 RC0 has been tagged and is available on PyPi and Docker Hub. This is a pre-release for testing before the official release. We think it is complete and ready, and don't anticipate many changes. BC Gov will be testing the release with our apps.

Note that as with the 0.7.1 release, this release includes support for Aries Askar Secure Storage in the Docker Hub Image -- see: https://hub.docker.com/r/bcgovimages/aries-cloudagent/tags

Let us know if you note anything, and if there is anything pending that you would like to see in the final Release 0.7.2.

Thanks!

guilhermejd3p (Fri, 08 Oct 2021 17:22:58 GMT):

Has joined the channel.

jcourt (Mon, 11 Oct 2021 00:31:17 GMT):

I am playing around with proof presentation after revocation and noticing that with V1.0 (RFC 0037) of proof presentation the `prover` always ends with receiving an ACK with a status of `OK`.  On the verifier side I can see that the presentation failed and has a `state: verified` but `verified: false`.  Is it intended in V1.0 that the `prover` can't tell a proof failed via the protocol ?  Looking at V2.0 (RFC 0454) it seems that it is much more explicit that a failed presentation is indicated in the ACK message so I expect the `prover` will get notified of a failure if I change to using that API in ACA-py.   Just after a comment on if this is `as expected` from the implementers.  Thanks

da3v21 (Mon, 11 Oct 2021 03:36:57 GMT):

Hi everyone! sometimes the mobile agent is not able to connect with acapy, when I check the logs. It shows *PingResponse* received from *none*. The sended_did in message receipt is set to none sometimes. Any reasons for this?

da3v21 (Mon, 11 Oct 2021 03:36:57 GMT):

Hi everyone! sometimes the dotnet mobile agent is not able to connect with acapy, when I check the logs. It shows *PingResponse* received from *none*. The sended_did in message receipt is set to none sometimes. Any reasons for this?

da3v21 (Mon, 11 Oct 2021 03:36:57 GMT):

Hi everyone! sometimes acapy is not able to connect with a dotnet agent, when I check the logs in acapy. It shows *PingResponse* receiver from *none*. The sended_did in message receipt is set to none sometimes. Any reasons for this?

Yunxi 3 (Mon, 11 Oct 2021 08:22:52 GMT):

Hello all, if i want to use ACA-Py to connect to the Soverin BuidlerNet, do I have to set the option --tails-server-base-url?

TimoGlastra (Mon, 11 Oct 2021 11:54:45 GMT):

Hi @Yunxi 3 AFAIK, You only have to set this property if you intend to issue *revocable* credentials

phearaeun (Mon, 11 Oct 2021 15:24:18 GMT):

Recently, aries-bifold released a support on Aca-py mediator. I could connect to aca-py mediator successfully. Also, the bifold can connect to other agents. However, once I am trying to issue credential from the issuer, the error appears as `Cannot queue message for delivery, no supported transport`.  Any comments please?

TimoGlastra (Mon, 11 Oct 2021 16:23:55 GMT):

Hi @phearaeun are you getting this error on ACA-Py or in the Bifold wallet?

phearaeun (Mon, 11 Oct 2021 16:41:44 GMT):

I am getting this error on Aca-py side.

TimoGlastra (Mon, 11 Oct 2021 17:27:28 GMT):

Have you enabled the enable-undelivered-queue?

TimoGlastra (Mon, 11 Oct 2021 17:27:28 GMT):

Have you enabled the `enable-undelivered-queue` startup parameter?

phearaeun (Tue, 12 Oct 2021 02:25:53 GMT):

No, I haven't enabled that. Is that the case?

phearaeun (Tue, 12 Oct 2021 02:28:04 GMT):

Do I also need to enable outbound-queue?

TimoGlastra (Tue, 12 Oct 2021 05:50:28 GMT):

Yes to use ACA-Py as a mediator you need the inbound queue enabled

TimoGlastra (Tue, 12 Oct 2021 05:50:28 GMT):

Yes to use ACA-Py as a mediator you need the undelivered queue enabled

TimoGlastra (Tue, 12 Oct 2021 05:50:56 GMT):

Outbound queue is not necessary 

phearaeun (Tue, 12 Oct 2021 07:18:21 GMT):

OK. Thank you very much. Let me try with that option.

phearaeun (Tue, 12 Oct 2021 14:33:06 GMT):

Hi @TimoGlastra, I already enabled `--enable-undelivered-queue` on the Mediator but I still get the same error.

phearaeun (Tue, 12 Oct 2021 15:31:04 GMT):

After enabled, I received another message on startup in debug mode
```
No outbound queue loaded
Subscribed: topic re.compile('^acapy::webhook::(.*)$'), processor >
Subscribed: topic re.compile('^acapy::record::([^:]*)(?:::.*)?$'), processor >
Subscribed: topic re.compile('acapy::basicmessage::received'), processor . at 0x7fd7441e4700>
Subscribed: topic re.compile('acapy::problem_report'), processor . at 0x7fd7441e4790>
Subscribed: topic re.compile('acapy::ping::received'), processor . at 0x7fd7441e4430>
Subscribed: topic re.compile('acapy::ping::response_received'), processor . at 0x7fd7441e4550>
Subscribed: topic re.compile('acapy::actionmenu::received'), processor . at 0x7fd7441e4820>
Subscribed: topic re.compile('acapy::actionmenu::get\\-active\\-menu'), processor . at 0x7fd7441e4940>
Subscribed: topic re.compile('acapy::actionmenu::perform\\-menu\\-action'), processor . at 0x7fd7441e49d0>
Closing pool ledger after timeout
```

And issuing credentials, got this message `Cannot queue message for delivery, no supported transport`

frostyfrog (Tue, 12 Oct 2021 20:25:51 GMT):

Has joined the channel.

bs (Wed, 13 Oct 2021 21:16:16 GMT):

Has joined the channel.

Yunxi 3 (Thu, 14 Oct 2021 12:33:35 GMT):

thanks @TimoGlastra, i do want to use revocable credentials by using Soverin BuiderNet. In this case, what's the right value for --tails-server-base-url?

Yunxi 3 (Thu, 14 Oct 2021 12:55:36 GMT):

Hello all, does anyone know if ACA-Py can be deployed to Cloud serviceless services such as AWS Lambda or ECS cluster?

daidoji (Thu, 14 Oct 2021 13:14:45 GMT):

Probably not lambda because the agent needs to keep state, but we deployed a demo on ECS no problem.

Yunxi 3 (Thu, 14 Oct 2021 13:17:45 GMT):

thanks @daidoji , are there any public documentation available for how to deploy ACA-Py in ECS?

daidoji (Thu, 14 Oct 2021 14:12:49 GMT):

@Yunxi 3 not that I know of but it wasn't too bad for us to take the docker images for acapy and convert.  Should be pretty straightforward.  Only thing that was tricky was the networking (some ports need to be internal to the docker network for the webhooks and some need to be externally available).  I think it should be no problem if you just adapt from the Demo or set it up yourself.  

A few hours of work based on our experience.

daidoji (Thu, 14 Oct 2021 14:13:48 GMT):

https://hub.docker.com/r/bcgovimages/aries-cloudagent

saverix (Thu, 14 Oct 2021 14:27:48 GMT):

Has joined the channel.

Yunxi 3 (Fri, 15 Oct 2021 08:48:47 GMT):

great, thanks for the advice @daidoji. Btw, when you mentioned "the agent needs to keep state", do you mean agent needs to run 24/7 or mean something else?

Yunxi 3 (Fri, 15 Oct 2021 08:49:33 GMT):

@TimoGlastra, do you know what value I should use for --tails-server-base-url ?

TimoGlastra (Fri, 15 Oct 2021 09:12:00 GMT):

You need to point it to a tails server. You can host it yourself from here: https://github.com/bcgov/indy-tails-server

TimoGlastra (Fri, 15 Oct 2021 09:12:31 GMT):

Or you can use the public tails server from BCGov: https://tails.vonx.io

TimoGlastra (Fri, 15 Oct 2021 09:12:52 GMT):

But I don't think they provide any guarantees, so for a production use case you'd probably want to host your own

daidoji (Fri, 15 Oct 2021 13:16:40 GMT):

well the agent contains a wallet (a secure database with a set function to securely store credentials) and so I'm not totally sure it would work within a lambda.  That's what I meant by state.

Yunxi 3 (Fri, 15 Oct 2021 13:54:29 GMT):

ah i see. Regarding the database, acapy supports postgresql, so this design decouples acapy agent from its own credential data.

Yunxi 3 (Fri, 15 Oct 2021 13:54:29 GMT):

ah i see. Regarding the database, acapy supports postgresql, so this design decouples acapy agent from its own credential data in the db as its phsical storage.

daidoji (Fri, 15 Oct 2021 13:59:14 GMT):

true, but someone with more knowledge than me would have to say if it supported multi-process access like a lambda might run into... certainly you could try I guess.

weiiv (Fri, 15 Oct 2021 21:54:38 GMT):

Does anyone know how to secure webhook url? Or what type of authentication mechanism does aca-py support for webhooks?

esune (Fri, 15 Oct 2021 22:00:58 GMT):

You can specify the webhook URL to send webhooks to in the following format: `--webhook-url http://my-service:1234/webhook#my-api-key` and aca-py will add the `x-api-key` header with the value specified after the hash simbol

esune (Fri, 15 Oct 2021 22:01:28 GMT):

https://github.com/hyperledger/aries-cloudagent-python/blob/main/aries_cloudagent/config/argparse.py#L162-L174

swcurran (Fri, 15 Oct 2021 22:02:15 GMT):

I believe there is also handling in multi-tenancy for this.

ianco (Fri, 15 Oct 2021 22:02:55 GMT):

In multitenancy you can (optionally) specify a separate webhook url for each sub-wallet

ianco (Fri, 15 Oct 2021 22:03:17 GMT):

There is a header provided with each webhook call with the wallet id in context of the call

esune (Fri, 15 Oct 2021 22:03:20 GMT):

Yep, the default webhook endpoint is still processed though

esune (Fri, 15 Oct 2021 22:03:20 GMT):

Yep, the default webhook endpoint is still processed though - I believe

weiiv (Fri, 15 Oct 2021 22:04:18 GMT):

That's awesome, thank you all :thumbsup:

rpobulic (Sun, 17 Oct 2021 06:06:01 GMT):

Is there any strong reason that the generated openapi spec is still the obsolete swagger 2.0, instead of openapi 3.0 (or 3.1)?

rpobulic (Sun, 17 Oct 2021 06:36:11 GMT):

Is there any way to integrate the admin API with Oauth 2 authorization? I am currently tracking and coding the Bearer token into every REST request to the admin api in my controller app (using one multitenant wallet), while my cloud app authorization is already integrated via Oauth 2 to the Oracle Identity Cloud Service.

jcourt (Sun, 17 Oct 2021 21:06:53 GMT):

I would think the startup cost of initialisation and parameter handling would make it really inefficient as a lambda.  Even the inventor of the lambda concept at AWS has often said that large monolithic, tightly coupled web servers are not always the right choice to try and concert to Serverless.   Even just the loading of all the indy framework would make the size rather prohibitive for a Serverless approach.

jcourt (Sun, 17 Oct 2021 21:06:53 GMT):

I would think the startup cost of initialisation and parameter handling would make it really inefficient as a lambda.  Even the inventor of the lambda concept at AWS has often said that large monolithic, tightly coupled web servers are not always the right choice to try and convert to Serverless.   Even just the loading of all the indy framework would make the size rather prohibitive for a Serverless approach.

swcurran (Sun, 17 Oct 2021 23:04:11 GMT):

@jcourt -- thoughts on this question?

jcourt (Sun, 17 Oct 2021 23:22:57 GMT):

Is the question why the raw spec file output from the web server conforms to 2.0 or why the generated open-api/openapi.json file from running scripts/generate-open-api-spec is using swagger 2.0 ?

The former question is related to the tool used inside aca-py code to generate the openapi raw interface.  You could take a look at https://github.com/hyperledger/aries-cloudagent-python/blob/main/UsingOpenAPI.md for some details on that.

If the question is more on the later (i.e. the open-api/openapi.json) output file.  That file currently exists solely to be used as a check when interfaces change as part of the release process.  I would not be using that for further wrapper code generation as it isn't maintained tightly enough atm.  

If you want something that is likely to be kept up to date and provides infrastructure for code generation you could start here https://github.com/sudoplatform-labs/sudo-di-cloud-agent-js.  

Currently IMHO ACA-py isn't claiming to provide tools for wrapper code generation, if that were to change then I would be happy to see how we might help but we would need to understand what the goals/scope was such as languages, testing (a big effort given all the interfaces) etc.

rpobulic (Mon, 18 Oct 2021 05:06:46 GMT):

For building controllers, I am using a low-code development tools, like Oracle Visual Builder Cloud Service. It can automatically create REST data source definitions using openapi spec files or th URL from which it can dynamically update the data sources. It supports both Swagger 2.0 and OpenAPI 3.0, but the ACA-Py spec file downloaded from the admin page has root objects not ordered correctly, so I have to reorder them by hand with each new version of ACA-Py, or convert to OpenAPI 3.0, Recently, I started using the script https://github.com/hyperledger/aries-cloudagent-python/blob/main/scripts/generate-open-api-spec, just uncommented the line OPEN_API_CONTAINER="openapitools/openapi-generator-cli:v4.3.1".```

```

rpobulic (Mon, 18 Oct 2021 05:06:46 GMT):

For building controllers, I am using a low-code development tools, like Oracle Visual Builder Cloud Service. It can automatically create REST data source definitions using openapi spec files or th URL from which it can dynamically update the data sources. It supports both Swagger 2.0 and OpenAPI 3.0, but the ACA-Py spec file downloaded from the admin page has root objects not ordered correctly, so I have to reorder them by hand with each new version of ACA-Py, or convert to OpenAPI 3.0, Recently, I started using the script https://github.com/hyperledger/aries-cloudagent-python/blob/main/scripts/generate-open-api-spec, just uncommented the line OPEN_API_CONTAINER="openapitools/openapi-generator-cli:v4.3.1".```
OpenAPI 3.0 spec produces more data source details the Swagger 2.0, in the tool I am using. I guess that such benefit exists in other similar low-code tools and code wrapper generators, so it may be useful to all controller developers to upgrade to OpenAPI 3.0 or 3.1 at the admin page link.
```

rpobulic (Mon, 18 Oct 2021 05:06:46 GMT):

For building controllers, I am using a low-code development tools, like Oracle Visual Builder Cloud Service. It can automatically create REST data source definitions using openapi spec files or th URL from which it can dynamically update the data sources. It supports both Swagger 2.0 and OpenAPI 3.0, but the ACA-Py spec file downloaded from the admin page has root objects not ordered correctly, so I have to reorder them by hand with each new version of ACA-Py, or convert to OpenAPI 3.0, Recently, I started using the script https://github.com/hyperledger/aries-cloudagent-python/blob/main/scripts/generate-open-api-spec, just uncommented the line OPEN_API_CONTAINER="openapitools/openapi-generator-cli:v4.3.1".
OpenAPI 3.0 spec produces more data source details the Swagger 2.0, in the tool I am using. I guess that such benefit exists in other similar low-code tools and code wrapper generators, so it may be useful to all controller developers to upgrade to OpenAPI 3.0 or 3.1 at the admin page link.

rpobulic (Mon, 18 Oct 2021 05:06:46 GMT):

For building controllers, I am using a low-code development tools, like Oracle Visual Builder Cloud Service. It can automatically create REST data source definitions using openapi spec files or th URL from which it can dynamically update the data sources. It supports both Swagger 2.0 and OpenAPI 3.0, but the ACA-Py spec file downloaded from the admin page has root objects not ordered correctly, so I have to reorder them by hand with each new version of ACA-Py, or convert to OpenAPI 3.0, Recently, I started using the script https://github.com/hyperledger/aries-cloudagent-python/blob/main/scripts/generate-open-api-spec, just uncommented the line OPEN_API_CONTAINER="openapitools/openapi-generator-cli:v4.3.1".
OpenAPI 3.0 spec produces more data source details the Swagger 2.0, in the tool I am using. I guess that such benefit exists in other similar low-code tools and code wrapper generators, so it may be useful to all controller developers if the admin page link is updated to OpenAPI 3.0 or 3.1.

rpobulic (Mon, 18 Oct 2021 05:06:46 GMT):

For building controllers, I am using a low-code development tools, like Oracle Visual Builder Cloud Service. It can automatically create REST data source definitions using openapi spec files or th URL from which it can dynamically update the data sources. It supports both Swagger 2.0 and OpenAPI 3.0, but the ACA-Py spec file downloaded from the admin page has root objects not ordered correctly, so I have to reorder them manually with each new version of ACA-Py, or convert to OpenAPI 3.0, Recently, I started using the script https://github.com/hyperledger/aries-cloudagent-python/blob/main/scripts/generate-open-api-spec, just uncommented the line OPEN_API_CONTAINER="openapitools/openapi-generator-cli:v4.3.1".
OpenAPI 3.0 spec produces more data source details the Swagger 2.0, in the tool I am using. I guess that such benefit exists in other similar low-code tools and code wrapper generators, so it may be useful to all controller developers if the admin page link is updated to OpenAPI 3.0 or 3.1.

phearaeun (Mon, 18 Oct 2021 05:20:02 GMT):

Has anyone made success on issuing/verifying credentials from aca-py to bifold?

phearaeun (Mon, 18 Oct 2021 05:20:02 GMT):



TimoGlastra (Mon, 18 Oct 2021 05:22:13 GMT):

We have! Where are you getting stuck?

IgorSim (Mon, 18 Oct 2021 07:21:33 GMT):

Hi, I successfully issued JSON-LD credential based on W3C Vaccination schema (as explained in https://github.com/hyperledger/aries-cloudagent-python/blob/main/demo/AliceWantsAJsonCredential.md) but have a problem when verifying presentation request for JSON-LD credential.  
Verification on 'VaccinationEvent' properties (such as batchNumber, countryOfVaccination etc) works OK but i encounter problem when i try to verify 'nested' property, such as 'vaccine.marketingAuthorizationHolder'.
Input descriptor in *pres_request* looks like this(i've omit few things for brevity)
`          "input_descriptors": [
                {
                  "schema": [
                    {
                      "uri": "https://w3id.org/vaccination#VaccinationCertificate"
                    }
                  ],
                  "constraints": {
                    "fields": [
                      {
                        "id": "01cde64e-77e4-47fc-9759-9eebf9dd26a5",
                        "path": [
                          "$.credentialSubject.vaccine.marketingAuthorizationHolder"
                        ],
                        "predicate": "required",
                        "filter": {
                          "enum": [
                            "Moderna Biotech Spain, S.L.",
                            "AstraZeneca AB",
                            "BioNTech Manufacturing GmbH",
                            "Janssen-Cilag International NV"
                          ]
                        }
                      }
                    ],
                    "is_holder": [
                      {
                        "directive": "required",
                        "field_id": [
                          "01cde64e-77e4-47fc-9759-9eebf9dd26a5"
                        ]
                      }
                    ],
                    "limit_disclosure": "required"
                  }`

pres.credentialSubject is:
` "credentialSubject": {
                  "id": "did:key:xxxx",
                  "type": "VaccinationEvent",
                  "https://w3id.org/vaccination#VaccineEventVaccine": {
                    "id": "urn:bnid:_:c14n1",
                    "type": "Vaccine"
                  }
                }`
I see following error in agent log when verifying presentation:
DIFPresExchError: Constraint specified for None does not apply to the enclosed credential in $.verifiableCredential[0]

IgorSim (Mon, 18 Oct 2021 07:21:33 GMT):

Hi, I successfully issued JSON-LD credential based on W3C Vaccination schema (as explained in https://github.com/hyperledger/aries-cloudagent-python/blob/main/demo/AliceWantsAJsonCredential.md) but have a problem when verifying presentation request for JSON-LD credential.  
Verification on 'VaccinationEvent' properties (such as batchNumber, countryOfVaccination etc) works OK but i encounter problem when i try to verify 'nested' property, such as 'vaccine.marketingAuthorizationHolder'.
Input descriptor in *pres_request* looks like this(i've omit few things for brevity)
         "input_descriptors": [
                { "schema": [{ "uri": "https://w3id.org/vaccination#VaccinationCertificate"}],
                  "constraints": {
                    "fields": [ {"id": "01cde64e-77e4-47fc-9759-9eebf9dd26a5",
"path": [
                          "$.credentialSubject.vaccine.marketingAuthorizationHolder"],
                        "predicate": "required",
                        "filter": {
                          "enum": [
                            "Moderna Biotech Spain, S.L.",
                            "AstraZeneca AB",
                            "BioNTech Manufacturing GmbH",
                            "Janssen-Cilag International NV"
                          ] }}],
                    "is_holder": [
                      {"directive": "required",
                        "field_id": ["01cde64e-77e4-47fc-9759-9eebf9dd26a5" ]}],
                    "limit_disclosure": "required"
                  }`

pres.credentialSubject is:
"credentialSubject": {
                  "id": "did:key:xxxx",
                  "type": "VaccinationEvent",
                  "https://w3id.org/vaccination#VaccineEventVaccine": {
                    "id": "urn:bnid:_:c14n1",
                    "type": "Vaccine"
                  }
                }
I see following error in agent log when verifying presentation:
DIFPresExchError: Constraint specified for None does not apply to the enclosed credential in $.verifiableCredential[0]

IgorSim (Mon, 18 Oct 2021 07:21:33 GMT):

Hi, I successfully issued JSON-LD credential based on W3C Vaccination schema (as explained in https://github.com/hyperledger/aries-cloudagent-python/blob/main/demo/AliceWantsAJsonCredential.md) but have a problem when verifying presentation request for JSON-LD credential.  
Verification on 'VaccinationEvent' properties (such as batchNumber, countryOfVaccination etc) works OK but i encounter problem when i try to verify 'nested' property, such as 'vaccine.marketingAuthorizationHolder'.
Input descriptor in *pres_request* looks like this(i've omit few things for brevity)
         "input_descriptors": [
                { "schema": [{ "uri": "https://w3id.org/vaccination#VaccinationCertificate"}],
                  "constraints": {
                    "fields": [ {"id": "01cde64e-77e4-47fc-9759-9eebf9dd26a5",
"path": [
                          "$.credentialSubject.vaccine.marketingAuthorizationHolder"],
                        "predicate": "required",
                        "filter": {
                          "enum": [
                            "Moderna Biotech Spain, S.L.",
                            "AstraZeneca AB",
                            "BioNTech Manufacturing GmbH",
                            "Janssen-Cilag International NV"
                          ] }}],
                    "is_holder": [
                      {"directive": "required",
                        "field_id": ["01cde64e-77e4-47fc-9759-9eebf9dd26a5" ]}],
                    "limit_disclosure": "required"
                  }`

*pres.credentialSubject *is:
"credentialSubject": {
                  "id": "did:key:xxxx",
                  "type": "VaccinationEvent",
                  "https://w3id.org/vaccination#VaccineEventVaccine": {
                    "id": "urn:bnid:_:c14n1",
                    "type": "Vaccine"
                  }
                }
I see following error in agent log when verifying presentation:
DIFPresExchError: Constraint specified for None does not apply to the enclosed credential in $.verifiableCredential[0]

IgorSim (Mon, 18 Oct 2021 07:21:33 GMT):

Hi, I successfully issued JSON-LD credential based on W3C Vaccination schema (as explained in https://github.com/hyperledger/aries-cloudagent-python/blob/main/demo/AliceWantsAJsonCredential.md) but have a problem when verifying presentation request for JSON-LD credential.  
Verification on 'VaccinationEvent' properties (such as batchNumber, countryOfVaccination etc) works OK but i encounter problem when i try to verify 'nested' property, such as 'vaccine.marketingAuthorizationHolder'.
Input descriptor in *pres_request* looks like this(i've omit few things for brevity)
         "input_descriptors": [
                { "schema": [{ "uri": "https://w3id.org/vaccination#VaccinationCertificate"}],
                  "constraints": {
                    "fields": [ {"id": "01cde64e-77e4-47fc-9759-9eebf9dd26a5",
"path": [
                          "$.credentialSubject.vaccine.marketingAuthorizationHolder"],
                        "predicate": "required",
                        "filter": {
                          "enum": [
                            "Moderna Biotech Spain, S.L.",
                            "AstraZeneca AB",
                            "BioNTech Manufacturing GmbH",
                            "Janssen-Cilag International NV"
                          ] }}],
                    "is_holder": [
                      {"directive": "required",
                        "field_id": ["01cde64e-77e4-47fc-9759-9eebf9dd26a5" ]}],
                    "limit_disclosure": "required"
                  }`

*pres.credentialSubject* is:
"credentialSubject": {
                  "id": "did:key:xxxx",
                  "type": "VaccinationEvent",
                  "https://w3id.org/vaccination#VaccineEventVaccine": {
                    "id": "urn:bnid:_:c14n1",
                    "type": "Vaccine"
                  }
                }
I see following error in agent log when verifying presentation:
DIFPresExchError: Constraint specified for None does not apply to the enclosed credential in $.verifiableCredential[0]

phearaeun (Mon, 18 Oct 2021 09:43:26 GMT):

I already enabled `--enable-undelivered-queue` but still get the same error: `Cannot queue message for delivery, no supported transport`.

And there is a new message: `No outbound queue loaded`

TimoGlastra (Mon, 18 Oct 2021 10:15:00 GMT):

What transports have you enabled on the agent?

TimoGlastra (Mon, 18 Oct 2021 10:15:07 GMT):

Could you share your acapy config?

TimoGlastra (Mon, 18 Oct 2021 10:15:36 GMT):

This is the mediator config I use locally

TimoGlastra (Mon, 18 Oct 2021 10:15:55 GMT):

```
# General
label: Mediator

# Transport
endpoint:
  - http://localhost:3001
  - ws://localhost:3002
inbound-transport:
  - [http, 0.0.0.0, 3001]
  - [ws, 0.0.0.0, 3002]
outbound-transport:
  - http
  - ws

# Admin
admin: [0.0.0.0, 3000]
admin-insecure-mode: true

# Connections
debug-connections: true
invite-multi-use: true
# connections-invite: true
auto-accept-invites: true
auto-accept-requests: true
auto-ping-connection: true

# Wallet
wallet-type: indy
wallet-name: MediatorWallet
wallet-key: MediatorWallet
# seed: SEED_000000000000000000000000001
# wallet-local-did: true
auto-provision: true
replace-public-did: true

# Mediation
open-mediation: true
enable-undelivered-queue: true
# monitor-forward: false

# Webhooks
webhook-url: http://localhost:1080/mediator

# Ledger
no-ledger: true

# Logging
log-level: DEBUG
```

TimoGlastra (Mon, 18 Oct 2021 10:16:03 GMT):

Do you spot any differences in the config?

swcurran (Mon, 18 Oct 2021 13:32:36 GMT):

Could you please open an issue in the ACA-Py repo for this?  Thanks.

phearaeun (Mon, 18 Oct 2021 15:06:56 GMT):

Mine:
```
aca-py start \
--label Mediator \
--endpoint http://localhost:8500 \
--admin 127.0.0.1 8400 \
--wallet-name mediator \
--wallet-key mykey@2021 \
--wallet-type indy \
--seed mediator000000000000000000000000 \
--auto-provision \
--inbound-transport http 0.0.0.0 8500 \
--inbound-transport http 0.0.0.0 8510 \
--inbound-transport ws 0.0.0.0 8510 \
--outbound-transport http \
--outbound-transport ws \
--public-invites \
--genesis-url http://localhost:9000/genesis \
--webhook-url http://localhost:8900 \
--admin-insecure-mode \
--jwt-secret asardev@2021 \
--log-file aries_log.log \
--log-level debug \
--debug-connection \
--auto-accept-invites \
--auto-accept-requests \
--auto-ping-connection \
--auto-respond-messages \
--preserve-exchange-records \
--auto-respond-credential-proposal \
--auto-respond-credential-request \
--auto-respond-credential-offer \
--auto-store-credential \
--auto-respond-presentation-request \
--auto-verify-presentation \
--open-mediation \
--enable-undelivered-queue \
--emit-new-didcomm-prefix \
```

phearaeun (Mon, 18 Oct 2021 15:06:56 GMT):

Mine:
```
aca-py start \
--label Mediator \
--endpoint http://localhost:8500 \
--admin 127.0.0.1 8400 \
--wallet-name mediator \
--wallet-key mykey@2021 \
--wallet-type indy \
--seed mediator000000000000000000000000 \
--auto-provision \
--inbound-transport http 0.0.0.0 8500 \
--inbound-transport http 0.0.0.0 8510 \
--inbound-transport ws 0.0.0.0 8510 \
--outbound-transport http \
--outbound-transport ws \
--public-invites \
--genesis-url http://localhost:9000/genesis \
--webhook-url http://localhost:8900 \
--admin-insecure-mode \
--jwt-secret mykey@2021 \
--log-file aries_log.log \
--log-level debug \
--debug-connection \
--auto-accept-invites \
--auto-accept-requests \
--auto-ping-connection \
--auto-respond-messages \
--preserve-exchange-records \
--auto-respond-credential-proposal \
--auto-respond-credential-request \
--auto-respond-credential-offer \
--auto-store-credential \
--auto-respond-presentation-request \
--auto-verify-presentation \
--open-mediation \
--enable-undelivered-queue \
--emit-new-didcomm-prefix \
```

swcurran (Mon, 18 Oct 2021 15:43:43 GMT):

Join us for the ACA-Py User Group this Tuesday (Oct. 19) at 8AM Pacific (15:00 UTC). We'll have the core maintainers on the call to answer any questions -- other topics are below.

Zoom link: https://zoom.us/j/6223336701?pwd=dkJKdHRlc3dNZEdKR1JYdW40R2pDUT09

Link to meeting agenda page: https://wiki.hyperledger.org/display/ARIES/2021-10-19+Aries+Cloud+Agent+-+Python+Users+Group+Community+Meeting

Everyone is welcome!

Planned Topics -- lots of good ones!

- Review of PRs for 0.7.2 Final -- anything to be added?
- Discussion: Creating Aries Mediator Service repo (aries-mediator-service) - dependent on ACA-Py?
- Discussion: Creating Indy Endorser Server repo (indy-endorser-service) - 
- Update: ACA-Py support for Indy Multi-Ledger
- AMA (as time permits)

swcurran (Mon, 18 Oct 2021 15:43:43 GMT):

Join us for the ACA-Py User Group this Tuesday (Oct. 19) at 8AM Pacific (15:00 UTC). We'll have the core maintainers on the call to answer any questions -- other topics are below.

Zoom link: https://zoom.us/j/6223336701?pwd=dkJKdHRlc3dNZEdKR1JYdW40R2pDUT09

Link to meeting agenda page: https://wiki.hyperledger.org/display/ARIES/2021-10-19+Aries+Cloud+Agent+-+Python+Users+Group+Community+Meeting

Everyone is welcome!

Planned Topics -- lots of good ones!

- Review of PRs for 0.7.2 Final -- anything to be added?
- Discussion: Creating Aries Mediator Service repo (aries-mediator-service) - dependent on ACA-Py?
- Discussion: Creating Indy Endorser Server repo (indy-endorser-service)
- Update: ACA-Py support for Indy Multi-Ledger
- AMA (as time permits)

jcourt (Mon, 18 Oct 2021 21:24:17 GMT):

We could go that way.  When I first wrote that script I had some issues using the OpenAPI docker images that were available, since then you may have noticed that the other repo I pointed you at is using OpenAPI 3.0.   If you would like to raise an issue in GitHub around this I could take a look at upgrading it so that we output a 3.0 JSON file so that at least if people run it at each release it will be up to date.  I don't have access to the automation system for ACA-py so to get it to run as part of merges etc is out of my control.

swcurran (Tue, 19 Oct 2021 01:18:53 GMT):

I suspect we could define a GHA to generate that.  Take a look at some of the actions we already have in the .github/workflows folders.  Or post an issue of what you think would be a good a feature and how you generate it manually today.

jcourt (Tue, 19 Oct 2021 01:25:36 GMT):

One of the issues with GHA is that running docker images to talk to other docker images is not trivial.  From memory our OpenAPI generating repo pipeline ends up needing a shell runner at one point, another one for UI testing I implemented docker-in-docker with compose which also isn't a common GitHub runner approach.  I will take another look.

fethbita (Tue, 19 Oct 2021 07:29:51 GMT):

The agenda link doesn't seem to work

TimoGlastra (Tue, 19 Oct 2021 12:36:01 GMT):

@fethbita it should work now

bruno.hivert (Tue, 19 Oct 2021 14:15:51 GMT):

Has joined the channel.

dbluhm (Tue, 19 Oct 2021 14:51:20 GMT):

We've started a project that has several parallels to dedicated mediator service so sharing here for the sake of comparison:
Spec: https://hackmd.io/@dbluhm/aries-proxy-mediator
Repo: https://github.com/Indicio-tech/proxy-mediator

swcurran (Tue, 19 Oct 2021 16:08:59 GMT):

OK -- perhaps harder than I thought.

phearaeun (Wed, 20 Oct 2021 03:20:19 GMT):

Hi @TimoGlastra, could you please help advise on this?

nbAmit (Wed, 20 Oct 2021 04:55:03 GMT):

Has joined the channel.

TimoGlastra (Wed, 20 Oct 2021 11:50:19 GMT):

Hi everyone, I've been working on a feature overview document for ACA-Py that lists supported protocols, AIP versions, credential types, signature suites, etc.. Use it to your advantage, but I'm also interested in feedback as I'm probably missing some things. You can comment on the document to propose changes: https://hackmd.io/@animo/acapy-feature-overview

ArdianAbazi (Wed, 20 Oct 2021 19:24:36 GMT):

Has joined the channel.

jcourt (Wed, 20 Oct 2021 21:04:35 GMT):

@timoglastra that is really concise, easy to consume and really useful !   I wonder if that sort of format or something similar could become a standard for describing the profile/capabilities of all Aries agent projects ?

jcourt (Wed, 20 Oct 2021 21:04:35 GMT):

@TimoGlastra  that is really concise, easy to consume and really useful !   I wonder if that sort of format or something similar could become a standard for describing the profile/capabilities of all Aries agent projects ?

IgorSim (Thu, 21 Oct 2021 08:50:46 GMT):

Hi, i think it's similar problem as described in https://github.com/hyperledger/aries-cloudagent-python/issues/1427
Just for clarification, error happens on the verifier side when receiving presentation (not on explicit verification by verifier as i initially reported)

IgorSim (Thu, 21 Oct 2021 08:50:46 GMT):

Hi, i think it's similar problem as described in https://github.com/hyperledger/aries-cloudagent-python/issues/1427
Just for clarification, error happens on the verifier side upon receiving presentation (not on explicit verification by verifier as i initially reported)

SubhadeepBanerjee (Thu, 21 Oct 2021 09:30:33 GMT):

Hello guys, been facing this error for a while, - {"error":"acapy_call_failed","error_description":"Cannot fetch ACAPy wallet public did"} any help will be really appreciated. 
PS - our mediator service is running properly

TimoGlastra (Thu, 21 Oct 2021 12:30:19 GMT):

Thanks @jcourt! Notice I spend a lot of time helping people understand what the different frameworks support.  I've also made an AFJ version: https://hackmd.io/@animo/afj-feature-overview. Could also give the .NET framework a shot, but don't think I know enough about the other frameworks to make such an overview

swcurran (Thu, 21 Oct 2021 16:44:08 GMT):

Awesome.  Can we get that into ACA-Py?  I'm happy to do a PR for that in the next little bit.

swcurran (Thu, 21 Oct 2021 16:44:51 GMT):

I'd like to get that into the /docs folder and integrate it with the Read The Docs data.

swcurran (Thu, 21 Oct 2021 16:44:55 GMT):

Very cool!

TimoGlastra (Thu, 21 Oct 2021 19:40:31 GMT):

Sure @swcurran, go ahead. I can also make the PR if you’d like

analia_meira (Fri, 22 Oct 2021 00:59:23 GMT):

Hi everyone  Can you help me with a question? 
I'm using aca-py, I generated my DID and I would like to know if I can sign any document using it.
For example: get a document containing a 'Hello world' and sign it with the DID.
Can DID in aca-py do this?

analia_meira (Fri, 22 Oct 2021 00:59:23 GMT):

Hi everyone  Can anyone help me with a question? 
I'm using aca-py, I generated my DID and I would like to know if I can sign any document using it.
For example: get a document containing a 'Hello world' and sign it with the DID.
Can DID in aca-py do this?

Yunxi 3 (Fri, 22 Oct 2021 10:34:43 GMT):

@daidoji, how can you pass in the ACA-Py running parameters by running ACA-Py using the docker image?

Yunxi 3 (Fri, 22 Oct 2021 10:35:29 GMT):

Example running parameters are like: PORTS="8000 8001" -l Issuer \
-it http 0.0.0.0 8000 \
-ot http \
--admin 0.0.0.0 8001 \  etc.

victor.martinez (Fri, 22 Oct 2021 17:40:45 GMT):

What do you mean by a "document" ?  A pdf / word document ?

swcurran (Fri, 22 Oct 2021 22:27:31 GMT):

We'd like to add @shaanjot.gill (github id: shaangill025) as a maintainer for ACA-Py.  Any objections to that?  Shaanjot is a core developer on the BC Gov team and will be taking Andrew's spot on the ACA-Py effort for the next while as Andrew is on an extended leave.

While I'm asking, is there anyone else that should be added as a maintainer?

ianco (Fri, 22 Oct 2021 23:26:31 GMT):

How about @TimoGlastra or @dbluhm ?

GuilhermeFunchal (Sat, 23 Oct 2021 00:24:40 GMT):

Hello, When the issuer create some credential in json-ld format the ACA-Py return credential id, but to delete or view that credential in user mode is need the recipient_id from credential. How I get this key whem issuer create the credential ?

dbluhm (Sat, 23 Oct 2021 02:55:50 GMT):

I would be willing

analia_meira (Sat, 23 Oct 2021 11:44:37 GMT):

Yes, for example: I have a document containing "Hello world" and I need to sign this document with my DID. How can I sign it?

analia_meira (Sat, 23 Oct 2021 11:45:17 GMT):

Yes @victor.martinez  for example: I have a document containing "Hello world" and I need to sign this document with my DID. How can I sign it?

analia_meira (Sat, 23 Oct 2021 12:11:37 GMT):

@victor.martinez it could also be just a JSON that returns me signed.

TimoGlastra (Sun, 24 Oct 2021 11:02:20 GMT):

Same!

TimoGlastra (Sun, 24 Oct 2021 19:09:47 GMT):

Does ACA-Py support connection-less issuance of credentials? I'm trying to help someone issue an connection-less credential to ACA-Py, but it will give an error on the ACA-Py side:

TimoGlastra (Sun, 24 Oct 2021 19:10:08 GMT):

```
2021-10-24 21:03:04,199 aries_cloudagent.core.conductor ERROR Exception in message handler:
Traceback (most recent call last):
  File "/Users/timoglastra/Developer/Work/Animo/Aries/aries-cloudagent-python/aries_cloudagent/core/dispatcher.py", line 198, in handle_message
    await handler(context, responder)
  File "/Users/timoglastra/Developer/Work/Animo/Aries/aries-cloudagent-python/aries_cloudagent/protocols/issue_credential/v1_0/handlers/credential_request_handler.py", line 40, in handle
    raise HandlerException("No connection established for credential request")
aries_cloudagent.messaging.base_handler.HandlerException: No connection established for credential request
2021-10-24 21:03:04,200 aries_cloudagent.core.conductor ERROR DON'T shutdown on HandlerException No connection established for credential request
2021-10-24 21:03:04,200 aries_cloudagent.core.dispatcher ERROR Handler error: Dispatcher.handle_message
Traceback (most recent call last):
  File "/Users/timoglastra/Developer/Work/Animo/Aries/aries-cloudagent-python/aries_cloudagent/core/dispatcher.py", line 198, in handle_message
    await handler(context, responder)
  File "/Users/timoglastra/Developer/Work/Animo/Aries/aries-cloudagent-python/aries_cloudagent/protocols/issue_credential/v1_0/handlers/credential_request_handler.py", line 40, in handle
    raise HandlerException("No connection established for credential request")
aries_cloudagent.messaging.base_handler.HandlerException: No connection established for credential request
```

etschelp (Mon, 25 Oct 2021 07:45:05 GMT):

There is no direct way like a /sign-something method in aca-py, but you have two options:

1. Make it a a indy credential and embed it like

```
{
  "name": "my-pdf",
  "mime-type": "application/pdf",
  "value": "c29tZSBwZGY="
}
```
This example is based on a indy json credentials where you also need to have a schema and a credential definition on a ledger. The binary content of the pdf is then serialized as a base64 encoded string and put into the value field of the credential. See /issue-credential/send endpoint

2. Make it a json-ld credential e.g. and use the /jsonld/sign endpoint or the v2 credential endpoints /issue-credential-2.0/send. A not tested example json-ld structure could look like:

```
{
  "@context": [
    "https://www.w3.org/2018/credentials/v1"
  ],
  "type": [
    "mypdf"
  ],
  "verifiableCredential": [
    {
      "@context": [
        "https://www.w3.org/2018/credentials/v1"
      ],
      "type": [
        "mypdf"
      ],
      "id": "urn:5256177f-4d63-4303-928a-5d37f1171106",
      "issuer": "did:sov:EraYCDJUPsChbkw7S1vV96",
      "issuanceDate": "2021-10-21T09:39:41Z",
      "credentialSubject": {
        "id": "did:sov:EraYCDJUPsChbkw7S1vV96",
        "type": "mypdf",
        "value": "c29tZSBwZGY=",
      },
    },
  ],
  "proof": {
  }
}
```

etschelp (Mon, 25 Oct 2021 07:45:05 GMT):

There is no direct way like a /sign method in aca-py that simply signs anything. One has to think in credentials and the related json(-ld) structures. So you have two options:

1. Make it a a indy credential and embed it like

```
{
  "name": "my-pdf",
  "mime-type": "application/pdf",
  "value": "c29tZSBwZGY="
}
```
This example is based on a indy json credentials where you also need to have a schema and a credential definition on a ledger. The binary content of the pdf is then serialized as a base64 encoded string and put into the value field of the credential. See the  /issue-credential/send endpoint. I'm not sure what the maximum length of the value field is, there has been a discussion on the channel some time ago, but I can't remember the result.

2. Make it a json-ld credential and use the /jsonld/sign endpoint or the v2 credential endpoints /issue-credential-2.0/send. A not tested example json-ld structure could look like:

```
{
  "@context": [
    "https://www.w3.org/2018/credentials/v1"
  ],
  "type": [
    "mypdf"
  ],
  "verifiableCredential": [
    {
      "@context": [
        "https://www.w3.org/2018/credentials/v1"
      ],
      "type": [
        "mypdf"
      ],
      "id": "urn:5256177f-4d63-4303-928a-5d37f1171106",
      "issuer": "did:sov:EraYCDJUPsChbkw7S1vV96",
      "issuanceDate": "2021-10-21T09:39:41Z",
      "credentialSubject": {
        "id": "did:sov:EraYCDJUPsChbkw7S1vV96",
        "type": "mypdf",
        "value": "c29tZSBwZGY=",
      },
    },
  ],
  "proof": {
  }
}
```

The /jsonld/sign endpoint is probably the closest thing to your needs. It is not active by default and you have to set it as a startup parameter like: `plugin: 'aries_cloudagent.messaging.jsonld'`

etschelp (Mon, 25 Oct 2021 07:45:05 GMT):

There is no direct way like a /sign method in aca-py that simply signs anything. One has to think in credentials and the related json(-ld) structures. So you have two options:

1. Make it a a indy credential and embed it like

```
{
  "name": "my-pdf",
  "mime-type": "application/pdf",
  "value": "c29tZSBwZGY="
}
```
This example is based on a indy json credentials where you also need to have a schema and a credential definition on a ledger. The binary content of the pdf is then serialized as a base64 encoded string and put into the value field of the credential. See the  /issue-credential/send endpoint. I'm not sure what the maximum length of the value field is, there has been a discussion on the channel some time ago, but I can't remember the result.

2. Make it a json-ld credential and use the /jsonld/sign endpoint or the v2 credential endpoints /issue-credential-2.0/send. A not tested example json-ld structure could look like:

```
{
  "@context": [
    "https://www.w3.org/2018/credentials/v1"
  ],
  "type": [
    "mypdf"
  ],
  "verifiableCredential": [
    {
      "@context": [
        "https://www.w3.org/2018/credentials/v1"
      ],
      "type": [
        "mypdf"
      ],
      "id": "urn:5256177f-4d63-4303-928a-5d37f1171106",
      "issuer": "did:sov:EraYCDJUPsChbkw7S1vV96",
      "issuanceDate": "2021-10-21T09:39:41Z",
      "credentialSubject": {
        "id": "did:sov:EraYCDJUPsChbkw7S1vV96",
        "type": "mypdf",
        "value": "c29tZSBwZGY=",
      },
    },
  ]
}
```

The /jsonld/sign endpoint is probably the closest thing to your needs. It is not active by default and you have to set it as a startup parameter like: `plugin: 'aries_cloudagent.messaging.jsonld'`

etschelp (Mon, 25 Oct 2021 07:45:05 GMT):

There is no direct way like a /sign method in aca-py that simply signs anything. One has to think in credentials and the related json(-ld) structures. So you have two options:

1. Make it a a indy credential and embed it like

```
{
  "name": "my-pdf",
  "mime-type": "application/pdf",
  "value": "c29tZSBwZGY="
}
```
This example is based on a indy json credentials where you also need to have a schema and a credential definition on a ledger. The binary content of the pdf is then serialized as a base64 encoded string and put into the value field of the credential. See the  /issue-credential/send endpoint. I'm not sure what the maximum length of the value field is, there has been a discussion on the channel some time ago, but I can't remember the result.

2. Make it a json-ld credential and use the /jsonld/sign endpoint or the v2 credential endpoints /issue-credential-2.0/send. A example json-ld structure that to post against the /jsonld/sign endpoint could look like:

```
{
    "verkey": "8gdhRLtvJHzKoJGyuEqgdN1QZGYfai4wMHFGgtfDXg3D",
    "doc": {
        "credential": {
            "@context": [
                "https://www.w3.org/2018/credentials/v1"
            ],
            "type": [
                "VerifiablePresentation"
            ],
            "verifiableCredential": [
                {
                    "@context": [
                        "https://www.w3.org/2018/credentials/v1"
                    ],
                    "id": "urn:dsfasdfsaf",
                    "type": [
                        "VerifiableCredential",
                        "MyPDF"
                    ],
                    "issuer": "did:sov:iil:sadfafs",
                    "issuanceDate": "2010-01-01T19:73:24Z",
                    "credentialSubject": {
                        "id": "did:sov:iil:sadfafs",
                        "type": "MyPDF",
                        "value": "base64"
                    }
                }
            ]
        },
        "options": {
            "verificationMethod": "F6dB7dMVHUQSC64qemnBi7",
            "proofPurpose": "authentication",
            "type": "Ed25519Signature2018"
        }
    }
}
```

The /jsonld/sign endpoint is probably the closest thing to your needs. It is not active by default and you have to set it as a startup parameter like: `plugin: 'aries_cloudagent.messaging.jsonld'`. You get the verkey from the /wallet/did/public method.

etschelp (Mon, 25 Oct 2021 07:45:05 GMT):

There is no direct way like a /sign method in aca-py that simply signs anything. One has to think in credentials and the related json(-ld) structures. So you have two options:

1. Make it a a indy credential and embed it like

```
{
  "name": "my-pdf",
  "mime-type": "application/pdf",
  "value": "c29tZSBwZGY="
}
```
This example is based on a indy json credentials where you also need to have a schema and a credential definition on a ledger. The binary content of the pdf is then serialized as a base64 encoded string and put into the value field of the credential. See the  /issue-credential/send endpoint. I'm not sure what the maximum length of the value field is, there has been a discussion on the channel some time ago, but I can't remember the result.

2. Make it a json-ld credential and use the /jsonld/sign endpoint or the v2 credential endpoints /issue-credential-2.0/send. A example json-ld structure to post against the /jsonld/sign endpoint could look like:

```
{
    "verkey": "8gdhRLtvJHzKoJGyuEqgdN1QZGYfai4wMHFGgtfDXg3D",
    "doc": {
        "credential": {
            "@context": [
                "https://www.w3.org/2018/credentials/v1"
            ],
            "type": [
                "VerifiablePresentation"
            ],
            "verifiableCredential": [
                {
                    "@context": [
                        "https://www.w3.org/2018/credentials/v1"
                    ],
                    "id": "urn:dsfasdfsaf",
                    "type": [
                        "VerifiableCredential",
                        "MyPDF"
                    ],
                    "issuer": "did:sov:iil:sadfafs",
                    "issuanceDate": "2010-01-01T19:73:24Z",
                    "credentialSubject": {
                        "id": "did:sov:iil:sadfafs",
                        "type": "MyPDF",
                        "value": "base64"
                    }
                }
            ]
        },
        "options": {
            "verificationMethod": "F6dB7dMVHUQSC64qemnBi7",
            "proofPurpose": "authentication",
            "type": "Ed25519Signature2018"
        }
    }
}
```

The /jsonld/sign endpoint is probably the closest thing to your needs. It is not active by default and you have to set it as a startup parameter like: `plugin: 'aries_cloudagent.messaging.jsonld'`. You get the verkey from the /wallet/did/public method.

etschelp (Mon, 25 Oct 2021 07:45:05 GMT):

There is no direct way like a /sign method in aca-py that simply signs anything. One has to think in credentials and the related json(-ld) structures. So you have two options:

1. Make it a a indy credential and embed it like

```
{
  "name": "my-pdf",
  "mime-type": "application/pdf",
  "value": "c29tZSBwZGY="
}
```
This example is based on a indy json credentials where you also need to have a schema and a credential definition on a ledger. The binary content of the pdf is then serialized as a base64 encoded string and put into the value field of the credential. See the  /issue-credential/send endpoint. I'm not sure what the maximum length of the value field is, there has been a discussion on the channel some time ago, but I can't remember the result.

2. Make it a json-ld credential and use the /jsonld/sign endpoint or the v2 credential endpoints /issue-credential-2.0/send. A example json-ld structure to post against the /jsonld/sign endpoint could look like:

```
{
    "verkey": "8gdhRLtvJHzKoJGyuEqgdN1QZGYfai4wMHFGgtfDXg3D",
    "doc": {
        "credential": {
            "@context": [
                "https://www.w3.org/2018/credentials/v1"
            ],
            "type": [
                "VerifiablePresentation"
            ],
            "verifiableCredential": [
                {
                    "@context": [
                        "https://www.w3.org/2018/credentials/v1"
                    ],
                    "id": "urn:dsfasdfsaf",
                    "type": [
                        "VerifiableCredential",
                        "MyPDF"
                    ],
                    "issuer": "did:sov:F6dB7dMVHUQSC64qemnBi7",
                    "issuanceDate": "2021-01-01T19:73:24Z",
                    "credentialSubject": {
                        "id": "did:sov:iil:sadfafs",
                        "type": "MyPDF",
                        "value": "base64"
                    }
                }
            ]
        },
        "options": {
            "verificationMethod": "F6dB7dMVHUQSC64qemnBi7",
            "proofPurpose": "authentication",
            "type": "Ed25519Signature2018"
        }
    }
}
```

The /jsonld/sign endpoint is probably the closest thing to your needs. It is not active by default and you have to set it as a startup parameter like: `plugin: 'aries_cloudagent.messaging.jsonld'`. You get the verkey from the /wallet/did/public method.

SubhadeepBanerjee (Mon, 25 Oct 2021 11:21:57 GMT):

Hello guys, been facing this error for a while, - {"error":"acapy_call_failed","error_description":"Cannot fetch ACAPy wallet public did"} any help will be really appreciated.
PS - our mediator service is running properly @swcurran

swcurran (Mon, 25 Oct 2021 16:51:14 GMT):

@ianco ^^^

ianco (Mon, 25 Oct 2021 17:41:24 GMT):

Have you created a public DID for your wallet?

timbl (Mon, 25 Oct 2021 18:48:09 GMT):

Both this link and the one for AFJ are now showing permission denied. Has the content been moved.

dbluhm (Mon, 25 Oct 2021 22:32:54 GMT):

Getting a 403 all of a sudden :slight_frown:

swcurran (Mon, 25 Oct 2021 23:09:14 GMT):

AFAIK, it does not with issue credential 1.0.  I think it does with OOB and issue credential 2.0.  Do I have that right @shaanjot.gill ?

swcurran (Mon, 25 Oct 2021 23:13:46 GMT):

Updates made to the team of committers to ACA-Py -- adding Timo and Shaanjot. Daniel B already was a committer.  Currently there are three maintainers (myself, Andrew and Telegram Sam), and two other committers (Wade and Ian).

I suggest that we change @dbluhm and, @TelegramSam so that Daniel is the Maintainer, and Sam a committer.  Reasonable?

swcurran (Mon, 25 Oct 2021 23:13:58 GMT):

Team list: https://github.com/orgs/hyperledger/teams/aries-cloudagent-python-committers/members?query=

ianco (Tue, 26 Oct 2021 00:15:36 GMT):

Sounds good to me

TimoGlastra (Tue, 26 Oct 2021 07:10:21 GMT):

@fethbita ^^

TimoGlastra (Tue, 26 Oct 2021 07:14:14 GMT):

I've been made aware that I wasn't at liberty to share these document :disappointed: Sorry for this, and if I can make them public again I'll let you know

TimoGlastra (Tue, 26 Oct 2021 07:14:42 GMT):

I've been made aware that I wasn't at liberty to share these document :disappointed: Sorry for this, and if I can make them public again I'll let you know

phearaeun (Tue, 26 Oct 2021 09:53:43 GMT):

Got an error on receiving invite:
```
aries_cloudagent/transport/outbound/manager.py", line 451, in deliver_queued_message
    transport.handle_message(
TypeError: handle_message() takes from 4 to 5 positional arguments but 6 were given
```

SubhadeepBanerjee (Tue, 26 Oct 2021 10:39:08 GMT):

@ianco This error is happening due to some issue in the mediator service - 

`[0:] System.Net.Http.HttpClient.Default.LogicalHandler: Information: Start processing HTTP request GET https://mediator.identity.ky/.well-known/agent-configuration
[0:] System.Net.Http.HttpClient.Default.ClientHandler: Information: Sending HTTP request GET https://mediator.identity.ky/.well-known/agent-configuration
Thread started:  #15
[0:] System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception. ---> System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception. ---> Mono.Btls.MonoBtlsException: Ssl error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED`

SubhadeepBanerjee (Tue, 26 Oct 2021 10:39:08 GMT):

@ianco This error is happening due to some issue in the mediator service - 

```[0:] System.Net.Http.HttpClient.Default.LogicalHandler: Information: Start processing HTTP request GET https://mediator.identity.ky/.well-known/agent-configuration
[0:] System.Net.Http.HttpClient.Default.ClientHandler: Information: Sending HTTP request GET https://mediator.identity.ky/.well-known/agent-configuration
Thread started:  #15
[0:] System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception. ---> System.Security.Authentication.AuthenticationException: Authentication failed, see inner exception. ---> Mono.Btls.MonoBtlsException: Ssl error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED`
```

SubhadeepBanerjee (Tue, 26 Oct 2021 10:40:11 GMT):

We have tried many ways to solve this, but no solution so, far, any help on this will be more that appreciated.

LedgerXYZ (Tue, 26 Oct 2021 13:01:02 GMT):

Does anyone know the approx storage size of orgbook's wallet?

Yunxi 3 (Tue, 26 Oct 2021 13:10:05 GMT):



Clipboard - October 26, 2021 2:09 PM

Yunxi 3 (Tue, 26 Oct 2021 13:11:07 GMT):

Thanks both. @daidoji , what commands do you put to ECS task definition to run acapy? i've tried command (the screenshot shows partial commands), but it doesn't run acapy in ECS task properly, but the same command does work if i run them on a VM

LedgerXYZ (Tue, 26 Oct 2021 13:45:58 GMT):

Does anyone know the approx storage size of orgbook's wallet?

WadeBarnes (Tue, 26 Oct 2021 14:14:55 GMT):

For `test` https://test.orgbook.gov.bc.ca/:
```
 table_schema |   table_name   | count_rows | disk_usage 
--------------+----------------+------------+------------
 public       | tags_encrypted |  118763986 | 59 GB
 public       | items          |    3600803 | 23 GB
 public       | metadata       |          1 | 48 kB
 public       | tags_plaintext |          0 | 40 kB
(4 rows)
```
For `prod` https://orgbook.gov.bc.ca/
```
 table_schema |   table_name   | count_rows | disk_usage 
--------------+----------------+------------+------------
 public       | tags_encrypted |  184783016 | 69 GB
 public       | items          |    6848264 | 36 GB
 public       | metadata       |          1 | 48 kB
 public       | tags_plaintext |          0 | 40 kB
(4 rows)
```

LedgerXYZ (Tue, 26 Oct 2021 14:31:47 GMT):

Thanks a bunch.  What tool did you use to retrieve this data?

ianco (Tue, 26 Oct 2021 15:08:07 GMT):

Hi @SubhadeepBanerjee for the first error you reported ("Cannot fetch ACAPy wallet public did") it looks like there is no public DID in the wallet (or an error trying to read the wallet, not enough info to tell).  The second error looks like an SSL certificate error, it doesn't look like it's related to ac-py

ianco (Tue, 26 Oct 2021 15:09:05 GMT):

Can you please provide more info on your setup, and a set of steps I might be able to execute to reproduce your error(s)?  For example, how are you starting your agents, are there any external components you are relying on, etc?  The error messages themselves aren't enough info.

LedgerXYZ (Tue, 26 Oct 2021 15:15:52 GMT):

Following the goal of a decentralized architecture,
I am looking to store the aca-py postgresql storage wallet on a decentralized storage platform.

The two options I have considered are storj and IPFS solutions like orbitdb.  

Storj:  A block storage store that is s3 compatible.  Tools like fuse-s3fs can be used to simulate a filesystem storage on the storj block storage buckets.  In my tests thus far, I haven't been able to get aca-py to create initialization data into the database during acapy start.  My suspicion is that I have an unresolved permission issue between the docker container that run the mounted s3fs storj volume and aca-py containers.

Orbitdb: A distributed database mounted on ipfs nodes.  I have no development implementation of orbitdb yet. It does seem promising as an alternative to the postgresql database.

Does anyone have a reference implementation of aca-py wallet storage using storj, IPFS, or any distributed storage platform.

WadeBarnes (Tue, 26 Oct 2021 15:40:38 GMT):

https://github.com/bcgov/orgbook-configurations/blob/master/openshift/manage

example command:
```
Wade@hvWin10x64 MINGW64 /c/orgbook-configurations/openshift
$ ./manage -p bc -e test getrecordcounts wallet agent_bc_wallet
```

phearaeun (Tue, 26 Oct 2021 17:40:02 GMT):

Unable to accept invite automatically from React Native Mobile App.
```
No corresponding DID found for sender verkey: Bgag2wJexxJE11r5qzATHb3pGkzLsytJ5iZhcSauK8tC
No corresponding DID found for recipient verkey: BKdQQQEFQHoKZjyKizrbb7MZvGadKKV3agStCmAzwxPh
Cannot queue message for delivery, no supported transport
```

ianco (Tue, 26 Oct 2021 17:41:50 GMT):

No reference implementations that I'm aware of

ianco (Tue, 26 Oct 2021 17:43:20 GMT):

However there are a couple of options when starting up with postgres:
1. You can rely on aca-py to build the wallet database - in this scenario you need to provide admin credentials with the necessary privileges
2. You can build the postgres database in advance - in this scenario aca-py will log into the postres database and create the necessary tables for the wallet - in this scenario you need to provide an admin user that has privileges to create tables in an existing database

LedgerXYZ (Tue, 26 Oct 2021 18:17:57 GMT):

I like your option 2 because it's what an acapy docker deployment essentially does. If you're interested in seeing my storj deployment and logs here it is:

LedgerXYZ (Tue, 26 Oct 2021 18:18:20 GMT):

Aca-py logs
https://link.us1.storjshare.io/s/jwpwuba2k5jl77ebrkunsu347cqa/dman/acapy-logs.txt

Wallet db logs
https://link.us1.storjshare.io/s/jwvlgzkrqwtddspfj5skxukzw7ia/dman/wallet-db-logs.txt

S3fs storage logs
https://link.us1.storjshare.io/s/jxyumoflfdtgf52ibixshwto4e4a/dman/s3fs-logs.txt


Docker compose file
https://link.us1.storjshare.io/s/jwww7aex4jmw6wgvzlnx4mmoq27a/dman/docker-compose-test.yaml

LedgerXYZ (Tue, 26 Oct 2021 18:21:27 GMT):

Here is my docker deployment and logs, for those that are interested in referencing / collaborating on a decentralized storage for acapy wallet database:

LedgerXYZ (Tue, 26 Oct 2021 18:21:35 GMT):

Aca-py logs
https://link.us1.storjshare.io/s/jwpwuba2k5jl77ebrkunsu347cqa/dman/acapy-logs.txt

Wallet db logs
https://link.us1.storjshare.io/s/jwvlgzkrqwtddspfj5skxukzw7ia/dman/wallet-db-logs.txt

S3fs storage logs
https://link.us1.storjshare.io/s/jxyumoflfdtgf52ibixshwto4e4a/dman/s3fs-logs.txt


Docker compose file
https://link.us1.storjshare.io/s/jwww7aex4jmw6wgvzlnx4mmoq27a/dman/docker-compose-test.yaml

Yunxi 3 (Wed, 27 Oct 2021 10:51:43 GMT):

Thanks both. @daidoji, when i run my ACA-Py agent in the AWS ECS Fargate, i've got errors. Not sure if you've met them before? I've raised a ticket in the repo and here's the link: https://github.com/hyperledger/aries-cloudagent-python/issues/1458. Could you help? Thanks!

Yunxi 3 (Wed, 27 Oct 2021 10:51:43 GMT):

Thanks both. @daidoji, when i run my ACA-Py agent in the AWS ECS Fargate, i've got errors. Not sure if you've met similar issues before? I've raised a ticket in the repo and here's the link: https://github.com/hyperledger/aries-cloudagent-python/issues/1458. Could you help? Thanks!

ffendt (Wed, 27 Oct 2021 11:55:38 GMT):

Hi there, I just wanted to use the `--ledger-socks-proxy` param of AcaPy with the 0.7.1 docker image, which doesn't seem to work for me. If I get it correct, this param needs the newest indy-sdk, which would mean a newer `von-image`. At least if I build my own AcaPy docker image with an also own-built von-image, I can get the container running and connecting through the socks proxy. Am I doing something wrong here?

analia_meira (Wed, 27 Oct 2021 12:27:48 GMT):

Hello, thank you @etschelp I will try using the jsonld/sign endpoint 
If I have any questions, I ask again here.

WadeBarnes (Wed, 27 Oct 2021 13:11:57 GMT):

What image are you using?

WadeBarnes (Wed, 27 Oct 2021 13:15:14 GMT):

`bcgovimages/aries-cloudagent:py36-1.16-1_0.7.1` should contain `indy-sdk` `1.16` and `aca-py` `0.7.1`.

GuilhermeFunchal (Thu, 28 Oct 2021 00:49:07 GMT):

Hello, When the issuer create some credential in json-ld format the ACA-Py return credential id, but to delete or view that credential in user mode is need the recipient_id from credential. 

How I get this key whem issuer create the credential ?

jcourt (Thu, 28 Oct 2021 02:41:31 GMT):

NM not all things open are open :-)

ffendt (Thu, 28 Oct 2021 04:30:32 GMT):

I used `bcgovimages/aries-cloudagent:py36-1.16-1_0.7.1`, but `indy-sdk` `1.16` was built in 02.2021 (see [indy-sdk releases](https://github.com/hyperledger/indy-sdk/releases)), the support for setting the socks proxy [was merged in july](https://github.com/hyperledger/indy-sdk/pull/2400).

ffendt (Thu, 28 Oct 2021 04:30:32 GMT):

I used `bcgovimages/aries-cloudagent:py36-1.16-1_0.7.1`, but `indy-sdk` `1.16` was built in 02.2021 (see [indy-sdk releases](https://github.com/hyperledger/indy-sdk/releases) ), the support for setting the socks proxy [was merged in july](https://github.com/hyperledger/indy-sdk/pull/2400).

ffendt (Thu, 28 Oct 2021 04:34:24 GMT):

So if I get it right, there is no official release of `indy-sdk` with support for setting the socks proxy yet. Or am I totally overlooking something here?

etschelp (Thu, 28 Oct 2021 08:21:37 GMT):

Not sure if I got the question right, but for the v2 transactions there is now a different event type called issue_credential_v2_0_xxxx  that has the `cred_id_stored`  field that you can use to get or delete the credential from the admin api.

TimoGlastra (Thu, 28 Oct 2021 09:12:47 GMT):

Documents have been made public again

TimoGlastra (Thu, 28 Oct 2021 09:13:00 GMT):

Documents have been made public again

WadeBarnes (Thu, 28 Oct 2021 13:34:09 GMT):

Correct, that feature is not contained in an official release yet.

GuilhermeFunchal (Thu, 28 Oct 2021 23:05:25 GMT):

Thanks, Whem the issuer create some credential the "cred_id_stored" is the same

GuilhermeFunchal (Thu, 28 Oct 2021 23:05:25 GMT):

Thanks, Whem the issuer create some credential the "cred_id_stored" I can store to remove ou revoke ?

GuilhermeFunchal (Thu, 28 Oct 2021 23:05:25 GMT):

Thanks, When the issuer create some credential the "cred_id_stored" I can store to remove ou revoke ?

ffendt (Fri, 29 Oct 2021 05:38:08 GMT):

Okay, thank you

etschelp (Fri, 29 Oct 2021 08:06:46 GMT):

On the issuer side you can take the `cred_ex_id`  from the `issue_credential_v2_0` event (states: credential_issued or done) to either manually delete the credential exchange record, or revoke the credential. On the holder side you need to get the `cred_id_stored`  from the (second I believe)`issue_credential_v2_0_xxxx` event to be able to delete it or check its revocation status.

GuilhermeFunchal (Sat, 30 Oct 2021 14:12:31 GMT):

Can I issue a credential that can be made public?

swcurran (Sat, 30 Oct 2021 17:13:39 GMT):

Depends on what you mean by that. Do you have a use case you are thinking about?

You can issue Indy AnonCreds to a public holder from which anyone can request a presentation.

With W3C credentials, VCs can be transferred as the holder is not tied to the credential like they are with Indy AnonCreds.

GuilhermeFunchal (Sat, 30 Oct 2021 21:55:27 GMT):

Do you know openbadges(https://openbadges.org/)?  They are used to create micro public credentials for course degrees or professional certifications and which can be posted on social media and LinkedIn. I think it would be really interesting to have something like that.

GuilhermeFunchal (Sat, 30 Oct 2021 21:55:27 GMT):

Do you know openbadges(https://openbadges.org/)?  They are used to create micro public credentials for course degrees or professional certifications and which can be posted on social media and LinkedIn. I think it would be really interesting to have something like that. 
I'm currently working on a project to store credentials in json -ld created on a badge server in Hyperledger Indy using ACA-Py.

jcourt (Sun, 31 Oct 2021 21:26:57 GMT):

@swcurran I clearly need to read up on the W3C VC status as if this is true, I hope it doesn't open up the whole identity theft issue in just a different form by turning them into bearer credentials : 
```
With W3C credentials, VCs can be transferred as the holder is not tied to the credential like they are with Indy AnonCreds.
```

jcourt (Sun, 31 Oct 2021 21:36:24 GMT):

hmm maybe you were referring to section `7.9 Bearer Credentials` which highlights its purpose and concerns around privacy when used.

jcourt (Sun, 31 Oct 2021 21:36:24 GMT):

hmm maybe you were referring to section `7.9 Bearer Credentials` which highlights its purpose and concerns around privacy when used.
https://www.w3.org/TR/vc-data-model/#bearer-credentials

GuilhermeFunchal (Mon, 01 Nov 2021 11:16:23 GMT):

Is it possible to create these types of credential with the ACA?

swcurran (Mon, 01 Nov 2021 17:20:45 GMT):

Yes -- in the 0.7.0 release we added support for two types of W3C VCs.  Look in the demos folder for the article on "Using JSON-LD Credentials".

swcurran (Mon, 01 Nov 2021 19:44:18 GMT):

Join us for the ACA-Py User Group this Tuesday (Nov. 2) at 8AM Pacific (15:00 UTC). We'll have the core maintainers on the call to answer any questions -- other topics are below.

**NOTE: New time for Europe -- 16:00 CET**

Zoom link: https://zoom.us/j/6223336701?pwd=dkJKdHRlc3dNZEdKR1JYdW40R2pDUT09

Link to meeting agenda page: https://wiki.hyperledger.org/display/ARIES/2021-11-02+Aries+Cloud+Agent+-+Python+Users+Group+Community+Meeting

Everyone is welcome!

- Review of PRs for 0.7.2 Final -- anything to be added?
- TBD
- AMA (as time permits)

swcurran (Mon, 01 Nov 2021 19:44:18 GMT):

Join us for the ACA-Py User Group this Tuesday (Nov. 2) at 8AM Pacific (15:00 UTC). We'll have the core maintainers on the call to answer any questions -- other topics are below.

**NOTE: Temporary new time for Europe -- 16:00 CET**

Zoom link: https://zoom.us/j/6223336701?pwd=dkJKdHRlc3dNZEdKR1JYdW40R2pDUT09

Link to meeting agenda page: https://wiki.hyperledger.org/display/ARIES/2021-11-02+Aries+Cloud+Agent+-+Python+Users+Group+Community+Meeting

Everyone is welcome!

- Review of PRs for 0.7.2 Final -- anything to be added?
- TBD
- AMA (as time permits)

etschelp (Tue, 02 Nov 2021 08:44:45 GMT):

Hey. I'm trying to send a indy proof proposal via /present-proof-2.0/send-proposal, as I learned this endpoint expects a proof request vs the v1 proposal. Not sure how this is supposed to work, but I guess I have to send a very specific proof request that describes my proposal as close as possible. So this is my payload:

```
{
    "by_format": {
        "pres_proposal": {
            "indy": {
                "name": "Test V2",
                "version": "2.0",
                "requested_attributes": {
                    "iban": {
                        "name": "iban",
                        "restrictions": [
                            {
                                "schema_id": "M6Mbe3qx7vB4wpZF4sBRjt:2:bank_account:1.0",
                                "cred_def_id": "EraYCDJUPsChbkw7S1vV96:3:CL:571:bob-bank-04",
                                "attr::iban::value": "mytestvalue"
                            }
                        ]
                    }
                },
                "requested_predicates": {}
            }
        }
    }
}
```

This works on the proofing side, but the verifier logs the following exception:

```
2021-11-01 14:42:08,959 aries_cloudagent.core.conductor ERROR Exception in message handler:
Traceback (most recent call last):
  File "/home/indy/.pyenv/versions/3.6.13/lib/python3.6/site-packages/aries_cloudagent/core/dispatcher.py", line 197, in handle_message
    await handler(context, responder)
  File "/home/indy/.pyenv/versions/3.6.13/lib/python3.6/site-packages/aries_cloudagent/protocols/present_proof/v2_0/handlers/pres_proposal_handler.py", line 64, in handle
    comment=context.message.comment,
  File "/home/indy/.pyenv/versions/3.6.13/lib/python3.6/site-packages/aries_cloudagent/protocols/present_proof/v2_0/manager.py", line 135, in create_bound_request
    request_data,
  File "/home/indy/.pyenv/versions/3.6.13/lib/python3.6/site-packages/aries_cloudagent/protocols/present_proof/v2_0/formats/indy/handler.py", line 117, in create_bound_request
    indy_proof_request["name"] = request_data.get("name") or "proof-request"
AttributeError: 'NoneType' object has no attribute 'get'
```
By looking at the handler this kind of makes sense, because the variable that handles the request is assigned as a None type. At least as far as I understand it.
````
    async def create_bound_request(
        self,
        pres_ex_record: V20PresExRecord,
        request_data: dict = None,
    )
        // ...
        indy_proof_request["name"] = request_data.get("name") or "proof-request"
```

Yunxi 3 (Tue, 02 Nov 2021 09:43:03 GMT):

Hello all, not sure if this is the right channel for questions related to indy tails server. If not, please advise which channel is the right one. I've got a few questions on indy tails server.

Yunxi 3 (Tue, 02 Nov 2021 09:43:03 GMT):

Hello all, not sure if this is the right channel for questions related to indy tails server. If not, please advise which channel is the right one. I've got a few questions on indy tails server.	Thanks in advance. Q1. Is this the official docker image (https://hub.docker.com/r/kivaprotocol/tails-server) for indy-tails server? If not, is there an official image available?
Q2. When running Indy-tails server, even though I specify a value for --port option, port mapping is not available in my container (see screenshot). What's the reason?
Q3. I see ports mapping (e.g. 6543, 4044,4040) are used in the docker-compose file in indy-tails-server repo, could anyone explain if these ports are used for inbound or outbound traffic? 
Q4. Related to Q3, for each inbound traffic ports, from what services the tails server is expecting to receive? And same for outbound traffic ports as well.

Yunxi 3 (Tue, 02 Nov 2021 09:43:03 GMT):

Hello all, not sure if this is the right channel for questions related to indy tails server. If not, please advise which channel is the right one. I've got a few questions on indy tails server.	Q1. Is this the official docker image (https://hub.docker.com/r/kivaprotocol/tails-server) for indy-tails server? If not, is there an official image available?
Q2. When running Indy-tails server, even though I specify a value for --port option, port mapping is not available in my container (see screenshot). What's the reason?
Q3. I see ports mapping (e.g. 6543, 4044,4040) are used in the docker-compose file in indy-tails-server repo, could anyone explain if these ports are used for inbound or outbound traffic? 
Q4. Related to Q3, for each inbound traffic ports, from what services the tails server is expecting to receive? And same for outbound traffic ports as well.```
Thanks in advance. 
```

Yunxi 3 (Tue, 02 Nov 2021 09:43:03 GMT):

Hello all, not sure if this is the right channel for questions related to indy tails server. If not, please advise which channel is the right one. I've got a few questions on indy tails server.	Q1. Is this the official docker image (https://hub.docker.com/r/kivaprotocol/tails-server) for indy-tails server? If not, is there an official image available?
Q2. When running Indy-tails server, even though I specify a value for --port option, port mapping is not available in my container (see screenshot). What's the reason?
Q3. I see ports mapping (e.g. 6543, 4044,4040) are used in the docker-compose file in indy-tails-server repo, could anyone explain if these ports are used for inbound or outbound traffic? 
Q4. Related to Q3, for each inbound traffic ports, from what services the tails server is expecting to receive? And same for outbound traffic ports as well.```
Thanks in advance.
```

Yunxi 3 (Tue, 02 Nov 2021 09:43:03 GMT):

Hello all, not sure if this is the right channel for questions related to indy tails server. If not, please advise which channel is the right one. I've got a few questions on indy tails server.	Q1. Is this the official docker image (https://hub.docker.com/r/kivaprotocol/tails-server) for indy-tails server? If not, is there an official image available?
Q2. When running Indy-tails server, even though I specify a value for --port option, port mapping is not available in my container (see screenshot). What's the reason?
Q3. I see ports mapping (e.g. 6543, 4044,4040) are used in the docker-compose file in indy-tails-server repo, could anyone explain if these ports are used for inbound or outbound traffic? 
Q4. Related to Q3, for each inbound traffic ports, from what services the tails server is expecting to receive? And same for outbound traffic ports as well.
Thanks in advance.

Yunxi 3 (Tue, 02 Nov 2021 09:50:54 GMT):



Clipboard - November 2, 2021 9:50 AM

Yunxi 3 (Tue, 02 Nov 2021 09:51:20 GMT):



Clipboard - November 2, 2021 9:51 AM

swcurran (Tue, 02 Nov 2021 10:36:26 GMT):

The repo for Tails Server is here: https://github.com/bcgov/indy-tails-server

swcurran (Tue, 02 Nov 2021 10:36:58 GMT):

@WadeBarnes -- where is the openshift configuration for the indy-tails-servers that BC Gov is running?

Yunxi 3 (Tue, 02 Nov 2021 12:47:58 GMT):

Hell @swcurran , i know where the official repo for tails server is, my Q1 is about if there is an official docker image/repo for this.

WadeBarnes (Tue, 02 Nov 2021 13:15:40 GMT):

OCP configurations are here; https://github.com/bcgov/a2a-trust-over-ip-configurations/tree/master/openshift/templates/tails-server

WadeBarnes (Tue, 02 Nov 2021 13:16:24 GMT):

There is no official docker image/repo for https://github.com/bcgov/indy-tails-server

WadeBarnes (Tue, 02 Nov 2021 13:16:24 GMT):

There is no official docker image/repo for `Dockerfile.tails-server` from https://github.com/bcgov/indy-tails-server

WadeBarnes (Tue, 02 Nov 2021 13:27:02 GMT):

Q1 - No that is not the official repo, there is no official docker repo for `indy-tails-server`.
Q2 - I don't see a screenshot.
Q3, Q4 - port 6543 is the only port used by `indy-tails-server`, the other ports you see are for `ngrok`.  As for the expected communication, have a look at the tests (https://github.com/bcgov/indy-tails-server/blob/master/test/integration.py) to get a high level idea.

Yunxi 3 (Tue, 02 Nov 2021 13:31:01 GMT):

@WadeBarnes, the screenshots are right below our current conversation

Yunxi 3 (Tue, 02 Nov 2021 13:31:02 GMT):



Clipboard - November 2, 2021 1:31 PM

WadeBarnes (Tue, 02 Nov 2021 13:39:55 GMT):

The docker command you are using to start `indy-tail-server` is passing the command line arguments to the server it needs to listen on a given port via `--port`, you are missing the docker command line options for the port mapping.

WadeBarnes (Tue, 02 Nov 2021 13:39:55 GMT):

The docker command you are using to start `indy-tail-server` is passing the command line arguments to the server it needs to listen on a given port via `--port`, you are missing the docker command line options for the port mapping needed to expose the port on the container.

WadeBarnes (Tue, 02 Nov 2021 13:42:01 GMT):

```
$ docker run --help

  ...

  -p, --publish list                   Publish a container's port(s) to
                                       the host

  ...
```

WadeBarnes (Tue, 02 Nov 2021 13:43:56 GMT):

The docker command line  equivalent of this docker-compose section:
```
https://github.com/bcgov/indy-tails-server/blob/master/docker/docker-compose.yml#L14-L15
```

Yunxi 3 (Tue, 02 Nov 2021 16:39:09 GMT):

thanks @WadeBarnes. Got two questions. Q1. If only port 6543 is needed, why do we need port mapping 4044:4040 by using the ngrok? Q2. Why do we use port mapping 4044:4040 in ngrok, not 6543:6543?

Yunxi 3 (Tue, 02 Nov 2021 16:39:09 GMT):

thanks @WadeBarnes. Got two questions. Q1. If only port 6543 is needed, why do we need port mapping 4044:4040 by using the ngrok in the current docker compose file? Q2. Why do we use port mapping 4044:4040 in ngrok, not 6543:6543?

WadeBarnes (Tue, 02 Nov 2021 16:45:31 GMT):

ngrok is used for name resolution for development.

WadeBarnes (Tue, 02 Nov 2021 16:45:31 GMT):

ngrok is used for name resolution for development level testing.

usingetechnology (Tue, 02 Nov 2021 19:16:19 GMT):

After listening to dave

usingetechnology (Tue, 02 Nov 2021 19:16:19 GMT):

After listening to dave's proxy presentation this morning, is there any proposals to change the connection protocol? to make that hierarchical? seems like that would be a place to do it. little different than his scenario of having one wallet... i'd still envision each division or branch would have its own wallet and controller, but the change would be more like connect to the province, and it would then expose its hierarchy of sub-connections, maybe with configuration that its subs would automatically recognize or accept anything with a connection from its parent.  apps would have to change to expect that tree, but effectively, connect once, open up that connection and see all sub connections. any interaction would be with the sub-unit directly - messages, offers, etc.

ianco (Tue, 02 Nov 2021 19:32:49 GMT):

I'd like to see what the UX folks can propose, for handling multiple (possibly related) connections

GuilhermeFunchal (Tue, 02 Nov 2021 23:51:48 GMT):

@swcurran I'm already creating the credentials in json-ld format, so I didn't understand how to make them public.

SubhadeepBanerjee (Wed, 03 Nov 2021 11:36:52 GMT):

Hey @ianco, hope you are doing great. I got the answer from my team, see the problem is because of the SSL issue in the mediator server, the SSL handshake in the Apps end is returning this error, we have tried many ways, but we could not solve it, let me know if I need to provide any more info on this.

etschelp (Wed, 03 Nov 2021 12:53:22 GMT):

Generally, I feel this is addressing a symptom of a system that was originally designed for individuals and things rather than organizations. Nevertheless, this is a valid approach, but still I’m asking myself if this is not better addressed on the diddoc level in the long run (or addressed as well). As a diddoc can have multiple services each sub controller could have an own entry here. Like this both (controller and did) could be bound together on a cryptographic level, and you will lose this with the proxy approach. So, my thinking goes a bit into the multi controller diddoc direction. 

Also, you probably need to exclude all use cases where a client wallet initiates a request as you do not know where to route it, except for maybe credential requests where you could do a routing by credential definition id, which would require an internal registry/mapping.

usingetechnology (Wed, 03 Nov 2021 17:01:06 GMT):

that's interesting @etschelp - great insight.

swcurran (Wed, 03 Nov 2021 18:35:09 GMT):

Sort of comes back to the question of what does public mean.  But those credentials you create need not be specifically tied to the holder, and so can be published somewhere (perhaps as files on a server, or sent as attachments in an email, or even posted on Social Media) and verified by whomever can see them.  They are very ugly JSON, so perhaps you can embed them in something...

There is no functionality in ACA-Py to publish such credentials in the way we are talking, but a controller could probably be created to do that -- grab the credential and publish it somewhere.  But in (for example) orgbook.gov.bc.ca, we issue the credentials to a public website and anyone can see the credentials and a proof of the credentials.

Yunxi 3 (Thu, 04 Nov 2021 15:00:59 GMT):

@WadeBarnes, could you explain a bit more on how port number4044,4040 can help the name resolution here?

Yunxi 3 (Thu, 04 Nov 2021 16:48:04 GMT):

think i've figured it out, 4040 is the default port used in ngrok for its webui

Yunxi 3 (Thu, 04 Nov 2021 17:17:25 GMT):

@WadeBarnes, is it only the ACA-Py agent that will write data to tails server? For instance, assuming I have my ACA-Py agents and tails server in the same private network, i'm only expecting my ACA-Py agents to write date to my tails server, then no need to expose tails server to the Internet. Is my understanding correct?

Yunxi 3 (Thu, 04 Nov 2021 17:17:25 GMT):

@WadeBarnes and @swcurran , is it only the ACA-Py agent that will write data to tails server? For instance, assuming I have my ACA-Py agents and tails server in the same private network, i'm only expecting my ACA-Py agents to write date to my tails server, then no need to expose tails server to the Internet. Is my understanding correct?

Yunxi 3 (Thu, 04 Nov 2021 17:17:25 GMT):

@WadeBarnes and @swcurran , is it only the ACA-Py agent that will write data to tails server? For instance, assuming I have my ACA-Py agents and tails server in the same private network, i'm only expecting my ACA-Py agents (no any external ACA-Py agents for the time being) to write date to my tails server, then no need to expose tails server to the Internet. Is my understanding correct?

WadeBarnes (Fri, 05 Nov 2021 13:52:16 GMT):

https://github.com/bcgov/indy-tails-server#additional-notes

WadeBarnes (Fri, 05 Nov 2021 13:53:20 GMT):

Agents attempting to verify revocable credentials you have issued will need access to read from the tails sever.

Yunxi 3 (Fri, 05 Nov 2021 13:57:41 GMT):

I understand this, but if currently only my ACA-Py agents need to verify credentials, then no need to expose tails server to the Internet, correct?

Yunxi 3 (Fri, 05 Nov 2021 13:57:41 GMT):

I understand this, but if currently only my ACA-Py agents need to verify credentials as they sit in the same private network with the tails server, then no need to expose tails server to the Internet, correct?

Yunxi 3 (Fri, 05 Nov 2021 13:57:41 GMT):

@WadeBarnes , I understand this, but if currently only my ACA-Py agents need to verify credentials as they sit in the same private network with the tails server, then no need to expose tails server to the Internet, correct?

swcurran (Fri, 05 Nov 2021 14:44:02 GMT):

Correct.  The Rev Registry contains a URL for the tails file. That needs to be accessible to all holders.  Usually, that means publicly accessible on the Internet, but if your holders are internal, then the tails server can be internal as well.

Yunxi 3 (Fri, 05 Nov 2021 15:03:54 GMT):

Thanks for the answer @swcurran and @WadeBarnes. Can anyone help me sort out an issue i've got for the tails server? i've raised an issue in this url: https://github.com/bcgov/indy-tails-server/issues/23. Thanks

Yunxi 3 (Fri, 05 Nov 2021 15:03:54 GMT):

Thanks for the answer @swcurran and @WadeBarnes . Can anyone help me sort out an issue i've got for the tails server? i've raised an issue in this url: https://github.com/bcgov/indy-tails-server/issues/23. Thanks

Yunxi 3 (Fri, 05 Nov 2021 15:27:46 GMT):

@swcurran  and @WadeBarnes , got a side question on tails server. Is it possible for an ACA-Py agent to connect to multiple tails servers? Imagine a scenario, I have my acapy agents currently using my own tail server, someone else has his/her acapy agents currently using his/her tails server. if we decide to enable our acapy agents to communicate with each other, this mean our acapy agents need to connect to both tails servers for checking credential revocation. How do we make this scenario happen?

Yunxi 3 (Fri, 05 Nov 2021 15:27:46 GMT):

@swcurran  and @WadeBarnes , got a side question on tails server. Is it possible for an ACA-Py agent to connect to multiple tails servers? Imagine a scenario, I have my acapy agents currently using my own tail server, someone else has his/her acapy agents currently using his/her tails server. if we decide to have our acapy agents to communicate with each other for collobration, this mean our acapy agents need to connect to both tails servers for checking credential revocation. How do we make this scenario happen?

swcurran (Fri, 05 Nov 2021 15:30:10 GMT):

There is a difference between reading and writing.  An ACA-Py issuer instance only knows about one tails servers and uses that for all Cred Defs it creates and issues.  However, an ACA-Py instance that is a holder will use any URL that returns a tails file -- any tails server, or even another place that tails files are stored.

Yunxi 3 (Mon, 08 Nov 2021 09:35:27 GMT):

Thanks for the answer @swcurran. Does a holder have access to multi tails servers when it's running or it can only access one and have to stop, redeploy to get another one? In practice, how does this work e.g. which ACA-Py flag is used to get multi tails files? Does a verifier have the same behaviour as the holder?

Yunxi 3 (Mon, 08 Nov 2021 09:35:27 GMT):

Thanks for the answer @swcurran . Does a holder have access to multi tails servers when it's running or it can only access one and have to stop, redeploy to get another one? In practice, how does this work e.g. which ACA-Py flag is used to get multi tails files? Does a verifier have the same behaviour as the holder?

analia_meira (Mon, 08 Nov 2021 12:42:04 GMT):

Hello, I'm signed using the jsonld/sign endpoint but I will try using the jsonld/verifiy endpoint to verification and I'm getting an error message:

analia_meira (Mon, 08 Nov 2021 12:42:04 GMT):

Hello, I'm signed using the jsonld/sign endpoint but I will try using the jsonld/verifiy endpoint to verification and I'm getting an error message:
{
  "valid": false,
  "error": "in proof, set() attributes dropped. Provide definitions in context to correct."
}
To compose the body of this endpoint I put in doc the response of what was signed and verkey.

analia_meira (Mon, 08 Nov 2021 12:42:04 GMT):

Hello, I'm signed using the jsonld/sign endpoint but I will try using the jsonld/verifiy endpoint to verification and I'm getting an error message:
{
  "valid": false,
  "error": "in proof, set() attributes dropped. Provide definitions in context to correct."
}
To compose the body of this endpoint I put in doc the response of what was signed and verkey.
can anybody help me?

IgorSim (Mon, 08 Nov 2021 20:12:20 GMT):

Hi, i have one question regarding 'general guidelines and principles' when designing controller DB. I know this is very application and use-case specific but for example agent 'secure storage' is encrypted does it mean that controller DB should also be encrypted or some information can be kept plain text as long as they don't reveal any meaningful information? Are there some boundaries what should be kept and even more important what shouldn't be kept in controller DB?

swcurran (Mon, 08 Nov 2021 23:04:19 GMT):

A controller DB is a business application and so should be managed as you would any business application.  For example, if the Agent is an issuer for a University degree credentials, the controller is likely connected to the Student Information System at the University and holds that information.  Anything extra needed to be stored related to the issuing of a credential to a student might be stored in some added tables to that database -- e.g. ID for the issued credentials to the student, the ID for the connection to the student and so on.

As you note, it's use case specific. but hopefully that gives you some thought as to how to think about it.

Note that the data in the agent DB must be protected with the extra encryption/control as it includes private keys that must be properly protected to prevent loss.

swcurran (Mon, 08 Nov 2021 23:08:09 GMT):

From the holders perspective, the tails file location is a URL -- nothing more or less. As long as it can resolve that URL and get back a tails file, it doesn't matter.  A holder doesn't know about a tails server -- to a holder, a tails server just looks like any other web server holding the tails file it needs.

jcourt (Tue, 09 Nov 2021 05:03:46 GMT):

Is there any guidelines on how accurate revocation time is ?  I am trying to write automation tests that check proof presentations of a revoked credential in two situations : 
1)  A proof request with time restrictions that are AFTER the revocation was performed and the ledger updated.  This works
2) A proof request with time restrictions that fall within the period the credential was issued and not yet revoked. This is failing verification.

jcourt (Tue, 09 Nov 2021 05:03:46 GMT):

Is there any guidelines on how accurate revocation time is ?  I am trying to write automation tests that check proof presentations of a revoked credential in two situations : 
1)  A proof request with time restrictions that are AFTER the revocation was performed and the ledger updated.  This works
2) A proof request with time restrictions that fall within the period the credential was issued and not yet revoked. This is failing verification.

I am just wondering if there is any ambiguity in the time windows that can be checked to see if a now revoked credential was valid ?

ianco (Tue, 09 Nov 2021 14:02:38 GMT):

These scenarios should be covered in the existing AATH test suite, @sheldon.regular ?

ianco (Tue, 09 Nov 2021 14:02:47 GMT):

Is this the same as your scenario 2?  https://github.com/hyperledger/aries-agent-test-harness/blob/main/aries-test-harness/features/0183-revocation.feature#L222

sheldon.regular (Tue, 09 Nov 2021 14:24:12 GMT):

#1 is covered in the revocation tests in AATH. #2 is as Ian states I believe, but it is in WIP. That test is difficult to do in an automated way. Since it all happens in seconds, it's hard to get a non-revocation instant that falls between the issue and the revoke. The test is probably close, and could be made to work with a little work.  Probably needs a pause/sleep() after the issue and before the cred to give some time to work with. 
Thinking back now, IIRC Acapy doesn't work with that granular of time. That maybe why I put it as WIP and left it.

ianco (Tue, 09 Nov 2021 15:49:42 GMT):

I think the only way to automate the #2 scenario is with a looooong pause/sleep

Yunxi 3 (Tue, 09 Nov 2021 16:38:53 GMT):

Do you mean "from the *verifier*'s perspective ...."? In practice, as there is an `--tails-server-base-url` flag when running an ACA-Py, to access multi tails servers, does ACA-Py can run with multiple `--tails-server-base-url` flag?

swcurran (Tue, 09 Nov 2021 17:52:15 GMT):

Verifiers don't need the tails file (99% sure -- I'll confirm).  The Holder needs it to produce the "proof of non-revocation".  The Verifier only needs to get the correct RevRegEntry (referenced in the proof) from the ledger to verify the proof -- they don't need the tails file itself.

sauveergoel (Tue, 09 Nov 2021 19:36:16 GMT):

how can I export a JSON-LD format of the issued credential from ACA-Py cloudagent

sauveergoel (Tue, 09 Nov 2021 19:36:16 GMT):

how can I export a JSON-LD(W3C) format of the issued credential from ACA-Py cloudagent

sauveergoel (Tue, 09 Nov 2021 19:36:16 GMT):

how can I export a JSON-LD(W3C) format of the issued credential from ACA-Py cloudagent

sample:

`{
    "@context": [
        "https://www.w3.org/2018/credentials/v1",
        "https://www.w3.org/2018/credentials/examples/v1"
    ],
    "id": "https://yqs3j2p1k9.execute-api.us-east-1.amazonaws.com/prod/credentials/d98b8f50-c472-11eb-97fb-cbf4e5918c09",
    "type": [
        "VerifiableCredential",
        "UniversityDegreeCredential"
    ],
    "issuer": "https://mercury-credentials-public-tb0172-prod.s3.us-east-1.amazonaws.com/controller.json",
    "issuanceDate": "2021-06-01T12:00:00.000Z",
    "credentialSubject": {
        "id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
        "degree": "Bachelor of Science",
        "degreeType": "BachelorDegree",
        "degreeSchool": "Mercury University"
    },
    "proof": {
        "type": "Ed25519Signature2018",
        "created": "2021-06-03T13:51:52Z",
        "jws": "eyJhbGciOiJFZERTQSIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..8YIj2tG6HoiDKw476_ElxcCFiCTr89jHX24Osr1zgklp0Sgfkgx-ipu6Li5og4wtLGMoa7__xJpcHWHzwWZoCQ",
        "proofPurpose": "assertionMethod",
        "verificationMethod": "https://mercury-credentials-public-tb0172-prod.s3.us-east-1.amazonaws.com/publicKey.json"
    }
}`

sauveergoel (Tue, 09 Nov 2021 19:36:16 GMT):

how can I export a JSON-LD(W3C) format of the issued credential from ACA-Py cloudagent

sample:

> {
    "@context": [
        "https://www.w3.org/2018/credentials/v1",
        "https://www.w3.org/2018/credentials/examples/v1"
    ],
    "id": "https://yqs3j2p1k9.execute-api.us-east-1.amazonaws.com/prod/credentials/d98b8f50-c472-11eb-97fb-cbf4e5918c09",
    "type": [
        "VerifiableCredential",
        "UniversityDegreeCredential"
    ],
    "issuer": "https://mercury-credentials-public-tb0172-prod.s3.us-east-1.amazonaws.com/controller.json",
    "issuanceDate": "2021-06-01T12:00:00.000Z",
    "credentialSubject": {
        "id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
        "degree": "Bachelor of Science",
        "degreeType": "BachelorDegree",
        "degreeSchool": "Mercury University"
    },
    "proof": {
        "type": "Ed25519Signature2018",
        "created": "2021-06-03T13:51:52Z",
        "jws": "eyJhbGciOiJFZERTQSIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..8YIj2tG6HoiDKw476_ElxcCFiCTr89jHX24Osr1zgklp0Sgfkgx-ipu6Li5og4wtLGMoa7__xJpcHWHzwWZoCQ",
        "proofPurpose": "assertionMethod",
        "verificationMethod": "https://mercury-credentials-public-tb0172-prod.s3.us-east-1.amazonaws.com/publicKey.json"
    }
}

sauveergoel (Tue, 09 Nov 2021 19:36:16 GMT):

how can I export a JSON-LD(W3C) format of the issued credential from ACA-Py cloudagent

sample:

{
    "@context": [
        "https://www.w3.org/2018/credentials/v1",
        "https://www.w3.org/2018/credentials/examples/v1"
    ],
    "id": "https://yqs3j2p1k9.execute-api.us-east-1.amazonaws.com/prod/credentials/d98b8f50-c472-11eb-97fb-cbf4e5918c09",
    "type": [
        "VerifiableCredential",
        "UniversityDegreeCredential"
    ],
    "issuer": "https://mercury-credentials-public-tb0172-prod.s3.us-east-1.amazonaws.com/controller.json",
    "issuanceDate": "2021-06-01T12:00:00.000Z",
    "credentialSubject": {
        "id": "did:example:ebfeb1f712ebc6f1c276e12ec21",
        "degree": "Bachelor of Science",
        "degreeType": "BachelorDegree",
        "degreeSchool": "Mercury University"
    },
    "proof": {
        "type": "Ed25519Signature2018",
        "created": "2021-06-03T13:51:52Z",
        "jws": "eyJhbGciOiJFZERTQSIsImI2NCI6ZmFsc2UsImNyaXQiOlsiYjY0Il19..8YIj2tG6HoiDKw476_ElxcCFiCTr89jHX24Osr1zgklp0Sgfkgx-ipu6Li5og4wtLGMoa7__xJpcHWHzwWZoCQ",
        "proofPurpose": "assertionMethod",
        "verificationMethod": "https://mercury-credentials-public-tb0172-prod.s3.us-east-1.amazonaws.com/publicKey.json"
    }
}

TimoGlastra (Tue, 09 Nov 2021 21:29:24 GMT):

You can use the `/credential/w3c/{credential_id}` endpoint to get the credential, then the `cred_value` should contain the JSON-LD vc as issued

jcourt (Wed, 10 Nov 2021 03:38:20 GMT):

I am still trying to understand this so any pointers appreciated.  I have checked the ledger REVOC_REG_ENTRY entries and there are definitely two for my credential definition.  The initial and then the update when the credential was revoked and published. The transaction timestamps make sense. 

I have also double checked the presentation exchange record after verification completes and the restriction timestamps are definitely inside the window of the ledger REVOC_REG_ENTRY writes.

The verification how ever comes back as false. Copying the ledger entries and the presentation record here for anyone interested. 

```
```

jcourt (Wed, 10 Nov 2021 03:46:19 GMT):

Sorry guys I was just typing up a long response and hadn't realised you had replied.  Let me spend time understanding your responses :-)

jcourt (Wed, 10 Nov 2021 04:03:30 GMT):

So yes my automation tests for revocation have taken a long time to get close to working :-).  First I had to implement a selenium date time picker control concept since I am testing a UI. 

Anyway I have a wait of 40sec between issuing the credential and revoking it to give me a decent window.  I then use the "updated_at" value from the issuers credential exchange record to frame the time restriction on the proof request figuring this is most likely close to when the credential was finally minted. Then add 5 secs to the update_at to get the window start and +10secs for the window end.  

Ohh shit, I just looked at the model in detail whilst walking through this response and I think I am providing milliseconds to the non_revoked element rather than seconds!  Walking through the thought process with someone always helps ! Let me see if that is it and get back to you.

jcourt (Wed, 10 Nov 2021 05:00:42 GMT):

Yep that looks like it was the problem. I double checked the swagger model and it doesn't state that the time is seconds, I just assumed milliseconds because that's what the JS Date object resolves to.
Thanks !!!!

Yunxi 3 (Wed, 10 Nov 2021 09:49:39 GMT):

Thanks @swcurran, I'll wait for your final confirmation on the verifier. If the Holder needs to get the tails file to produce the "proof of non-revocation", my question still remains. Does ACA-Py currently support the holder to get different tails  files used by different issuers in practice?

Yunxi 3 (Thu, 11 Nov 2021 10:22:13 GMT):

Hello @swcurran , got some other questions about tails server. 1. what's the maximum size of a tails server we can set (i know you mentioned 10k to 20k should be enough)? 2. for each revocation recored, what's the average size ? because by knowing answers for 1 and 2, we can get a rough idea about how many revocation is supported in a tails server. 3. where is data stored in tails server? currently, the tails server is a container, but we know containers are ephemeral. So does tails server also support external storage (e.g. db, file system) for data persistence in a production environment?

WadeBarnes (Thu, 11 Nov 2021 13:39:05 GMT):

The tails server instances we (BC Gov) host are hosted in OpenShift.  We mount persistent volumes on the folder(s) containing the tails files; https://github.com/bcgov/a2a-trust-over-ip-configurations/blob/master/openshift/templates/tails-server/tails-server-deploy.yaml#L151-L153

pawel.kowalik (Thu, 11 Nov 2021 15:53:08 GMT):

Has joined the channel.

pawel.kowalik (Thu, 11 Nov 2021 16:00:47 GMT):

hi, I'm trying to issue a JSON-LD credential using aca-py. I replayed this demo description https://github.com/hyperledger/aries-cloudagent-python/blob/main/demo/AliceWantsAJsonCredential.md

pawel.kowalik (Thu, 11 Nov 2021 16:00:47 GMT):

hi, I'm trying to issue a JSON-LD credential using aca-py. I replayed this demo description https://github.com/hyperledger/aries-cloudagent-python/blob/main/demo/AliceWantsAJsonCredential.md
In the description it writes to put Alice's `did:key` into `credentialSubject.id` which works fine when I copy-paste between Alice and Faber.
The difficulty I have is to figure out how Faber would actually get Alice's `did:key` over the wire, because the connection is using different pairwise keys. If I'd use the 
What would be the valid way to cover for that using aca-py?
`/out-of-band/create-invitation` and `/out-of-band/receive-invitation` don't allow me to enforce keys I'd like to use. And I cannot use the value of `their_did` from the connection because then the credential won't be usable for any other connection.

pawel.kowalik (Thu, 11 Nov 2021 19:13:19 GMT):

@ianco  looks like you were solving a similar 

pawel.kowalik (Thu, 11 Nov 2021 19:13:19 GMT):

@ianco  looks like you were solving a similar  problem to the one I posted just today https://chat.hyperledger.org/channel/aries-cloudagent-python?msg=7c2FQi85mQJoLDEqn

pawel.kowalik (Thu, 11 Nov 2021 19:15:53 GMT):

Did you manage to find a working solution? I understand the need for key binding indicated by @TimoGlastra but how would you do it over aca-py API?

IgorSim (Thu, 11 Nov 2021 19:30:49 GMT):

In '/issue-credential-2.0/records/{cred_ex_id}/send-request'
there is 'holder_did' that holder can set....i'm also not clear on this but i guess this is the way for issuer to get the key. Can someone confirm or actually provide correct answer. Thanks.

TimoGlastra (Thu, 11 Nov 2021 19:32:16 GMT):

That’s correct @IgorSim 

IgorSim (Thu, 11 Nov 2021 19:38:46 GMT):

Thanks @TimoGlastra ... i was just checking swagger documentatiion and got confused a bit....If issuance starts from the issuer side (Send holder a credential offer, independent of any proposal, i.e. /send-offer) then he must have credentialSubject.id at that point but '/issue-credential-2.0/records/{cred_ex_id}/send-request' comes afterwards (as 2-nd step) so how can he get did:key from the holder before he send the offer?

TimoGlastra (Thu, 11 Nov 2021 20:05:55 GMT):

Yes that’s a bit of a weird thing. Basically you can choose to send a credential without a subject.id on the issuer side and then fill it in on the holder side

pawel.kowalik (Thu, 11 Nov 2021 20:31:10 GMT):

Ok, I may try that. It would mean one additional round trip. How would it assure the ownership of this `did:key` by the holder? Is this `holder_did` field imposing any proof? 

TimoGlastra (Thu, 11 Nov 2021 21:03:07 GMT):

Yes, in general, the Subject identifier should have been authentically bound to the subject beforehand. This is a limitation of the current jsonld attachment format. The format was mainly meant to be simple, and leaves a lot to solve by yourself. One way to solve this would be to require a self-signed VP as prerequisite to the issuance step. This is of course not ideal. I think something like the credential manifest (https://identity.foundation/credential-manifest/) could help with this as you can require a VP as input before issuing a credential

swcurran (Thu, 11 Nov 2021 21:20:03 GMT):

This is the painful part of using W3C Credentials vs. Indy AnonCreds.  All of these issues (and more) have been solved, implemented and working in Indy AnonCreds for 4+ years.  Adding W3C credentials has meant having to leave a lot up to the implementer.  Not fun...

swcurran (Thu, 11 Nov 2021 21:24:06 GMT):

About 1 -- a "tails server" is really just a fancy file server, so the tails server is as big as you want.  A tails file is linear to the number of credentials in its associated revreg.  Here are some metrics about the size of a tails file for a given number of credentials that another contributor recently posted. I'll add this to the readme on the tails server soon.

Revoc_Reg_Size=3000, Tailsfile 768KB, ProofGen~4sec
Revoc_Reg_Size=10000, Tailsfile 2,6MB, ProofGen~5sec
Revoc_Reg_Size=32768, Tailsfile 8,4MB, ProofGen~7sec
Used: Lissi-Wallet on a iPhone 12Pro
32768 is the max-size-value set in the ACA-Py

pawel.kowalik (Thu, 11 Nov 2021 21:50:51 GMT):

Ok, thanks for the inputs. I really hoped aca-py would support more in the process but seems there is quite a gap one needs to cover in the business logic.

swcurran (Thu, 11 Nov 2021 21:54:08 GMT):

We're definitely open to ideas about the best ways to solve these, and perhaps providing help in getting them done.  BC Gov is continuing to work in both VC formats, but has not had to do a production W3C example, so we've not "felt the pain" yet.  As Timo noted, perhaps we need to push for DIF Credential Manifest on the issuance side, as we did with DIF Presentation Exchange on the Presentation side.

pawel.kowalik (Thu, 11 Nov 2021 21:57:32 GMT):

@swcurran indeed with Indy the whole process is bound to the connection and one does not have to care abound credential binding to the holder. I kind of expected the same approach would be working here. It seems however not possible to make aca-py  establish a connection using "public'" `did:key`. I think the protocol alone would allow for that, but the implementation seems to limit this possibility. 

swcurran (Thu, 11 Nov 2021 22:00:56 GMT):

That's not quite right.  With Indy, it's done with a "linked secret" -- a binding to the holder that is proven in zero knowledge. That linked secret is kept in the wallet and used across all held credentials.  With W3C, there is not as much of a focus on the holder -- it's more about the Subject, and there are only loose conventions about how to link the Subject to the holder.  It's very vague. :-(.

There is a spec on Bound BBS+ VCs that has been discussed, but not implemented. That would provide a path to the holder-binding, but it's not there yet.

IgorSim (Thu, 11 Nov 2021 22:02:13 GMT):

Hi, are there any plans in 'aca-py' to support other ledgers than Indy as verifiable data registry? Is that possible(w/o rewriting entire code base) at all? For example option to replace Indy w/ Fabric. Motivation comes from businesses that already have fabric in production and wants to have 'ssi' capability to some degree w/o installing and operating another blockchain.
As far i understand following things are written to the ledger: DID-s, schema, cred. definition, revocation reg. definition and entries..all of these 'assets' can be saved in fabric in one way or another.  Of course, DID resolver should be implemented as well. 
Is there anything 'Indy' specific that isn't supported by other ledgers, such as fabric?
I know that issuing 'Indy based AnonCreds' on fabric sounds strange :) but just wanted to check this possibility...

swcurran (Thu, 11 Nov 2021 22:02:42 GMT):

In Indy, there is a required extra message to issue a credential -- Offer, Request and Issue messages are needed.  All three are needed to do the commitments necessary for the issued VC.  In the Request, the holder provides the commitment to the linked secret and the issuer inserts that in to the VC.

swcurran (Thu, 11 Nov 2021 22:03:53 GMT):

In the recent 0.7.0 and later releases, there is the ability to resolve DIDs on other ledgers.  You can include a native resolver or fallback to a universal resolver instance for that.

swcurran (Thu, 11 Nov 2021 22:03:53 GMT):

In the recent 0.7.0 and later releases, there is the ability to resolve DIDs on other ledgers.  You can include a native resolver or fallback to a universal resolver instance for that. Several native resolvers have been implemented -- did:web, did:key at least.

swcurran (Thu, 11 Nov 2021 22:04:42 GMT):

It should be relatively easy (he says...) to add a write capability to another ledger for DIDs, but that has not yet been added.

pawel.kowalik (Thu, 11 Nov 2021 22:05:06 GMT):

From the quick lecture seems that indeed Credential Manifest may address the problem, it may as well be too complex for a simple use case. In the first go I'll try to model the process with the current capability, then I may have an idea where it can be optimized or better supported by the framework 

pawel.kowalik (Thu, 11 Nov 2021 22:06:31 GMT):

Got it, thanks for this insights. 

swcurran (Thu, 11 Nov 2021 22:06:50 GMT):

Putting all of the Indy AnonCreds objects on a non-Indy ledger could also be done, but would likely require some thought.  I think the existing API to the Indy SDK would need some adjustments.   You would likely want to use indy-vdr as the basis for that work.

swcurran (Thu, 11 Nov 2021 22:08:16 GMT):

Please share that -- we'd appreciate.  We did that same process a couple of times in the past and while the first cut was ugly (make the controller do all the work), once we could see the pattern, pushing it into ACA-Py was surprisingly easy.

pawel.kowalik (Thu, 11 Nov 2021 22:17:25 GMT):

And how about the capability to store an arbitrary did in the aca-py wallet? Right now it's only did:sov and did:key possible. Especially for non-ledger dids like `did:web` it could be interesting, so that the issue process in w3c format would work as well.

swcurran (Thu, 11 Nov 2021 22:20:16 GMT):

Hmmm...I'm not certain.  I'll have to bring in  folks that are more helpful -- @ianco, @shaanjot.gill . I'm sure you are right, but I'm more interested in knowing what it would take.  It might be something that would be easier to do in the newer "aries-askar" storage vs. the indy-wallet -- but I'm not certain.

pawel.kowalik (Thu, 11 Nov 2021 22:23:46 GMT):

Ok, can't wait the feedback from the folks

kukgini (Fri, 12 Nov 2021 02:51:20 GMT):

Hi here. I need to see INDY debug log. In the old version, I could see it by adjusting RUST_LOG environment variable, but It seems not work in the latest version. can anybody help me?

IgorSim (Fri, 12 Nov 2021 08:14:06 GMT):

What was the motivation for developing 'aries-askar' storage and what are the pros/cons comparing to indy-wallet? There isn't a lot of documentation for that project and it's not very clear what are the main use cases....
I guess same question is relevant for other aries shared components (indy-vdr, indy-shared-rs), can someone please explain in more details or point to other resources? Thanks.

Yunxi 3 (Fri, 12 Nov 2021 09:39:51 GMT):

Thanks for your answer @swcurran, do you have the metrics such as when adding a new credential to the revocation registry, what size x the credential will occupy revoc_reg_size (e.g. x out of 3000)? In other words, when the Revoc_Reg_Size=3000, what's the maximum number of credentials we can revoke? In addition, once the size limit is reached, does it mean we have to use a new tails server for new credential revocation?

victor.martinez (Fri, 12 Nov 2021 10:49:55 GMT):

My understanding is that the problem is no about the did type but the keys type. For example, if Fabric already supports ed25519 key types then no changes are required neither in aca-py side or indy wallet side

ianco (Fri, 12 Nov 2021 13:17:40 GMT):

Yes I added this to the alice/faber demo in aca-py.  Faber send a credential offer, and then alice includes her did in the credential request

ianco (Fri, 12 Nov 2021 13:19:06 GMT):

https://github.com/hyperledger/aries-cloudagent-python/blob/main/demo/runners/agent_container.py#L230

ianco (Fri, 12 Nov 2021 13:20:29 GMT):

In this example alice (holder) creates a new did for each credential received.  Potentially the holder could use the same did across all credentials.

daidoji (Fri, 12 Nov 2021 14:56:51 GMT):

The motivation is that Aries is meant as a series of interop protocols and standards that wallets and agents can use to interact with each other.  They were all implemented in indy originally so there's been a lot of work to divorce the implementations from the standards.

Hence aries-askar is a wallet standard of which indy wallet is an implementation (or at least thats the ultimate goal).  They'd like to get to a point where multiple wallet implementations can be swapped in and out of the stack.

Similarly with other shared components.

swcurran (Fri, 12 Nov 2021 15:11:11 GMT):

When you have a RevReg size of 3000, that means you have 3000 credentials that can be issued and revoked.  When you issue the 3001, a new RevReg with a new tails file that is published to the same tails server.

ACA-Py handles all the logistics for you. On creation of a revocable credential, ACA-Py automatically creates 2 RevRegs, one to use now, and one to use next. When the first is used up (e.g. 3000 credentials issued), ACA-Py switches to the next one, and creates a new one to be ready when needed.  That way, the controller doesn't have to track what RevReg to use, and there is no issuing delay to create a new RevReg.

mateokurti (Fri, 12 Nov 2021 15:20:46 GMT):

Has joined the channel.

mateokurti (Fri, 12 Nov 2021 15:20:46 GMT):

Hi guys! Quick question here. If I run an ACA-Py mediator, can it communicate with an `aries-vcx` mobile agent? If not, I should use VCX Agency. Can it communicate with a issuer/verifier agent running on ACA-Py?

swcurran (Fri, 12 Nov 2021 15:25:53 GMT):

That would depend on whether Aries VCX supports the AIP 2.0 Mediator Coordination RFCs, notably AIP 211.  @mirgee -- do you know that?

mirgee (Fri, 12 Nov 2021 15:26:58 GMT):

Not yet, but it's on the roadmap.

mateokurti (Fri, 12 Nov 2021 15:27:00 GMT):

@swcurran no, Aries VCX does not support AIP 2.0 protocols as I know.

IgorSim (Fri, 12 Nov 2021 16:15:58 GMT):

Hi, i'm trying to connect 'aries-bifold' and 'aca-py' agent working as mediator. Establishing connection seems to work fine (i can verify that connection is promoted to active on 'aca-py' side) but i see this error in aries-bifold:

 DEBUG  DEBUG: Connection completed, requesting mediation
............
 ERROR  ERROR: Message is undeliverable to connection 8f0dfac3-0845-4e32-9f1c-c86e3b856e0f (Mediator) {
  "message": {
    "@type": "https://didcomm.org/coordinate-mediation/1.0/mediate-request",
No errors in 'aca-py'.

'aca-py' is started with flags: --enable-undelivered-queue, --open-mediation

pawel.kowalik (Fri, 12 Nov 2021 20:18:39 GMT):

@ianco right, this works indeed. The credential can be issued correctly with the right keys. Initial credential offer without `credentialSubject.id` does the trick, so it can be amended in the credential request with `holder_did`. The only missing part is that the issuer does not know if the `holder_did` is in fact controlled by the holder.

pawel.kowalik (Fri, 12 Nov 2021 20:29:07 GMT):

Progressing on this one... so far I ended up with a process which requires first that the holder issues a bogus credential to itself, so that it can give a meaningful answer to the presentation request.

swcurran (Fri, 12 Nov 2021 21:26:08 GMT):

So that means for now you can't use ACA-Py as a mediator for Aries VCX, as ACA-Py uses the AIP 2.0 mediator protocols.

pawel.kowalik (Fri, 12 Nov 2021 21:26:52 GMT):

So far I managed to do it only through a very messy process where the holder would create a loopback connection to itself in order to issue such self-signed credential (with the whole `issue-credential v2.0` process involved).
I hoped I could do it with `/issue-credential-2.0/create` but it seems to render only a credential exchange record in a state `offer-sent` but no way to complete the process.

swcurran (Fri, 12 Nov 2021 21:26:55 GMT):

Aries Framework JavaScript and Aries Bifold do use the standard mediator RFCs.

swcurran (Fri, 12 Nov 2021 21:27:57 GMT):

That sounds ugly...

pawel.kowalik (Fri, 12 Nov 2021 21:28:46 GMT):

`/issue-credential-2.0/records/{cred_ex_id}/send-offer` renders an error `Record not found: None` because `connection_id` is empty in this case.

pawel.kowalik (Fri, 12 Nov 2021 21:29:30 GMT):

It may also be I overlook something obvious...

swcurran (Fri, 12 Nov 2021 23:36:01 GMT):

@dbluhm -- perhaps you can help?  Or better, point @IgorSim to a the Inidico "pre-configured" mediator, so it just works.

@IgorSim -- if you don't need to have your own mediator and you are just trying to run Bifold, you should be able to use the Indicio Public Mediator -- https://indicio-tech.github.io/mediator/

swcurran (Sat, 13 Nov 2021 00:33:36 GMT):

The motivation for Aries Askar was to decouple it from the Indy Ledger and AnonCreds components so that it could be both ledger and verifiable credential format agnostic.

In doing the implementation, the design goals of the Indy storage component ("indy-wallet" in the Indy SDK) was kept more or less the same, but there was an attempt to allow a lot more concurrency than is supported in Indy storage.  The indy-sdk has a central queue per instance and all events are processed by that queue, and that created a limit on concurrency, and the Askar implementation attempts to break that.

swcurran (Sat, 13 Nov 2021 00:33:36 GMT):

The motivation for Aries Askar was to decouple Aries storage from the Indy Ledger and AnonCreds components so that it could be both ledger and verifiable credential format agnostic.

In doing the implementation, the design goals of the Indy storage component ("indy-wallet" in the Indy SDK) was kept more or less the same, but there was an attempt to allow a lot more concurrency than is supported in Indy storage.  The indy-sdk has a central queue per instance and all events are processed by that queue, and that created a limit on concurrency, and the Askar implementation attempts to break that.

swcurran (Sat, 13 Nov 2021 00:33:36 GMT):

The motivation for Aries Askar was to decouple Aries storage from the Indy Ledger and AnonCreds components so that it could be both ledger and verifiable credential format agnostic.

In doing the implementation, the design goals of the Indy storage component ("indy-wallet" in the Indy SDK) were kept more or less the same, but there was an attempt to allow a lot more concurrency than is supported in Indy storage.  The indy-sdk has a central queue per instance and all events are processed by that queue, and that created a limit on concurrency, and the Askar implementation attempts to break that.

swcurran (Sat, 13 Nov 2021 00:33:36 GMT):

The motivation for Aries Askar was to decouple Aries storage from the Indy Ledger and AnonCreds components so that it could be both ledger and verifiable credential format agnostic.

In doing the implementation, the design goals of the Indy storage component ("indy-wallet" in the Indy SDK) were kept more or less the same, but there was an attempt to allow a lot more concurrency than is supported in Indy storage.  The indy-sdk has a central queue per instance and all events of all sub-components go through that queue, and that created a limit on concurrency, and the Askar implementation attempts to break that.

swcurran (Sat, 13 Nov 2021 00:33:36 GMT):

The motivation for Aries Askar was to decouple Aries storage from the Indy Ledger and AnonCreds components so that it could be both ledger and verifiable credential format agnostic.

In doing the implementation, the design goals of the Indy storage component ("indy-wallet" in the Indy SDK) were kept more or less the same, but there was an attempt to allow a lot more concurrency than is supported in Indy storage.  The indy-sdk has a central queue per instance and all events of all sub-components go through that queue, and that created a limit on concurrency. The Askar implementation attempts to break that.

swcurran (Sat, 13 Nov 2021 00:36:17 GMT):

Aries Askar definitely supports additional key types, particularly the BLS keys needed for BBS+ handling and the NIST key types that were added in the DIDComm V2 Envelope processing.

swcurran (Sat, 13 Nov 2021 00:40:14 GMT):

Regards this:

> As far i understand following things are written to the ledger: DID-s, schema, cred. definition, revocation reg. definition and entries..all of these 'assets' can be saved in fabric in one way or another. Of course, DID resolver should be implemented as well.

Agreed.  The interesting part of that is how to make the interface to all those objects the same to an Aries agent (e.g., an ACA-Py instance) so that they are referenced and resolved independent of where they are stored. What I think we need is a way to reference those as DIDs, so that we can just use DID resolution to get all of the object types, regardless of where they are stored.

The work we are doing on "did:indy" goes in that direction, enabling a "did-centric" way to reference those documents on (at least) an Indy ledger, and hopefully -- on any ledger.

swcurran (Sat, 13 Nov 2021 00:40:14 GMT):

Regards this:

> As far i understand following things are written to the ledger: DID-s, schema, cred. definition, revocation reg. definition and entries..all of these 'assets' can be saved in fabric in one way or another. Of course, DID resolver should be implemented as well.
>

Agreed.  The interesting part of that is how to make the interface to all those objects the same to an Aries agent (e.g., an ACA-Py instance) so that they are referenced and resolved independent of where they are stored. What I think we need is a way to reference those as DIDs, so that we can just use DID resolution to get all of the object types, regardless of where they are stored.

The work we are doing on "did:indy" goes in that direction, enabling a "did-centric" way to reference those documents on (at least) an Indy ledger, and hopefully -- on any ledger.

swcurran (Sat, 13 Nov 2021 00:40:14 GMT):

Regards this:

> As far i understand following things are written to the ledger: DID-s, schema, cred. definition, revocation reg. definition and entries..all of these 'assets' can be saved in fabric in one way or another. Of course, DID resolver should be implemented as well.
>

Agreed.  The interesting part of that is how to make the interface to all those objects the same to an Aries agent (e.g., an ACA-Py instance) so that they are referenced and resolved independent of where they are stored. What I think we need is a way to reference those as DIDs, so that we can just use DID resolution to get all of the object types, regardless of where they are stored.

The work we are doing on "did:indy" goes in that direction, enabling a "did-centric" way to reference those objects on (at least) an Indy ledger, and hopefully -- on any ledger.

swcurran (Sat, 13 Nov 2021 00:40:14 GMT):

Regards this:

> As far i understand following things are written to the ledger: DID-s, schema, cred. definition, revocation reg. definition and entries..all of these 'assets' can be saved in fabric in one way or another. Of course, DID resolver should be implemented as well.
>

Agreed.  The interesting part of that is how to make the interface to all those objects the same to an Aries agent (e.g., an ACA-Py instance) so that they are referenced and resolved independent of where they are stored. What I think we need is a way to reference those as DIDs, so that we can just use DID resolution to get all of the object types, regardless of where they are stored.

The work we are doing on "did:indy" goes in that direction, enabling a "did-centric" way to reference those objects on (at least) an Indy ledger, and hopefully -- on any ledger/DID method (even did:web).

swcurran (Sat, 13 Nov 2021 00:49:15 GMT):

Folks -- next week's (Tuesday) ACA-Pug (User Group) meeting is cancelled so we can all go to the Aries Mobile Summit!!!  Please join that meeting here:

-= Aries Mobile Summit =-
First session will be Tuesday, Nov 16th at 7AM US/Pacific. Agenda here:
https://wiki.hyperledger.org/display/ARIES/2021-11-16+Aries+Summit+Session

Topic is QR Codes and Invitations.

Check back for updated meeting info - I need to make sure we have a non-conflicting zoom room to meet.

swcurran (Sat, 13 Nov 2021 00:49:15 GMT):

Folks -- next week's (Tuesday) ACA-Pug (User Group) meeting is *cancelled* so we can all go to the Aries Mobile Summit!!!  Please join that meeting here:

-= Aries Mobile Summit =-
First session will be Tuesday, Nov 16th at 7AM US/Pacific. Agenda here:
https://wiki.hyperledger.org/display/ARIES/2021-11-16+Aries+Summit+Session

Topic is QR Codes and Invitations.

Check back for updated meeting info - I need to make sure we have a non-conflicting zoom room to meet.

IgorSim (Sat, 13 Nov 2021 19:03:11 GMT):

Hi, we're using our own mediator...Btw, i had to add 'ws' endpoint in mediator in order to make it work. Is this transport mandatory?
For example when running Bifold against Indicio Mediator in the log there is:
 DEBUG  DEBUG: Retrieving services for connection 'eeec823d-04c0-417c-a074-d8a6d897181a' (Indicio Public Mediator) {
  "transportPriority": {
    "schemes": [
      "wss",
      "ws"
    ],
    "restrictive": true
  }
Does this mean that  ws or wss transport is required for mediation to work properly?

swcurran (Sat, 13 Nov 2021 19:51:34 GMT):

No, the transport being used is not required.  HTTP and WS are common.

TimoGlastra (Mon, 15 Nov 2021 09:43:31 GMT):

[ ](https://chat.hyperledger.org/channel/aries-cloudagent-python?msg=wCRCV8yXSrUt0v9Cn) I think what is currently missing in ACA-Py is a generic did registrar interface. There is a did resolver that allows for any did method that has a resolver class in ACA-Py to resolve the DID. Only thing that needs changing when a new did method needs to be supported is implementing the resolver interface for that specific method (this is trivial for e.g. did:web). A universal registrar is a bit more complex, as you actually need to work with private keys and decide which keys should be in a diddoc and where they should be located. Currently the `Wallet` class in ACA-Py concerns with both DIDs and keys, the approach I'd take here (and what we're heading towards for AFJ) is that the `Wallet` shouldn't concern about DIDs anymore and only about the cryptographic keys used in did docs. Basically ACA-Py is missing an abstraction for did registration and each key has a 1-1 relationship with a did currently which makes it quite hard to support new did methods. We can learn from this spec to see what it takes to build a generic did registration interface: https://identity.foundation/did-registration/

@swcurran I think it would be good to spend some time during one of the ACA-Pug calls on this topic

TimoGlastra (Mon, 15 Nov 2021 09:57:55 GMT):

Maybe if @shaanjot.gill has the time we could look at incorporating this use case into the pres exch flow @swcurran? I think all this would need is an empty self-signed VP without any credential inside of it. We've limited this use as in most cases sending an empty self-signed VP is not that useful, but it is for this use case

pawel.kowalik (Mon, 15 Nov 2021 11:55:32 GMT):

Thanks @TimoGlastra for picking up. These are really useful insights.

swcurran (Mon, 15 Nov 2021 14:32:27 GMT):

Valuable comments -- thanks Timo. 

We need others to weigh in on this and agree that it would be good to discuss at an ACA-Pug Meeting.

As I understand it (but definitely not an expert here), ACA-Py's approach to key handling is that private keys are handled inside `Wallet` as a protected area and not easily accessed by "developer code", making it more secure. For example, after use, after use the memory that held the private key is cleared. I think those measures need to be retained as we evolve the code base to make DID registration agnostic.

dbluhm (Mon, 15 Nov 2021 15:38:41 GMT):

I think I'm actually going to tap in @JamesEbert to see if he has any guidance from the Bifold side

JamesEbert (Mon, 15 Nov 2021 17:05:22 GMT):

I can communicate that WS is required for the Bifold (AFJ) <-> ACA-Py mediator compatibility. In order to use HTTP with AFJ for mediation it requires pickup protocol v1 implementation, which isn't present in ACA-Py, and is being moved out of favor (not sure if deprecated however?) for present proof v2. 
Do you have any additional logs you could add @IgorSim?

pawel.kowalik (Mon, 15 Nov 2021 18:09:44 GMT):

Well... actually getting an empty self-signed VP is possible already, somehow.
I managed to get there, however I don't know if this is a bug or a feature.
And if I read W3C specification right a presentation without any VC is actually invalid. As per teminology part:
```presentation
    Data derived from one or more verifiable credentials, issued by one or more issuers, that is shared with a specific verifier```
Note "one or more".
Also, without any VC there is actually no `$.credentialSubject.id` which could be used for the binding. Is there a field in the presentation which would indicate the holder's did?
What is more confusing is that the presentation is reporting `"verified": "True"`, even though the requested and required field `$.credentialSubject.id` is not present. Is it a bug or my wrong understanding?

Here my session if you want to take a look:
[ACME->Faber send request](https://pastebin.com/4qdNY6ps)
[Faber->ACME Send presentation](https://pastebin.com/ZUQ1UiJw)
[ACME - get presentation state](https://pastebin.com/DTfsiHnd)

pawel.kowalik (Mon, 15 Nov 2021 18:14:31 GMT):

If I self-issue a VC to Faber (using the ugly method I mentioned earlier) the same flow actually renders a meaningful VP response with the `$.credentialSubject.id` beloging to Faber.

TimoGlastra (Mon, 15 Nov 2021 18:24:39 GMT):

A VP without a VC is valid. See this PR in the vc-test-suite repo: https://github.com/w3c/vc-test-suite/pull/113

TimoGlastra (Mon, 15 Nov 2021 18:25:06 GMT):

Also see this for using a VP for DIDAuth: https://w3c-ccg.github.io/vp-request-spec/#did-authentication-request

TimoGlastra (Mon, 15 Nov 2021 18:26:27 GMT):

The issue you describe with verified being true sounds like a bug to me. @shaanjot.gill you know what’s up here?

pawel.kowalik (Mon, 15 Nov 2021 18:38:16 GMT):

OK, this makes sense, that for DID-Auth there is only a bare VP. The definition of the presentation [here](https://www.w3.org/TR/vc-data-model/#terminology) needs adjustment in this case.

pawel.kowalik (Mon, 15 Nov 2021 18:40:54 GMT):

What is the status of this ` DID Authentication Request` ? I see here `holder` defined as a part of the response, which is then sufficient for DID-Auth and holder did binding. Is it supported by aca-py?

IgorSim (Mon, 15 Nov 2021 20:52:53 GMT):

Thanks for clarification, after i've add WS looks like connection is established and 'mediate request' also is granted...some messages in the log:
 DEBUG  DEBUG: Mediation Granted, setting as default mediator
 DEBUG  DEBUG: Default mediator set
 INFO  INFO: Starting implicit pickup of messages from mediator '6ae37732-5920-42f4-a53a-4c415e5bac30'
...........
I also see "Mediator' in Bifold->Contacts.

Next, i want to check issuance from Issuer <---> Bifold via mediator. For that purpose i must first establish connection between the issuer and Bifold. 

Is it possible with 'Bifold' for example to scan invitation URL encoded as QR code generated by the issuer? I see 'scan' option but not sure how it works.

swcurran (Tue, 16 Nov 2021 04:17:59 GMT):

FYI: Aries Cloud Agent Python Release 0.7.2 has been tagged and is now available on [PyPi](https://pypi.org/project/aries-cloudagent/) and [Docker Hub](https://hub.docker.com/r/bcgovimages/aries-cloudagent/tags) (container image. This is an official ACA-Py release and it's ready for use!

The Change Log can be found [here](https://github.com/hyperledger/aries-cloudagent-python/blob/main/CHANGELOG.md#072). From the Change Log:

> A mostly maintenance release with some key updates and cleanups based on community deployments and discovery. With usage in the field increasing, we're cleaning up edge cases and issues related to volume deployments.
> 
> The most significant new feature for users of Indy ledgers is a simplified approach for transaction authors getting their transactions signed by an endorser. Transaction author controllers now do almost nothing other than configuring their instance to use an Endorser, and ACA-Py takes care of the rest.
> 

As with the 0.7.1 release, this release includes support for Aries Askar Secure Storage in the Docker Hub Image, so Aries Askar can be used with just a command line parameter. 


Thanks!

IgorSim (Tue, 16 Nov 2021 14:44:02 GMT):

OK, i managed to scan issuer invitation and to establish connection via mediator.... have one more question reg. supported ledgers but i will post that question in 'aries-bifold' channel

etschelp (Wed, 17 Nov 2021 11:08:19 GMT):

Nice., btw setting `--wallet-type askar `only works for 0.7.2 with 0.7.1 I get a module not found exception (when using the provision option).

LedgerXYZ (Wed, 17 Nov 2021 13:25:22 GMT):

Good day all.

LedgerXYZ (Wed, 17 Nov 2021 13:26:15 GMT):

In the Aries VCR controller, it shows here in the

LedgerXYZ (Wed, 17 Nov 2021 13:44:20 GMT):

In the Aries VCR Issuer Controller, it shows here how to configure the schema.yml file that hold attributes during credential issuance.  According to the configuration guide, the schema acknowledgement or creation on a ledger is one of the purpose of the schema.yml file.  What is not clear in the configuration guide is how to use the schema.yml file to also define a credential definition that is later referenced in the routes.yml configuration file.

LedgerXYZ (Wed, 17 Nov 2021 13:44:20 GMT):

In the Aries VCR Issuer Controller, it shows here how to configure the schema.yml file that hold attributes during credential issuance.  According to the configuration guide, the schema acknowledgement or creation on a ledger is one of the purpose of the schema.yml file.  What is not clear in the configuration guide is how to use the schema.yml file to also define a credential definition that is later referenced in the [proof_request](https://github.com/bcgov/aries-vcr-issuer-controller/blob/ddd59c433db303940bf905539f84ae84954a918e/issuer_controller/config/routes.yml#L72) configuration section of the routes.yml file.

LedgerXYZ (Wed, 17 Nov 2021 13:44:20 GMT):

In the Aries VCR Issuer Controller, it shows [here](https://github.com/bcgov/aries-vcr-issuer-controller/blob/master/issuer_controller/config/README.md#file-schemasyml) how to configure the schema.yml file that hold attributes during credential issuance.  According to the configuration guide, the schema acknowledgement or creation on a ledger is one of the purpose of the schema.yml file.  What is not clear in the configuration guide is how to use the schema.yml file to also define a credential definition that is later referenced in the [proof_request](https://github.com/bcgov/aries-vcr-issuer-controller/blob/ddd59c433db303940bf905539f84ae84954a918e/issuer_controller/config/routes.yml#L72) configuration section of the routes.yml file.

LedgerXYZ (Wed, 17 Nov 2021 13:47:16 GMT):

Can somebody please provide a sample credential definition using the schema.yml file for the Aries VCR Issuer Controller.  Or confirm that reference of a credential in other configuration files automatically creates the credential definition.

LedgerXYZ (Wed, 17 Nov 2021 13:47:16 GMT):

Can somebody please provide a sample credential definition using the schema.yml file for the Aries VCR Issuer Controller.  Or confirm that reference of a credential as proof request in other configuration files automatically creates the credential definition on the ledger if it doesn't exist.

MikeRichardson (Wed, 17 Nov 2021 14:41:14 GMT):

Am I right in assuming RFC 0453: Issue Credential Protocol 2.0 has been implemented for aca-py? If so, can someone point me in the direction of any tests/code I can look at to see how it works? 

We are looking to implement this in AFJ so any help appreciated.

TimoGlastra (Wed, 17 Nov 2021 15:15:38 GMT):

Here's some links and pointers:
- V2 protocol directory: https://github.com/hyperledger/aries-cloudagent-python/tree/31659902475de16118d8322f3cbc9c74f0b85ef5/aries_cloudagent/protocols/issue_credential/v2_0
- JsonLD credential docs: https://github.com/hyperledger/aries-cloudagent-python/blob/31659902475de16118d8322f3cbc9c74f0b85ef5/JsonLdCredentials.md
- Here's the directory with the different credential format classes (indy/jsonld): https://github.com/hyperledger/aries-cloudagent-python/tree/31659902475de16118d8322f3cbc9c74f0b85ef5/aries_cloudagent/protocols/issue_credential/v2_0/formats

TimoGlastra (Wed, 17 Nov 2021 15:20:51 GMT):

Not sure if you're already focussing on JSON-LD credentials, but we also had to add jsonld / vc support to ACA-Py: https://github.com/hyperledger/aries-cloudagent-python/tree/31659902475de16118d8322f3cbc9c74f0b85ef5/aries_cloudagent/vc  

For AFJ you can use the digitalcredentials fork of digitaalbazaar's vc-js. The fork is designed to work in react-native where the original library doesn't work in React Native. See this issue for more info: https://github.com/digitalbazaar/vc-js/issues/109

swcurran (Wed, 17 Nov 2021 20:22:02 GMT):

Not sure what you mean "0.7.2 with 0.7.1" -- do you mean "0.7.2 **and** 0.7.1"?  If so, that is expected -- we only added that to the images for 0.7.1 and 0.72. 

If you mean something else, please clarify.

dbluhm (Wed, 17 Nov 2021 23:24:04 GMT):

I noticed that in the transaction endorser protocol, there's currently no automatic way for an author to send a nym request through an endorser. What's the reasoning here (read: where is my understanding breaking down lol)? How is an author supposed to get their DID on the ledger?

ianco (Wed, 17 Nov 2021 23:29:34 GMT):

That work is in progress right now, by @HarshMultani

dbluhm (Wed, 17 Nov 2021 23:30:17 GMT):

Ahh, gotcha. Thanks!

LedgerXYZ (Thu, 18 Nov 2021 01:59:31 GMT):

Hello all.  I'm trying to establish a connection between the Aries VCR agent and the Aries VCR issuing agent.  However I am unable to establish connection.

LedgerXYZ (Thu, 18 Nov 2021 02:00:45 GMT):

When I check my logs it says method not allowed

LedgerXYZ (Thu, 18 Nov 2021 02:01:23 GMT):

Can someone please assist me resolving this issue

LedgerXYZ (Thu, 18 Nov 2021 02:02:58 GMT):

Here are my logs:

LedgerXYZ (Thu, 18 Nov 2021 02:03:04 GMT):

2021-11-18 01:52:16,347 aries_cloudagent.admin.server ERROR Handler error with exception: Method Not Allowed
Traceback (most recent call last):
  File "/home/indy/.pyenv/versions/3.6.13/lib/python3.6/site-packages/aries_cloudagent/admin/server.py", line 162, in ready_middleware
    return await handler(request)
  File "/home/indy/.pyenv/versions/3.6.13/lib/python3.6/site-packages/aries_cloudagent/admin/server.py", line 199, in debug_middleware
    return await handler(request)
  File "/home/indy/.pyenv/versions/3.6.13/lib/python3.6/site-packages/aiohttp_apispec/middlewares.py", line 22, in validation_middleware
    return await handler(request)
  File "/home/indy/.pyenv/versions/3.6.13/lib/python3.6/site-packages/aries_cloudagent/admin/server.py", line 366, in setup_context
    return await task
  File "/home/indy/.pyenv/versions/3.6.13/lib/python3.6/site-packages/aiohttp/web_urldispatcher.py", line 927, in _handle
    raise self._http_exception
aiohttp.web_exceptions.HTTPMethodNotAllowed: Method Not Allowed
2021-11-18 01:52:26,389 aries_cloudagent.admin.server ERROR Handler error with exception: Method Not Allowed

etschelp (Thu, 18 Nov 2021 09:13:39 GMT):

I mean setting wallet-type to askar works with the 0.7.2 image, but not with 0.7.1. The later throws a module not found exception in this case. But as we are on 0.7.2 already this is not a real issue.

MikeRichardson (Thu, 18 Nov 2021 10:44:24 GMT):

If I want to run the tests in here:

https://github.com/hyperledger/aries-cloudagent-python/tree/31659902475de16118d8322f3cbc9c74f0b85ef5/aries_cloudagent/protocols/issue_credential/v2_0/tests

How do I go about doing that?

swcurran (Thu, 18 Nov 2021 14:36:20 GMT):

@amanji ^^^

swcurran (Thu, 18 Nov 2021 14:41:16 GMT):

Could you try again?  I pushed an 0.7.1 image again.

swcurran (Thu, 18 Nov 2021 14:41:36 GMT):

Weird that it wouldn't be right the first time.

amanji (Thu, 18 Nov 2021 14:59:22 GMT):

Trying to gather more info. Which issuing agent are you using? Or is this just another ACA-Py instance running?

etschelp (Thu, 18 Nov 2021 15:38:24 GMT):

Looks good now. :thumbsup:

ianco (Thu, 18 Nov 2021 17:07:59 GMT):

I suspect you're calling an endpoint with the wrong HTTP method (e.g. calling with `GET` instead of `POST`), double-check the endpoint's definition in the swagger doc

LedgerXYZ (Fri, 19 Nov 2021 04:04:26 GMT):

I am making the call using the swagger ui therefore I don't have any control over the call method

LedgerXYZ (Fri, 19 Nov 2021 04:09:09 GMT):

One thing I have noticed is that if you pull the issuer code directly from the repository, . /manage build then ./manage up isn't sufficient to get running.  One has to configure first.

LedgerXYZ (Fri, 19 Nov 2021 04:10:05 GMT):

What I have struggled with for weeks is getting the configuration right due to not knowing the following:

LedgerXYZ (Fri, 19 Nov 2021 04:11:38 GMT):

The purpose of some the configuration variables and the format of the accepted values

LedgerXYZ (Fri, 19 Nov 2021 04:14:14 GMT):

For example what is the difference between the APPLICATION_URL and ENDPOINT_URL.  What application does APPLICATION_URL reference?

LedgerXYZ (Fri, 19 Nov 2021 04:25:48 GMT):

Can someone please share a working docker-compose configuration that have been tested to perform the actions in the getting started guide

ianco (Fri, 19 Nov 2021 09:44:49 GMT):

Which repo are you running?

LedgerXYZ (Fri, 19 Nov 2021 10:32:22 GMT):

[Aries vcr issuer controller](https://github.com/bcgov/aries-vcr-issuer-contro ller)

LedgerXYZ (Fri, 19 Nov 2021 10:32:22 GMT):

[Aries vcr issuer controller) [https://github.com/bcgov/aries-vcr-issuer-contro ller]

LedgerXYZ (Fri, 19 Nov 2021 10:32:22 GMT):

(Aries vcr issuer controller)[https://github.com/bcgov/aries-vcr-issuer-controller]

LedgerXYZ (Fri, 19 Nov 2021 10:32:22 GMT):

https://github.com/bcgov/aries-vcr-issuer-controller

LedgerXYZ (Fri, 19 Nov 2021 12:51:59 GMT):

Sorry I missed your response from earlier because I'm in a thread with another person that is trying to help me get answers.

LedgerXYZ (Fri, 19 Nov 2021 12:52:39 GMT):

I am using the aries vcr issuer controller

LedgerXYZ (Fri, 19 Nov 2021 12:53:44 GMT):

Link: https://github.com/bcgov/aries-vcr-issuer-controller

ianco (Fri, 19 Nov 2021 15:21:09 GMT):

Hi @LedgerXYZ , for this repo if you follow the instructions here it should work:  https://github.com/bcgov/aries-vcr-issuer-controller/blob/master/GettingStartedTutorial.md

ianco (Fri, 19 Nov 2021 15:21:43 GMT):

You configure the repo by running the `. init.sh` script as described in this step:  https://github.com/bcgov/aries-vcr-issuer-controller/blob/master/GettingStartedTutorial.md#clone-initialize-and-start-your-agent

ianco (Fri, 19 Nov 2021 15:22:01 GMT):

... and then you can run `./manage build` and `./manage start`

ianco (Fri, 19 Nov 2021 15:22:54 GMT):

As far as the `Method not Allowed` error, can you describe exactly what you are doing?  Which endpoint etc.  Everything seems to work ok for me

LedgerXYZ (Fri, 19 Nov 2021 15:29:03 GMT):

@ianco are you testing a fresh install to accomplish booting up without errors or need for additional configuration?

LedgerXYZ (Fri, 19 Nov 2021 15:48:23 GMT):

My config variables:

LedgerXYZ (Fri, 19 Nov 2021 15:48:29 GMT):

CONTROLLER_PORT=5000
  EXPOSED_CONTROLLER_PORT=5000
  WEB_HTTP_PORT=5001
  WEB_HOST_PORT=8081
  COMPOSE_PROJECT_NAME=myorg
  LEDGER_URL="http://172.17.0.4:9000"
  
  # Value from WEB_HTTP_PORT
  APPLICATION_URL="http://172.17.0.4:5001"  # Value from WEB_HTTP_PORT
  ENDPOINT_URL="http://172.17.0.4:5001"  # Value from WEB_HTTP_PORT
 
  AGENT_ADMIN_URL="http://172.17.0.4:8034"  # Value from AGENT_ADMIN_PORT

  RECORD_TIMINGS=false
  TRACE_EVENTS=false
  TRACE_TARGET=log
  TRACE_MSG_PCT=0
  ACK_ERROR_PCT=0

  # myorg-agent
  AGENT_ADMIN_PORT=8034
  TOB_AGENT_ADMIN_PORT=8024
  WEBHOOK_PORT=5000
  #INDY_WALLET_DID=...
  AGENT_HTTP_IN_PORT=8031
  AGENT_WS_IN_PORT=8033
  WEBHOOK_HOST="http://172.17.0.4:5000"  # Value from WEBHOOK_PORT
  AGENT_NAME="agent-myorg"
  AGENT_ENDPOINT="http://172.17.0.4:5000" # Value from AGENT_HTTP_IN_PORT
  AGENT_ADMIN_MODE="admin-insecure-mode"

  # wallet-db
  POSTGRESQL_DATABASE="THE_ORG_BOOK"
  POSTGRESQL_USER="DB_USER"
  POSTGRESQL_PASSWORD="DB_PASSWORD"
  WALLET_TYPE="postgres_storage"
  WALLET_ENCRYPTION_KEY="key"
  POSTGRESQL_WALLET_HOST="wallet-db-myorg"
  POSTGRESQL_WALLET_PORT="5432"
  POSTGRESQL_ADMIN_USER="postgres"
  POSTGRESQL_ADMIN_PASSWORD="mysecretpassword"
  WALLET_SEED_VONX="Fw7a3beSUEpjxkc6qH8VU1gd459Oviqo"
  TOB_APP_URL="http://172.17.0.4:8080/en/home"
  TOB_API_URL="http://172.17.0.4:8080/api/v2"
  LOG_LEVEL="debug"
  VONX_API_URL="http://172.17.0.4:5000" # Value from WEBHOOK_PORT
  REGISTER_TOB_CONNECTION=true
  TOB_CONNECTION_NAME="vcr-agent"

  TOB_ADMIN_API_KEY=R2D2HfPM5Zwd69IjclQiuFmcMV6

ianco (Fri, 19 Nov 2021 15:49:41 GMT):

@LedgerXYZ I checked out a clean copy of the repo, ran the `. init.sh` step, then build and start

LedgerXYZ (Fri, 19 Nov 2021 19:39:10 GMT):

I just did a fresh install of both vcr and issuer and still errors.  The errors appears to connection issues

LedgerXYZ (Fri, 19 Nov 2021 19:39:48 GMT):

@ianco here are the logs from the issuer controller

LedgerXYZ (Fri, 19 Nov 2021 19:45:29 GMT):

``` [2021-11-19 19:29:58 +0000] [1] [INFO] Starting gunicorn 20.1.0
[2021-11-19 19:29:58 +0000] [1] [INFO] Listening at: http://0.0.0.0:5000 (1)
[2021-11-19 19:29:58 +0000] [1] [INFO] Using worker: gevent
[2021-11-19 19:29:58 +0000] [8] [INFO] Booting worker with pid: 8
Configuration variable not defined: APPLICATION_URL
Configuration variable not defined: ENDPOINT_URL
Configuration variable not defined: ENDPOINT_URL
Configuration variable not defined: ENDPOINT_URL
Configuration variable not defined: ENDPOINT_URL
Exception in thread Thread-1:
Traceback (most recent call last):
  File "/usr/local/lib/python3.10/site-packages/urllib3/connection.py", line 174, in _new_conn
    conn = connection.create_connection(
  File "/usr/local/lib/python3.10/site-packages/urllib3/util/connection.py", line 96, in create_connection
    raise err
  File "/usr/local/lib/python3.10/site-packages/urllib3/util/connection.py", line 86, in create_connection
    sock.connect(sa)
  File "/usr/local/lib/python3.10/site-packages/gevent/_socketcommon.py", line 607, in connect
    raise _SocketError(err, strerror(err))
ConnectionRefusedError: [Errno 111] Connection refused

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/lib/python3.10/site-packages/urllib3/connectionpool.py", line 699, in urlopen
    httplib_response = self._make_request(
  File "/usr/local/lib/python3.10/site-packages/urllib3/connectionpool.py", line 394, in _make_request
    conn.request(method, url, **httplib_request_kw)
  File "/usr/local/lib/python3.10/site-packages/urllib3/connection.py", line 239, in request
    super(HTTPConnection, self).request(method, url, body=body, headers=headers)
  File "/usr/local/lib/python3.10/http/client.py", line 1276, in request
    self._send_request(method, url, body, headers, encode_chunked)
  File "/usr/local/lib/python3.10/http/client.py", line 1322, in _send_request
    self.endheaders(body, encode_chunked=encode_chunked)
  File "/usr/local/lib/python3.10/http/client.py", line 1271, in endheaders
    self._send_output(message_body, encode_chunked=encode_chunked)
  File "/usr/local/lib/python3.10/http/client.py", line 1031, in _send_output
    self.send(msg)
  File "/usr/local/lib/python3.10/http/client.py", line 969, in send
    self.connect()
  File "/usr/local/lib/python3.10/site-packages/urllib3/connection.py", line 205, in connect
    conn = self._new_conn()
  File "/usr/local/lib/python3.10/site-packages/urllib3/connection.py", line 186, in _new_conn
    raise NewConnectionError(
urllib3.exceptions.NewConnectionError: : Failed to establish a new connection: [Errno 111] Connection refused

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/lib/python3.10/site-packages/requests/adapters.py", line 439, in send
    resp = conn.urlopen(
  File "/usr/local/lib/python3.10/site-packages/urllib3/connectionpool.py", line 755, in urlopen
    retries = retries.increment(
  File "/usr/local/lib/python3.10/site-packages/urllib3/util/retry.py", line 574, in increment
    raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPConnectionPool(host='myorg-agent', port=8034): Max retries exceeded with url: /wallet/did/public (Caused by NewConnectionError(': Failed to establish a new connection: [Errno 111] Connection refused')) ```

ianco (Fri, 19 Nov 2021 19:49:14 GMT):

Your controller isn't connecting to your agent:  `HTTPConnectionPool(host='myorg-agent', port=8034)`

ianco (Fri, 19 Nov 2021 19:49:40 GMT):

Did your agent start ok?  Try starting with `./manage start --logs` and see what's in the docker-compose logs

LedgerXYZ (Fri, 19 Nov 2021 19:53:20 GMT):

From the logs it appears the agent starts AFTER this error is generated by the controller.

ianco (Fri, 19 Nov 2021 19:55:00 GMT):

Well that explains it then!

ianco (Fri, 19 Nov 2021 19:55:07 GMT):

Weird that it's happening tho ...

LedgerXYZ (Fri, 19 Nov 2021 19:55:16 GMT):

In reality I cannot tell which actually comes first.  The agent does start successfully

ianco (Fri, 19 Nov 2021 19:56:47 GMT):

If the agent starts *after* the controller then that explains the error

ianco (Fri, 19 Nov 2021 19:57:12 GMT):

I'm not sure why that would be happening, or for what other reason the controller couldn't connect to the agent

LedgerXYZ (Fri, 19 Nov 2021 19:59:35 GMT):

When you ran it successfully, did you run in a local or docker playground environment

ianco (Fri, 19 Nov 2021 19:59:53 GMT):

Locally

LedgerXYZ (Fri, 19 Nov 2021 20:00:21 GMT):

So am I

LedgerXYZ (Fri, 19 Nov 2021 20:00:54 GMT):

However my local environment is inside of Google cloud shell

LedgerXYZ (Fri, 19 Nov 2021 20:03:01 GMT):

I will update the `docker-compose ` file to use the same network as the vcr containers (`vcr_vcr`) and report my findings

ianco (Fri, 19 Nov 2021 20:03:16 GMT):

ok thanks

LedgerXYZ (Fri, 19 Nov 2021 20:19:49 GMT):

Still no luck

LedgerXYZ (Fri, 19 Nov 2021 20:28:07 GMT):

If the connection fails during initial start up, are you aware of a reason that will cause the connection error I described at the beginning of this thread using the swagger ui to connect manually

ianco (Fri, 19 Nov 2021 20:33:44 GMT):

No, other than if the containers in your environment aren't able to connect to each other, then a "connection refused" error may show up as an "invalid method"?  (not sure just off the top of my head ...)

LedgerXYZ (Fri, 19 Nov 2021 20:34:45 GMT):

OK thank you so much for assisting me with this

ianco (Fri, 19 Nov 2021 20:34:57 GMT):

Can you try running on a local workstation or in play with docker?  I haven't tried running this in google cloud shell so not sure what that environment might introduce ...

LedgerXYZ (Fri, 19 Nov 2021 20:35:17 GMT):

I will continue searching for a resolution

ianco (Fri, 19 Nov 2021 20:35:31 GMT):

Otherwise you'll need to figure out if the issue is (a) your agent is starting *after* the controller, or (b) there are connection issues between the controller and agent

ianco (Fri, 19 Nov 2021 20:36:03 GMT):

for (a) you could try editing the docker-compose.yml (we have `sleep xxx` in each of the startup commands)

ianco (Fri, 19 Nov 2021 20:36:16 GMT):

for (b) I don't know, this would be a google cloud issue

ianco (Fri, 19 Nov 2021 20:36:16 GMT):

for (b) I don't know, this could be a google cloud issue

LedgerXYZ (Fri, 19 Nov 2021 20:36:38 GMT):

As to will start my investigation with your suggestions

LedgerXYZ (Fri, 19 Nov 2021 20:38:03 GMT):

I was able to finally get it working a few weeks ago however I failed to push my configuration into my repo

LedgerXYZ (Fri, 19 Nov 2021 20:38:35 GMT):

In other words I can confirm that it should generally connect to its agent

LedgerXYZ (Fri, 19 Nov 2021 20:39:23 GMT):

Especially because the vcr components seem to connect with each other just fine

LedgerXYZ (Fri, 19 Nov 2021 20:40:20 GMT):

Sh

ianco (Fri, 19 Nov 2021 20:40:34 GMT):

Just off the top of my head, the containers use the internal docker IP to connect to each other

ianco (Fri, 19 Nov 2021 20:40:48 GMT):

... so maybe that's the issue

bruno.hivert (Fri, 19 Nov 2021 20:41:04 GMT):

Hello, we are trying to get the https://github.com/bcgov/issuer-kit-demo-verifier-chat/ to work, and we are blocked at the very last authentication step:
The wallet (we tried a few) does not manage to communicate with the vc-authn-oidc server.
We are getting repeated logs like this:
```
[20:34:56 DBG] Processing authentication request for /vc/connect/poll.
[20:34:56 DBG] Processing authentication request for /vc/connect/poll.
[20:34:56 DBG] No matching request header found.
[20:34:56 DBG] No matching request header found.
[20:34:56 DBG] AuthenticationScheme: API Key was not authenticated.
[20:34:56 DBG] AuthenticationScheme: API Key was not authenticated.
[20:34:56 DBG] Cannot find a session corresponding to the presentation request. Presentation request Id: [5f383ffa-846c-4393-bdbf-678aa460e863]
[20:34:56 DBG] Presentation request was not satisfied. AuthSession: [VCAuthn.Models.AuthSession]
[20:34:58 DBG] Processing authentication request for /vc/connect/poll.
[20:34:58 DBG] No matching request header found.
[20:34:58 DBG] AuthenticationScheme: API Key was not authenticated.
[20:34:58 DBG] Cannot find a session corresponding to the presentation request. Presentation request Id: [4163c211-3e4c-45af-b5b5-e06ede4609c6]
[20:34:59 DBG] Processing authentication request for /vc/connect/poll.
[20:34:59 DBG] Processing authentication request for /vc/connect/poll.
[20:34:59 DBG] No matching request header found.
[20:34:59 DBG] AuthenticationScheme: API Key was not authenticated.
[20:34:59 DBG] No matching request header found.
[20:34:59 DBG] AuthenticationScheme: API Key was not authenticated.
[20:34:59 DBG] Cannot find a session corresponding to the presentation request. Presentation request Id: [5f383ffa-846c-4393-bdbf-678aa460e863]
[20:34:59 DBG] Presentation request was not satisfied. AuthSession: [VCAuthn.Models.AuthSession]
[20:35:00 DBG] Processing authentication request for /vc/connect/poll.
[20:35:00 DBG] No matching request header found.
[20:35:00 DBG] AuthenticationScheme: API Key was not authenticated.
[20:35:00 DBG] Cannot find a session corresponding to the presentation request. Presentation request Id: [4163c211-3e4c-45af-b5b5-e06ede4609c6]
```
Any clue ?

ianco (Fri, 19 Nov 2021 20:41:27 GMT):

This command grabs the docker IP:  https://github.com/bcgov/aries-vcr-issuer-controller/blob/master/docker/manage#L3

LedgerXYZ (Fri, 19 Nov 2021 20:41:32 GMT):

Is that the DOCKERHOST IP or the 0.0.0.0

ianco (Fri, 19 Nov 2021 20:41:37 GMT):

Check to see what that returns in google cloud

ianco (Fri, 19 Nov 2021 20:42:18 GMT):

DOCKERHOST IP

swcurran (Fri, 19 Nov 2021 20:44:07 GMT):

Akiff ^^^^

swcurran (Fri, 19 Nov 2021 20:44:19 GMT):

@amanji

LedgerXYZ (Fri, 19 Nov 2021 20:44:42 GMT):

That returns 172.17.0.4

amanji (Fri, 19 Nov 2021 20:45:08 GMT):

What type of credential are you using?

bruno.hivert (Fri, 19 Nov 2021 20:45:40 GMT):

We are using the default one issued by the bcgov issuer-kit demo

amanji (Fri, 19 Nov 2021 20:46:50 GMT):

The output above is from the QR code login screen. It polls for agent messages and will continuously output a 400 error until it gets a valid response

amanji (Fri, 19 Nov 2021 20:46:50 GMT):

The output above is from the QR code login screen. It polls for agent messages and will continuously output a 400 error until it gets a valid response from the agent

amanji (Fri, 19 Nov 2021 20:47:29 GMT):

Are you getting any errors on the wallet side?

amanji (Fri, 19 Nov 2021 20:48:46 GMT):

Are you running the chat locally?

bruno.hivert (Fri, 19 Nov 2021 20:49:22 GMT):

We are getting something like `cannot send proof` from the wallets.

bruno.hivert (Fri, 19 Nov 2021 20:50:06 GMT):

And we are running our demo through internet-reachable endpoints, via a combination of firewall/haproxy

bruno.hivert (Fri, 19 Nov 2021 20:51:56 GMT):

Here are the container's ports exposed:
```
3030
5000
5678
5679
8000
8180
```

amanji (Fri, 19 Nov 2021 20:52:42 GMT):

Ok, I will try running it locally. Couple things I'd like to test is whether the proof-request is configured correctly on the verifier side and whether any additional configurations need to be set-up in keycloak

bruno.hivert (Fri, 19 Nov 2021 20:54:35 GMT):

OK thanks:
By the way, we are making sure the back-ends generate the proper url.
For example, the first entry point is:
https://chat-app-verifier.staging.idlab.app:8000/
You should be able to reach it.

bruno.hivert (Fri, 19 Nov 2021 20:54:52 GMT):

You should be able to reach it

amanji (Fri, 19 Nov 2021 20:55:25 GMT):

Yeah just wondering if there are some extra manual setup needed (that the docs don't have, :( )

amanji (Fri, 19 Nov 2021 20:55:25 GMT):

Yeah just wondering if there are some extra manual setup needed (that the docs don't have :( )

bruno.hivert (Fri, 19 Nov 2021 20:55:29 GMT):

I have the nagging feeling that we are missing something obvious and simple, but we cannot put our collective finger on it

fethbita (Fri, 19 Nov 2021 20:56:57 GMT):

Does using attr::::value restriction for self attested attributes work? Or are they only for revealed fields?

fethbita (Fri, 19 Nov 2021 21:03:57 GMT):

I would like to use it as a filter for self attested attributes however it doesn't verify

ianco (Fri, 19 Nov 2021 21:10:19 GMT):

I don't think you can provide filters or restrictions for self-attested attributes

ianco (Fri, 19 Nov 2021 21:11:33 GMT):

FYI I ran a quick test and I can't even build the issuer-controller repo in the google cloud shell, I get an error that the SSL libraries are missing

fethbita (Fri, 19 Nov 2021 21:23:49 GMT):

If only restriction is attr value, why wouldn't it verify if the user is sending a self_attested?

LedgerXYZ (Fri, 19 Nov 2021 21:30:36 GMT):

Run `export LD_LIBRARY_PATH=/usr/local/lib`

ianco (Fri, 19 Nov 2021 21:31:11 GMT):

If there are any restrictions then the attribute has to be provided from a credential.  If there are no restrictions then the user can provide a self-attested value.

ianco (Fri, 19 Nov 2021 21:31:37 GMT):

There's no other way (currently) to specify that a self-attested value is acceptable

ianco (Fri, 19 Nov 2021 21:32:00 GMT):

ah ok will give that a try thanks

LedgerXYZ (Fri, 19 Nov 2021 21:32:57 GMT):

You're welcome

fethbita (Fri, 19 Nov 2021 21:33:06 GMT):

I see, I guess I could use the name field to add a restriction and filter on user side myself then

fethbita (Fri, 19 Nov 2021 21:33:08 GMT):

Thank you

fethbita (Fri, 19 Nov 2021 21:36:35 GMT):

Oh one question, if there is no restrictions and I ask for an attribute, when the user replies, shouldn't it verify?

fethbita (Fri, 19 Nov 2021 21:37:08 GMT):

{
    "uuid": {
        "name": "lastname"
    }
}

fethbita (Fri, 19 Nov 2021 21:37:08 GMT):

```{
    "uuid": {
        "name": "lastname"
    }
}
```

fethbita (Fri, 19 Nov 2021 21:37:08 GMT):

```{
    "auto_present":false,
    "connection_id":"fd58ac7f-3916-4009-ba7f-38e0956e71bf",
    "created_at":"2021-11-19 21:34:08.849984Z",
    "initiator":"self",
    "presentation":{
        "identifiers":[
            
        ],
        "proof":{
            "aggregated_proof":{
                "c_hash":"9935372268634209619393916039241313155499375801770424988615407051346950335130",
                "c_list":[
                    
                ]
            },
            "proofs":[
                
            ]
        },
        "requested_proof":{
            "predicates":{
                
            },
            "revealed_attrs":{
                
            },
            "self_attested_attrs":{
                "bloodType":"O-"
            },
            "unrevealed_attrs":{
                
            }
        }
    },
    "presentation_exchange_id":"1f10fada-1d07-4942-8105-63da3ae7a448",
    "presentation_request":{
        "name":"Proof Request",
        "nonce":"73147646988739093854844",
        "requested_attributes":{
            "2f778c3d-b47d-49ae-8c70-7ccee15a2f20":{
                "name":"bloodType"
            }
        },
        "requested_predicates":{
            
        },
        "version":"1.0"
    },
    "presentation_request_dict":{
        "@id":"846d33b6-0dbe-4ee2-9652-fa45f9112991",
        "@type":"did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/present-proof/1.0/request-presentation",
        "comment":"comment",
        "request_presentations~attach":[
            {
                "@id":"libindy-request-presentation-0",
                "data":{
                    "base64":"eyJuYW1lIjogIlByb29mIFJlcXVlc3QiLCAibm9uX3Jldm9rZWQiOiB7InRvIjogMTYzNzM1NzY0OH0sICJyZXF1ZXN0ZWRfYXR0cmlidXRlcyI6IHsiMmY3NzhjM2QtYjQ3ZC00OWFlLThjNzAtN2NjZWUxNWEyZjIwIjogeyJuYW1lIjogImJsb29kVHlwZSJ9fSwgInJlcXVlc3RlZF9wcmVkaWNhdGVzIjoge30sICJ2ZXJzaW9uIjogIjEuMCIsICJub25jZSI6ICI3MzE0NzY0Njk4ODczOTA5Mzg1NDg0NCJ9"
                },
                "mime-type":"application/json"
            }
        ],
        "~trace":{
            "full_thread":true,
            "target":"log",
            "trace_reports":[
                
            ]
        }
    },
    "role":"verifier",
    "state":"verified",
    "thread_id":"846d33b6-0dbe-4ee2-9652-fa45f9112991",
    "trace":true,
    "updated_at":"2021-11-19 21:34:29.314953Z",
    "verified":"false"
}
```

fethbita (Fri, 19 Nov 2021 21:39:14 GMT):

Something like this should verify, shouldn't it? Can I find out why it wouldn't?

LedgerXYZ (Fri, 19 Nov 2021 22:14:08 GMT):

Do you know where the controller gets the host value `myorg-agent` that it uses to connect to the agent.  It is not apparent to me where it comes and from and if it can be set through an environment variable

ianco (Sat, 20 Nov 2021 01:06:09 GMT):

It should verify, what are you sending for the presentation request?

fethbita (Sat, 20 Nov 2021 18:43:16 GMT):

```
name	"Proof Request"
non_revoked	
to	1637357648
requested_attributes	
2f778c3d-b47d-49ae-8c70-7ccee15a2f20	
name	"bloodType"
requested_predicates	{}
version	"1.0"
nonce	"73147646988739093854844"
```

fethbita (Sat, 20 Nov 2021 18:43:16 GMT):

```
{
    "name":"Proof Request",
    "non_revoked":{
        "to":1637357648
    },
    "requested_attributes":{
        "2f778c3d-b47d-49ae-8c70-7ccee15a2f20":{
            "name":"bloodType"
        }
    },
    "requested_predicates":{
        
    },
    "version":"1.0",
    "nonce":"73147646988739093854844"
}
```

fethbita (Sat, 20 Nov 2021 18:43:20 GMT):

Looks like this

fethbita (Sat, 20 Nov 2021 18:43:56 GMT):

But I figured out the problem

fethbita (Sat, 20 Nov 2021 18:44:42 GMT):

It shouldn't send it 
```
            "self_attested_attrs":{
                "bloodType":"O-"
            },
``` like this but like 
```
            "self_attested_attrs":{
                "2f778c3d-b47d-49ae-8c70-7ccee15a2f20":"O-"
            },
``` like this instead

address-ledger (Sun, 21 Nov 2021 01:35:00 GMT):

I was finally able to resolve this issue with the following configuration inside a `.env` file:

LedgerXYZ (Sun, 21 Nov 2021 15:30:46 GMT):

I was able to resolve this issue by reconfiguring end point values and separating the agents + its database from the rest of the components.

LedgerXYZ (Sun, 21 Nov 2021 15:31:26 GMT):

Thanks so much for helping me

ffendt (Mon, 22 Nov 2021 12:27:52 GMT):

Hi there,
I'm currently trying out the `use_existing_connection` flag in the Out-of-Band protocol. For this, I create two invitations at the inviter and receive both at the invitee. When receiving the second invitation at the oob endpoint, the invitee gets back the already active connection. This looks fine. However, the inviter will still see the invitation in its connections (`/connections` route). So the inviter will have two connections: an active connection and a connection in state "invitation". Is this the expected outcome, or should the second invitation also be somehow deleted automatically? Your help is always appreciated

swcurran (Mon, 22 Nov 2021 14:01:50 GMT):

Good question.  I think the second should be deleted.  Perhaps open an issue on this?

swcurran (Mon, 22 Nov 2021 14:02:08 GMT):

@shaanjot.gill -- can you please take a look at this?

ffendt (Mon, 22 Nov 2021 14:18:35 GMT):

Okay thanks, I think I'll be able to open an issue on this tomorrow.

swcurran (Mon, 22 Nov 2021 18:12:03 GMT):

Starting aries-mediator-service discussion

ffendt (Tue, 23 Nov 2021 07:28:18 GMT):

Opened an issue: https://github.com/hyperledger/aries-cloudagent-python/issues/1511

swcurran (Tue, 23 Nov 2021 18:23:50 GMT):

Thanks -- @shaanjot.gill is looking at it.

Prasad8 2 (Wed, 24 Nov 2021 04:24:47 GMT):

Has joined the channel.

Prasad8 2 (Wed, 24 Nov 2021 04:24:48 GMT):

Hi All, I have a question . Does Aries agent cloud python implementation also acts as mediator service that can store message when the mobile is offline and delivers when the mobile is online. How this is being achieved  ? Sorry I am not able to find the instructions on this specific question in the docs. Please help me

kukgini (Wed, 24 Nov 2021 07:51:32 GMT):

Hi here. I'm trying to run issuer agent by this options and register new cred_def for test. but failed. Someone help me? 
start options:
```
#!/bin/bash

inbound_port=8080
admin_port=9000
params=(
 --log-level 'debug'
 --public-invites
 --endpoint '${ENDPOINT_URL:-http://localhost:8080}'
 --auto-provision
 --auto-ping-connection
 --auto-respond-messages
 --auto-accept-invites
 --auto-accept-requests
 --auto-store-credential
 --auto-respond-credential-offer
 --inbound-transport http 0.0.0.0 ${inbound_port}
 --outbound-transport http
 --admin 0.0.0.0 ${admin_port}
 --admin-insecure-mode
 --wallet-name issuer
 --wallet-key issuer
 --preserve-exchange-records
 --seed my_seed_000000000000000000000009
 --genesis-url http://test.bcovrin.vonx.io/genesis
 --wallet-storage-type default
)

PORTS="${inbound_port} ${admin_port}" $(pwd)/scripts/run_docker start ${params[@]}
```
error log:
```
2021-11-24 07:38:11,394 aries_cloudagent.admin.server ERROR Handler error with exception: No ledger available

=================
Traceback (most recent call last):
  File "/home/indy/aries_cloudagent/admin/server.py", line 163, in ready_middleware
    return await handler(request)
  File "/home/indy/aries_cloudagent/admin/server.py", line 200, in debug_middleware
    return await handler(request)
  File "/home/indy/.pyenv/versions/3.6.13/lib/python3.6/site-packages/aiohttp_apispec/middlewares.py", line 45, in validation_middleware
    return await handler(request)
  File "/home/indy/aries_cloudagent/admin/server.py", line 383, in setup_context
    return await task
  File "/home/indy/aries_cloudagent/messaging/credential_definitions/routes.py", line 224, in credential_definitions_send_credential_definition
    raise web.HTTPForbidden(reason=reason)
aiohttp.web_exceptions.HTTPForbidden: No ledger available
2021-11-24 07:38:11,404 aiohttp.access INFO 172.17.0.1 [24/Nov/2021:07:38:11 +0000] "POST /credential-definitions HTTP/1.1" 403 363 "https://d294-34-64-163-139.ngrok.io/api/doc" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.1 Safari/605.1.15"
```

kukgini (Wed, 24 Nov 2021 07:51:32 GMT):

Hi here. I'm trying to run issuer agent by this options and register new `cred_def` for test. but failed. Someone help me? 
start options:
```
#!/bin/bash

inbound_port=8080
admin_port=9000
params=(
 --log-level 'debug'
 --public-invites
 --endpoint '${ENDPOINT_URL:-http://localhost:8080}'
 --auto-provision
 --auto-ping-connection
 --auto-respond-messages
 --auto-accept-invites
 --auto-accept-requests
 --auto-store-credential
 --auto-respond-credential-offer
 --inbound-transport http 0.0.0.0 ${inbound_port}
 --outbound-transport http
 --admin 0.0.0.0 ${admin_port}
 --admin-insecure-mode
 --wallet-name issuer
 --wallet-key issuer
 --preserve-exchange-records
 --seed my_seed_000000000000000000000009
 --genesis-url http://test.bcovrin.vonx.io/genesis
 --wallet-storage-type default
)

PORTS="${inbound_port} ${admin_port}" $(pwd)/scripts/run_docker start ${params[@]}
```
error log:
```
2021-11-24 07:38:11,394 aries_cloudagent.admin.server ERROR Handler error with exception: No ledger available

=================
Traceback (most recent call last):
  File "/home/indy/aries_cloudagent/admin/server.py", line 163, in ready_middleware
    return await handler(request)
  File "/home/indy/aries_cloudagent/admin/server.py", line 200, in debug_middleware
    return await handler(request)
  File "/home/indy/.pyenv/versions/3.6.13/lib/python3.6/site-packages/aiohttp_apispec/middlewares.py", line 45, in validation_middleware
    return await handler(request)
  File "/home/indy/aries_cloudagent/admin/server.py", line 383, in setup_context
    return await task
  File "/home/indy/aries_cloudagent/messaging/credential_definitions/routes.py", line 224, in credential_definitions_send_credential_definition
    raise web.HTTPForbidden(reason=reason)
aiohttp.web_exceptions.HTTPForbidden: No ledger available
2021-11-24 07:38:11,404 aiohttp.access INFO 172.17.0.1 [24/Nov/2021:07:38:11 +0000] "POST /credential-definitions HTTP/1.1" 403 363 "https://d294-34-64-163-139.ngrok.io/api/doc" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.1 Safari/605.1.15"
```

kukgini (Wed, 24 Nov 2021 07:51:32 GMT):

Hi here. I'm trying to run issuer agent and register new `cred_def`. But failed. Please help me. 
start options:
```
#!/bin/bash

inbound_port=8080
admin_port=9000
params=(
 --log-level 'debug'
 --public-invites
 --endpoint '${ENDPOINT_URL:-http://localhost:8080}'
 --auto-provision
 --auto-ping-connection
 --auto-respond-messages
 --auto-accept-invites
 --auto-accept-requests
 --auto-store-credential
 --auto-respond-credential-offer
 --inbound-transport http 0.0.0.0 ${inbound_port}
 --outbound-transport http
 --admin 0.0.0.0 ${admin_port}
 --admin-insecure-mode
 --wallet-name issuer
 --wallet-key issuer
 --preserve-exchange-records
 --seed my_seed_000000000000000000000009
 --genesis-url http://test.bcovrin.vonx.io/genesis
 --wallet-storage-type default
)

PORTS="${inbound_port} ${admin_port}" $(pwd)/scripts/run_docker start ${params[@]}
```
error log:
```
2021-11-24 07:38:11,394 aries_cloudagent.admin.server ERROR Handler error with exception: No ledger available

=================
Traceback (most recent call last):
  File "/home/indy/aries_cloudagent/admin/server.py", line 163, in ready_middleware
    return await handler(request)
  File "/home/indy/aries_cloudagent/admin/server.py", line 200, in debug_middleware
    return await handler(request)
  File "/home/indy/.pyenv/versions/3.6.13/lib/python3.6/site-packages/aiohttp_apispec/middlewares.py", line 45, in validation_middleware
    return await handler(request)
  File "/home/indy/aries_cloudagent/admin/server.py", line 383, in setup_context
    return await task
  File "/home/indy/aries_cloudagent/messaging/credential_definitions/routes.py", line 224, in credential_definitions_send_credential_definition
    raise web.HTTPForbidden(reason=reason)
aiohttp.web_exceptions.HTTPForbidden: No ledger available
2021-11-24 07:38:11,404 aiohttp.access INFO 172.17.0.1 [24/Nov/2021:07:38:11 +0000] "POST /credential-definitions HTTP/1.1" 403 363 "https://d294-34-64-163-139.ngrok.io/api/doc" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.1 Safari/605.1.15"
```

etschelp (Wed, 24 Nov 2021 09:56:17 GMT):

Creating a credDef means writing to the ledger. Write access is not given per default and your did needs to have the endorser role associated with it. Therefore you need to create a random seed like --seed a941addc766f40c2a2982748fc0202b1 and register it in the  form "authenticate a new did" that is available under http://test.bcovrin.vonx.io

kukgini (Wed, 24 Nov 2021 09:59:40 GMT):

I register DID `4sNJyGwuWgGzV6pQTpunCZ` as `endorser` with this seed `my_seed_000000000000000000000009` today.

kukgini (Wed, 24 Nov 2021 09:59:40 GMT):

I registered DID `4sNJyGwuWgGzV6pQTpunCZ` as `endorser` with this seed `my_seed_000000000000000000000009` today.

kukgini (Wed, 24 Nov 2021 10:03:50 GMT):



endorser.png

etschelp (Wed, 24 Nov 2021 11:15:13 GMT):

try setting` --wallet-type indy`

kukgini (Wed, 24 Nov 2021 11:53:14 GMT):

Thanks @etschelp It just works !!

swcurran (Wed, 24 Nov 2021 14:54:59 GMT):

Yes, ACA-Py can be set up as that.

If you just need a mediator and don't need to run it yourself for development, you can use the Indicio Public Mediator (built on ACA-Py) -- https://indicio-tech.github.io/mediator/

The Indicio repo https://github.com/Indicio-tech/infra-mediator is the source of that.  We're going to be making that repo into "aries-mediator-service" to make a mediator easy to deploy.

ffendt (Thu, 25 Nov 2021 12:37:28 GMT):

Hi there, I'm currently still struggling a bit with out-of-band invitations. If I understand it correctly: If I want to use the `use_existing_connection` flag in the invitee, I will need to use the public_did in the inviter. When using `public_did=true` in the inviter, the inviter will create a connection with `invitation_key == public_did.verkey`. When providing multiple of those invitations, the inviter will have multiple connections with this `invitation_key` in its database. When the inviter receives a request from one of the invitees, it will try to find the corresponding connection (or invitation), but find multiple connections and fail with a `StorageDuplicateError`. Is it currently possible to provide multiple invitations with oob using the public_did? If not, is this something which should be possible in the future?

Prasad8 2 (Thu, 25 Nov 2021 14:01:59 GMT):

Thanks !!

weiiv (Thu, 25 Nov 2021 17:10:20 GMT):

Got a quick question, when user declines “connection invitation” or rejects “credential offer”, will aca-py send webhook to controler?

etschelp (Fri, 26 Nov 2021 11:45:02 GMT):

For credential or presentation flows the user facing controller needs to send a problem_report message to end the exchange, only then a webhook event is sent. For connections there is now such event and the connection state will stay on request_sent in this case.

etschelp (Fri, 26 Nov 2021 11:45:02 GMT):

For credential or presentation flows the user facing controller needs to send a problem_report message to end the exchange, only then a webhook event is sent. For connections there is no such event and the connection state will stay on request_sent in this case.

etschelp (Fri, 26 Nov 2021 11:50:34 GMT):

As far as I know the abandon connection protocol is not implemented - https://github.com/hyperledger/aries-rfcs/blob/main/features/0030-sync-connection/abandon-connection-protocol/README.md

Or the sync connection protocol - https://github.com/hyperledger/aries-rfcs/blob/main/features/0030-sync-connection/README.md

LedgerXYZ (Fri, 26 Nov 2021 15:43:23 GMT):

Good day to you all.  I am running Aries VCR and Arries Issuer Controller services.  In the read me, it suggests that one can use web forms that are dynamically generated by Javascript and included in the `routes.yml` file like so```js_includes:
    - src: js/bc_registries.js```.  How does one actually access this web form?

swcurran (Fri, 26 Nov 2021 16:42:14 GMT):

@amanji @wadeking98 ^^^^

esune (Fri, 26 Nov 2021 18:11:20 GMT):

I will just note that the `routes` functionality was never meant to be a production feature, more for demo/troubleshooting.

The route path exposed in the `routes.yml` *should* respond with that js file, but I am not sure the newer versions of the `aries-vcr-issuer-controller` even support that anymore - c.c. @ianco

ianco (Fri, 26 Nov 2021 18:23:39 GMT):

@esune  Correct the latest issuer agent doesn't support the `routes` configuration, we left it in in case we ever decided to re-add this.  (It was a feature of the old "von-x" agent, and used in the "greenlight" demo)

LedgerXYZ (Fri, 26 Nov 2021 18:24:44 GMT):

@ianco @essu

LedgerXYZ (Fri, 26 Nov 2021 18:24:44 GMT):

@ianco @esune thanks for your update.  It will save me ours of trying to figure this thing out.  So to be clear, the current version completely ignores the entire `routes.yml` file or just the dynamic form capabilities?

ianco (Fri, 26 Nov 2021 18:29:57 GMT):

I think it's ignoring the whole `routes` file

LedgerXYZ (Fri, 26 Nov 2021 18:58:21 GMT):

Awesome thanks.

LedgerXYZ (Sat, 27 Nov 2021 01:20:12 GMT):

To properly configure the Aries vcr issuer controller what are appropriate values for the `APPLICATION_URL` ?  The ```manage``` files suggest that the `DOCKERHOST` configuration variable is either the host IP or a value set by `APPLICATION_URL` is this an accurate interpretation? If not I will assume the url is a full URL including the `http` and the port.  What `port` is application referring to?

LedgerXYZ (Sat, 27 Nov 2021 01:20:12 GMT):



LedgerXYZ (Sat, 27 Nov 2021 01:27:18 GMT):

These are my error logs using just the host IP as the APPLICATION_URL:

LedgerXYZ (Sat, 27 Nov 2021 01:27:35 GMT):

```bcreg-controller_1  | Initializing app ...
bcreg-controller_1  | Exception in thread Thread-1:
bcreg-controller_1  | Traceback (most recent call last):
bcreg-controller_1  |   File "/home/indy/.pyenv/versions/3.6.8/lib/python3.6/site-packages/urllib3/connection.py", line 175, in _new_conn
bcreg-controller_1  |     (self._dns_host, self.port), self.timeout, **extra_kw
bcreg-controller_1  |   File "/home/indy/.pyenv/versions/3.6.8/lib/python3.6/site-packages/urllib3/util/connection.py", line 96, in create_connection
bcreg-controller_1  |     raise err
bcreg-controller_1  |   File "/home/indy/.pyenv/versions/3.6.8/lib/python3.6/site-packages/urllib3/util/connection.py", line 86, in create_connection
bcreg-controller_1  |     sock.connect(sa)
bcreg-controller_1  | ConnectionRefusedError: [Errno 111] Connection refused
bcreg-controller_1  | 
bcreg-controller_1  | During handling of the above exception, another exception occurred:
bcreg-controller_1  | 
bcreg-controller_1  | Traceback (most recent call last):
bcreg-controller_1  |   File "/home/indy/.pyenv/versions/3.6.8/lib/python3.6/site-packages/urllib3/connectionpool.py", line 706, in urlopen
bcreg-controller_1  |     chunked=chunked,
bcreg-controller_1  |   File "/home/indy/.pyenv/versions/3.6.8/lib/python3.6/site-packages/urllib3/connectionpool.py", line 394, in _make_request
bcreg-controller_1  |     conn.request(method, url, **httplib_request_kw)
bcreg-controller_1  |   File "/home/indy/.pyenv/versions/3.6.8/lib/python3.6/site-packages/urllib3/connection.py", line 239, in request
bcreg-controller_1  |     super(HTTPConnection, self).request(method, url, body=body, headers=headers)
bcreg-controller_1  |   File "/home/indy/.pyenv/versions/3.6.8/lib/python3.6/http/client.py", line 1239, in request
bcreg-controller_1  |     self._send_request(method, url, body, headers, encode_chunked)
bcreg-controller_1  |   File "/home/indy/.pyenv/versions/3.6.8/lib/python3.6/http/client.py", line 1285, in _send_request
bcreg-controller_1  |     self.endheaders(body, encode_chunked=encode_chunked)
bcreg-controller_1  |   File "/home/indy/.pyenv/versions/3.6.8/lib/python3.6/http/client.py", line 1234, in endheaders
bcreg-controller_1  |     self._send_output(message_body, encode_chunked=encode_chunked)
bcreg-controller_1  |   File "/home/indy/.pyenv/versions/3.6.8/lib/python3.6/http/client.py", line 1026, in _send_output
bcreg-controller_1  |     self.send(msg)
bcreg-controller_1  |   File "/home/indy/.pyenv/versions/3.6.8/lib/python3.6/http/client.py", line 964, in send
bcreg-controller_1  |     self.connect()
bcreg-controller_1  |   File "/home/indy/.pyenv/versions/3.6.8/lib/python3.6/site-packages/urllib3/connection.py", line 205, in connect
bcreg-controller_1  |     conn = self._new_conn()
bcreg-controller_1  |   File "/home/indy/.pyenv/versions/3.6.8/lib/python3.6/site-packages/urllib3/connection.py", line 187, in _new_conn
bcreg-controller_1  |     self, "Failed to establish a new connection: %s" % e
bcreg-controller_1  | urllib3.exceptions.NewConnectionError: : Failed to establish a new connection: [Errno 111] Connection refused
bcreg-controller_1  | 
bcreg-controller_1  | During handling of the above exception, another exception occurred:
bcreg-controller_1  | 
bcreg-controller_1  | Traceback (most recent call last):
bcreg-controller_1  |   File "/home/indy/.pyenv/versions/3.6.8/lib/python3.6/site-packages/requests/adapters.py", line 449, in send
bcreg-controller_1  |     timeout=timeout
bcreg-controller_1  |   File "/home/indy/.pyenv/versions/3.6.8/lib/python3.6/site-packages/urllib3/connectionpool.py", line 756, in urlopen
bcreg-controller_1  |     method, url, error=e, _pool=self, _stacktrace=sys.exc_info()[2] ```

LedgerXYZ (Sat, 27 Nov 2021 01:38:02 GMT):

I apologize in advance if it seems that I am trying to export my debugging struggles to the community. I have honestly put in countless weeks of effort into trying to properly configure these issuer agents and I have had rare but always fragile successes. So I figured I should reach out to the community for help in understanding what these variables refer to.   Ultimately my goal is to write a "newbie" guide that I can suggest to the community if approved

ffendt (Mon, 29 Nov 2021 10:38:21 GMT):

I created [an issue](https://github.com/hyperledger/aries-cloudagent-python/issues/1524) for this in the repo.

swcurran (Tue, 30 Nov 2021 14:46:41 GMT):

Folks - the ACA-Pug (Aries Cloud Agent Python User Group) meetings have been cancelled through the end of December, 2021 to enable participation in the Aries Mobile Summit (https://wiki.hyperledger.org/display/ARIES/Aries+2021+Mobile+Summit).

If anyone has any topics that they would like to discuss with the core Aries Cloud Agent Python team, please post a note and we'll see about arranging a meeting.  There is still a lot going on with ACA-Py, and the framework continues to improve and evolve on a continuous basis (11 PRs merged since the 0.7.2 Release of two weeks ago).

newbieTech (Thu, 02 Dec 2021 02:08:22 GMT):

Has joined the channel.

newbieTech (Thu, 02 Dec 2021 02:08:23 GMT):

Hello , could somebody point me to the right direction to create my own custom agent and controller  without using the command line.  I have completed the courses on edX and have managed to run the demos (faber and alice). I have tried to create the agent/controller based on the demo's code by just inheriting the functions from agent.py and agent_container.py. Is this the correct way ? (Sorry I do not  have much experience )

dbluhm (Thu, 02 Dec 2021 03:01:02 GMT):

I believe we've identified the bug fixed by @ianco in the PR linked below to be a critical bug for using ACA-Py 0.7.2 as a mediator or, more specifically, in being able to connect to agents without endpoints (mobile agents, toolbox, etc.) :confused: 
cc @swcurran

dbluhm (Thu, 02 Dec 2021 03:01:02 GMT):

I believe we've identified the bug fixed by @ianco in the PR linked below to be a critical bug for using ACA-Py 0.7.2 as a mediator or, more specifically, in being able to connect to agents without endpoints (mobile agents, toolbox, etc.) :confused: 
https://github.com/hyperledger/aries-cloudagent-python/pull/1469
cc @swcurran

swcurran (Thu, 02 Dec 2021 15:53:20 GMT):

So let's get 0.7.3 out ASAP?  I'd like to do that for other reasons.

swcurran (Thu, 02 Dec 2021 15:53:55 GMT):

All - please review the open PRs and let me know if any need to be addressed before an 0.7.3.  I'll start working towards that.

GuilhermeFunchal (Thu, 02 Dec 2021 22:47:41 GMT):

Hello, When I use credentials in w3c json-ld format, How can I control revocations ?

GuilhermeFunchal (Thu, 02 Dec 2021 22:52:53 GMT):

revoke credential

swcurran (Fri, 03 Dec 2021 17:07:12 GMT):

The implementation we have done today has no revocation support. An implementation of the approach proposed by Digital Bazaar could be done -- RevocationList2020 -- https://w3c-ccg.github.io/vc-status-rl-2020/

LedgerXYZ (Fri, 03 Dec 2021 17:50:09 GMT):

Hello all, I have using the Aries VCR with default docker environment configurations. When I use the Aries VCR client to search for credentials, I get this error for the `solr service`:    ```vcr-api_1     | ERROR 2021-12-03 17:43:40,616 solr_backend 119 140399578519296 Failed to query Solr using '((name_text_suggest:(iam) OR name_text_precise:(iam^10) OR address_civic_address_suggest:(iam) OR address_civic_address_precise:(iam^10) OR topic_source_id_suggest:(iam) OR topic_source_id_precise:(iam^10)) AND ((address_credential_inactive:("false") OR name_credential_inactive:("false") OR topic_all_credentials_inactive:("false")) AND (address_credential_revoked:("false") OR name_credential_revoked:("false") OR topic_all_credentials_revoked:("false"))))': Solr responded with an error (HTTP 404): [Reason: Error 404 Not Found]
vcr-api_1     | Traceback (most recent call last):
vcr-api_1     |   File "/home/indy/.pyenv/versions/3.6.8/lib/python3.6/site-packages/haystack/backends/solr_backend.py", line 138, in search
vcr-api_1     |     raw_results = self.conn.search(query_string, **search_kwargs)
vcr-api_1     |   File "/home/indy/.pyenv/versions/3.6.8/lib/python3.6/site-packages/pysolr.py", line 827, in search
vcr-api_1     |     response = self._select(params, handler=search_handler)
vcr-api_1     |   File "/home/indy/.pyenv/versions/3.6.8/lib/python3.6/site-packages/pysolr.py", line 488, in _select
vcr-api_1     |     return self._send_request("get", path)
vcr-api_1     |   File "/home/indy/.pyenv/versions/3.6.8/lib/python3.6/site-packages/pysolr.py", line 463, in _send_request
vcr-api_1     |     raise SolrError(error_message % (resp.status_code, solr_message))
vcr-api_1     | pysolr.SolrError: Solr responded with an error (HTTP 404): [Reason: Error 404 Not Found]```

LedgerXYZ (Fri, 03 Dec 2021 17:51:38 GMT):

From researching these error, I found that it is raised when a solr core name isn't specified

dbluhm (Fri, 03 Dec 2021 17:52:08 GMT):

In addition to #1469 (of course :slight_smile: ), would love to see #1501 and #1530 make it in as well, if possible.

swcurran (Fri, 03 Dec 2021 17:52:17 GMT):

@ianco This one is likely for you...

LedgerXYZ (Fri, 03 Dec 2021 17:53:11 GMT):

Thanks @swcurran, you're always on top of things

LedgerXYZ (Fri, 03 Dec 2021 17:54:28 GMT):

I see that in the settings.py, the solr url does in fact include the solr core name, and I can verify that the name is present in my docker container environment

LedgerXYZ (Fri, 03 Dec 2021 17:59:38 GMT):

Error: I should have said `haystack.py` instead of `settings.py`.  The relevant code is here: https://github.com/bcgov/aries-vcr/blob/86f0d3299c58f63d35950a6bfbcd7f8cc33caf58/server/vcr-server/vcr_server/haystack.py#L36

ianco (Fri, 03 Dec 2021 18:14:51 GMT):

I'm not sure what would cause this.  @LedgerXYZ can you provide more details on how you're calling the search?  Also please attach the full Aries-VCR log files, there may be a startup error happening ...

LedgerXYZ (Fri, 03 Dec 2021 18:53:34 GMT):

@ianco Thank you endlessly for prompt reply.  I am calling the search using the search bar in the Aries vcr agent UI

LedgerXYZ (Fri, 03 Dec 2021 18:54:26 GMT):

I am currently starting up my services and would provide a complete log as soon as everything starts up

LedgerXYZ (Fri, 03 Dec 2021 19:43:17 GMT):

Hello @ianco here is my vcr api logs.  Note that this log events were generated by startup activity and loading the Aries VCR client on the browser.  In other words search hasn't been performed yet

LedgerXYZ (Fri, 03 Dec 2021 19:45:53 GMT):



LedgerXYZ - Fri Dec 03 2021 13:45:29 GMT-0600 (Central Standard Time).txt

ianco (Fri, 03 Dec 2021 20:38:48 GMT):

Hi @LedgerXYZ , this error looks like it get raised when trying to add a new credential in Aries VCR:

```
ERROR 2021-12-03 19:23:54,553 pysolr 121 140304677345024 Solr responded with an error (HTTP 404): [Reason: Error 404 Not Found]
Failed to add documents to Solr: Solr responded with an error (HTTP 404): [Reason: Error 404 Not Found]
Traceback (most recent call last):
  File "/home/indy/agent_webhooks/utils/credential.py", line 444, in find_or_create_topic
    return (Topic.objects.get(**topic_spec), False)
  File "/home/indy/.pyenv/versions/3.6.8/lib/python3.6/site-packages/django/db/models/manager.py", line 82, in manager_method
    return getattr(self.get_queryset(), name)(*args, **kwargs)
  File "/home/indy/.pyenv/versions/3.6.8/lib/python3.6/site-packages/django/db/models/query.py", line 408, in get
    self.model._meta.object_name
api.v2.models.Topic.Topic.DoesNotExist: Topic matching query does not exist.
```

ianco (Fri, 03 Dec 2021 20:39:28 GMT):

(any of the `agent_webhooks` endpoints are called by the aca-py agent, not the aries-vcr application)

ianco (Fri, 03 Dec 2021 20:40:37 GMT):

Can you provide the full docker-compose logs?  It should include the logs of the solr processes starting up

LedgerXYZ (Sat, 04 Dec 2021 03:02:18 GMT):

ok

LedgerXYZ (Sat, 04 Dec 2021 04:47:17 GMT):

Sry about long delay.  I had a personal errands to attend to.  Please see the full docker logs for startup events.  I will also include logs AFTER an attempted search using the client UI

LedgerXYZ (Sat, 04 Dec 2021 04:54:08 GMT):

https://link.us1.storjshare.io/jvupnxonmen55mlu7fu2m3vqnkja/myorg-wallet-db%2Flogs.log.txt

LedgerXYZ (Sat, 04 Dec 2021 05:29:22 GMT):

@ianco Please find included the logs that were generated AFTER I issued credentials to the vcr.  You will notice that the errors are relative to adding files which is different from what I described using the client search function.  However, both the adding files errors and the search error I suspect are part of the same issue

LedgerXYZ (Sat, 04 Dec 2021 05:29:34 GMT):

https://link.us1.storjshare.io/jwcp6nsuwo4ag5j6alrtq5efsdna/myorg-wallet-db%2Fafter-credential-issued.log.txt

LedgerXYZ (Sat, 04 Dec 2021 05:38:09 GMT):

@ianco Below is the error log generated after a search for credentials is performed from the client UI

LedgerXYZ (Sat, 04 Dec 2021 05:38:17 GMT):

https://link.us1.storjshare.io/jvq26oeax6zhzuojsw7pe3ogbtma/myorg-wallet-db%2Fcredential-search-error.log.txt

LedgerXYZ (Sat, 04 Dec 2021 11:47:15 GMT):

@ianco I was finally able to resolve this issue.  The cause was I stubbornly used the solr image from docker hub to reduce build time.  This was obviously problematic because a critical build step is to add the solr core directory into the built solr image.  Now that I have added the core files everything works smoothly.  Thanks again for providing me help.

Prasad8 2 (Mon, 06 Dec 2021 14:42:13 GMT):

Hi All, Can someone pls help me to understand this. How in agent-agent communication the mediator components keeps track of mobile devices ? What is the driving factor and the attribute that the issuer or mediator component understands that a particular device is registered to send and receive message ? What happens if the mobile wallet holder, reinstalls the Indy wallet based mobile app in new device and restores from backup ? How the mediator component keeps track of the devices ?

swcurran (Mon, 06 Dec 2021 14:59:31 GMT):

Mediators and their clients establish a connection using DIDComm and so track each other using exchanged DIDs. Regards the restoration -- as long as the wallet storage is restored with the same DIDs, they will be able to continue to communicate with the mediator.

LedgerXYZ (Mon, 06 Dec 2021 15:39:20 GMT):

I will add that the value `ENDPOINT_URL` which is part of acapy startup, injects the DID's endpoint url into the did docs. This is the value used for agent to agent communication.   Note that this value is updated on agent startup if necessary.  In the case of a recovered wallet, I will assume that the wallet provider wouldn't need to update a url to your new device but will instead reroute communication to the new device using previous url. I don't know if this is separate from the more robust DID comm protocol referenced above by swcurran.

sauveergoel (Tue, 07 Dec 2021 18:25:11 GMT):

how can I issue a w3c credential @TimoGlastra

swcurran (Tue, 07 Dec 2021 20:20:54 GMT):

Have you tried this?  

https://github.com/hyperledger/aries-cloudagent-python/blob/main/demo/AliceWantsAJsonCredential.md

Prasad8 2 (Wed, 08 Dec 2021 05:26:22 GMT):

sure. thanks both

da3v21 (Thu, 09 Dec 2021 10:55:13 GMT):

Hello everyone. I'm working on adding a credential_revoked state in credential records. Can you tell your suggestions for this pull request : https://github.com/hyperledger/aries-cloudagent-python/pull/1545

swcurran (Thu, 09 Dec 2021 16:20:31 GMT):

@ianco @andrew.whitehead @shaanjot.gill

LedgerXYZ (Fri, 10 Dec 2021 12:53:13 GMT):

Hello acapy friends.  Is there a recommended / endorsed wallet that is fully compatible with the Business Partner Agent based on the following ledger configuration: BCovrin test network or Sovrin builder network?

`What apps have I tried?`

1. Lissi Wallet
2. Trinsic Wallet
3. Connect.me

`My initial result`

1. Agent to Wallet Connection:

Given a user that uses the `bpa` client application,
And the user initiates a partner connection, 
And the user uses the qr code method,
And the `bpa` client generates a qr code,
When the user scans the qr code using an android wallet,
Then the following happens:

i. If Lissi, connection is successful.  However, no DID is passed from wallet to bpa so subsequent communication is impossible.
ii. If Trinsic, connection fails. Trinsic Wallet receives bpa wallet data displaying agent name and intention to connect.  However, when user chooses "approve", wallet warns of error interpreting connection request.
iii. If Connect.me, connection is successful without errors.  `Bpa` initial trust pings are successful.  Future trust pings aren't although communication is still successful.

2. Issue Credential:

Given a user that has successfully connected a `bpa` application agent with a connect.me wallet,
When the user issues a credential from bpa to Wallet,
Then the following occurs:
i.  Credential is sent to Wallet successfully for approval
ii.  Wallet displays credential to user for approval
iii.  User chooses "approve"
iv.  Wallet informs user that it is receiving the credential and it will take some time
v.  Bpa errors to user that it has issued an "illegal" credential.
vi. Wallet informs user that credential receipt failed.

Other notes:
1. Lissi and Connect.me do not display what ledger they are connected to. I tested both sovrin builder and bcovrin test ledgers and my experience where as described above. Connect.me is somehow able to connect without preselecting the ledger used.
2. Trinsic gives the option to choose which ledger to use.
3. None of the wallets display user DID so that one can connect to bpa using the DID lookup method.

LedgerXYZ (Fri, 10 Dec 2021 12:55:40 GMT):

Hello acapy friends.  Is there a recommended / endorsed wallet that is fully compatible with the Business Partner Agent based on the following ledger configuration: BCovrin test network or Sovrin builder network?

`What apps have I tried?`

1. Lissi Wallet
2. Trinsic Wallet
3. Connect.me

`My initial result`

1. Agent to Wallet Connection:

Given a user that uses the `bpa` client application,
And the user initiates a partner connection, 
And the user uses the qr code method,
And the `bpa` client generates a qr code,
When the user scans the qr code using an android wallet,
Then the following happens:

i. If Lissi, connection is successful.  However, no DID is passed from wallet to bpa so subsequent communication is impossible.

ii. If Trinsic, connection fails. Trinsic Wallet receives bpa wallet data displaying agent name and intention to connect.  However, when user chooses "approve", wallet warns of error interpreting connection request.

iii. If Connect.me, connection is successful without errors.  `Bpa` initial trust pings are successful.  Future trust pings aren't although communication is still successful.

2. Issue Credential:

Given a user that has successfully connected a `bpa` application agent with a connect.me wallet,
When the user issues a credential from bpa to Wallet,
Then the following occurs:
i.  Credential is sent to Wallet successfully for approval

ii.  Wallet displays credential to user for approval

iii.  User chooses "approve"

iv.  Wallet informs user that it is receiving the credential and it will take some time

v.  Bpa errors to user that it has issued an "illegal" credential.

vi. Wallet informs user that credential receipt failed.

Other notes:
1. Lissi and Connect.me do not display what ledger they are connected to. I tested both sovrin builder and bcovrin test ledgers and my experience where as described above. Connect.me is somehow able to connect without preselecting the ledger used.
2. Trinsic gives the option to choose which ledger to use.
3. None of the wallets display user DID so that one can connect to bpa using the DID lookup method.

LedgerXYZ (Fri, 10 Dec 2021 13:02:58 GMT):

I do not work for nor am I in anyway associated with any of the wallets  mentioned.  I am simply testing out wallets that are compatible with bpa for my use case

LedgerXYZ (Fri, 10 Dec 2021 13:08:10 GMT):

I just discovered that there is a Business Partner Agent channel therefore I will now transfer my question there.  Thanks in advance to anyone that have already considered my question.

swcurran (Fri, 10 Dec 2021 15:28:20 GMT):

I was going to suggest the same thing.  FYI -- LISSI at least (and likely Connect.Me) use a multi-ledger approach. They pre-configure access to multiple ledgers and when resolving a new identifier, they check all the ledgers.  That functionality has been added to ACA-Py recently, so could be used in BPA.

swcurran (Fri, 10 Dec 2021 15:28:20 GMT):

I was going to suggest the same thing.  FYI -- LISSI at least (and likely Connect.Me) use a multi-ledger approach. They pre-configure access to multiple ledgers and when resolving a new identifier, they check all the ledgers.  That functionality has been added to ACA-Py recently, so could be used in BPA for verifying credentials from other agents.

Jsyro (Fri, 10 Dec 2021 18:14:02 GMT):

Is there a markdown or english description of the Alice Faber demo that is easy to share?

ianco (Fri, 10 Dec 2021 18:15:32 GMT):

Just the README that is in the demo folder (plus there are some additional docs that document specific scenarios, such as issuing to a mobile wallet)

Jsyro (Fri, 10 Dec 2021 18:17:28 GMT):

Hmm I want to write up how to execute the Alice Faber demo with the BPA, so I just want to the high level 'business' steps.

ianco (Fri, 10 Dec 2021 18:19:34 GMT):

Faber automatically creates a schema and cred def on startup, which are manual steps in BPA

ianco (Fri, 10 Dec 2021 18:20:16 GMT):

Faber also automatically creates an invitation (which is another manual step in BPA) which can then be accepted by Alice

ianco (Fri, 10 Dec 2021 18:21:01 GMT):

Once the connection is established you can issue a credential and ask for a proof - these are hard-coded in Faber (whereas BPA you need to construct the credential and proof request) and Alice is setup to auto-reply

Jsyro (Fri, 10 Dec 2021 18:22:12 GMT):

My goal was to compare the two, executing the Alice Faber steps with just an ACA-py agent, vs showing 'how easy it is' with the bpa. 

but I was hoping to avoid re-explaining the presmise of the alice faber example.

Jsyro (Fri, 10 Dec 2021 18:22:12 GMT):

I want to show executing the Alice Faber steps with just an ACA-py agent, then someone can compare and see 'how easy it is' with the bpa. 

but I was hoping to avoid re-explaining the presmise of the alice faber example.

ianco (Fri, 10 Dec 2021 18:23:01 GMT):

Using aca-py directly is described here:  https://github.com/hyperledger/aries-cloudagent-python/blob/main/demo/AriesOpenAPIDemo.md

ianco (Fri, 10 Dec 2021 18:24:33 GMT):

alice/faber is just a demo, it's not intended to be used ever in real life, and it's a demo focussed on developers (i.e. how can you code a controller to do x, y, z) rather than users

Jsyro (Fri, 10 Dec 2021 18:25:51 GMT):

Ok, so there is not a sequence diagram or english only description oof the demo. I don't think i want link to an aca-py tutorial. 

hmm interesting, i suppose i'm more looking for an explanation at the TOIP level than aca-py. level. sounds like that doesn't exist. all good.

Jsyro (Fri, 10 Dec 2021 18:25:51 GMT):

Ok, so there is not a sequence diagram or english only description oof the demo. I don't think i want link to an aca-py tutorial. 

hmm interesting, i suppose i'm more looking for an explanation at the TOIP level than aca-py level. sounds like that doesn't exist. all good.

ianco (Fri, 10 Dec 2021 18:26:58 GMT):

The english-only description of the demo is in the README, but it's more focussed on how to run it as opposed to what it does from a business perspective

LedgerXYZ (Sat, 11 Dec 2021 15:34:05 GMT):

@swcurran Sorry I missed your reply yesterday. I do not get notifications from this forum so I I have to manually check back.  Thanks for your information on multi ledger support.  I will implement it in my configuration.

LedgerXYZ (Sat, 11 Dec 2021 15:35:22 GMT):

Please let me know if there is a an app for this forum.  Thanks again for all that you do.

MikeRichardson (Mon, 13 Dec 2021 12:46:40 GMT):

I know that the aca-py tests are run using docker from scripts/run_tests. So can anyone tell me how I can get python print statements to appear on the console from these tests (I want to play around with some of the tests to learn how certain things work.)

MikeRichardson (Mon, 13 Dec 2021 12:46:40 GMT):

I know that the aca-py tests are run using docker from scripts/run_tests. So can anyone tell me how I can get python print statements to appear on the console from these tests (I want to play around with some of the tests to learn how certain things work)?

MikeRichardson (Mon, 13 Dec 2021 12:46:40 GMT):

I know that the aca-py tests are run using docker and pytest from scripts/run_tests. So can anyone tell me how I can get python print statements to appear on the console from these tests (I want to play around with some of the tests to learn how certain things work)?

sauveergoel (Mon, 13 Dec 2021 20:09:32 GMT):

Need help with the following error while issuing a W3C Cred:

aries_cloudagent.protocols.issue_credential.v2_0.formats.handler.V20CredFormatError: Received invalid credential: ], errors=[ValidationError(model='Ed25519VerificationKey2018', errors=[{'loc': ('publicKeyBase58',), 'msg': 'none is not an allowed value', 'type': 'type_error.none.not_allowed'}])])>

PaulWen (Tue, 14 Dec 2021 09:40:35 GMT):

I wasn't able to participate in the AcaPy Community Meetings for a while.. Are they still a thing? I am surprised to see that the last Meeting Notes are from 2021-11-02: https://wiki.hyperledger.org/display/ARIES/ACA-Pug+Meetings

swcurran (Tue, 14 Dec 2021 14:57:14 GMT):

The Aries Mobile Summit has been going on these last few weeks in the time of the ACA-Pug Meetings and so we've not been holding them. They will be restarting in January.  There is a lot to talk about!

swcurran (Tue, 14 Dec 2021 14:58:50 GMT):

Folks, today's ACA-Pug meeting is cancelled -- please join us at the Aries Mobile Summit.  https://wiki.hyperledger.org/display/ARIES/Aries+2021+Mobile+Summit

swcurran (Tue, 14 Dec 2021 20:03:39 GMT):

Folks, Aries Cloud Agent Python, Release 0.7.3-rc0 is now available on PyPi (https://pypi.org/project/aries-cloudagent/0.7.3rc0/), with docs on ReadTheDocs (https://aries-cloud-agent-python.readthedocs.io/en/0.7.3-rc0/). 

From the Changelog notice (https://github.com/hyperledger/aries-cloudagent-python/blob/main/CHANGELOG.md):

> *0.7.3-RC0* December 13, 2021
>
> This release includes some new AIP 2.0 features out (Revocation Notification and Discover Features 2.0), a major new feature for those using Indy ledger (multi-ledger support), and a fix for a critical bug in some mediator scenarios. The release also includes several new pieces of documentation (storage database information and logging) and some other documentation updates that make the ACA-Py Read The Docs site useful again. And of course, some recent bug fixes and cleanups are included.

We'll be releasing 0.7.3 final Real Soon Now -- at this moment there are no pending issues or PRs in the queue for this release.

swcurran (Tue, 14 Dec 2021 20:03:39 GMT):

Folks, Aries Cloud Agent Python, Release 0.7.3-rc0 is now available on PyPi (https://pypi.org/project/aries-cloudagent/0.7.3rc0/), with docs on ReadTheDocs (https://aries-cloud-agent-python.readthedocs.io/en/0.7.3-rc0/). 

From the Changelog notice (https://github.com/hyperledger/aries-cloudagent-python/blob/main/CHANGELOG.md):

> *0.7.3-RC0* December 13, 2021
>
> This release includes some new AIP 2.0 features (Revocation Notification and Discover Features 2.0), a major new feature for those using Indy ledger (multi-ledger support), and a fix for a critical bug in some mediator scenarios. The release also includes several new pieces of documentation (storage database information and logging) and some other documentation updates that make the ACA-Py Read The Docs site useful again. And of course, some recent bug fixes and cleanups are included.

We'll be releasing 0.7.3 final Real Soon Now -- at this moment there are no pending issues or PRs in the queue for this release.

dbluhm (Tue, 14 Dec 2021 22:26:45 GMT):

My team at Indicio will be doing in depth testing of the RC over the next couple of days; thanks for putting together this release!

newbieTech (Wed, 15 Dec 2021 04:49:20 GMT):

Hello , I do not understand this error 
2021-12-15 04:47:44,788 aries_cloudagent.transport.outbound.manager ERROR >>> Error when posting to: http://172.17.0.1:5000/webhooks/topic/connections/; Error: (, OutboundTransportError('Unexpected response status 404, caused by: NOT FOUND',), ); Re-queue failed message ...

etschelp (Wed, 15 Dec 2021 08:57:41 GMT):

This means you have started aca-py with the webhook option `--webhook-url http://...` and the application that listens for those events, in your case `http://172.17.0.1:5000/webhooks` responds with 404. Which means it does not know it should handle the route. Which means you need to adjust your controller accordingly, depending on the framework and language for example:
```
    @Post("/webhooks/topic/{eventType}")
    handle(WebHookEvent event) {}
```
or if you only interested in connection events do it  explicitly:
```
    @Post("/webhooks/topic/connections")
    handle(ConnectionRecord cr) {}
```

da3v21 (Thu, 16 Dec 2021 06:38:51 GMT):

@swcurran @ianco  this task is completed. I added credential_revoked state for V10credential records, should I also add support for V20credential records

sauveergoel (Thu, 16 Dec 2021 07:33:28 GMT):

@swcurran

etschelp (Thu, 16 Dec 2021 16:34:29 GMT):

Hey, I'm testing the new multi ledger features in the release candidate. When I try to resolve a did from a different ledger via _ /resolver/resolve/{did}_ I get:

```
 2021-12-16 15:28:09,214 indy.libindy.native.indy.services.ledger INFO 	src/services/ledger/mod.rs:137 | build_get_attrib_request() => Ok("{\"reqId\":1639668489214330900,\"identifier\":\"F6dB7dMVHUQSC64qemnBi7\",\"operation\":{\"type\":\"104\",\"dest\":\"NBUXM1kVv4yNVc6ezpaa94\",\"raw\":\"endpoint\"},\"protocolVersion\":2}")

 =================
 2021-12-16 15:28:09,240 aries_cloudagent.core.dispatcher ERROR Handler error: resolve_did
 Traceback (most recent call last):
   File "/home/indy/.pyenv/versions/3.6.13/lib/python3.6/site-packages/aries_cloudagent/resolver/routes.py", line 96, in resolve_did
     context.profile, did
   File "/home/indy/.pyenv/versions/3.6.13/lib/python3.6/site-packages/aries_cloudagent/resolver/did_resolver.py", line 73, in resolve_with_metadata
     resolver, doc = await self._resolve(profile, did)
   File "/home/indy/.pyenv/versions/3.6.13/lib/python3.6/site-packages/aries_cloudagent/resolver/did_resolver.py", line 54, in _resolve
     did,
   File "/home/indy/.pyenv/versions/3.6.13/lib/python3.6/site-packages/aries_cloudagent/resolver/base.py", line 146, in resolve
     return await self._resolve(profile, did)
   File "/home/indy/.pyenv/versions/3.6.13/lib/python3.6/site-packages/aries_cloudagent/resolver/default/indy.py", line 67, in _resolve
     Ed25519VerificationKey2018, ident="key-1", public_key_base58=recipient_key
   File "/home/indy/.pyenv/versions/3.6.13/lib/python3.6/site-packages/pydid/doc/builder.py", line 49, in add
     vmethod = type_.make(id=self._did.ref(ident), controller=controller, **kwargs)
   File "/home/indy/.pyenv/versions/3.6.13/lib/python3.6/site-packages/pydid/resource.py", line 106, in make
     return cls(**kwargs)
   File "/home/indy/.pyenv/versions/3.6.13/lib/python3.6/site-packages/pydid/verification_method.py", line 49, in __init__
     super().__init__(**data)
   File "pydantic/main.py", line 406, in pydantic.main.BaseModel.__init__
 pydantic.error_wrappers.ValidationError: 1 validation error for Ed25519VerificationKey2018
 publicKeyBase58
   none is not an allowed value (type=type_error.none.not_allowed)
```
I also tried with wallet-type askar but there aca-py wont start and I get:
```
aries_cloudagent.ledger.multiple_ledger.base_manager.MultipleLedgerManagerError: Multiledger is supported only for Indy SDK or Askar [Indy VDR] profile
```
How do I enable the vdr profile?

etschelp (Thu, 16 Dec 2021 16:34:29 GMT):

Hey, I'm testing the new multi ledger features in the release candidate. When I try to resolve a did from a different ledger via /resolver/resolve/{did} I get:

```
 2021-12-16 15:28:09,214 indy.libindy.native.indy.services.ledger INFO 	src/services/ledger/mod.rs:137 | build_get_attrib_request() => Ok("{\"reqId\":1639668489214330900,\"identifier\":\"F6dB7dMVHUQSC64qemnBi7\",\"operation\":{\"type\":\"104\",\"dest\":\"NBUXM1kVv4yNVc6ezpaa94\",\"raw\":\"endpoint\"},\"protocolVersion\":2}")

 =================
 2021-12-16 15:28:09,240 aries_cloudagent.core.dispatcher ERROR Handler error: resolve_did
 Traceback (most recent call last):
   File "/home/indy/.pyenv/versions/3.6.13/lib/python3.6/site-packages/aries_cloudagent/resolver/routes.py", line 96, in resolve_did
     context.profile, did
   File "/home/indy/.pyenv/versions/3.6.13/lib/python3.6/site-packages/aries_cloudagent/resolver/did_resolver.py", line 73, in resolve_with_metadata
     resolver, doc = await self._resolve(profile, did)
   File "/home/indy/.pyenv/versions/3.6.13/lib/python3.6/site-packages/aries_cloudagent/resolver/did_resolver.py", line 54, in _resolve
     did,
   File "/home/indy/.pyenv/versions/3.6.13/lib/python3.6/site-packages/aries_cloudagent/resolver/base.py", line 146, in resolve
     return await self._resolve(profile, did)
   File "/home/indy/.pyenv/versions/3.6.13/lib/python3.6/site-packages/aries_cloudagent/resolver/default/indy.py", line 67, in _resolve
     Ed25519VerificationKey2018, ident="key-1", public_key_base58=recipient_key
   File "/home/indy/.pyenv/versions/3.6.13/lib/python3.6/site-packages/pydid/doc/builder.py", line 49, in add
     vmethod = type_.make(id=self._did.ref(ident), controller=controller, **kwargs)
   File "/home/indy/.pyenv/versions/3.6.13/lib/python3.6/site-packages/pydid/resource.py", line 106, in make
     return cls(**kwargs)
   File "/home/indy/.pyenv/versions/3.6.13/lib/python3.6/site-packages/pydid/verification_method.py", line 49, in __init__
     super().__init__(**data)
   File "pydantic/main.py", line 406, in pydantic.main.BaseModel.__init__
 pydantic.error_wrappers.ValidationError: 1 validation error for Ed25519VerificationKey2018
 publicKeyBase58
   none is not an allowed value (type=type_error.none.not_allowed)
```
I also tried with wallet-type askar but there aca-py wont start and I get:
```
aries_cloudagent.ledger.multiple_ledger.base_manager.MultipleLedgerManagerError: Multiledger is supported only for Indy SDK or Askar [Indy VDR] profile
```
How do I enable the vdr profile

swcurran (Thu, 16 Dec 2021 16:48:57 GMT):

@shaanjot.gill @ianco @andrew.whitehead  ^^^

swcurran (Thu, 16 Dec 2021 16:51:14 GMT):

We'll need more context. Suggest you open an issue in the repo (if you haven't yet).  Have you looked at the working flow in Alice/Faber in the /demo folder?  https://github.com/hyperledger/aries-cloudagent-python/blob/main/demo/AliceWantsAJsonCredential.md

swcurran (Thu, 16 Dec 2021 16:52:35 GMT):

For AnonCred credentials, yes.  You should get feedback on the PR shortly and go from there.

Thanks!  Good stuff!

ianco (Thu, 16 Dec 2021 20:55:24 GMT):

Regarding the DID lookup error, it's getting raised in the pydid library, may be fixed by this PR:  https://github.com/hyperledger/aries-cloudagent-python/pull/1562 (or else @dbluhm will need to look into it)

ianco (Thu, 16 Dec 2021 20:59:10 GMT):

Regarding the vdr profile issue, when you use `--wallet type askar` it should also use vdr, I'll look into this

ianco (Thu, 16 Dec 2021 21:43:42 GMT):

Ah there's a small typo in the code, I'll push a fix

shaanjot.gill (Thu, 16 Dec 2021 21:44:56 GMT):

Is this the one (`indy_vdr`)?
https://github.com/hyperledger/aries-cloudagent-python/blob/072437b4235b7098e892c48cffec6bc36cf77917/aries_cloudagent/core/conductor.py#L141

ianco (Thu, 16 Dec 2021 21:46:32 GMT):

https://github.com/hyperledger/aries-cloudagent-python/pull/1563

ianco (Thu, 16 Dec 2021 21:46:49 GMT):

Yep `indy-vdr`

swcurran (Fri, 17 Dec 2021 01:06:08 GMT):

Both changes have been merged into the main branch.  Let us know if that addresses the issue.

etschelp (Fri, 17 Dec 2021 09:24:08 GMT):

I just tested with the latest revision from main. Switching between askar and indy works now. Resolving a did from a ledger that is not the main (production and write set to true) ledger still raises the exception above. From the exception I would say that the value that is handed over to pydid is empty. My next bet is that it related to the ledger resolution in indy.py https://github.com/hyperledger/aries-cloudagent-python/blob/3fe6715a2bb6ac30ecddf52ec5ad5e03493354df/aries_cloudagent/resolver/default/indy.py#L48

etschelp (Fri, 17 Dec 2021 09:24:08 GMT):

I just tested with the latest revision from main. Switching between askar and indy works now. Resolving a did from a ledger that is not the main (production and write set to true) ledger still raises the exception above. From the exception I would say that the value that is handed over to pydid is empty. My next bet is that it's related to the ledger resolution in indy.py https://github.com/hyperledger/aries-cloudagent-python/blob/3fe6715a2bb6ac30ecddf52ec5ad5e03493354df/aries_cloudagent/resolver/default/indy.py#L48

etschelp (Fri, 17 Dec 2021 10:24:12 GMT):

Found a typo in the discover_feature event see: https://github.com/hyperledger/aries-cloudagent-python/commit/e07ed07e5300c545c588bb62e574a52c404018b1#r62091070

da3v21 (Fri, 17 Dec 2021 14:10:42 GMT):

@swcurran added support for V20cred_ex_records too

etschelp (Fri, 17 Dec 2021 15:44:09 GMT):

I'm currently testing the revocation notification and I found some strange behavior. I have two agents running on the latest revision, one with multi ledger support enabled the other running with the "old" config in single ledger mode. When I issue a revocable credential from multi to single, the single agent will get a 404 when trying to download the tails file from the tails-server and hence gets stuck in state credential-received. Issuing from single to multi works, also single to single. I have no clue what's causing this, I see nothing special in the logs. 

Another question is related to the content of the revocation-notification event. How can I match the thread_id, or parts of it the the stored credential record?

ianco (Fri, 17 Dec 2021 15:58:10 GMT):

Assume your single ledger aca-py is using the same ledger as the "writable" ledger in the multi?

ianco (Fri, 17 Dec 2021 15:58:49 GMT):

The `thread_id` doesn't get stored with the credential afaik, you need to look at the revocation params

etschelp (Fri, 17 Dec 2021 16:48:58 GMT):

ok, the root cause is not during the credential exchange. As soon as I switch aca-py to multi ledger and create a credential definition with revocation enabled aca-py fails. The events with the revocation registry ids are still fired and so the controller does not notice this. This is what I see in the log:

````
2021-12-17 16:38:03,405 indy.libindy.native.indy.services.ledger INFO 	src/services/ledger/mod.rs:241 | build_revoc_reg_entry_request() => Ok("{\"reqId\":1639759083405337700,\"identifier\":\"F6dB7dMVHUQSC64qemnBi7\",\"operation\":{\"type\":\"114\",\"revocRegDefId\":\"F6dB7dMVHUQSC64qemnBi7:4:F6dB7dMVHUQSC64qemnBi7:3:CL:571:phil-bank-35:CL_ACCUM:39e9bfa6-ee05-4030-82c6-73b434a8b265\",\"revocDefType\":\"CL_ACCUM\",\"value\":{\"accum\":\"21 13957603EA5FC9DB114B25A32A65F0683EF94EEB624AEA0B719EFDCCBC5089624 21 12A2752081F2CA7A90E59A9571D6AD7E1ED4931479177451B7066C33FD1FCE7B9 6 5E543FE52F9AE2D94418BB6EF4735D19B27FDA0F67BAF319DDA9F41B75A56CC6 4 19D712B351E5C67F93150F6370E4C823E87E6002AF371344E72B45925F6D5A05 6 85CCE5B145EFB58187282EB9800C804CC5E95D654C86E92655D73185C6FDC981 4 1C4BE9A8DB71F4EA42C41BCE354E1CD877E3B221B6C715098D5D1B133FDCB5DD\"}},\"protocolVersion\":2}")
2021-12-17 16:38:06,424 aries_cloudagent.core.event_bus ERROR Error occurred while processing event
Traceback (most recent call last):
  File "/home/indy/.pyenv/versions/3.6.13/lib/python3.6/site-packages/aiohttp/client_reqrep.py", line 510, in update_body_from_data
    body = payload.PAYLOAD_REGISTRY.get(body, disposition=None)
  File "/home/indy/.pyenv/versions/3.6.13/lib/python3.6/site-packages/aiohttp/payload.py", line 112, in get
    raise LookupError()
aiohttp.payload.LookupError
scripts-bpa-agent1-1      |
During handling of the above exception, another exception occurred:
scripts-bpa-agent1-1      |
Traceback (most recent call last):
  File "/home/indy/.pyenv/versions/3.6.13/lib/python3.6/site-packages/aiohttp/formdata.py", line 144, in _gen_form_data
    value, headers=headers, encoding=self._charset
  File "/home/indy/.pyenv/versions/3.6.13/lib/python3.6/site-packages/aiohttp/payload.py", line 73, in get_payload
    return PAYLOAD_REGISTRY.get(data, *args, **kwargs)
  File "/home/indy/.pyenv/versions/3.6.13/lib/python3.6/site-packages/aiohttp/payload.py", line 112, in get
    raise LookupError()
aiohttp.payload.LookupError
scripts-bpa-agent1-1      |
The above exception was the direct cause of the following exception:
scripts-bpa-agent1-1      |
Traceback (most recent call last):
  File "/home/indy/aries_cloudagent/core/event_bus.py", line 120, in notify
    await processor()
  File "/home/indy/aries_cloudagent/revocation/routes.py", line 1260, in on_revocation_tails_file_event
    max_attempts=5,  # heuristic: respect HTTP timeout
  File "/home/indy/aries_cloudagent/tails/indy_tails_server.py", line 51, in upload_tails_file
    max_attempts=max_attempts,
  File "/home/indy/aries_cloudagent/utils/http.py", line 163, in put_file
    response: ClientResponse = await session.put(url, data=data)
  File "/home/indy/.pyenv/versions/3.6.13/lib/python3.6/site-packages/aiohttp/client.py", line 513, in _request
    traces=traces,
  File "/home/indy/.pyenv/versions/3.6.13/lib/python3.6/site-packages/aiohttp/client_reqrep.py", line 313, in __init__
    self.update_body_from_data(data)
  File "/home/indy/.pyenv/versions/3.6.13/lib/python3.6/site-packages/aiohttp/client_reqrep.py", line 512, in update_body_from_data
    body = FormData(body)()
  File "/home/indy/.pyenv/versions/3.6.13/lib/python3.6/site-packages/aiohttp/formdata.py", line 168, in __call__
    return self._gen_form_data()
  File "/home/indy/.pyenv/versions/3.6.13/lib/python3.6/site-packages/aiohttp/formdata.py", line 150, in _gen_form_data
    ) from exc
TypeError: Can not serialize value type: 
 headers: {}
 value: None
````

etschelp (Fri, 17 Dec 2021 16:48:58 GMT):

ok, the root cause is not during the credential exchange. As soon as I switch aca-py to multi ledger and create a credential definition with revocation enabled aca-py fails, and the tails file never gets created. But the events with the revocation registry ids are still fired and so the controller does not notice this. This is what I see in the log:

```
2021-12-17 16:38:03,405 indy.libindy.native.indy.services.ledger INFO 	src/services/ledger/mod.rs:241 | build_revoc_reg_entry_request() => Ok("{\"reqId\":1639759083405337700,\"identifier\":\"F6dB7dMVHUQSC64qemnBi7\",\"operation\":{\"type\":\"114\",\"revocRegDefId\":\"F6dB7dMVHUQSC64qemnBi7:4:F6dB7dMVHUQSC64qemnBi7:3:CL:571:phil-bank-35:CL_ACCUM:39e9bfa6-ee05-4030-82c6-73b434a8b265\",\"revocDefType\":\"CL_ACCUM\",\"value\":{\"accum\":\"21 13957603EA5FC9DB114B25A32A65F0683EF94EEB624AEA0B719EFDCCBC5089624 21 12A2752081F2CA7A90E59A9571D6AD7E1ED4931479177451B7066C33FD1FCE7B9 6 5E543FE52F9AE2D94418BB6EF4735D19B27FDA0F67BAF319DDA9F41B75A56CC6 4 19D712B351E5C67F93150F6370E4C823E87E6002AF371344E72B45925F6D5A05 6 85CCE5B145EFB58187282EB9800C804CC5E95D654C86E92655D73185C6FDC981 4 1C4BE9A8DB71F4EA42C41BCE354E1CD877E3B221B6C715098D5D1B133FDCB5DD\"}},\"protocolVersion\":2}")
2021-12-17 16:38:06,424 aries_cloudagent.core.event_bus ERROR Error occurred while processing event
Traceback (most recent call last):
  File "/home/indy/.pyenv/versions/3.6.13/lib/python3.6/site-packages/aiohttp/client_reqrep.py", line 510, in update_body_from_data
    body = payload.PAYLOAD_REGISTRY.get(body, disposition=None)
  File "/home/indy/.pyenv/versions/3.6.13/lib/python3.6/site-packages/aiohttp/payload.py", line 112, in get
    raise LookupError()
aiohttp.payload.LookupError
scripts-bpa-agent1-1      |
During handling of the above exception, another exception occurred:
scripts-bpa-agent1-1      |
Traceback (most recent call last):
  File "/home/indy/.pyenv/versions/3.6.13/lib/python3.6/site-packages/aiohttp/formdata.py", line 144, in _gen_form_data
    value, headers=headers, encoding=self._charset
  File "/home/indy/.pyenv/versions/3.6.13/lib/python3.6/site-packages/aiohttp/payload.py", line 73, in get_payload
    return PAYLOAD_REGISTRY.get(data, *args, **kwargs)
  File "/home/indy/.pyenv/versions/3.6.13/lib/python3.6/site-packages/aiohttp/payload.py", line 112, in get
    raise LookupError()
aiohttp.payload.LookupError
scripts-bpa-agent1-1      |
The above exception was the direct cause of the following exception:
scripts-bpa-agent1-1      |
Traceback (most recent call last):
  File "/home/indy/aries_cloudagent/core/event_bus.py", line 120, in notify
    await processor()
  File "/home/indy/aries_cloudagent/revocation/routes.py", line 1260, in on_revocation_tails_file_event
    max_attempts=5,  # heuristic: respect HTTP timeout
  File "/home/indy/aries_cloudagent/tails/indy_tails_server.py", line 51, in upload_tails_file
    max_attempts=max_attempts,
  File "/home/indy/aries_cloudagent/utils/http.py", line 163, in put_file
    response: ClientResponse = await session.put(url, data=data)
  File "/home/indy/.pyenv/versions/3.6.13/lib/python3.6/site-packages/aiohttp/client.py", line 513, in _request
    traces=traces,
  File "/home/indy/.pyenv/versions/3.6.13/lib/python3.6/site-packages/aiohttp/client_reqrep.py", line 313, in __init__
    self.update_body_from_data(data)
  File "/home/indy/.pyenv/versions/3.6.13/lib/python3.6/site-packages/aiohttp/client_reqrep.py", line 512, in update_body_from_data
    body = FormData(body)()
  File "/home/indy/.pyenv/versions/3.6.13/lib/python3.6/site-packages/aiohttp/formdata.py", line 168, in __call__
    return self._gen_form_data()
  File "/home/indy/.pyenv/versions/3.6.13/lib/python3.6/site-packages/aiohttp/formdata.py", line 150, in _gen_form_data
    ) from exc
TypeError: Can not serialize value type: 
 headers: {}
 value: None
```

ianco (Fri, 17 Dec 2021 17:10:15 GMT):

Weird it's an error uploading the tails file, which is nothing to do with multi ledger

ianco (Fri, 17 Dec 2021 17:10:28 GMT):

I'll see if I can reproduce with alice/faber

ianco (Fri, 17 Dec 2021 17:22:12 GMT):

Oh to your question `How can I match the thread_id, or parts of it the the stored credential record?` I believe we're storing the rev reg info into the thread_id in the notification

ianco (Fri, 17 Dec 2021 17:22:29 GMT):

(so it's not actually a thread_id)

ianco (Fri, 17 Dec 2021 17:22:34 GMT):

(long story)

AniketDhar (Fri, 17 Dec 2021 18:04:46 GMT):

Has joined the channel.

ianco (Fri, 17 Dec 2021 18:12:57 GMT):

Everything works ok with the alice/faber demo (`./run_demo faber --revocation --multi-ledger`)

ianco (Fri, 17 Dec 2021 18:13:22 GMT):

Can you check your agent settings - what is your tails server url and what is actually written to the ledger for the revocation url?

shaanjot.gill (Fri, 17 Dec 2021 23:25:00 GMT):

Addressed in here: https://github.com/hyperledger/aries-cloudagent-python/pull/1566

swcurran (Sat, 18 Dec 2021 00:09:48 GMT):

Opened this issue to track this:

https://github.com/hyperledger/aries-cloudagent-python/issues/1567

Yunxi 3 (Mon, 20 Dec 2021 15:11:07 GMT):

Hello @swcurran and all. Got two questions. Q1. What's the reason to use the Indy Tails server as the credential revocation registry? In other words, why could we use Indy DLT ledger to run as a revocation registry? Q2. Once a holder receives a credential issued from an issuer, what prevents the holder to change any data in the credential? In other words, is it possible for a holder to change any values in d credential

Yunxi 3 (Mon, 20 Dec 2021 15:11:07 GMT):

Hello @swcurran and all. Got two questions. Q1. What's the reason to use the Indy Tails server as the credential revocation registry? In other words, why could we use Indy DLT ledger to run as a revocation registry? Q2. Once a holder receives a credential issued from an issuer, what prevents the holder to change any data in the credential? In other words, is it possible for a holder to change any values in a credential once the credential is in the holder's wallet.

Yunxi 3 (Mon, 20 Dec 2021 15:11:07 GMT):

Hello @swcurran and all. Got two questions. Q1. What's the reason to use the Indy Tails server as the credential revocation registry? In other words, why couldm't we use Indy DLT ledger to run as a revocation registry? Q2. Once a holder receives a credential issued from an issuer, what prevents the holder to change any data in the credential? In other words, is it possible for a holder to change any values in a credential once the credential is in the holder's wallet.

Yunxi 3 (Mon, 20 Dec 2021 15:11:07 GMT):

Hello @swcurran and all. Got two questions. Q1. What's the reason to use the Indy Tails server as the credential revocation registry? In other words, why couldn't we use Indy DLT ledger to run as a revocation registry? Q2. Once a holder receives a credential issued from an issuer, what prevents the holder to change any data in the credential? In other words, is it possible for a holder to change any values in a credential once the credential is in the holder's wallet.

Yunxi 3 (Mon, 20 Dec 2021 15:11:07 GMT):

Hello @swcurran and all. Got two questions. Q1. What's the reason to use the Indy Tails server as the credential revocation registry? In other words, why couldn't we use Indy DLT ledger to run as a revocation registry? Q2. Once a holder receives a credential issued from an issuer, what prevents the holder from changing any data in the credential? In other words, is it possible for a holder to change any values in a credential once the credential is in the holder's wallet.

swcurran (Mon, 20 Dec 2021 15:16:23 GMT):

To get a precise answer about the tails file location, I think you have to talk to the designers. However, my guess is that a tails file is larger than they want stored on the ledger.

When the credential is issued, the claims are all cryptographically signed by the holder. If the holder alters the data, the verifier will see that the signatures do not match the data.

Yunxi 3 (Tue, 21 Dec 2021 14:58:07 GMT):

Thanks @swcurran, could you o

Yunxi 3 (Tue, 21 Dec 2021 14:58:07 GMT):

Thanks @swcurran, could you point me who's the right PoC designing tails server? Regarding the signature signed by an issuer, where does this signature stored? in the ledger or in the credential itself?

Yunxi 3 (Tue, 21 Dec 2021 14:58:07 GMT):

Thanks @swcurran, could you point me who's the right PoC designing tails server? Regarding the signature signed by an issuer, where is this signature stored? in the ledger or in the credential itself?

Yunxi 3 (Tue, 21 Dec 2021 14:58:07 GMT):

Thanks @swcurran, could you point me who's the right PoC designing tails server? Regarding the signature signed by an issuer, where is this signature stored (e.g. in the ledger or credential itself)?

swcurran (Tue, 21 Dec 2021 16:18:54 GMT):

That's the design of AnonCreds, not the tails server.  Best starting document for that is here:

https://github.com/hyperledger/indy-sdk/tree/master/docs/design/002-anoncreds

jcourt (Wed, 22 Dec 2021 00:47:44 GMT):

So I know I have asked this CORS question before but I am back to it again.   Shouldn't ACA-py be allowing the OPTIONS request type without the need for an x-api-key ?   I can't see how preflight checks could succeed if the web server is running on a different host to ACA-py without it allowing OPTIONS.  I have been chasing this in Chrome and looking for a way to get the OPTIONS to include the same x-api-key value that the triggering GET request does but apprently this is just a no-go and it is expected the server will allow OPTIONS without credentials.

jcourt (Wed, 22 Dec 2021 00:48:35 GMT):

Is there a reason why we SHOULD NOT allow OPTIONS without x-api-key ?

andrew.whitehead (Wed, 22 Dec 2021 03:01:53 GMT):

I think it should be allowed, PRs or issues welcome :)

jcourt (Wed, 22 Dec 2021 03:18:03 GMT):

Yeah thanks Andrew.  Pretty sure it is a one liner in the check_token() routing in server.py.  I will do it and submit a PR

jcourt (Wed, 22 Dec 2021 03:18:03 GMT):

Yeah thanks Andrew.  Pretty sure it is a one liner in the check_token() routine in server.py.  I will do it and submit a PR

`if valid_key or is_unprotected_path(request.path) or (request.method == 'OPTIONS'):`

jcourt (Wed, 22 Dec 2021 03:18:03 GMT):

Yeah thanks Andrew.  Pretty sure it is a one liner in the check_token() routine in server.py.  I will test it and submit a PR

`if valid_key or is_unprotected_path(request.path) or (request.method == 'OPTIONS'):`

jcourt (Wed, 22 Dec 2021 08:39:50 GMT):

I have created issue #1575 to detail this and committed a PR with test as a proposed fix

mateokurti (Wed, 22 Dec 2021 14:37:47 GMT):

Hi everyone! I am trying on deploying an instance of Indy Node on my Kubernetes Cluster. I had a look on VON Network at first, but it's almost impossible to make a valid deployment of it to use in production. I'm looking on ways to directly deploy Indy Node, but there is not enough information. I know this is not the exact channel for this topic, but I was wondering if someone here has some idea regarding this.

WadeBarnes (Wed, 22 Dec 2021 14:53:19 GMT):

The #indy-node channel is the place to ask this question.

mateokurti (Wed, 22 Dec 2021 14:55:25 GMT):

Oh, thanks. I asked it there

newbieTech (Fri, 24 Dec 2021 02:10:20 GMT):



Clipboard - December 24, 2021 10:10 AM

newbieTech (Fri, 24 Dec 2021 02:12:44 GMT):

Hello , i have set the webhook-url  in order for each agent to have their own specific webhook

newbieTech (Fri, 24 Dec 2021 02:12:44 GMT):



newbieTech (Fri, 24 Dec 2021 02:12:51 GMT):



Clipboard - December 24, 2021 10:12 AM

newbieTech (Fri, 24 Dec 2021 02:13:15 GMT):



Clipboard - December 24, 2021 10:13 AM

newbieTech (Fri, 24 Dec 2021 02:14:10 GMT):



Clipboard - December 24, 2021 10:13 AM

newbieTech (Fri, 24 Dec 2021 02:17:04 GMT):

Hello could someone help me with configuring the webhook ? I am stuck here after inputing the invitation details

newbieTech (Fri, 24 Dec 2021 02:17:13 GMT):



Clipboard - December 24, 2021 10:17 AM

newbieTech (Fri, 24 Dec 2021 02:18:13 GMT):

however my other agent will say its connected and it is able to send messages

newbieTech (Fri, 24 Dec 2021 02:18:28 GMT):



Clipboard - December 24, 2021 10:18 AM

newbieTech (Fri, 24 Dec 2021 02:20:24 GMT):

[ ](https://chat.hyperledger.org/channel/aries-cloudagent-python?msg=p5yqMTboLt6cru33Y) This happen when i change the listen_webhook(self.start_port +2) to listen_webhook(self.agent.webhook_port)  < - demo/agent_container ( initialize function)

etschelp (Mon, 03 Jan 2022 16:28:58 GMT):

Does the alice/faber demo create a fresh credential definition with revocation enabled? I can definitely reproduce this behavior switching to multi ledger support. It looks like the tails file that should be uploaded is gone or empty at the moment of the upload. Everything else behaves exactly the same, same events and same data on the ledger as with the single ledger mode. Only difference is that the tails file url on the ledger now produces a 404.

Yunxi 3 (Mon, 03 Jan 2022 16:46:18 GMT):

Hello all, when I run acapy agent as a docker container by using this docker image: bcgovimages/aries-cloudagent:py36-1.16-0_0.6.0, the majority of the apis doesn't have CORS issue, but when I try the api: /present-proof/send-request/{pren_exchange_id}/send-presentation, I've got CORS error. Is there a way I can get rid of this error? This is the error I've got: Access to XMLHttpRequest at 'http://localhost:8001/present-proof/send-request/31427869-10b8-44b2-b4eb-77f2c958c54d/send-presentation' from origin 'http://localhost:4200' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Yunxi 3 (Mon, 03 Jan 2022 16:46:18 GMT):

Hello all, when I run acapy agent as a docker container by using this docker image: bcgovimages/aries-cloudagent:py36-1.16-0_0.6.0, the majority of the apis doesn't have any CORS issue, as I can see "Access-Control-Allow-Origin: http://localhost:4200" is displayed in the HTTP response, but when I try the api: /present-proof/send-request/{pren_exchange_id}/send-presentation, I've got this CORS error. Is there a way I can get rid of this error? This is the error I've got: Access to XMLHttpRequest at 'http://localhost:8001/present-proof/send-request/31427869-10b8-44b2-b4eb-77f2c958c54d/send-presentation' from origin 'http://localhost:4200' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Yunxi 3 (Mon, 03 Jan 2022 16:46:18 GMT):

Hello all, when I run acapy agent as a docker container by using this docker image: bcgovimages/aries-cloudagent:py36-1.16-0_0.6.0, the majority of the apis doesn't have any CORS issue, as I can see "Access-Control-Allow-Origin: http://localhost:4200" (i run my frontend app in the port 4200) is displayed in the HTTP response, but when I try the api: /present-proof/send-request/{pren_exchange_id}/send-presentation, I've got this CORS error. Is there a way I can get rid of this error? This is the error I've got: Access to XMLHttpRequest at 'http://localhost:8001/present-proof/send-request/31427869-10b8-44b2-b4eb-77f2c958c54d/send-presentation' from origin 'http://localhost:4200' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Yunxi 3 (Mon, 03 Jan 2022 16:46:18 GMT):

Hello all, when I run acapy agent as a docker container by using this docker image: bcgovimages/aries-cloudagent:py36-1.16-0_0.6.0, the majority of the apis doesn't have any CORS issue, as I can see "Access-Control-Allow-Origin: http://localhost:4200" (i run my frontend app in the port 4200) is displayed in the HTTP response, but when I try the api: /present-proof/send-request/{pren_exchange_id}/send-presentation, I've got this CORS error. Is there a way I can get rid of this error? This is the error I've got: `Access to XMLHttpRequest at 'http://localhost:8001/present-proof/send-request/31427869-10b8-44b2-b4eb-77f2c958c54d/send-presentation' from origin 'http://localhost:4200' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.`

Yunxi 3 (Mon, 03 Jan 2022 16:46:18 GMT):

Hello all, when I run acapy agent as a docker container by using this docker image: bcgovimages/aries-cloudagent:py36-1.16-0_0.6.0, the majority of the apis doesn't have any CORS issue, as I can see "Access-Control-Allow-Origin: http://localhost:4200" (i run my frontend app in the port 4200) is displayed in the HTTP response, but when I try the api: /present-proof/send-request/{pren_exchange_id}/send-presentation, I've got this CORS error. Is this a known bug in V0.6.0 and fixed in any later version? Is there a way I can get rid of this error? This is the error I've got: `Access to XMLHttpRequest at 'http://localhost:8001/present-proof/send-request/31427869-10b8-44b2-b4eb-77f2c958c54d/send-presentation' from origin 'http://localhost:4200' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.`

ianco (Mon, 03 Jan 2022 17:32:55 GMT):

The faber agent creates a new schema/cred def whenever it starts up.  If you run with the `--revocation` flag then the cred def has revocation enabled and it uploads a tails file

ianco (Mon, 03 Jan 2022 17:33:53 GMT):

Can you confirm your tails server url and what is actually written to the ledger for the revocation url?

etschelp (Tue, 04 Jan 2022 14:35:49 GMT):

What is written to the ledger is not the issue, this works fine. The issue is that the tails file never gets uploaded. I checked this by looking at the logs of the tails server. I'm always running the same config the only change I make is enabling multi ledger support. Single config: file gets uploaded, multi config: no tails file upload and the above exception in the log. This also seems to be a threading issue. Example broken ledger entry: https://indy-test.bosch-digital.de/browse/domain?page=1&query=%20F6dB7dMVHUQSC64qemnBi7%3A4%3AF6dB7dMVHUQSC64qemnBi7%3A3%3ACL%3A571%3Aphil-bank-48%3ACL_ACCUM%3Aa2e928cf-b8d9-403a-8a73-4fe4e957ab25&txn_type=113

etschelp (Tue, 04 Jan 2022 14:39:55 GMT):

Working entry in single ledger mode: https://indy-test.bosch-digital.de/browse/domain?page=1&query=EraYCDJUPsChbkw7S1vV96%3A4%3AEraYCDJUPsChbkw7S1vV96%3A3%3ACL%3A4740%3Aspaces-02%3ACL_ACCUM%3Acd57a503-f8fd-4b56-a17f-ad57495219ca&txn_type=113

etschelp (Tue, 04 Jan 2022 15:05:19 GMT):

By the log statement `TypeError: Can not serialize value type: ` my guess is that the PUT fails because the request body is empty and serialisation fails. As this happens in another thread, the thread that writes to the ledger continues hence the broken entry.

shaanjot.gill (Wed, 05 Jan 2022 02:45:26 GMT):

I have provided details in the GitHub issue (`#1584`), there is a typo in the endpoint you specified which might be the issue.
`/present-proof/records/{pres_ex_id}/send-presentation`

newbieTech (Wed, 05 Jan 2022 08:26:40 GMT):

Hi can i know what is the different bcgovimages and igrantio images?

Yunxi 3 (Wed, 05 Jan 2022 13:41:11 GMT):

Hello all, when I tried to create a new definition  by using my own tails file server running as a docker container, I've got the below error all the time `500: Tails file for rev reg MtSBSkitb28PSoCj9EpSDs:4:MtSBSkitb28PSoCj9EpSDs:3:CL:12001:passport:CL_ACCUM:ad08fb7d-31eb-418d-9d32-5c35c0a4fb1d failed to upload: Exceeded maximum put attempts`. Could someone help explain why I've got this error?

Yunxi 3 (Wed, 05 Jan 2022 13:41:46 GMT):

I've closed my ticket there, thanks for your help @shaanjot.gill :-)

Yunxi 3 (Wed, 05 Jan 2022 15:08:17 GMT):

Hello all, after creating a new definition, why is the Schema ID shown in a created definition ID a simple string (e.g. 12024) instead of a complete schema ID (e.g. MtSBSkitb28PSoCj9EpSDs:2:testcredential01:0.1)? Because, if an authority user later on checks the definition id, s/he can't tell which schema id is related to the definition id.

Yunxi 3 (Wed, 05 Jan 2022 15:08:17 GMT):

Hello all, after creating a new definition, why is the Schema ID shown in a created definition ID a simple string (e.g. 12024) instead of a complete schema ID (e.g. MtSBSkitb28PSoCj9EpSDs:2:testschema01:0.1)? Because, if an authority user later on checks the definition id, s/he can't tell which schema id is related to the definition id.

swcurran (Wed, 05 Jan 2022 15:56:38 GMT):

In the Indy implementatiin of AnonCreds, the simple string (integer) is the ID of the transaction of the schema ID on the ledger. So given the cred def identifier, you can extract the integer and find the schema by querying the ledger for that transaction ID.

swcurran (Wed, 05 Jan 2022 15:56:51 GMT):

You can look at indyscan.io to see this.

cam-parra (Wed, 05 Jan 2022 17:36:05 GMT):

Is anyone having problems running the Aries test harness? I get an error that says that it can’t pull the von-network-base

WadeBarnes (Wed, 05 Jan 2022 18:16:34 GMT):

@cam-parra, @sheldon.regular, We recently renamed the default branch on `von-network` to `main`.  Could that be affecting things?

cam-parra (Wed, 05 Jan 2022 18:40:58 GMT):

I am not sure where the von-network-base is being pulled 

swcurran (Wed, 05 Jan 2022 19:42:07 GMT):

I tried the `./manage build...` and `./manage run...` from the readme and both worked fine, and the tests are running.

What commands are running?

swcurran (Wed, 05 Jan 2022 19:42:07 GMT):

I tried the `./manage build...` and `./manage run...` from the readme and both worked fine, and the tests are running.

What commands are you running?

sheldon.regular (Wed, 05 Jan 2022 20:31:47 GMT):

I don't think moving to `main` should matter here.

cam-parra (Wed, 05 Jan 2022 21:00:33 GMT):


cd aries-agent-test-harness
git pull

/manage build -a acapy -a dotnet

manage run -d acapy -b dotnet -t @AcceptanceTest -t ~@wip

cam-parra (Wed, 05 Jan 2022 21:00:55 GMT):

Those are the commands I got from the read me 

swcurran (Wed, 05 Jan 2022 21:17:34 GMT):

Hmm...exactly what I did.  I'm running on Linux:

```
 ./manage build -a acapy -a dotnet
 ./manage run -d acapy -b dotnet -t @AcceptanceTest -t ~@wip
```

swcurran (Wed, 05 Jan 2022 21:18:21 GMT):

Can you please add the output of the run command. I'm assuming the error occurred early.

cam-parra (Wed, 05 Jan 2022 21:22:22 GMT):

```ERROR: The image for the service you're trying to recreate has been removed. If you continue, volume data could be lost. Consider backing up your data before continuing.

Continue with the new image? [yN]y
ERROR: pull access denied for von-network-base, repository does not exist or may require 'docker login': denied: requested access to the resource is denied```

cam-parra (Wed, 05 Jan 2022 21:23:23 GMT):

```ERROR: The image for the service you're trying to recreate has been removed. If you continue, volume data could be lost. Consider backing up your data before continuing. ```


cam-parra (Wed, 05 Jan 2022 21:24:31 GMT):

I wonder if you already had the image , Stephen. 

sheldon.regular (Wed, 05 Jan 2022 22:00:44 GMT):

I get the same error now that I've remove the network image locally.

sheldon.regular (Wed, 05 Jan 2022 22:16:56 GMT):

In the mean time, you can run this first before you do the `./manage run`
```
git clone https://github.com/bcgov/von-network
cd von-network
./manage build
```

cam-parra (Wed, 05 Jan 2022 23:30:26 GMT):

So that doesn’t work for me either. It won’t download the von image

cam-parra (Wed, 05 Jan 2022 23:34:55 GMT):

Oh never mind it worked eventually 

Yunxi 3 (Thu, 06 Jan 2022 12:37:08 GMT):

thanks @swcurran. Is this querying the ledger function implemented in the ACA-Py or should this function be implemented in a controller app?

Yunxi 3 (Thu, 06 Jan 2022 12:37:08 GMT):

thanks @swcurran. Is this querying the ledger function implemented in the ACA-Py or should this function be implemented in a controller app? If this function has to be implemented in a controller app, where can I find the apis to query the indyscan.io website ?

Yunxi 3 (Thu, 06 Jan 2022 12:37:08 GMT):

thanks @swcurran. Is this querying the ledger function implemented in the ACA-Py or should this function be implemented in a controller app? If this function has to be implemented in a controller app, where can I find the apis that can query the indyscan.io website to get the right JSON response payload?

swcurran (Thu, 06 Jan 2022 14:48:18 GMT):

As needed to process credentials, ACA-Py handles the calls -- e.g. when receiving credentials, generating a proof or verifying a proof, so there is no requirement for the controller to do anything.  If you want to do more than that in your controller, I'm not sure if the Admin API provides a way to directly call the Indy library function (GET_TXN) to get the schema via the ledger ID, but I suspect not. I would think it would be in the schema part of the API if it was there.  There would definitely not be a reason to call indyscan.io vs. the ledger itself.

sheldon.regular (Thu, 06 Jan 2022 15:42:48 GMT):

Issue logged. https://github.com/hyperledger/aries-agent-test-harness/issues/408

Yunxi 3 (Thu, 06 Jan 2022 15:51:21 GMT):

I see the match between a schema and definition is more for an issuer. When an issuer decides to send an offer of a new credential to a holder, the body payload in this api will include both *schema id* and *definition id*. So, when an issuer has multi schemas with definitions, this mapping should be either queried from the ledger or stored in a local db so the controller can collect these info and assemble the payload?

swcurran (Thu, 06 Jan 2022 21:42:49 GMT):

Yes. Generally -- an issuer would have a configuration held somewhere that defines the schema (if any), schema IDs, and claim defs that they are going to issue. Often these are defined in configuration files and on startup, the ACA-Py instance checks if the objects exist in the wallet (creates if needed) and on the ledger (creates if needed).  Such identifiers could be stored by the controller elsewhere.

Yunxi 3 (Fri, 07 Jan 2022 12:43:10 GMT):

thanks @swcurran , this resonates with my thinking :-)

Yunxi 3 (Fri, 07 Jan 2022 12:45:33 GMT):

Hello @swcurran and all, my personal repo - ACA-Py Controller-Angular is available via this link: https://github.com/yunxi-zhang/ACAPy-Controller-Angular. It's built as a simple demo that can run in a personal laptop. I hope this repo could be useful to community and welcome all feedbacks :-).

swcurran (Fri, 07 Jan 2022 23:03:44 GMT):

Awesome -- nice!!

swcurran (Mon, 10 Jan 2022 19:58:22 GMT):

*ACA-Pug Meetings are Back!*

Join us for the ACA-Py User Group this Tuesday (Jan. 11) at 8AM Pacific (16:00 UTC / 17:00 CET). We'll have the core maintainers on the call to answer any questions -- meeting topics are listed below.

Zoom link: https://zoom.us/j/6223336701?pwd=dkJKdHRlc3dNZEdKR1JYdW40R2pDUT09

Link to meeting agenda page: https://wiki.hyperledger.org/display/ARIES/2022-01-11+Aries+Cloud+Agent+-+Python+Users+Group+Community+Meeting

Everyone is welcome!

- Main Topic: Persistent Queues with ACA-Py -- design overview and implementation status
- Release 0.7.3 Overview
- Short Topic: ACA-Py Release Next/1.0.0? and what's next with AIP 2.0
- AMA (as time permits)

swcurran (Mon, 10 Jan 2022 23:33:12 GMT):

*ACA-Py Release 0.7.3 is now officially available* - [PyPi](https://pypi.org/project/aries-cloudagent/), [Docker Hub](https://hub.docker.com/r/bcgovimages/aries-cloudagent), [ReadTheDocs](https://aries-cloud-agent-python.readthedocs.io/en/0.7.3/), the [0.7.3 tag](https://github.com/hyperledger/aries-cloudagent-python/releases/tag/0.7.3) and [ChangeLog Notes](https://github.com/hyperledger/aries-cloudagent-python/blob/main/CHANGELOG.md).

The overview of the release is as follows (see the ChangeLog for all the details):

_This release includes some new AIP 2.0 features out (Revocation Notification and Discover Features 2.0), a major new feature for those using Indy ledger (multi-ledger support), a new "version upgrade" process that automates updating data in secure storage required after a new release, and a fix for a critical bug in some mediator scenarios. The release also includes several new pieces of documentation (upgrade processing, storage database information and logging) and some other documentation updates that make the ACA-Py Read The Docs site useful again. And of course, some recent bug fixes and cleanups are included._

swcurran (Mon, 10 Jan 2022 23:33:12 GMT):

*ACA-Py Release 0.7.3 is now officially available* - [PyPi](https://pypi.org/project/aries-cloudagent/), [Docker Hub](https://hub.docker.com/r/bcgovimages/aries-cloudagent), [ReadTheDocs](https://aries-cloud-agent-python.readthedocs.io/en/0.7.3/), the [0.7.3 tag](https://github.com/hyperledger/aries-cloudagent-python/releases/tag/0.7.3) and [ChangeLog Notes](https://github.com/hyperledger/aries-cloudagent-python/blob/main/CHANGELOG.md).

The overview of the release is as follows (see the ChangeLog for all the details):

_This release includes some new AIP 2.0 features (Revocation Notification and Discover Features 2.0), a major new feature for those using Indy ledger (multi-ledger support), a new "version upgrade" process that automates updating data in secure storage required after a new release, and a fix for a critical bug in some mediator scenarios. The release also includes several new pieces of documentation (upgrade processing, storage database information and logging) and some other documentation updates that make the ACA-Py Read The Docs site useful again. And of course, some recent bug fixes and cleanups are included._

knichols (Tue, 11 Jan 2022 20:06:16 GMT):

Has joined the channel.

neilb14 (Wed, 12 Jan 2022 16:34:25 GMT):

Has joined the channel.

VenessaK (Tue, 18 Jan 2022 07:47:40 GMT):

Has joined the channel.

knichols (Fri, 21 Jan 2022 19:41:26 GMT):

User User_1 added by knichols.

knichols (Fri, 21 Jan 2022 19:48:17 GMT):

User User_2 added by knichols.

knichols (Fri, 21 Jan 2022 21:17:41 GMT):

User User_3 added by knichols.

himanisingla (Fri, 21 Jan 2022 21:30:23 GMT):

Has joined the channel.

ankita.p17 (Mon, 24 Jan 2022 05:55:45 GMT):

In aca-py, is it possible to not persist exchange records in wallet or remove the exchange-records once it's done?
In credential-exchange, we store the credential attributes that are being issued by issuer as part of credential-exchange-record.
If transaction is initiated by holder, do we have some option by which no credential attributes will be stored in Issuer's wallet? The credential talked here will be non-revocable.

ankita.p17 (Mon, 24 Jan 2022 05:55:45 GMT):

In aca-py, is it possible to not persist exchange records in wallet or remove the exchange-records once it's done?
In credential-exchange, we store the credential attributes that are being issued by issuer as part of credential-exchange-record.
If transaction is initiated by holder, do we have some option by which no credential attributes will be stored in Issuer's wallet? The credential talked here will be non-revocable.
@swcurran @andrew.whitehead  @ianco @TimoGlastra @sklump  if you can help

ankita.p17 (Mon, 24 Jan 2022 05:55:45 GMT):

In aca-py, is it possible to not persist exchange records in wallet or remove the exchange-records once it's done?
In credential-exchange, we store the credential attributes that are being issued by issuer as part of credential-exchange-record.
If transaction is initiated by holder, do we have some option by which no credential attributes will be stored in Issuer's wallet? The credential talked here will be non-revocable.
@swcurran @andrew.whitehead  @ianco @TimoGlastra @sklump,  if you can help

ankita.p17 (Mon, 24 Jan 2022 05:55:45 GMT):

In aca-py, is it possible to not persist exchange records in wallet or remove the exchange-records once it's done?
In credential-exchange, we store the credential attributes that are being issued by issuer as part of credential-exchange-record.
If transaction is initiated by holder, do we have some option by which no credential attributes will be stored in Issuer's wallet? The credential talked here will be non-revocable.
@swcurran @andrew.whitehead  @ianco @TimoGlastra @sklump,  it will be great if you can help.

GuilhermeFunchal (Mon, 24 Jan 2022 12:26:31 GMT):

I'm sharing some docker-compose.yml that I use to build infrastructure for Aries to tests and developmente. 

I have already created a README in English, Portuguese and Chinese for you to use. 

Follow the address : 

https://github.com/guilherme-funchal/aries-docker.git

GuilhermeFunchal (Mon, 24 Jan 2022 12:26:31 GMT):

I'm sharing some docker-compose.yml that I use to build infrastructure for Aries to tests and development. 

I have already created a README in English, Portuguese and Chinese for you to use. 

Follow the address : 

https://github.com/guilherme-funchal/aries-docker.git

GuilhermeFunchal (Mon, 24 Jan 2022 12:26:31 GMT):

I'm sharing some docker-compose.yml that I use to build infrastructure for Aries to tests and development. 

I have already created a README with all to create von-network and tails-server in English, Portuguese and Chinese for you to use. 

Follow the address : 

https://github.com/guilherme-funchal/aries-docker.git

TimoGlastra (Mon, 24 Jan 2022 12:31:36 GMT):

I think that is the default option. There is a `--preserve-exchange-records` option that: `Keep credential exchange records after exchange has completed.`

TimoGlastra (Mon, 24 Jan 2022 12:32:07 GMT):

So if you haven't specified this option, records should be deleted after the credential is issued

GuilhermeFunchal (Mon, 24 Jan 2022 12:35:43 GMT):

I'm sharing some docker-compose.yml that I use to build infrastructure for Aries to tests and development.

I have already created a README with all to create von-network and tails-server in English, Portuguese and Chinese for you to use.

Follow the address :

https://github.com/guilherme-funchal/aries-docker.git

ankita.p17 (Mon, 24 Jan 2022 19:24:53 GMT):

Ohkay. Yes. Thanks

ankita.p17 (Mon, 24 Jan 2022 19:25:36 GMT):

can we configure this flag as option in credential-issuance payload for specific issuance records?

swcurran (Mon, 24 Jan 2022 21:46:57 GMT):

*ACA-Pug Meetings*

Join us for the ACA-Py User Group this Tuesday (Jan. 25) at 8AM Pacific (16:00 UTC / 17:00 CET). We'll have the core maintainers on the call to answer any questions -- meeting topics are listed below.

Zoom link: https://zoom.us/j/6223336701?pwd=dkJKdHRlc3dNZEdKR1JYdW40R2pDUT09

Link to meeting agenda page: https://wiki.hyperledger.org/display/ARIES/2022-01-25+Aries+Cloud+Agent+-+Python+Users+Group+Community+Meeting

Everyone is welcome!

*Topics*: 

* Update: Adding persistent queues in ACA-Py – Shaanjot Gill
* Setting up an Endorser Service for Hyperledger Indy ledgers in ACA-Py – Stephen Curran Ian Costanzo
   * General concepts of why Endorser Services might be needed.
   * Demonstration of the latest iteration of Endorser features in ACA-Py (creating author DIDs)
* Questions for the team – AMA

swcurran (Mon, 24 Jan 2022 21:46:57 GMT):

*ACA-Pug Meetings*

Join us for the ACA-Py User Group this Tuesday (Jan. 25) at 8AM Pacific (16:00 UTC / 17:00 CET). We'll have the core maintainers on the call to answer any questions -- meeting topics are listed below.

Zoom link: https://zoom.us/j/6223336701?pwd=dkJKdHRlc3dNZEdKR1JYdW40R2pDUT09

Link to meeting agenda page: https://wiki.hyperledger.org/display/ARIES/2022-01-25+Aries+Cloud+Agent+-+Python+Users+Group+Community+Meeting

Everyone is welcome!

*Topics*: 

* Update: Adding persistent queues in ACA-Py – Shaanjot Gill
* Setting up an Endorser Service for Hyperledger Indy ledgers in ACA-Py – Stephen Curran Ian Costanzo
> General concepts of why Endorser Services might be needed.
> Demonstration of the latest iteration of Endorser features in ACA-Py (creating author DIDs)
* Questions for the team – AMA

swcurran (Mon, 24 Jan 2022 21:52:12 GMT):

You'd have to look at the Admin API to see if that is supported.  I think (but am not certain...) that this is an all or nothing startup option, but you should check. 

I would think it would be tricky to track which ones to delete and which to keep if it wasn't all or nothing...

TimoGlastra (Mon, 24 Jan 2022 21:55:49 GMT):

There is an auto-remove option on record level: https://github.com/hyperledger/aries-cloudagent-python/blob/main/aries_cloudagent/protocols/issue_credential/v1_0/routes.py#L128

newbieTech (Tue, 25 Jan 2022 06:48:40 GMT):

Hello, I tried making an API call to send credential offer to an agent with the following Json.
 {"connection_id": "bfc2dc7a-9413-490a-9772-27503eee9ea8", "comment": "Offer on cred def id BR4ctGN3QbNLum1Fk5otRt:3:CL:1098:agent-1.TEST", "auto_remove": false, "credential_preview": {"@type": "https://didcomm.org/issue-credential/2.0/credential-preview", "attributes": [{"name": "name", "value": "test"}]}, "filter": {"indy": {"cred_def_id": "BR4ctGN3QbNLum1Fk5otRt:3:CL:1098:agent-1.TEST}}, "trace": false} .

 it returned an error stating
 marshmallow.exceptions.ValidationError: {'connection_id': ['Missing data for required field.'], 'filter': ['Missing data for required field.']}

However if i were to copy and paste the JSON above to Swagger UI, it will be able to  send the offer(status 200).

newbieTech (Tue, 25 Jan 2022 06:48:40 GMT):

Hello, I tried making an API call to send credential offer to an agent with the following Json.
 {"connection_id": "bfc2dc7a-9413-490a-9772-27503eee9ea8", "comment": "Offer on cred def id BR4ctGN3QbNLum1Fk5otRt:3:CL:1098:agent-1.TEST", "auto_remove": false, "credential_preview": {"@type": "https://didcomm.org/issue-credential/2.0/credential-preview", "attributes": [{"name": "name", "value": "test"}]}, "filter": {"indy": {"cred_def_id": "BR4ctGN3QbNLum1Fk5otRt:3:CL:1098:agent-1.TEST}}, "trace": false} .

 it returned an error stating
 marshmallow.exceptions.ValidationError: {'connection_id': ['Missing data for required field.'], 'filter': ['Missing data for required field.']}

However if i were to copy and paste the JSON above to Swagger UI, it will be able to  send the offer(status 200).

Any advice on the error?

dbluhm (Tue, 25 Jan 2022 21:14:48 GMT):

Any word on when the recording will be available? Thanks in advance!

ianco (Tue, 25 Jan 2022 21:27:25 GMT):

@swcurran is trying to edit out my cussing

baegjae (Wed, 26 Jan 2022 04:07:44 GMT):

Has joined the channel.

baegjae (Wed, 26 Jan 2022 04:07:45 GMT):

Hi.
We plan to adopt the askar wallet into our current system.
Is there a way to migrate the indy wallet to the askar wallet?
Specifically, migration from indy wallet (postgres, MultiWalletSingleTableSharedPool) to askar wallet (postgres, askar-profile) is required.
Any comments would be helpful.

Thanks!

swcurran (Wed, 26 Jan 2022 23:10:50 GMT):

It's there now.

swcurran (Wed, 26 Jan 2022 23:10:54 GMT):

SOrry for the delay

swcurran (Wed, 26 Jan 2022 23:10:54 GMT):

Sorry for the delay

dbluhm (Wed, 26 Jan 2022 23:11:44 GMT):

Thanks!

swcurran (Wed, 26 Jan 2022 23:13:29 GMT):

@andrew.whitehead -- can you confirm this is available?  I know you had that work quite a long time ago -- just wanted to be sure that is part of Askar as available today.

andrew.whitehead (Thu, 27 Jan 2022 01:18:54 GMT):

It's not available yet unfortunately. I have the majority of it implemented (in Python) but the postgres side needs more work. I'm still not sure where it should live as it's more ACA-Py specific than Askar specific (Askar doesn't really have the concept of DIDs for example, but they can be ported to ACA-Py's expected format). It could be built into a generic tool for managing wallets for example.

andrew.whitehead (Thu, 27 Jan 2022 01:18:54 GMT):

It's not available yet unfortunately. I have the majority of it implemented (in Python) but the postgres side needs more work. I'm still not sure where it should live as it's more ACA-Py specific than Askar specific (Askar doesn't really have the concept of DIDs for example, but they can be ported to ACA-Py's expected format). It could be built into a generic tool for managing wallets potentially.

baegjae (Thu, 27 Jan 2022 02:05:17 GMT):

Thank you for the clarification.

Actually, we have already applied the askar wallet to our incubating service.
The I/O performance of askar wallet definitely outperforms the indy wallet. Awesome!
Therefore, we considered the wallet migration on our existing service (initial id).

da3v21 (Thu, 27 Jan 2022 17:14:31 GMT):



ledger.png

da3v21 (Thu, 27 Jan 2022 17:14:31 GMT):

when I rotate a key pair for a public did. The nym transaction on the ledger looks like this, is this right? why is the alias set to ENDORSER and role set to none

ledger.png

ParminderParmar (Mon, 31 Jan 2022 00:24:27 GMT):

Has joined the channel.

ripulbd (Wed, 02 Feb 2022 12:58:04 GMT):

Has joined the channel.

ripulbd (Wed, 02 Feb 2022 12:58:05 GMT):

Hi,

I would like to transform the Faber/Alice/Acme use-case into a web-based use-case. I would like to know what would be the best approach for doing this. If someone knows of any pointer regarding this, I would be grateful if you could share those pointers.

Thanks in advance.

ffendt (Thu, 03 Feb 2022 08:29:42 GMT):

Hi there, short question on the webhook messages for updated connection records: 
When establishing a connection as invitee and receiving it via GET /connections/{id}, it will return the connection with `state = active`. The webhook however is called with `state = completed`. 
Is this expected for the webhook message? I expected it to be `active` instead (like it is also described in the AdminAPI README).

swcurran (Thu, 03 Feb 2022 15:03:09 GMT):

@shaanjot.gill ^^^

da3v21 (Fri, 04 Feb 2022 09:33:33 GMT):

is there any documentation on setting up an aries-askar wallet?

etschelp (Fri, 04 Feb 2022 09:56:34 GMT):

To be more specific this happens when using the did-exchange protocol (event -> state: completed, rfc23_state: completed). The connection protocol works as before (event -> state: active, rfc23_state: completed).

PaulWen (Fri, 04 Feb 2022 11:48:08 GMT):

Hi, does anyone know if it is possible to send a connectionless proof request to an AcaPy acting as a holder?
This is the connectionless proof request I want to be answered by an AcaPy:
 
```{
  "@id": "65fa4a74-0f44-47b4-9358-c946048860f8",
  "@type": "did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/present-proof/1.0/request-presentation",
  "request_presentations~attach": [
    {
      "@id": "libindy-request-presentation-0",
      "mime-type": "application/json",
      "data": {
        "base64": "eyJ2ZXJzaW9uIjogIjAuMiIsICJuYW1lIjogIk1hc3RlcklEK01pdGFyYmVpdGVyIiwgInJlcXVlc3RlZF9hdHRyaWJ1dGVzIjogeyJhdHRyR3JwXzAiOiB7Im5hbWVzIjogWyJhZGRyZXNzU3RyZWV0IiwgImFkZHJlc3NDb3VudHJ5IiwgImFkZHJlc3NDaXR5IiwgImFkZHJlc3NaaXBDb2RlIiwgImZhbWlseU5hbWUiLCAiZmlyc3ROYW1lIiwgImJpcnRoTmFtZSJdLCAicmVzdHJpY3Rpb25zIjogW3siY3JlZF9kZWZfaWQiOiAiQmRyaVdFYVRxZTFMZXdOSGJCYlRTWjozOkNMOjE2NTptYXN0ZXJJRCJ9XX0sICJhdHRyR3JwXzEiOiB7Im5hbWVzIjogWyJtaXRhcmJlaXRlcm5yIl0sICJyZXN0cmljdGlvbnMiOiBbeyJjcmVkX2RlZl9pZCI6ICJMMXl3QkxTdjVaMVRIeWlkRTN2Y28yOjM6Q0w6ODUzOk1pdGFyYmVpdGVyYXVzd2Vpc19NSSJ9XX0sICJzZWxmQXR0ZXN0ZWRfMCI6IHsibmFtZSI6ICJTdGV1ZXJudW1tZXIiLCAicmVzdHJpY3Rpb25zIjogW119fSwgInJlcXVlc3RlZF9wcmVkaWNhdGVzIjoge30sICJub25jZSI6ICIyMzc3ODkxOTkyOTk5NDI5NTEyNTg2OTQifQ=="
      }
    }
  ],
  "comment": "this is a comment",
  "~service": {
    "recipientKeys": [
      "BNARZdFXKaDmokXqHPLwHWHK7ZnnbRNS85nQJQ5JiKiT"
    ],
    "routingKeys": null,
    "serviceEndpoint": "https://musterhausen.institutional-agent.lissi.id/didcomm/"
  }
}```

I am kind of missing a POST /present-proof/receive endpoint :sweat_smile:

PaulWen (Fri, 04 Feb 2022 11:48:08 GMT):

Hi, does anyone know if it is possible to send a connectionless proof request to an AcaPy acting as a holder?
This is the connectionless proof request I want to be answered by an AcaPy:
 
```{
  "@id": "65fa4a74-0f44-47b4-9358-c946048860f8",
  "@type": "did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/present-proof/1.0/request-presentation",
  "request_presentations~attach": [
    {
      "@id": "libindy-request-presentation-0",
      "mime-type": "application/json",
      "data": {
        "base64": "eyJ2ZXJzaW9uIjogIjAuMiIsICJuYW1lIjogIk1hc3RlcklEK01pdGFyYmVpdGVyIiwgInJlcXVlc3RlZF9hdHRyaWJ1dGVzIjogeyJhdHRyR3JwXzAiOiB7Im5hbWVzIjogWyJhZGRyZXNzU3RyZWV0IiwgImFkZHJlc3NDb3VudHJ5IiwgImFkZHJlc3NDaXR5IiwgImFkZHJlc3NaaXBDb2RlIiwgImZhbWlseU5hbWUiLCAiZmlyc3ROYW1lIiwgImJpcnRoTmFtZSJdLCAicmVzdHJpY3Rpb25zIjogW3siY3JlZF9kZWZfaWQiOiAiQmRyaVdFYVRxZTFMZXdOSGJCYlRTWjozOkNMOjE2NTptYXN0ZXJJRCJ9XX0sICJhdHRyR3JwXzEiOiB7Im5hbWVzIjogWyJtaXRhcmJlaXRlcm5yIl0sICJyZXN0cmljdGlvbnMiOiBbeyJjcmVkX2RlZl9pZCI6ICJMMXl3QkxTdjVaMVRIeWlkRTN2Y28yOjM6Q0w6ODUzOk1pdGFyYmVpdGVyYXVzd2Vpc19NSSJ9XX0sICJzZWxmQXR0ZXN0ZWRfMCI6IHsibmFtZSI6ICJTdGV1ZXJudW1tZXIiLCAicmVzdHJpY3Rpb25zIjogW119fSwgInJlcXVlc3RlZF9wcmVkaWNhdGVzIjoge30sICJub25jZSI6ICIyMzc3ODkxOTkyOTk5NDI5NTEyNTg2OTQifQ=="
      }
    }
  ],
  "comment": "this is a comment",
  "~service": {
    "recipientKeys": [
      "BNARZdFXKaDmokXqHPLwHWHK7ZnnbRNS85nQJQ5JiKiT"
    ],
    "routingKeys": null,
    "serviceEndpoint": "https://musterhausen.institutional-agent.lissi.id/didcomm/"
  }
}```

I am kind of missing a `POST /present-proof/receive` endpoint :sweat_smile:

etschelp (Fri, 04 Feb 2022 12:25:17 GMT):

anyone correct me if i'm wrong, but the only way that i see to do this directly via the rest api is to receive an oob invitation with the presentation request added as an attachment.

swcurran (Fri, 04 Feb 2022 15:55:05 GMT):

So it sounds like things are working properly?

etschelp (Fri, 04 Feb 2022 16:02:08 GMT):

no, what i meant is that only connections that are created with the did exchange protocol have the wrong state.

swcurran (Fri, 04 Feb 2022 16:10:08 GMT):

OK -- let's get this fixed.  Over to @shaanjot.gill .

swcurran (Fri, 04 Feb 2022 16:10:10 GMT):

Thanks!

shaanjot.gill (Fri, 04 Feb 2022 16:13:19 GMT):

I will put in a PR for this today, I believe I can use `ConnRecord connection_protocol` attribute to return the correct state accordingly.

swcurran (Fri, 04 Feb 2022 20:02:17 GMT):

@andrew.whitehead -- can you please take a look at this?  I vaguely recall ACA-Py does not support this, but don't recall the reason.  The OOB message would have to come in from the controller -- it could receive it on a public end-point, but once the controller has it, can it be processed?  Should it be possible?

angmunoz (Fri, 04 Feb 2022 23:22:58 GMT):

Hi everyone! I'm working on getting connectionless credential and proof working by following this blog: https://ldej.nl/post/building-an-acapy-controller-accounts/
I've been able generate a qr code and seems like the wallet (mainly Trinsic, but also testing with Lissi) however I get an error on both

1) For connectionless credential I'm able to scan the QR code and see the credential, however when I try to accept it I just get a "Something went wrong, our developers are working on this" error. Below is the structure I'm sending (base64URL encoded after the d_m param)
`{
	"comment": "Connectionless Credential test",
	"credential_preview": {
		"attributes": [{
			"name": "name",
			"value": "Jane",
			"mime-type": null
		}, {
			"name": "age",
			"value": "Doe",
			"mime-type": null
		}],
		"@type": "issue-credential/2.0/credential-proposal"
	},
	"offers~attach": [{
		"@id": "libindy-cred-offer-0",
		"mime-type": "application/json",
		"data": {
			"base64": "..."
		}
	}],
	"~service": {
		"recipientKeys": ["..."],
		"routingKeys": null,
		"serviceEndpoint": "..."
	},
	"@type": "did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/issue-credential/1.0/offer-credential"
}`

2) For connectionless proof, after I scan the QR code I get a "Invalid Proof Request: Something went wrong while trying to display the Proof Request". Below is the structure I'm appending the same way as with the credential

`{
	"@id": "...",
	"@type": "did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/present-proof/1.0/request-presentation",
	"request_presentations~attach": [{
		"@id": "libindy-request-presentation-0",
		"mime-type": "application/json",
		"data": {
			"base64": "..."
		}
	}],
	"~service": {
		"recipientKeys": ["..."],
		"routingKeys": null,
		"serviceEndpoint": "..."
	}
}`

To me it seems like there's something wrong with the proof structure, for the credential I'm running out of ideas on what to try as the error is not very descriptive.

has someone seen similar issues?

angmunoz (Fri, 04 Feb 2022 23:22:58 GMT):

Hi everyone! I'm working on getting connectionless credential and proof working by following this blog: https://ldej.nl/post/building-an-acapy-controller-accounts/
I've been able generate a qr code and seems like the wallet (mainly Trinsic, but also testing with Lissi) recognizes both credential and proof, however I get an error on both

1) For connectionless credential I'm able to scan the QR code and see the credential, however when I try to accept it I just get a "Something went wrong, our developers are working on this" error. Below is the structure I'm sending (base64URL encoded after the d_m param)
`{
	"comment": "Connectionless Credential test",
	"credential_preview": {
		"attributes": [{
			"name": "name",
			"value": "Jane",
			"mime-type": null
		}, {
			"name": "age",
			"value": "Doe",
			"mime-type": null
		}],
		"@type": "issue-credential/2.0/credential-proposal"
	},
	"offers~attach": [{
		"@id": "libindy-cred-offer-0",
		"mime-type": "application/json",
		"data": {
			"base64": "..."
		}
	}],
	"~service": {
		"recipientKeys": ["..."],
		"routingKeys": null,
		"serviceEndpoint": "..."
	},
	"@type": "did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/issue-credential/1.0/offer-credential"
}`

2) For connectionless proof, after I scan the QR code I get a "Invalid Proof Request: Something went wrong while trying to display the Proof Request". Below is the structure I'm appending the same way as with the credential

`{
	"@id": "...",
	"@type": "did:sov:BzCbsNYhMrjHiqZDTUASHg;spec/present-proof/1.0/request-presentation",
	"request_presentations~attach": [{
		"@id": "libindy-request-presentation-0",
		"mime-type": "application/json",
		"data": {
			"base64": "..."
		}
	}],
	"~service": {
		"recipientKeys": ["..."],
		"routingKeys": null,
		"serviceEndpoint": "..."
	}
}`

To me it seems like there's something wrong with the proof structure, for the credential I'm running out of ideas on what to try as the error is not very descriptive.

has someone seen similar issues?

swcurran (Fri, 04 Feb 2022 23:28:44 GMT):

Not sure what the issue is, but have you looked at the Alice/Faber demo?  It now has connectionless proof built-in.  

Here is the PR that was added to support that, so focuses on the specific controller changes to enable connectionless proofs.

https://github.com/hyperledger/aries-cloudagent-python/pull/1395

PaulWen (Sat, 05 Feb 2022 05:56:56 GMT):

With regards to the connectionless proof request the structure looks fine to me.

Maybe, something is wrong with the base64 encoded presentation request? Or maybe, the service endpoint can not be reached by the wallet?

etschelp (Mon, 07 Feb 2022 09:06:59 GMT):

It also could be something trivial like being on different ledgers. I never got the connectionless credential part to work either. If I remember correctly trinsic was sending an illegal request to aca-py. I never investigated further ,but I think it was illegal to aca-py because the request did not match any pre-existing connection. What works in the scope of aca-py are oob invitations with the credential-offer added  as an attachment, but I do not think any wallet app can handle that atm.

sebastian (Mon, 07 Feb 2022 09:08:58 GMT):

Has joined the channel.

sebastian (Mon, 07 Feb 2022 09:08:59 GMT):

`@type": "issue-credential/2.0/credential-proposal"` v2 is not supported yet

swcurran (Mon, 07 Feb 2022 22:58:18 GMT):

*ACA-Pug Meeting -- Special Start Time and Shorter Meeting: 8:30 Pacific / 17:30 CET for 30 Minutes
*
Join us for the ACA-Py User Group this Tuesday (Feb. 8) at 8:30AM Pacific (16:30 UTC / 17:30 CET) for a 30 minute meeting.

:new: NEW Zoom link: https://zoom.us/j/99220079317?pwd=OHk0U05ITnBkSmZ0aXlIQzFDYWg3UT09

Link to meeting agenda page: https://wiki.hyperledger.org/display/ARIES/2022-02-08+Aries+Cloud+Agent+-+Python+Users+Group+Community+Meeting

Everyone is welcome!

Topics:

- Review of PRs and Issues
- An update on AIP 2.0, ACA-Py 1.0.0 and Aries Askar

ffendt (Tue, 08 Feb 2022 08:40:37 GMT):

Sorry, I totally missed this conversation. Thanks for your help and the quick fix

deas (Tue, 08 Feb 2022 16:56:13 GMT):

I'm trying to revisit the faber/alice demos using aca-py and von-network (Docker), and I'm having a tough time. When I start up the agent, I get an inability to connect to the von-network (or to load genesis transactions). The agent always prints *host.docker.internal* as the agent endpoint after it checks for ngrok tunnels when starting up. I've tried (and failed) at modifying IPs with a .env, but no luck. I'm sure this is something simple. Anybody have an idea of what I'm doing wrong? I cloned down von-network and aca-py repos fresh and started from that (and removed old images in Docker before building / starting).

ianco (Wed, 09 Feb 2022 00:30:27 GMT):

What platform are you running on?  I don't think `host.docker.internal` works everywhere ...

deas (Wed, 09 Feb 2022 00:34:13 GMT):

I'm on macOS (latest - Monterey 12.2).

ianco (Wed, 09 Feb 2022 00:38:21 GMT):

Hmmm it should work then, that's the same platform as me

ianco (Wed, 09 Feb 2022 00:38:38 GMT):

Can you post the exact set of commands you're running?

deas (Wed, 09 Feb 2022 19:19:34 GMT):

Sure, no problem. I'll try it again and copy the commands out.

deas (Wed, 09 Feb 2022 19:30:14 GMT):

From a new directory, I do the following.

`git clone https://github.com/bcgov/von-network.git`

`git clone https://github.com/hyperledger/aries-cloudagent-python.git`

`cd von-network`

`./manage build`

`./manage up`

`cd ../aries-cloudagent-python/demo`

`./run_demo faber`

Everything goes according to plan until this step, at which point I get this output.

``` Preparing agent image...
sha256:4372c316ffb2b374cdfc8ba5f7aea1853741332b4c4d926e8761b7d2fca6c5c6
Trying to detect ngrok service endpoint
ngrok not detected for agent endpoint
host.docker.internal
Starting [faber] agent with args [--port 8020]
ERROR:runners.support.agent:Error loading genesis transactions:
Traceback (most recent call last):
  File "/home/indy/demo/runners/support/agent.py", line 97, in default_genesis_txns
    f"http://{DEFAULT_EXTERNAL_HOST}:9000/genesis"
  File "/home/indy/.pyenv/versions/3.6.13/lib/python3.6/site-packages/aiohttp/client.py", line 1138, in __aenter__
    self._resp = await self._coro
  File "/home/indy/.pyenv/versions/3.6.13/lib/python3.6/site-packages/aiohttp/client.py", line 559, in _request
    await resp.start(conn)
  File "/home/indy/.pyenv/versions/3.6.13/lib/python3.6/site-packages/aiohttp/client_reqrep.py", line 898, in start
    message, payload = await protocol.read()  # type: ignore[union-attr]
  File "/home/indy/.pyenv/versions/3.6.13/lib/python3.6/site-packages/aiohttp/streams.py", line 616, in read
    await self._waiter
aiohttp.client_exceptions.ServerDisconnectedError: Server disconnected
Error retrieving ledger genesis transactions```

deas (Wed, 09 Feb 2022 19:32:06 GMT):

Also, in case it matters, running `docker --version` gives me `Docker version 20.10.11, build dea9396`.

ianco (Wed, 09 Feb 2022 21:08:28 GMT):

ok I'll nuke my containers and give this a try (I'm the same OS and have the same docker version)

ianco (Wed, 09 Feb 2022 21:18:33 GMT):

... in the meantime, you can confirm that everything is running as it should:

ianco (Wed, 09 Feb 2022 21:18:45 GMT):

Try opening http://localhost:9000/genesis in a browser

ianco (Wed, 09 Feb 2022 21:20:40 GMT):

Also try running von-network as `./manage up --logs` and then start up the faber demo in a separate shell (von-network will be ready to go when you see something like `webserver_1  | 2022-02-09 21:20:02,978|DEBUG|anchor.py|Finished resync` in the logs

ianco (Wed, 09 Feb 2022 21:20:40 GMT):

Also try running von-network as `./manage up --logs` and then start up the faber demo in a separate shell (von-network will be ready to go when you see something like `webserver_1  | 2022-02-09 21:20:02,978|DEBUG|anchor.py|Finished resync` in the logs)

deas (Wed, 09 Feb 2022 22:06:52 GMT):

Yup. Ok. So I got `webserver_1  | 2022-02-09 22:02:08,269|DEBUG|anchor.py|Finished resync` as expected. I can hit http://localhost:9000 (and http://localhost:9000/genesis) in the browser no problem. I see the following - note the `host.docker.internal` in there:

```
{"reqSignature":{},"txn":{"data":{"data":{"alias":"Node1","blskey":"4N8aUNHSgjQVgkpm8nhNEfDf6txHznoYREg9kirmJrkivgL4oSEimFF6nsQ6M41QvhM2Z33nves5vfSn9n1UwNFJBYtWVnHYMATn76vLuL3zU88KyeAYcHfsih3He6UHcXDxcaecHVz6jhCYz1P2UZn2bDVruL5wXpehgBfBaLKm3Ba","blskey_pop":"RahHYiCvoNCtPTrVtP7nMC5eTYrsUA8WjXbdhNc8debh1agE9bGiJxWBXYNFbnJXoXhWFMvyqhqhRoq737YQemH5ik9oL7R4NTTCz2LEZhkgLJzB3QRQqJyBNyv7acbdHrAT8nQ9UkLbaVL9NBpnWXBTw4LEMePaSHEw66RzPNdAX1","client_ip":"host.docker.internal","client_port":9702,"node_ip":"host.docker.internal","node_port":9701,"services":["VALIDATOR"]},"dest":"Gw6pDLhcBcoQesN72qfotTgFa7cbuqZpkX3Xo6pLhPhv"},"metadata":{"from":"Th7MpTaRZVRYnPiabds81Y"},"type":"0"},"txnMetadata":{"seqNo":1,"txnId":"fea82e10e894419fe2bea7d96296a6d46f50f93f9eeda954ec461b2ed2950b62"},"ver":"1"}
{"reqSignature":{},"txn":{"data":{"data":{"alias":"Node2","blskey":"37rAPpXVoxzKhz7d9gkUe52XuXryuLXoM6P6LbWDB7LSbG62Lsb33sfG7zqS8TK1MXwuCHj1FKNzVpsnafmqLG1vXN88rt38mNFs9TENzm4QHdBzsvCuoBnPH7rpYYDo9DZNJePaDvRvqJKByCabubJz3XXKbEeshzpz4Ma5QYpJqjk","blskey_pop":"Qr658mWZ2YC8JXGXwMDQTzuZCWF7NK9EwxphGmcBvCh6ybUuLxbG65nsX4JvD4SPNtkJ2w9ug1yLTj6fgmuDg41TgECXjLCij3RMsV8CwewBVgVN67wsA45DFWvqvLtu4rjNnE9JbdFTc1Z4WCPA3Xan44K1HoHAq9EVeaRYs8zoF5","client_ip":"host.docker.internal","client_port":9704,"node_ip":"host.docker.internal","node_port":9703,"services":["VALIDATOR"]},"dest":"8ECVSk179mjsjKRLWiQtssMLgp6EPhWXtaYyStWPSGAb"},"metadata":{"from":"EbP4aYNeTHL6q385GuVpRV"},"type":"0"},"txnMetadata":{"seqNo":2,"txnId":"1ac8aece2a18ced660fef8694b61aac3af08ba875ce3026a160acbc3a3af35fc"},"ver":"1"}
{"reqSignature":{},"txn":{"data":{"data":{"alias":"Node3","blskey":"3WFpdbg7C5cnLYZwFZevJqhubkFALBfCBBok15GdrKMUhUjGsk3jV6QKj6MZgEubF7oqCafxNdkm7eswgA4sdKTRc82tLGzZBd6vNqU8dupzup6uYUf32KTHTPQbuUM8Yk4QFXjEf2Usu2TJcNkdgpyeUSX42u5LqdDDpNSWUK5deC5","blskey_pop":"QwDeb2CkNSx6r8QC8vGQK3GRv7Yndn84TGNijX8YXHPiagXajyfTjoR87rXUu4G4QLk2cF8NNyqWiYMus1623dELWwx57rLCFqGh7N4ZRbGDRP4fnVcaKg1BcUxQ866Ven4gw8y4N56S5HzxXNBZtLYmhGHvDtk6PFkFwCvxYrNYjh","client_ip":"host.docker.internal","client_port":9706,"node_ip":"host.docker.internal","node_port":9705,"services":["VALIDATOR"]},"dest":"DKVxG2fXXTU8yT5N7hGEbXB3dfdAnYv1JczDUHpmDxya"},"metadata":{"from":"4cU41vWW82ArfxJxHkzXPG"},"type":"0"},"txnMetadata":{"seqNo":3,"txnId":"7e9f355dffa78ed24668f0e0e369fd8c224076571c51e2ea8be5f26479edebe4"},"ver":"1"}
{"reqSignature":{},"txn":{"data":{"data":{"alias":"Node4","blskey":"2zN3bHM1m4rLz54MJHYSwvqzPchYp8jkHswveCLAEJVcX6Mm1wHQD1SkPYMzUDTZvWvhuE6VNAkK3KxVeEmsanSmvjVkReDeBEMxeDaayjcZjFGPydyey1qxBHmTvAnBKoPydvuTAqx5f7YNNRAdeLmUi99gERUU7TD8KfAa6MpQ9bw","blskey_pop":"RPLagxaR5xdimFzwmzYnz4ZhWtYQEj8iR5ZU53T2gitPCyCHQneUn2Huc4oeLd2B2HzkGnjAff4hWTJT6C7qHYB1Mv2wU5iHHGFWkhnTX9WsEAbunJCV2qcaXScKj4tTfvdDKfLiVuU2av6hbsMztirRze7LvYBkRHV3tGwyCptsrP","client_ip":"host.docker.internal","client_port":9708,"node_ip":"host.docker.internal","node_port":9707,"services":["VALIDATOR"]},"dest":"4PS3EDQ3dW1tci1Bp6543CfuuebjFrg36kLAUcskGfaA"},"metadata":{"from":"TWwCRQRZ2ZHMJFn9TzLp7W"},"type":"0"},"txnMetadata":{"seqNo":4,"txnId":"aa5e817d7cc626170eca175822029339a444eb0ee8f0bd20d3b0b76e566fb008"},"ver":"1"}
```

Still get that error for the agent.

ianco (Wed, 09 Feb 2022 22:14:07 GMT):

Weird, it should be an IP, however it looks the same on my local and the faber agent starts up ok

ianco (Wed, 09 Feb 2022 22:14:22 GMT):



ianco - Wed Feb 09 2022 14:14:14 GMT-0800 (Pacific Standard Time).txt

ianco (Wed, 09 Feb 2022 22:15:09 GMT):

Try startin gup von-network and overriding the IP

ianco (Wed, 09 Feb 2022 22:15:09 GMT):

Try starting up von-network and overriding the IP

ianco (Wed, 09 Feb 2022 22:15:22 GMT):

`./manage start  --logs`

ianco (Wed, 09 Feb 2022 22:15:40 GMT):

for the IP, see if you can get the internal IP used by the docker network

ianco (Wed, 09 Feb 2022 22:17:21 GMT):

`docker run --rm --net=host eclipse/che-ip`

ianco (Wed, 09 Feb 2022 22:17:48 GMT):

for example this gives me `./manage start 192.168.65.3 --logs`

ianco (Wed, 09 Feb 2022 22:19:25 GMT):

... and then faber gets genesis transactions with the IP instead of `host.docker`

deas (Wed, 09 Feb 2022 22:29:36 GMT):

^ I'll try this a little later on tonight!

brian.richter (Wed, 09 Feb 2022 22:31:06 GMT):

does anybody know of a JSON Schema that can validate inputs into `/present-proof-2.0/create-?request`

brian.richter (Wed, 09 Feb 2022 22:31:06 GMT):

does anybody know of a JSON Schema that can validate inputs into `/present-proof-2.0/create-request`?

ianco (Wed, 09 Feb 2022 22:50:31 GMT):

Also make sure to un-check "Use Docker Compose V2" (not sure if this is an issue here) - see https://github.com/bcgov/von-network#von-network-quick-start-guide

deas (Thu, 10 Feb 2022 01:44:11 GMT):



dcv2.png

deas (Thu, 10 Feb 2022 01:49:03 GMT):

Use Docker Compose V2 is unchecked (screenshot above). Ran `von-network` overriding the IP. (I got the same IP you did - 192.163.65.3.) I can see in the genesis file (http://localhost:9000/genesis) that the `host.docker.internal` is replaced by `192.163.65.3`, so that seems like progress.... _but_  I get the same error from the aca-py agent. It's printing `host.docker.internal` as the agent endpoint right after checking for ngrok tunnels. It's like it doesn't pick up on the change from VON.

ianco (Thu, 10 Feb 2022 02:24:42 GMT):

von-network and the faber demo are two different things, overriding the IP in von-network fixes the genesis transactions, but it sounds like your system isn't recognizing the docker host for some reason

ianco (Thu, 10 Feb 2022 02:24:46 GMT):

try this to run faber:

ianco (Thu, 10 Feb 2022 02:25:09 GMT):

`DOCKERHOST=192.168.65.3 ./run_demo faber`

ianco (Thu, 10 Feb 2022 02:34:51 GMT):

Ah ok for me this just hangs up for some reason

ianco (Thu, 10 Feb 2022 02:35:00 GMT):

I'll take another look in the morning

deas (Thu, 10 Feb 2022 05:58:37 GMT):

I realized that I was running in `zsh` and that pieces of this are explicitly written for `bash`, so I swapped shells. No change. (I set DOCKERHOST in one command, echo'd it to make sure it "took", then launched an agent in a standalone command.)

I also noticed that the `run_demo` script makes use of this: https://github.com/bcgov/DITP-DevOps/blob/main/code/snippets/getDockerHost which seems very related. :thinking_face: 

```
if [ ! -z "$DOCKERHOST" ]; then
  # provided via APPLICATION_URL environment variable
  export RUNMODE="docker"
elif [ -z "${PWD_HOST_FQDN}" ]; then
  # getDockerHost; for details refer to https://github.com/bcgov/DITP-DevOps/tree/main/code/snippets#getdockerhost
  . /dev/stdin <<<"$(cat <(curl -s --raw https://raw.githubusercontent.com/bcgov/DITP-DevOps/main/code/snippets/getDockerHost))"
  export DOCKERHOST=$(getDockerHost)
  export RUNMODE="docker"
```

kalyankonda (Thu, 10 Feb 2022 07:06:55 GMT):

Has joined the channel.

kalyankonda (Thu, 10 Feb 2022 07:13:10 GMT):

Hello, We are planning to migrate: 1. From Aries agent version 5.6 ti 7.3 (which I belive it latest stable one), 2. Migrate APIs from 1.0 to 2.0 APIs (in our controller). Before we proceed for impact analysis and analysis of required changes, I would like to check with forum here if somebody is already done this analysis and done above two migrations. Is there any guide/material exists already. Any references/pointers will save our time.

We have migrated agent to 7.3 without any issues/changes from our controller as agent is providing backward compatability. As of now, we are continueing with 1.0 APIs in our controller. Now, we are planning to migrate to 2.0 APIs. Our agent acts as both Issuer and Verifer. Currenly, we are using Trinsic as Holder wallet.

ianco (Thu, 10 Feb 2022 14:15:52 GMT):

`docker.host.internal` *should* work on your platform.  I did a google search and found this thread, can you review and see if any of it applies to you?  It's pretty old unfortunately ...

ianco (Thu, 10 Feb 2022 14:16:04 GMT):

https://github.com/docker/for-mac/issues/2965

WadeBarnes (Thu, 10 Feb 2022 16:44:45 GMT):

@deas, Try running `von-network` using `./manage start  --logs`, but use the IP address of your machine.  The Docker host IP address won't work due to changes with how docker networking works.

WadeBarnes (Thu, 10 Feb 2022 16:45:54 GMT):

Additional details on the changes made to `von-network` and several of the other demos;
https://github.com/bcgov/von-network/pull/188

WadeBarnes (Thu, 10 Feb 2022 16:46:15 GMT):

https://github.com/bcgov/von-network/pull/189

WadeBarnes (Thu, 10 Feb 2022 16:47:38 GMT):

I see you already found the related code snippet describing the issue.

ianco (Thu, 10 Feb 2022 16:48:29 GMT):

Thanks @WadeBarnes !!!

deas (Thu, 10 Feb 2022 20:18:43 GMT):

Thank you @ianco and @WadeBarnes for your help! 

I've tried running `von-network` with my actual IP. Works as you'd expect; I see my IP present in the genesis file served on port 9000. Unfortunately, the aca-py demo still attempts to use `host.docker.internal` and halts immediately upon launch. :cry: I guess I'll try to figure out how to work around that if I get an opportunity to dig further. Bummer!

WadeBarnes (Thu, 10 Feb 2022 21:31:41 GMT):

If both `von-network` and the aca-py demo are using `host.docker.internal` the demo should work.

WadeBarnes (Thu, 10 Feb 2022 21:40:37 GMT):

Or you could run the `faber` demo on your machine's IP like so; `APPLICATION_URL= ./run_demo faber`

WadeBarnes (Thu, 10 Feb 2022 21:41:27 GMT):

The script the does the lookup for the DockerHostIP allows you to override the value with `APPLICATION_URL`.

deas (Thu, 10 Feb 2022 21:42:04 GMT):

I'll give that a try!

WadeBarnes (Thu, 10 Feb 2022 21:43:27 GMT):

Make sure to run both `von-network` and the demo with your machine's IP.

deas (Thu, 10 Feb 2022 21:46:11 GMT):

Ok - I just tried. The agent printed out the IP I handed it as the `APPLICATION_URL` (yay). But I'm still getting the same error on attempted start. Maybe I'm troubleshooting the wrong problem?

```
aries-cloudagent-python/demo git:main
❯ APPLICATION_URL=[redacted IP] ./run_demo faber
Preparing agent image...
sha256:4372c316ffb2b374cdfc8ba5f7aea1853741332b4c4d926e8761b7d2fca6c5c6
Trying to detect ngrok service endpoint
ngrok not detected for agent endpoint
[redacted IP]
Starting [faber] agent with args [--port 8020]
ERROR:runners.support.agent:Error loading genesis transactions:
Traceback (most recent call last):
  File "/home/indy/demo/runners/support/agent.py", line 97, in default_genesis_txns
    f"http://{DEFAULT_EXTERNAL_HOST}:9000/genesis"
  File "/home/indy/.pyenv/versions/3.6.13/lib/python3.6/site-packages/aiohttp/client.py", line 1138, in __aenter__
    self._resp = await self._coro
  File "/home/indy/.pyenv/versions/3.6.13/lib/python3.6/site-packages/aiohttp/client.py", line 559, in _request
    await resp.start(conn)
  File "/home/indy/.pyenv/versions/3.6.13/lib/python3.6/site-packages/aiohttp/client_reqrep.py", line 898, in start
    message, payload = await protocol.read()  # type: ignore[union-attr]
  File "/home/indy/.pyenv/versions/3.6.13/lib/python3.6/site-packages/aiohttp/streams.py", line 616, in read
    await self._waiter
aiohttp.client_exceptions.ServerDisconnectedError: Server disconnected
Error retrieving ledger genesis transactions
```

WadeBarnes (Thu, 10 Feb 2022 21:46:20 GMT):

When I start both up on the default `host.docker.internal` I get the same message from ngrok:
```
Trying to detect ngrok service endpoint
ngrok not detected for agent endpoint
host.docker.internal
```

WadeBarnes (Thu, 10 Feb 2022 21:46:34 GMT):

But I don't get any error and the demo start up.

deas (Thu, 10 Feb 2022 21:46:42 GMT):

Let me revert to using `host.docker.internal` for both just as a sanity check.

deas (Thu, 10 Feb 2022 21:48:28 GMT):

Same error. One more sanity check - I'll stop explicitly supplying an IP for both and see what happens.

deas (Thu, 10 Feb 2022 21:53:09 GMT):

Still same error.

WadeBarnes (Thu, 10 Feb 2022 21:55:57 GMT):

Latest from both repositories and no modifications?

deas (Thu, 10 Feb 2022 21:57:32 GMT):

Yes to both. Cloned them down fresh. Just double checked with a `git status`. Starting to believe my system is just haunted. Is it worth attempting to set `DEFAULT_EXTERNAL_HOST` before running the demo agent? That's part of the Python f-string that is in the error I get.

WadeBarnes (Thu, 10 Feb 2022 21:58:05 GMT):

Based on your tests so far I'd say the issue has nothing to do with the use of `host.docker.internal`.  There is something else at play.

WadeBarnes (Thu, 10 Feb 2022 22:00:23 GMT):

`DEFAULT_EXTERNAL_HOST` so be set automatically by the code to the correct address.

WadeBarnes (Thu, 10 Feb 2022 22:00:23 GMT):

`DEFAULT_EXTERNAL_HOST` should be set automatically by the code to the correct address.

WadeBarnes (Thu, 10 Feb 2022 22:03:59 GMT):

Run `docker image ls faber-alice-demo`.  When was the image last built?

deas (Thu, 10 Feb 2022 22:04:35 GMT):

```REPOSITORY         TAG       IMAGE ID       CREATED        SIZE
faber-alice-demo   latest    4372c316ffb2   27 hours ago   587MB```

deas (Thu, 10 Feb 2022 22:11:35 GMT):

I just tried running the demo agent with LEDGER_URL=http://dev.greenlight.bcovrin.vonx.io and it started up normally.

ianco (Thu, 10 Feb 2022 22:17:30 GMT):

:+1:

WadeBarnes (Thu, 10 Feb 2022 22:20:07 GMT):

If you edit the `run_demo` and change line 250+ to look like this:
```
echo $DOCKER run --name $AGENT --rm -it ${DOCKER_OPTS} \
  --network=${DOCKER_NET} \
  -p 0.0.0.0:$AGENT_PORT_RANGE:$AGENT_PORT_RANGE \
  ${DOCKER_VOL} \
  $DOCKER_ENV \
  faber-alice-demo $AGENT_MODULE --port $AGENT_PORT $ARGS
```
Just adding `echo` to the beginning.  What do you get for output?

WadeBarnes (Thu, 10 Feb 2022 22:20:21 GMT):

I get this:
```
winpty docker run --name faber --rm -it --network=bridge -p 0.0.0.0:8020-8029:8020-8029 -e LOG_LEVEL= -e RUNMODE=docker -e DOCKERHOST=host.docker.internal -e AGENT_PORT=8020 -e TRACE_TARGET=log -e TRACE_TAG=acapy.events -e TRACE_ENABLED= faber-alice-demo faber --port 8020
```

WadeBarnes (Thu, 10 Feb 2022 22:21:15 GMT):

Also check `docker network ls` to make sure you have a network called bridge.
```
$ docker network ls
NETWORK ID     NAME                                 DRIVER    SCOPE
81c9e2560988   bridge                               bridge    local
```

deas (Thu, 10 Feb 2022 22:24:45 GMT):

I do see a network called `bridge`. Running the `echo`-modified script, I get this:
```
docker run --name faber --rm -it --network=bridge -p 0.0.0.0:8020-8029:8020-8029 -e LOG_LEVEL= -e RUNMODE=docker -e DOCKERHOST=host.docker.internal -e AGENT_PORT=8020 -e TRACE_TARGET=log -e TRACE_TAG=acapy.events -e TRACE_ENABLED= faber-alice-demo faber --port 8020
```

deas (Thu, 10 Feb 2022 22:27:00 GMT):

Actually, let me share the `docker network ls` output. I see something called `von_von` which references `bridge` too.
```
❯ docker network ls
NETWORK ID     NAME      DRIVER    SCOPE
197d5c917101   bridge    bridge    local
28bd0d44e678   host      host      local
c36dcedf0991   none      null      local
cd3946990f09   von_von   bridge    local
```

WadeBarnes (Thu, 10 Feb 2022 22:28:15 GMT):

`von_von` is created by `von-network`.  That's expected.

WadeBarnes (Thu, 10 Feb 2022 22:36:36 GMT):

If you want to debug connectivity a bit more ...

WadeBarnes (Thu, 10 Feb 2022 22:37:26 GMT):

Add these lines to the docker/dockerfile.demo file.

WadeBarnes (Thu, 10 Feb 2022 22:37:27 GMT):



Clipboard - February 10, 2022 2:37 PM

WadeBarnes (Thu, 10 Feb 2022 22:37:37 GMT):

```
USER root
RUN apt-get update -y && \
    apt-get install -y --no-install-recommends \
        curl
USER indy
```

WadeBarnes (Thu, 10 Feb 2022 22:38:12 GMT):

Use the ./run_demo script to get the new image built.

WadeBarnes (Thu, 10 Feb 2022 22:39:04 GMT):

If it starts, then good, the issue may have been old code.  If it fails then do the following:

WadeBarnes (Thu, 10 Feb 2022 22:39:16 GMT):

`docker run --rm --net bridge -it --entrypoint bash faber-alice-demo`

WadeBarnes (Thu, 10 Feb 2022 22:39:42 GMT):

This will open a bash shell in an instance of the image that was just built.

WadeBarnes (Thu, 10 Feb 2022 22:39:56 GMT):

run `curl http://host.docker.internal:9000/genesis`

WadeBarnes (Thu, 10 Feb 2022 22:40:31 GMT):

You should get back the genesis file from `von-network`.  If not we know there is a docker networking issue.

deas (Thu, 10 Feb 2022 22:41:40 GMT):

Wade thanks so much for helping with this - I feel bad for taking so much of your time. I'll give those steps a shot.

deas (Thu, 10 Feb 2022 22:55:22 GMT):

```❯ docker run --rm --net bridge -it --entrypoint bash faber-alice-demo
indy@28617ea74304:~$ curl host.docker.internal:9000/genesis
curl: (52) Empty reply from server
indy@28617ea74304:~$```

WadeBarnes (Thu, 10 Feb 2022 22:56:40 GMT):

Ok, you've confirmed a docker networking issue.

WadeBarnes (Thu, 10 Feb 2022 22:57:22 GMT):

The demo container can't reach the `von-network` containers.

WadeBarnes (Thu, 10 Feb 2022 22:57:39 GMT):

There is still the why to be figured out.

WadeBarnes (Thu, 10 Feb 2022 22:57:39 GMT):

There is still the "why" to be figured out.

WadeBarnes (Thu, 10 Feb 2022 22:59:07 GMT):

and you've already confirmed you can see the genesis file at http://localhost:9000/genesis

deas (Thu, 10 Feb 2022 23:00:05 GMT):

Ok - well, I'll see how I can move forward investigating. Thanks again for the help! (Still open to any ideas if you have them, but otherwise, since it's a Docker networking issue, I'll take it off of Hyperledger chat.)

WadeBarnes (Thu, 10 Feb 2022 23:01:03 GMT):

:thumbsup:

swcurran (Thu, 10 Feb 2022 23:28:13 GMT):

The big issue you will face AFAIK is that Trinisic is not yet supporting the 2.0 APIs for credential exchange.  @tomislav might be able to give you more info on that.

If you are continuing to use just AnonCreds, then the change should be pretty light.  I think what you want to do is add support in your controller for both and then use a feature flag or some logic to determine which you will initiate a new exchange. 

If you are going to the W3C VC format, there is a lot more to do.  ACA-Py has support for W3C VCs, but we have really only used them in test environments.  Once we had them implemented, we began to see challenges in trying to use them in a broader context and basically decided to stick to AnonCreds.  There were just too many unknowns and the loss of capabilities vs. AnonCreds was too much.  At this point, our efforts are focused on AnonCreds.  I'm not aware of any mobile apps that use W3C format VCs.

Back to anoncreds - a good place to look at code changes is to look at the Alice/Faber code which supports both models.  It provides a controller for supporting both models, with Faber as an issuer/verifier, Alice as a holder.

swcurran (Thu, 10 Feb 2022 23:29:14 GMT):

FYI -- there is lots of work going on in Aries Framework JavaScript and Aries Mobile Agent React Native to create mobile agents that support the 2.0 APIs.

swcurran (Thu, 10 Feb 2022 23:30:43 GMT):

BTW -- I'm interpreting your "2.0 APIs" to mean issue credential and present proof.  There are likewise paths for the other AIP 2.0 capabilities -- with OOB/DID Exchange being the most disruptive.

kalyankonda (Fri, 11 Feb 2022 01:35:33 GMT):

Thanks much @swcurran . Yes, initially, we wanted to go with AnonCreds only. Later, we will migrate to W3C Cred formats.

kalyankonda (Fri, 11 Feb 2022 01:38:51 GMT):

By any chance, do you aware of any github page or any developer guide which talks about two versions APIs mappings and different payload changes. I bileave, some people must have done this activity already and they must have provided some kind of document as reference for others. I have looked at ACA-Py github but didn't find any such material.

swcurran (Fri, 11 Feb 2022 14:50:50 GMT):

Sorry - I'm not aware of that.  Obviously the two APIs are document in the OpenAPI spec, but not the delta between the two.

brian.richter (Fri, 11 Feb 2022 17:00:52 GMT):

This is what I have so far.. I think the indy side is in pretty good shape but need to flesh out the dif side. Can anyone help me review and extend this? I think it would be a valuable artifact for many developers.
https://gist.github.com/brianorwhatever/96cef7458056d08af3a6f2a2c3acc676

kalyankonda (Sat, 12 Feb 2022 07:28:44 GMT):

:thumbsup:  Thank you.

ffendt (Tue, 15 Feb 2022 13:49:48 GMT):

Hi there, is this still the main chat of aries-cloudagent-python, or did you switch to discord (having problems logging in there from company network)? Just stumbled into [issue 1474](https://github.com/hyperledger/aries-cloudagent-python/issues/1474). @shaanjot.gill are you actually working on a fix?

swcurran (Tue, 15 Feb 2022 15:20:18 GMT):

Hyperledger is moving to Discord, so we're sort of split.  I'll make sure that @shaanjot.gill sees this note.

dmckay (Wed, 16 Feb 2022 15:12:33 GMT):

What is the recommended version of Postgres to use with Indy wallets in ACA-Py?  We are currently using 11 and we are seeing a return value error after creating the wallet database that is timing out the multitenant wallet creation call.  The database and wallet gets created and works fine.  I'm wondering if this is a minor difference in Postgres that is reflecting in the Libindy code's connection to ACA-Py?

dmckay (Wed, 16 Feb 2022 15:13:14 GMT):

It looks like the Business Partner Agent is using v12 of Postgres.

swcurran (Wed, 16 Feb 2022 23:28:24 GMT):

Pretty sure that all of our deployments are on Postgres 12.

swcurran (Fri, 18 Feb 2022 20:19:24 GMT):

*ACA-Pug Meeting -- Normal Start Time Meeting: 8:00 Pacific / 17:00 CET for 30 Minutes*

Join us for the ACA-Py User Group this Tuesday (Feb. 😎 at 8:00AM Pacific (16:00 UTC / 17:30 CET)

🆕 NEW Zoom link: https://zoom.us/j/99220079317?pwd=OHk0U05ITnBkSmZ0aXlIQzFDYWg3UT09

Link to meeting agenda page: https://wiki.hyperledger.org/display/ARIES/2022-02-08+Aries+Cloud+Agent+-+Python+Users+Group+Community+Meeting

Everyone is welcome!

*Great* Topics:

- Presentation on Aries Toolbox and how it uses ACA-Py
- Presentation on a tool for performance testing ACA-Py (with performance results...)

swcurran (Fri, 18 Feb 2022 20:19:24 GMT):

*ACA-Pug Meeting -- this Tuesday Normal Start Time Meeting: 8:00 Pacific / 17:00 CET for 30 Minutes*

Join us for the ACA-Py User Group this Tuesday (Feb. 22 at 8:00AM Pacific (16:00 UTC / 17:30 CET)

🆕 NEW Zoom link: https://zoom.us/j/99220079317?pwd=OHk0U05ITnBkSmZ0aXlIQzFDYWg3UT09

Link to meeting agenda page: https://wiki.hyperledger.org/display/ARIES/2022-02-22+Aries+Cloud+Agent+-+Python+Users+Group+Community+Meeting

Everyone is welcome!

*Great* Topics:

- Presentation on Aries Toolbox and how it uses ACA-Py
- Presentation on a tool for performance testing ACA-Py (with performance results...)

swcurran (Fri, 18 Feb 2022 20:19:24 GMT):

*ACA-Pug Meeting -- this Tuesday Normal Start Time Meeting: 8:00 Pacific / 17:00 CET for 30 Minutes*

Join us for the ACA-Py User Group this Tuesday (Feb. 22 at 8:00AM Pacific (16:00 UTC / 17:00 CET)

🆕 NEW Zoom link: https://zoom.us/j/99220079317?pwd=OHk0U05ITnBkSmZ0aXlIQzFDYWg3UT09

Link to meeting agenda page: https://wiki.hyperledger.org/display/ARIES/2022-02-22+Aries+Cloud+Agent+-+Python+Users+Group+Community+Meeting

Everyone is welcome!

*Great* Topics:

- Presentation on Aries Toolbox and how it uses ACA-Py
- Presentation on a tool for performance testing ACA-Py (with performance results...)

sauveergoel (Tue, 22 Feb 2022 17:43:32 GMT):

Hi, how can we create schema for a w3c credential?

sauveergoel (Tue, 22 Feb 2022 17:43:40 GMT):

@swcurran

sauveergoel (Tue, 22 Feb 2022 17:43:53 GMT):

@TimoGlastra

danielhardman (Tue, 22 Feb 2022 20:14:47 GMT):

A while back I posted a couple messages about the DIDComm User Group. We were trying to find a time when many could come.
Now I’m back with an update.
1. I wanted to share info about how to participate, for those that are interested (see below)
2. Even for those who are not interested, the CCG crowd may find it interesting to observe an organizational behavior experiment we are trying.
We were not able to find a time when a quorum of interested users could all come. All too busy… Therefore, we are trying something new and different. We call it an “UnSync”; see https://hackmd.io/@dhh1128/Sk5_Gb2J9. Those who’ve lived through the delta between a traditional conference and an RWOT or IIW “Unconference” know that meeting differently can be really awesome, if done right. We hope this idea yields similar benefits. We want people to put a meeting on their calendar, but show up to a Discord channel at any time convenient for them during a 12-hour block of time, once every two weeks. This gives the greater flexibility/convenience of async interactions, and also makes full hour meeting blocks unnecessary (we expect most can process the part of the meeting where they want to contribute in 15 min). However, it also avoids the pure async problem of enabling infinite procrastination, ensures a regular rhythm, and provides for an orderly processing of business. We’ll see how it goes.
Time of meeting: every 2 weeks on Wednesday, for 12 hours, beginning at 1100 UTC. That’s 2000 Tokyo / 1700 Delhi / 1200 Central Europe / 0600 Eastern / 0400 Pacific. If you make yourself an appointment, start it on 23 Feb 2022 to get the on/off weeks right.
The meeting is held on our Discord channel: https://discord.gg/eNN4Wns6Jb

danielhardman (Tue, 22 Feb 2022 20:14:47 GMT):

A while back I posted a couple messages about the DIDComm User Group. We were trying to find a time when many could come.
Now I’m back with an update.
1. I wanted to share info about how to participate, for those that are interested (see below)
2. Even for those who are not interested, this crowd may find it interesting to observe an organizational behavior experiment we are trying.
We were not able to find a time when a quorum of interested users could all come. All too busy… Therefore, we are trying something new and different. We call it an “UnSync”; see https://hackmd.io/@dhh1128/Sk5_Gb2J9. Those who’ve lived through the delta between a traditional conference and an RWOT or IIW “Unconference” know that meeting differently can be really awesome, if done right. We hope this idea yields similar benefits. We want people to put a meeting on their calendar, but show up to a Discord channel at any time convenient for them during a 12-hour block of time, once every two weeks. This gives the greater flexibility/convenience of async interactions, and also makes full hour meeting blocks unnecessary (we expect most can process the part of the meeting where they want to contribute in 15 min). However, it also avoids the pure async problem of enabling infinite procrastination, ensures a regular rhythm, and provides for an orderly processing of business. We’ll see how it goes.
Time of meeting: every 2 weeks on Wednesday, for 12 hours, beginning at 1100 UTC. That’s 2000 Tokyo / 1700 Delhi / 1200 Central Europe / 0600 Eastern / 0400 Pacific. If you make yourself an appointment, start it on 23 Feb 2022 to get the on/off weeks right.
The meeting is held on our Discord channel: https://discord.gg/eNN4Wns6Jb

aliyildiz (Mon, 07 Mar 2022 12:07:36 GMT):

Has joined the channel.

SheraliInamdar (Tue, 22 Mar 2022 08:35:39 GMT):

Has joined the channel.

SheraliInamdar (Tue, 22 Mar 2022 08:35:39 GMT):

hi

WadeBarnes (Tue, 22 Mar 2022 12:01:35 GMT):

@SheraliInamdar, this channel has moved to Discord; https://discord.gg/hyperledger/

rjones (Tue, 22 Mar 2022 19:54:04 GMT):



rjones (Tue, 22 Mar 2022 19:54:04 GMT):



rjones (Wed, 23 Mar 2022 17:22:35 GMT):