...
Call Recording:
<TO BE ADDED>https://zoom.us/rec/share/k3QdLe7zzh5SZcdqdoiCBCs2p1CCxcjer6Z1XsThJ709guqQgM4E2Xy3UiAzpi1w.g5kNpuo9JEtKi3gE
 |  |
Welcome, Introductions and Announcements
...
Wallet Interop SIG: [WISIG] Wallet Interoperability SIG
Tomorrow: Ayra Foundation (formerly GAN) – 8:00 Pacific / 17:00 Central Europe
Next Week: CA DMV Hackathon – 7:00 Pacific / 16:00 Central Europe
Attendees:
Stephen Curran Emliano Sune (BC Gov / Quartech Systems Ltd.) emiliano.sune@quartech.com
Wade Barnes (BC Gov / Cloud Compass Computing Neoteric Technologies Inc.) swcurran@cloudcompass wade@neoterictech.ca
Documentation:
ACA-Py documentation: https://aca-py.org
ACA-Py Plugins: https://plugins.aca-py.org
...
ACA-Py Updates:
LTS Releases last week – 0.12.4, 1.2.2. The
1.2.ltsbranch is now separate frommain, as we have breaking changes onmain.The start up issue with the OATH tests is not resolved. Still intermittent - not Askar and Unix Pipe issue seems not to be the issue. 🤔
The removal of the Connections Protocol from ACA-Py and the creation of the Connections Plugin is complete. Testing status?
Proposal to enable Issue https://github.com/openwallet-foundation/acapy/issues/3462. What’s happening here?
Update? Proposal and progress towards enabling major version updates via dependabot PRs – for example this PR (3455) updates multiple important dependencies.
More warnings and we’ll have to make a call on ignoring some vs. investing in enabling them.
ACA-Py 7.7 on OpenSSF Scorecard – would like to make progress on that. Looking at how to do that. Easy wins? E.g. Token-Permissions (0), CII Best Practices (0). Anyone know how to manage pinning dependencies to a commit?
Plugins:
Creation of a Universal Registrar plugin (PR 1376)
Not Covered:
Progress on did:webvh plugin to support DIDs and AnonCreds objects.
did:webvh Resources: “Attested Resources” and Linked Resources in did:webvh for AnonCreds Objects and More
did:webvh resources <did>/path/to/file, where the HTTP path defaults to match the DID location (minus .well-known) – any content
AttestedResources – the identifier for the resources (the DID URL) commits its content, and there is a proof from the DID Controller.
The hash of the resource is hashed to produce the file name: <did>/path/to/<hash>
.<ext>The resource contains a proof of the resource
AnonCreds – Schema, CredDef, RevRegDef
RevRegEntries are trickier, because the holder doesn’t know the Identifier for the Entry it wants to use. Needs to get a list of the entries and then retrieve the one of interest.
Solution: RevRegDef is an attested resource, and has the list of all RevRegEntries (time stamp, DID URL, each an AttestedResource). The list is outside of the RevRegDef resource, so the RevRegDef ID does not change when new RevRegEntries are published. The proof on the RevRegDef does include the list of RevRegEntries.
Demo
Open Discussion
Plugins
Current PRs
Universal Registrar
did:webvh
AIP 1 – Connections, Issue Credentials v1 and Present Proof v1 – plugins for backwards compatibility when removed from ACA-Py
...
Future Topics:
Action items
Enable major version update recommendations by Dependabot: review open PRs and pick-and-choose which ones could be merged as-is and which ones should be actioned by someone (more as a recommendation to update than as a solution). Project is in a testing state that allows us to move forward with this.
OpenSSF Scorecard:
We are using poetry for dependency management, and it is creating a lockfile. Likely configuration issue for detecting pinned dependencies.
Token permissions will require tokens to be revoked and recreated with the minimum set of permissions required for it to work correctly.
Important Links:
Discord: https://discord.com/invite/yjvGPd5FCU (Click Accept Invite, check out the #aca-py channel)
...