-
Notifications
You must be signed in to change notification settings - Fork 9
Decisions
This is the page where we will record relevant decisions. It will be a summary page. If extra info is required another page should be made.
Security will be provided via an api key and a jwt (hereon referred to as just token).
The api key will always be required although cloud api will not validate it as this will be done by aca-py. For all tenant calls the api key is required (these calls do not require a token as they are used to access the admin/management context and not to act as a specific "user" or tenant).
There is a call: get auth token for subwallet which will return the auth token for a wallet id. This call will be used to get the specific token for a tenant. This call, like all other calls, requires an api key. Once this call returns successfully subsequent calls will provide this token to idenfity the wallet context calls should be actioned against. When providing this token the api effectively behaves similarly to a single tenant api.
The wallet id or wallet key is not required. Aca-py is built such that this jwt that is provided and can subsequently be used contains the wallet id and key in encrypted form so it is already in this token and does not need to be provided again.
The cloud api context will require a header x-api-token (for the api key) and an Authorization header using bearer strategy. Header key will be Authorization and value will be Bearer
- There will most likely be 3 agents configured and running. 1 Agent for the "parent" yoma agent. This will be a single tenanted environment.
- Another multi tenanted agent will be for the providers and verifiers.
- A third agent will be for all the "users" Aka youth agents.
I would like to suggest that at this stage we don't require the triple play. What we will do is see if we can write the code as if there are two agents (the single - yoma) and all the others (youth agents and providers/verifiers) for now on 1 agent. Then when we are ready we split this out. The important code that interacts with these agents does not need to know what kind of agent they're interacting with.