Support Multi Tenancy #558
Comments
|
I don't have access to the HackMD document, getting a 403 error. |
|
I updated the URL, its public now |
|
I looked at the document, looks good to me. There is no mention of endorsing transactions though: @etschelp let me know if you need an overview of how that works and what type of workflows and other services you would need to setup and orchestrate. The other thing I added a comment for in the document is that each tenant will require BOTH the agency admin-api-key AND their token to operate. This is not great in my opinion, and needs to be abstracted so that tenants only need to deal with one key. We have added a "proxy" that hands out generated api-keys and binds them to a tenant's token, and builds the right request internally when needed in order to not hand out the main admin key to everyone. A goo resource to poke at is aries-vcr-issuer-agency as we have implemented all of the above (one interpretation of it, at least). |
|
Great that you started with a document, @etschelp Maybe - if at all - it is enough to allow multiple tenants on "one big acapy" ( the database would be anyway hosted in a DBM and not in a single pod like now in the default config of the our chart)? Don't get me wrong. It is really good to have an overview about potential technical hurdles to switch from micro services to silos. |
As this topics tends to pop up in various discussions I started to write down some thoughts on what changes are needed in the BPA to make this happen if we want to.
https://hackmd.io/@AN7LHuEORQSPrOdHz3SrEA/BJ9Fb4vR_
The text was updated successfully, but these errors were encountered: