Add option to remove all protocol state objects after protocol instance completes

[swcurran]

Aside: I'm not certain of the state of ACA-Py on this issue and if this feature is actually needed. I'm entering this issue because I don't think it is in ACA-Py and I do think it is a required setting in some environments and is good practice. Perhaps someone could start this issue by checking the state of ACA-Py on this issue. Do all, some (which ones?) or no protocols support automatic deletion of protocol state objects after protocol completion?

Background: In some environments, such as when ACA-Py is used as a service for a "line of business" controller, ACA-Py such persist as little business data as possible -- leaving that to the controller. While ACA-Py must retain some data (DIDs, AnonCred objects, connections, etc.), for the most part, it does not need to retain the state of an instance of a protocol after that protocol has completed. In the early days of ACA-Py we have frequently done that because it was easy -- we didn't have to collect that data in the database of the business controller. However, as we start to use ACA-Py as "just a service", to reduce the data held in ACA-Py secure storage, it is good practice to only hold protocol state object data (which very likely contains business data -- including PII) while an instance of a protocol is running, and to delete it as soon as the protocol completes. In this model, any data to be retained after the completion of the protocol is the responsibility of the controller.

Proposal: A new option be added to ACA-Py that when set triggers the deletion of all protocol state objects after the protocol instance has completed and provided the final results to the controller. In implementing this, we need to evaluate the protocol state objects to determine if any are needed ongoing operation of the ACA-Py instance. If any such items are found, we need to evaluate what to do in each case -- for example, creating a different object that retains only the data needed for the long term, such as done by the OOB/DIDExchange protocols, and the connection object that those protocols create.

[swcurran]

Could I get an ACA-Py developer to volunteer to review the protocols we have in ACA-Py to document what each does with the protocol state object after completion and if there might be an issue with deleting the object?

[ianco]

Just off the top of my head, aca-py has a flag to auto-delete credential exchange records, but we don't have a flag to auto-delete presentation exchange records. The rationale is that a credential exchange will result in a credential stored in the holder's wallet, but a proof exchange won't result in any data being saved anywhere, unless the controller explicitly stores it. So, for a presentation exchange, the controller can delete the exchange record once it does whatever it needs to do with the received proof.

[dbluhm]

Presentation exchange records are now also deleted at the end of an exchange, unless configured otherwise.