Ian Costanzo

I think it makes sense to return a `404`

> @TimoGlastra @ianco -- is that behaviour for 2 and 3 in the previous note what you would expect? This is way beyond my knowledge of multi-tenant. I don't know,...

Per feedback from @WadeBarnes - do a TAA check before allowing the revocation to be processed (same applies to schema and cred def operations)

The current event tracing and collection is primarily to track the message processing in a thread (for example during a credential exchange protocol) - part of this is tracking the...

I think we should just remove the code from aca-py (that checks for unrevealed attribute values) and just use the anoncreds verification to set the "verified" flag. If there are...

Note that AnonCreds behaviour, in this scenario, is to include the unrevealed attribute in "unrevealed_attributes" and provide neither the encoded nor raw value, for example: ``` "requested_proof": { "revealed_attrs": {...

Aca-py does the following pre-validation on received proofs: - Checks for presence of and validity of revocation intervals - In some cases the proof is rejected (for example if a...

My preference would be to *not* include the token in the `GET multitenancy/wallets` endpoint. I don't think we should provide the token unless it's explicitly requested (based on "least privilege"...

FYI the new protocol/message family design doc is here (w.i.p. of course): https://hackmd.io/5LzMhfsMQBevB5V2tKz4hA?view Agree with @swcurran 's latest comment, I'll update the design doc accordingly.

I've updated the "please sign me" doc here: https://hackmd.io/5LzMhfsMQBevB5V2tKz4hA?view