--- tags: aca-py, dts --- # Aries BPA + Aries VCR: Onboarding Scenario ## Current State When onboarding a new standalone Issuer to an Aries VCR instance (e.g.: OrgBook), an out-of-band step is required to establish the connection between the Issuer agent and the Aries VCR agent that will receive the credentials. This task needs to be completed by a developer with access to the administrative API for the Aries VCR agent, and one with access to the administrative API for the Issuer agent. Either developer will initiate the process by manually generating a new connection invitation on the agent they manage, and send the resulting payload to their counterpart, who will manually submit a request to their agent to accept the connection invitation. The invitation payload is transmitted using a method (e.g.: email, chat client) that might have some degree of risk involved with a third party malicious actor intercepting it and connecting to either agent instead of the expected party. ## Proposed Solution The use of a [Business Partner Agent](https://github.com/hyperledger-labs/business-partner-agent) as base for both the Aries VCR and Issuer will mitigate the issues present in the current state as: - either agent will be able to initiate a connection invitation by finding the target agent on a public/authorized list of connections (like in a directory) - the out-of-band transmission of connection invitations is removed completely: the initiating agent will send a connection invitation DIRECTLY to the target agent, using their public endpoint - the use of a UI driving the BPA functionality removes the requirement of having a developer (or a technical person anyway) with privileged access perform the connection tasks: this step can now be delegated to someone who is part of the business process, who will be able to accept, reject or cancel a connection with other agents from a dashboard.