Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

I need to authorize a third party to create/update a document in my vault. How do I enforce the keyAgreement key? #42

Open
llorllale opened this issue Feb 19, 2021 · 2 comments
Open

I need to authorize a third party to create/update a document in my vault. How do I enforce the keyAgreement key? #42

llorllale opened this issue Feb 19, 2021 · 2 comments
Labels
ready for PR Ready for Pull Request

Comments

@llorllale
Copy link

Is that what the keyAgreement key in the data vault configuration is for?

Does that enforcement only apply to parties other than the controller of the vault?

Is there a mechanism for enforcing pair-wise keyAgreement keys as opposed to a single public one?
@llorllale llorllale changed the title I need to authorize a third party to update a document in my vault. How do I enforce the keyAgreement key? I need to authorize a third party to create/update a document in my vault. How do I enforce the keyAgreement key? Feb 19, 2021
@dmitrizagidulin dmitrizagidulin transferred this issue from decentralized-identity/confidential-storage May 25, 2021
@DRK3
Copy link

DRK3 commented Jul 22, 2021

Discussed on July 22, 2021 WG call:

  • KeyAgreement can be shared across recipients
  • Server can reject documents that don't include the recipient
  • Spec may want to non-normatively reference other specs like WebKMS
  • Choose a better name for this
  • May be easier to have a single recipient and have other parties manage that key

@dmitrizagidulin
Copy link
Contributor

Discussed on Sep 2, 2021 call.

Given that this is a frequent question ("How do I share / authorize one or more third parties, without re-encrypting"), we need to add a non-normative section discussing how to share. Specifically, adding one layer of indirection, and giving third parties access to a key-agreement key, via something like WebKMS.

@dmitrizagidulin dmitrizagidulin added the ready for PR Ready for Pull Request label Sep 2, 2021
@dmitrizagidulin dmitrizagidulin mentioned this issue Sep 2, 2021
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
ready for PR Ready for Pull Request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dmitrizagidulin @llorllale @DRK3