You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
To help support key rotation within KAS a key identifier must be introduced. This will involve work in the kas service itself. Along with any sdk.
The text was updated successfully, but these errors were encountered:
strantalis
added
comp:sdk
A software development kit, including library, for client applications and inter-service communicati
comp:kas
Key Access Server
labels
May 1, 2024
This is a feature where KAS can store multiple key pairs, and is essential for supporting key rotation, necessary for a production platform, and would enable other advanced key management capabilities.
We need to
Allow KAS to load multiple keys of different types, and associate them with KIDs
Update all clients to embed the kid in their documents (both nanotdf and ztdf)
Perform any changes to the protocol required to enable these features.
Due to the way TDF is currently structured, once a file is created it is pinned to the given public key itself. There are extensions that allow some degree of forward secrecy around this -
Questions:
Should we support JWKS from the public key endpoint? If so
To help support key rotation within KAS a key identifier must be introduced. This will involve work in the kas service itself. Along with any sdk.
The text was updated successfully, but these errors were encountered: