Add multi-key support or user keys for providers (?) #36
Labels
discuss
Issue for discussion, do not implement yet!
Comments
adewes
changed the title
|
Is this truly still open? I though you had already added this functionality? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently providers use a single key pair for signing and encryption of data. When using Kiebitz within a larger organization it might be required to delegate access to many stakeholders, which should ideally have their own key pairs. To achieve this we could add multi-key support for providers, or we could add a
userrole to the system that has role-based access to the provider data. User keys would be generated in the frontend and signed by the provider key.This would make key rotation / change for the provider keys less urgent as the keys would only be used for initial setup and user key generation and would not leave the device. Still, when revoking a given user key appointments signed with the key would need to be re-signed.
This issue is currently for discussion only, please do not implement this yet.
The text was updated successfully, but these errors were encountered: