Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Publishing sensitive data #3

Open
richardschneider opened this issue Nov 23, 2017 · 3 comments
Open

Publishing sensitive data #3

richardschneider opened this issue Nov 23, 2017 · 3 comments

Comments

@richardschneider
Copy link
Owner

richardschneider commented Nov 23, 2017
edited
Loading

Problem

As a publisher of data
I want only authorised people to read that data
So that sensistive information is always protected
@richardschneider
Copy link
Owner Author

richardschneider commented Nov 23, 2017
edited
Loading

Solution

  • Encrypt the data with a key so that it is protects the data
  • Only give the key to authorised people

@richardschneider
Copy link
Owner Author

richardschneider commented Nov 23, 2017
edited
Loading

Design

  • A key store is needed to manage the life cycle of a key The Key Chain #2
  • When writing protected data, encrypt the data with a key Encrypting data #7
  • When reading protected data, decrypt the data when the key is available; otherwise fail
  • Allow a person to request a key
  • Allow a publisher to send a key

@richardschneider
Copy link
Owner Author

richardschneider commented Nov 23, 2017
edited
Loading

NFRs

  • The key is sensitive data, it too must be protected
  • Think of the key store as a HSM, even if implemented in software
  • A raw private key (naked key) can never escape from the key store
  • Requesting and sending a key is a multi-step process, any party can be off-line
  • Follow acceptable security standards

@richardschneider richardschneider changed the title Requirements The need Nov 23, 2017
@richardschneider richardschneider mentioned this issue Nov 25, 2017
Closed
@richardschneider richardschneider changed the title The need Publishing sensitive data Nov 25, 2017
@richardschneider richardschneider mentioned this issue Nov 25, 2017
Open
@richardschneider richardschneider mentioned this issue Dec 10, 2017
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@richardschneider