Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CA like signing flow for mediator keys #32

Open
adewes opened this issue Dec 1, 2021 · 0 comments
Open

CA like signing flow for mediator keys #32

adewes opened this issue Dec 1, 2021 · 0 comments
Labels
discuss Issue for discussion, do not implement yet!

Comments

@adewes
Copy link
Member

adewes commented Dec 1, 2021

Currently the mediator keys are generated, signed and uploaded locally using the kiebitz tool. This is acceptable for small deployments where the system owner and mediators fully trust each other. For larger systems it would be better to also implement a workflow like for the providers, i.e. a mediator can generate an initial key pair in the browser and submit the public keys for signing to the backend. The system admin could then either use the kiebitz command line tool to sign the mediator keys and also provide the necessary decryption keys for provider data to the mediator. Alternatively this could be done via a new web app (the root app).

This is a large issue and probably warrants some technical discussion before implementation.
@adewes adewes added the discuss Issue for discussion, do not implement yet! label Dec 1, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
discuss Issue for discussion, do not implement yet!
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@adewes