Data stored in a specific Circle, is all stored with the same symmetric Key. It should be possible to update the Key, for example if things were stored with AES 128, and it is desired to be upgraded to AES 256. Or simply because members would like to see their data re-encrypted.
The feature should have 2 different triggers, one is a configuration option, which means that every n months, the data will be scheduled for a re-key. Started when the next member with access to the data has entered their credentials. The other trigger is more direct, by simply extending the ProcessCircle request with a re-key action. This action requires that the requesting member is Circle Administrator.
For the forcing of a re-key action, a new Action is needed. It must also be considered if a minimum period for re-key actions should be enforced, to prevent that a malicious member invokes a sort-of Denial-Of-Service attack against the CWS by invoking a series of attacks.
Data stored in a specific Circle, is all stored with the same symmetric Key. It should be possible to update the Key, for example if things were stored with AES 128, and it is desired to be upgraded to AES 256. Or simply because members would like to see their data re-encrypted.
The feature should have 2 different triggers, one is a configuration option, which means that every n months, the data will be scheduled for a re-key. Started when the next member with access to the data has entered their credentials. The other trigger is more direct, by simply extending the ProcessCircle request with a re-key action. This action requires that the requesting member is Circle Administrator.
For the forcing of a re-key action, a new Action is needed. It must also be considered if a minimum period for re-key actions should be enforced, to prevent that a malicious member invokes a sort-of Denial-Of-Service attack against the CWS by invoking a series of attacks.