It's clear that with the MAID jwt (see #24) that the DEP private key that the server holds will need to be used throughout the DEP server operation and not just at OAuth token exchange time. Thus we'd like to be able to have a 'staged' PKI set when we're generating/downloading keys that do not overwrite the primary in-use key when we upload a new one. Perhaps the in-use PKI set are replaced as soon as new OAuth1 tokens are uploaded.
It's clear that with the MAID jwt (see #24) that the DEP private key that the server holds will need to be used throughout the DEP server operation and not just at OAuth token exchange time. Thus we'd like to be able to have a 'staged' PKI set when we're generating/downloading keys that do not overwrite the primary in-use key when we upload a new one. Perhaps the in-use PKI set are replaced as soon as new OAuth1 tokens are uploaded.