jcnelson
commented
10 years ago We should sub-namespace this as well:
- secret.user.$USERNAME.$ATTRNAME refers to an attribute $ATTRNAME that is readable only by user $USERNAME
- secret.gateway.$GATEWAY.$ATTRNAME refers to an attribute $ATTRNAME that is readable only by a given gateway
If we can think of a scheme for Volumes, like "secret.volume.$VOLUMENAME.$ATTRNAME", we could do that too (but then the gateway would need access to the Volume private key?)
Any xattr prefixed with "secret.$GATEWAY" must be encrypted by $GATEWAY's public key. For example, if a UG wants to add an xattr called "bar" that a particular RG called "foo" can read, then it should call the attribute "secret.foo.bar". Then, gateway "foo" can decrypt the secret and read it. Syndicate Gateways should do so transparently.