Person service: attributes analysis

[mietcls]

Encryption GDPR

To poke: Thomas

Full epic: https://github.com/ugent-library/people/issues/11

[nicolasfranck]

• encryption directly in postgres? https://www.postgresql.org/docs/current/pgcrypto.html
• https://github.com/ent/ent/discussions/2364#discussioncomment-2271743
• https://developers.google.com/tink/tink-setup

Todo: how to handle possible updates of encryption keys? Every update implies that you need to decrypt existing messages, and encrypt it again with the new key.

with https://vaibhav-sonavane.medium.com/rotate-keys-without-re-encrypting-data-ac6cb323d7cd? That "rotates" the key, but internally all data is still saved with the same key eventually, so anyone with access to the database will be able to use the key if it was breached.

[mietcls]

Overview has been simplified for GDPR reasons here: https://ugentbe-my.sharepoint.com/:x:/g/personal/miet_claes_ugent_be/EdAp6_Gn_sJMsKgpmy5MjAMB7uz-L6mjgS3SXOtaqwH5VA?e=xl3dbf

Will discuss this with GISMO later for CERIF compatibility.