Task #3015
closed
Primary Group Manager
100%
Description
Primary group manager generates group decryption key and publishes the encrypted decryption key.
Ideally, group manager does not have to be an always-online instance. Once the data containing keys are generated and encrypted, manager can put the data into repo.
Therefore, group manager should have an interface to publish data.
The group manager also provides two membership management interfaces: addMember and removeMember.
When adding a member, the group manager encrypt the decryption key using the added member's public key and publishes the encrypted copy as data packet.
When removing a member, the group manager create a new decryption key, and created an encrypted copy of the new decryption key using each remaining members's public key.
Files
Updated by Yingdi Yu almost 9 years ago
- Subject changed from Primary Group Manager Instance to Primary Group Manager
Updated by Yingdi Yu almost 9 years ago
- Blocked by Task #3014: Create key encryption helper added
Updated by Yingdi Yu almost 9 years ago
- Blocks Task #3016: Implement data producer added
Updated by Prashanth Swaminathan over 8 years ago
Suggested interface:
class PrimaryGroupManager
{
public:
void
addMember(const& Name memberName, const& PublicKey publicKey);
void
removeMember(const& Name memberName, /* Shared secret? */);
private:
void
removeMember(const& Name memberName);
}
This is sort of oversimplified, but it seems like this is the minimum amount of info required to get this working; new members just need to provide a name to index to their key in the repo. The same goes for removing members. Two questions arise here:
1) Is the 'repo' in a common location, and what type of repo is it? Assuming that only the primary group manager should be the only 'writer', should there be a constructor argument providing it the access key?
2) In regards to the 'removeMember', and in some cases the 'addMember', should anyone be allowed to add/remove from the group? Should we implement some sort of secret shared between a member and the PGM so that Member A cannot add/remove Member B without its knowledge? Similarly, can anyone add themselves to a group, or should the PGM have some constructor parameter that enables it to allow only certain members?
Updated by Yingdi Yu about 8 years ago
- Status changed from New to Closed
- Assignee set to Zhiyi Zhang
- % Done changed from 0 to 100