From 89c8e9730a446d2e7678b50cf7230cd4d19348f6 Mon Sep 17 00:00:00 2001 From: Dongsun Lee Date: Mon, 20 Oct 2014 16:23:49 +0900 Subject: add the explanation of access control and alias format Change-Id: I2b2ce697357589f9efdab0c064ff9aea0a2bd9f4 Signed-off-by: Dongsun Lee --- doc/key-manager_doc.h | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/doc/key-manager_doc.h b/doc/key-manager_doc.h index bdb158e9..df0a0832 100644 --- a/doc/key-manager_doc.h +++ b/doc/key-manager_doc.h @@ -65,6 +65,18 @@ * Therefore, clients cannot access any data. * - When a user changes his/her password, the key manager re-encrypts the user's DKEK with the new password. * + * Data Access Control + * - By default, only the owner of a data can access to the data. + * - If the owner grants the access to other applications, those applications can read or delete the data from key-manager DB. + * - When an application is deleted, the data and access control information granted by the application are also removed. + * + * Alias Format + * - The format of alias is package_id::name. + * - If package_id is not provided by a client, the key-manager will add the package_id of the client to the name internally. + * - The client can specify only its own pacakge id in the alias when storing a key, certificate, or data. + * - A client should specify the pacakge id of the owner in the alias to retrieve a a key, certificate, or data shared by other applications. + * - Aliases are returned as the format of package_id::name from the key-manager. + * */ #endif /* __TIZEN_CORE_KEY_MANAGER_DOC_H__ */ -- cgit v1.2.3