Information about the Bitrepository confidentiality considerations
Confidentiality is general security goal where content is protected from third party exposure.
There should be no point or circumstances where content can be intercepted or acquired by a third party – in a form where the content can be interpreted or transformed into an interpretable form.
A simple way of doing this is to encrypt files before they enter the Bit Repository, and keep all data encrypted all the way until it reenters a secure client context.
In practice this means that the client handles all confidentiality issues.
Message confidentiality may be ensured by encrypting the message xml bodies using a SLA/organisation specific PKI. Furthermore, messages are SSL-encrypted during network transfers between client and message broker and between broker and piller (using the common national bit repository PKI).
Data transport confidentiality
Data confidentiality during transport may be ensured using the Collection/organisation specific PKI. If the body operating the pillar is not trusted, the files themselves must be encrypted before submitted to the Bit repository infrastructure, ie. on the client side
Under construction, see BITMAG-142@jira