The user story is that a data object is deleted as result of a discard policy.

Note that there need to be decisions on whether the audit trail is still available.

From the user point of view, the functionality is 'Delete File from Bit Repository'.

This is all the user needs to know. The user will tell the application or DeleteFileClient which file should be deleted from the bit repository. The DeleteFileClient will handle the specifics of what to send and whereto and finally respond to the user. If all goes well, the steps involved are the following:

The DeleteFileClient needs to find out which pillars have a copy of the file, that is to be deleted (including checksum pillars). This is done in the following steps

Next the client requests delete file from all identified pillars.

The file is now kept in the 'under deletion storage area' on the pillar for a specified period of time. This 'undo period' is specified in the Service Level Agreement. If a deletion turns out to be a mistake, the pillar owner is contacted, and the file can be recovered.

Note that the 'undo period' explained in this user story, is not part of the protocol, but it is expected to be part of a Service Level Agreement.