Crypto material management
Milestone ID: 3402
As a Fed-BioMed "user" (might be end user or IT team managing deployment) I want Fed-BioMed to provide easier way to exchange (initial, updates) cryptographic material in a Fed-BioMed instance deployement.
- current crypto material exchange is manual (VPN, secagg, and later node-researcher communications) and outside (off-band) of Fed-BioMed: complicated, cumbersome
- current security models ensures nodes (hospitals) to keep control of their involvement. More generally it ensures no implicit/flawed trust/dependency between the component/parties. Thus it does not allow any type of pre-shared automatic trust between parties and/or trusted third party/authority that would automate identity exchanges (through crypto keys) between parties.
Goal of the milestone: introduce some simplified mode for setting up a Fed-BioMed infrastructure.
- probably optional (as it needs to make asumptions that weakens the "node has full control and does not trust other parties" moto), maybe several different "plugable" policies.
- keep coherent with communications architecture evolutions/plans (keep MQTT ? keep some intermediate between nodes and researcher(s) ?), especially "Detaching the researcher from the server" milestone.