Enabling quorum approval policy for a group in SDKMS prevents a single user (or administrator) to be able to access or use a highly sensitive key.
Enabling quorum approval policy on groups
A group administrator may enable a quorum approval policy on a group, which mandates that all security sensitive operations in that group would require a quorum approval. Such operations include using a key for cryptographic operations or deleting or updating a group. Modifying the quorum approval policy would also require quorum approval.
- The quorum approval policy may be defined simply as the minimum number of approvals required among the total number of group administrators for the group.
- A policy may also include specific identity of users who form the quorum, and not just the size of the quorum.
- An advanced policy could be a combination of quorum rules. For example, a quorum could be defined as “one out of users A and B”, and “three out of users C, D, E, F, and G”.
Workflow for quorum approval
Whenever a sensitive operation is performed in a group enabled for quorum approval, a workflow for quorum approval is triggered.
- This involves sending notification to all users who can grant approval. This is done by sending emails, as well as generating a task in the approvers’ accounts, which they see on the dashboard as soon as they login to their SDKMS account.
- The users can then grant approvals from the UI. The sensitive operation is blocked until the quorum is met.
- Once the quorum is met, the operation is performed, and the event is logged including the names of users who approved the request.