Data Markings & Data Policy

Ionic’s “data markings” allow developers to associate attributes to the keys that protect application data.

Key Attributes and Request Metadata

When encrypting content, it is useful to be able to attach metadata to the key, to be used in Data Policy decisions, or to give additional information about the request for analytics. This metadata is divided into two conceptual buckets, Key Attributes and Metadata. When interacting with Ionic, Key Attributes and Request Metadata are set via different methods.

Key Attributes contain metadata associated with the encrypted data, while Request Metadata represents metadata about the user and who is requesting or encrypting the current piece of data.

User Driven Access Policy

User Driven Access Policy (UDAP) is the collection of specified Data Markings and Data Policies, which allow end users to define who can access their data. By setting the values of the data markings outlined below, data creators can indicate which users should be permitted access and which should be explicitly denied. These data markings are added as key attributes when the key is created. NOTE: Access will only be granted when at least one explicit “allow” and no “deny” responses are given.

Requests On-Behalf-Of a User

Ionic, and most of our customers, desire to protect data as close to the moment of creation as possible, and likewise decrypt data as close to the moment of consumption as possible. However, this is not always possible in practice. There are some architectures in which an integration with Ionic cannot have the actual end-user perform the encryption/decryption or other operations. This is typically in architectures where a proxy, gateway, or service is the trusted component to perform decryption and encryption operations on-behalf-of an end user. For these cases, Ionic offers a functionality called “On-Behalf-Of” which is described here.

Glossary of Terms

This section defines terms used throughout this documentation.

Data Format

This section documents standardized data formats used by the Ionic SDKs. These formats preserve the original document format as to not interrupt how a user typically interacts with their data.