Ionic’s “data markings” allow developers to associate attributes to the keys that protect application data.
When encrypting content, it is useful to be able to attach metadata to the key, to be used in Data Policy decisions, or to give additional information about the request for analytics. This metadata is divided into two conceptual buckets, Key Attributes and Metadata. When interacting with Ionic, Key Attributes and Request Metadata are set via different methods.
Key Attributes contain metadata associated with the encrypted data, while Request Metadata represents metadata about the user and who is requesting or encrypting the current piece of data.
Ionic, and most of our customers, desire to protect data as close to the moment of creation as possible, and likewise decrypt data as close to the moment of consumption as possible. However, this is not always possible in practice. There are some architectures in which an integration with Ionic cannot have the actual end-user perform the encryption/decryption or other operations. This is typically in architectures where a proxy, gateway, or service is the trusted component to perform decryption and encryption operations on-behalf-of an end user. For these cases, Ionic offers a functionality called “On-Behalf-Of” which is described here.
This section defines terms used throughout this documentation.
This section documents standardized data formats used by the Ionic SDKs. These formats preserve the original document format as to not interrupt how a user typically interacts with their data.