0009867: Need clarification for handling of SecurityGroup configuration changes

ID	Project	Category	View Status	Date Submitted	Last Update

0009867	10000-014: PubSub	Spec	public	2024-09-30 12:00	2025-03-11 00:59

Reporter	Matthias Damm	Assigned To	Matthias Damm
Priority	normal	Severity	minor	Reproducibility	have not tried
Status	resolved	Resolution	fixed
Product Version	1.05.04 RC1
Fixed in Version	1.05.06 RC1

Summary	0009867: Need clarification for handling of SecurityGroup configuration changes
Description	It is possible to change the configuration of a SecurityGroup when it is in use. Such a change includes modification of SecurityPolicy and lifetime of keys. It is not defined what happens with the existing keys in this case. Especially a change of SecurityPolicy makes it impossible to continue with the existing keys. But also a change of lifetime is a problem since it is used to calculate the time of key rotation in case of pre-fetched keys. I think we should require to invalidate all existing keys (behaviour like InvalidateKeys Method) if the SecurityPolicyUri or KeyLifetime of a SecurityGroup is changed. A change of MaxFutureKeyCount or MaxPastKeyCount should be no problem. A change of SecurityGroupId shall be rejected since it must be identical to the name and a name change would be a delete and add.
Tags	No tags attached.

Commit Version	1.05.06 RC1
Fix Due Date	2025-04-15

Matthias Damm 2025-03-11 00:59 developer ~0022508	6.2.12.2 SecurityGroupDataType Added following text: If the SecurityPolicyUri or the KeyLifetime of an existing SecurityGroup are modified, all existing keys are invalidated. The keys will be replaced by new keys; indicated by a new current SecurityTokenId. The new current SecurityTokenId shall be incremented beyond the SecurityTokenId of the last invalidated future key. If the SecurityGroup is related to one or more PubSubKeyPushTargets, the SKS shall push the new set of keys to all related PubSubKeyPushTargets.

Date Modified	Username	Field	Change
2024-09-30 12:00	Matthias Damm	New Issue
2025-01-21 17:58	Jim Luth	Assigned To	=> Matthias Damm
2025-01-21 17:58	Jim Luth	Status	new => assigned
2025-01-21 17:59	Jim Luth	Commit Version	=> 1.05.06 RC1
2025-01-21 17:59	Jim Luth	Fix Due Date	=> 2025-04-15
2025-03-11 00:59	Matthias Damm	Status	assigned => resolved
2025-03-11 00:59	Matthias Damm	Resolution	open => fixed
2025-03-11 00:59	Matthias Damm	Fixed in Version	=> 1.05.06 RC1
2025-03-11 00:59	Matthias Damm	Note Added: 0022508