Data Control Platform FAQ

Answers to common questions about using the Data Control Platform…

• How do I get a DeviceContext to initialize a Data Control Platform SDK?

  You need to create a user and then a device within the Data Control Platform.

  If you just want to try some things out, you can generate a DeviceContext with ironoxide-cli as well.

• Can the Data Control Platform SDK be used to authenticate users for my app?

  No. The Data Control Platform works with an existing identity provider.

• The group of users I want to encrypt to changes often. Do I have to re-encrypt the data every time I want to change who can decrypt a document?

  The Data Control Platform handles highly dynamic groups of decryptors very gracefully via Scalable Encryption Groups

• When a user is added to a Scalable Encryption Group, do I need to redistribute the encrypted file/data to the other users?

  No. Changing who can decrypt data does not require the data to be modified at all.

• When a user is removed from a Scalable Encryption Group, will they still be able to decrypt a local copy of the encrypted file they have stored?

  A user will be unable to decrypt any data, even if they have access to a locally-stored version.

• I don’t see a way to store data with the Data Control Platform. What am I missing?

  The Data Control Platform doesn’t provide data storage, but allows you to store data wherever it is most convenient - files, databases, git repositories, S3 buckets, or anywhere else. Keep in mind that the data can even be stored in publicly accessible locations because it’s encrypted.