BayunSDK provides public APIs for secure group-based data-access and basic group-management. Every group has its own secret-key that is unique for the group, and is accessible only to the members of that group. This shared group-key is used to encrypt the messages that are locked with encryption-policy of group, and also authenticate members, and control access to group resources. Since nobody other than group-members have access to the group's secret-key, only those belonging to the group will be able to access data encrypted with group-policy tied to that specific groupId.
Note that the main purpose of Groups functionality in Bayun framework is to enable enforcement of arbitrary data-access policies that are cryptographically tied to the data, and without burdening the developer with the headaches of key-management for the same. The framework provides only basic group-management functions for creating, modifying, and deleting a group in such a way that the developer can optionally create stricter access-control mechanisms for group-management if so desired, depending on the use-case at hand. For example, the Bayun framework treats every existing member of the group equally for group-management privileges, including the ability to add/remove other members, or delete the group. The developer can always build, or enforce, finer-grained group-management functionality on top of this, e.g. by introducing the notion of group-owner or group-admins with privileged access-rights etc.
Group type is defined when creating a new group. Group type is an enum type and has following values:
GroupTypePublic: The group is public to the organization. Any employee of the organization can join this group, and hence get access to the shared group-key. The group's secret-key is kept encrypted in every member's own lockbox as well as kept encrypted with company's own secret-key, so that nobody outside the company can get access to it. An existing member, who already has access to the group-key, can add any other members to the group (even those outside the company).
GroupTypePrivate: The group is private and accessible only to the existing members of the group. The group's secret-key is kept encrypted in every member's own lockbox only. An existing member can add anyone else to the member-list of the group, irrespective of whether they belong to the same company or not.
Here is the list of Group APIs :
6.1 Create Group
6.2 Get My Groups
6.5 Get Group By Id
6.6 Add Group Member
6.8 Leave Group
6.9 Delete Group