The approaches described in this section are approaches that could be pursued, but not necessarily approaches that have been previously conceived or pursued. Therefore, unless otherwise indicated, it should not be assumed that any of the approaches described in this section qualify as prior art merely by virtue of their inclusion in this section.
In large organizations, passwords and other keys are often generated and distributed by the system administrator to other users. The system administrator can accomplish this by giving the keys to the relevant users based on their roles. However, the drawback of this approach is that if a key is compromised by one user, the key needs to be changed and redistributed to all the affected users. Similarly, if a user leaves the organization or changes roles, the key needs to be changed and given to all the affected. This requires many keys to be stored and is computationally expensive. Moreover, there are security risks involved in having many users share the same key.
A need exists for a policy-based key sharing method that maintains secrecy and security while minimizing disruption to users.