Support immediate retraction of a health authority

[kenpugsley]

In the event that a health authorities site has been compromised, there needs to be a way to support an immediate revocation of the compromised data set from that authority.

Specific use case
The website of a health authority is compromised, and the data from that authority is modified to give erroneous results, perhaps adding in time-locations that will alarm the public. The authority would want a way to immediate retract that data while the site is brought back under control. It should be acceptable to retract all data for that authority, as long as that authority can be re-enabled when appropriate.

[Ferrumofomega]

@kenpugsley Are you imagining this coming from the administrator of an HA? Or from a third-party revocation? Figuring out who has revocation rights for this open source but centralized .yml is going to be tricky.

The simplest version of this is just removing the HA URL from the YAML and adding a note that the HA has been compromised, no? Or are you picturing a flag to app users as well?

[kenpugsley]

I think the simple approach of removing the HA from the list would work for the initial rollout. In reality I think there is some research / design that is required.

[AdamLeonSmith]

One comment on this from a privacy perspective, in the EU the right to have personal data corrected is important. It would be useful if a HA could remove an individual record, which may also support this requirement.