ADMINISTERING

Key rollover states in the ID vault and adminq

The following pictures illustrate the key rollover flow and states seen in the ID vault and adminq.nsf for a web user whose public key is upgraded from 1024-bit to 2048-bit.

When AdminQ detects that the key rollover date defined in the ID vault Security Settings policy has arrived, it creates an entry for the user assigned the "Rollover State" "None" and adds the scheduled time in the "Rollover Schedule Date" column. The time is calculated according to the Spread new key generation for all users over this many days value in the policy.
User Sara McAdams with a Rollover Scheduled Date in the ID vault

When AdminQ detects that the time for the scheduled rollover has arrived, it creates a "UserRollover" request in adminq.nsf marked as "Needs processing" and moves the date from the "Rollover Scheduled Date" column to the "New Key Creation Date" column in the vault:
UserRollover request in adminq.nsf in the "Needs processing" state for user Sara McAdams

User Sara McAdams with a rollover New Key Creation Date in the vault

AdminQ processes the request by creating a "Certify New Person Key Request" in admin4.nsf and then marks the request in adminq.nsf as "Pending key request." In the vault, it changes the "Rollover State" to "Pending," updates the "Strength" to the new key strength, and adds a "Request Creation Date":
UserRollover request in adminq.nsf in the "Pending key request" state for Sara McAdams

User Sara McAdams with a rollover Request Creation Date in the vault

After AdminP processes the request in admin4.nsf to update the Person document, when AdminQ sees the change, it changes the "Rollover State" to "Completed" in the vault and then marks the request "Processed" in adminq.nsf.
User Sara McAdams with a "Completed" rollover request in the vault

UserRollover request in adminq.nsf in the "Processed" state for user Sara McAdams