chore(shared-cache): Update hkeyring and cachingcmm spec

awslabs · Jan 23, 2025 · b02674c · b02674c
1 parent 8d6bb56
commit b02674c
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 20 deletions.
diff --git a/framework/aws-kms/aws-kms-hierarchical-keyring.md b/framework/aws-kms/aws-kms-hierarchical-keyring.md
@@ -520,10 +520,10 @@ If a user has two or more Hierarchical Keyrings with:
 
 then they WILL share the cache entries in the `Shared` Cache.
 
-Any keyring that has access to the `Shared` cache MAY be able to use materials
-that it MAY or MAY NOT have direct access to.
+Any keyring that has access to the `Shared` cache may be able to use materials
+that it may or may not have direct access to.
 
-Users MUST make sure that all of Partition ID, Logical Key Store Name of the Key Store for the Hierarchical Keyring
+Users should make sure that all of Partition ID, Logical Key Store Name of the Key Store for the Hierarchical Keyring
 and Branch Key ID are set to be the same for two Hierarchical Keyrings if and only they want the keyrings to share
 cache entries.
 
@@ -535,16 +535,17 @@ Partition ID is an optional parameter provided to the Hierarchical Keyring input
 which distinguishes Cryptographic Material Providers (i.e: Hierarchical Keyrings) writing to a cache.
 
 - (Default) A a random 16-byte UUID, which makes
-  it unique for every Hierarchical Keyring. In this case, two Hierarchical Keyrings (or another Material Provider)
-  CANNOT share the same cache entries in the cache.
+  it unique for every Hierarchical Keyring.
+  In this case, two Hierarchical Keyrings (or another Material Provider)
+  WILL NOT share the same cache entries in the cache.
 - If the Partition ID is set by the user and is the same for two Hierarchical Keyrings (or another Material Provider),
   they CAN share the same cache entries in the cache.
 - If the Partition ID is set by the user and is different for two Hierarchical Keyrings (or another Material Provider),
-  they CANNOT share the same cache entries in the cache.
+  they WILL NOT share the same cache entries in the cache.
 
 ### Logical Key Store Name
 
-> Note: Users MUST NEVER have two different physical Key Stores with the same Logical Key Store Name.
+> Note: Users should not have two different physical Key Stores with the same Logical Key Store Name.
 
 Logical Key Store Name is set by the user when configuring the Key Store for
 the Hierarchical Keyring. This is a logical name for the key store.

diff --git a/framework/caching-cmm.md b/framework/caching-cmm.md
@@ -203,22 +203,11 @@ We establish the following definitions for the Cache Entry Identifier formula:
 
 #### Resource Identifier
 
-A Hex value that indicates if an element is from a Caching_CMM, Hierarchical_Keyring, or some other future resource.
-
-```
-Caching_CMM : 0x01  (0001)
-Hierarchical_Keyring : 0x02 (0010)
-```
+Resource Identifier is defined in the [Hierarchical Keyring specification](./aws-kms/aws-kms-hierarchical-keyring.md/#resource-identifier).
 
 #### Scope Identifier
 
-A Hex value that indicates if an element is used for Encryption, Decryption, Searchable Encryption, or some other future purpose.
-
-```
-Encrypt : 0x01 (0001)
-Decrypt : 0x02 (0010)
-Searchable Encryption : 0x03 (0011)
-```
+Scope Identifier is defined in the [Hierarchical Keyring specification](./aws-kms/aws-kms-hierarchical-keyring.md/#scope-identifier).
 
 #### Partition ID