Added example of encryption at rest to data opacity section.

aljones15 · Aug 27, 2022 · b4cc8cd · b4cc8cd
1 parent b738bac
commit b4cc8cd
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/index.html b/index.html
@@ -2130,7 +2130,12 @@ <h3>Data Opacity</h3>
 developer, can be stored in opaque formats. Examples include digital signature
 values, cryptographic key parameters, and other data fields that only need to be
 accessed by a cryptographic library and need not be modified by the application
-developer.
+developer. There are also examples where data opacity is appropriate when the
+underlying subsystem does not expose the application developer to the underlying
+complexity of the opaque data, such as databases that perform encryption at
+rest. In these cases, the application developer continues to develop against
+transparent application data formats while the database manages the complexity
+of encrypting and decrypting the application data to and from long-term storage.
         </p>
         <p>
 This specification strives to provide an architecture where application data