interuss
Add support for administrative client data erasure
One problem that can arise with a DSS deployment involves the change or loss of a user that still has entities (subscriptions, identification service areas, operational intent references, constraint references) in the DSS. For instance, during UFT, it was determined that the identities of participant USSs (as defined by the values populated in the sub claims of access tokens) may need to change. If uss1's sub claim was changed from, e.g., uss1 to, e.g., uss1.example.com, it would appear to the DSS as if an entirely different USS were making requests. This is a problem if uss1 (or another USS) discovered an entity in the DSS left behind from before uss1's sub identity changed.
The de facto way of solving this problem to date has been manual engineer intervention, for instance by deleting and redeploying the CockroachDB database, or issuing manual SQL commands to clear the appropriate data from the database. To make this maintenance easier, less prone to mistakes, and gated by clearly-defined access controls, we should consider adding basic admin endpoints to allow authorized users to perform this task.
