[[["容易理解","easyToUnderstand","thumb-up"],["確實解決了我的問題","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["缺少我需要的資訊","missingTheInformationINeed","thumb-down"],["過於複雜/步驟過多","tooComplicatedTooManySteps","thumb-down"],["過時","outOfDate","thumb-down"],["翻譯問題","translationIssue","thumb-down"],["示例/程式碼問題","samplesCodeIssue","thumb-down"],["其他","otherDown","thumb-down"]],["上次更新時間:2025-08-04 (世界標準時間)。"],[[["Your Key Access Control List Service (KACLS) is configured independently by you, allowing you to control access to encryption keys for Google Workspace Client-side encryption (CSE)."],["KACLS requires specific operational settings like HTTPS with TLS 1.2 or later, CORS handling for Google's authorized endpoint, and a recommended latency of under 200ms for most requests."],["Authorization settings need to be configured for Google Workspace applications like Drive, Meet, Calendar, and Gmail, enabling validation of Google-issued authorization tokens during CSE."],["Perimeter settings offer optional but powerful access control by allowing or blocking users based on criteria like domains, user roles, time, and location, enhancing security for encryption keys."],["Identity Provider settings are crucial for non-Google Identity Providers, requiring you to specify methods for validating tokens and the issuer and audience values used by each provider."]]],["KACLS configuration requires the API to use HTTPS with TLS 1.2 or later, handle CORS for `https://client-side-encryption.google.com`, and maintain a maximum 200ms latency. It uses Google-issued authorization tokens, validated via JWKS endpoints specific to Google Workspace applications. Non-Google Identity Provider settings require token validation methods, issuer, and audience values. Perimeters, an optional access control, can allow or block access based on domain, user, time, or location. Verification is done via a status request.\n"]]
