Key Pair Deletion is the usage scenarion in which a privileged user or signer deletes the signing key and related key information (in particular the public key) as the relation the a signer (e.g his own).
The starting point of this scenario is that a privileged user or signer initiates a request for user authentication at the SSSrv/UI where the user authentication is performed via the IdP. Optional when the user is a privileged user the signer is selected whose attributes should be updated. The request for deleting a key pair of a signer then is send by the privileged user or signer to the SSSrv/UI and then goes its way along to the SAM. When the request is retrieved, the SAM verifies that the requestor is authenticated and identified. If the authenticity and identity check is successful, the SAM deletes the Signer key pair referenced by the data it received through the request. The SAM requests the deletion of the Wrapped Key associated with the Signer key pair to be deleted from the KM. Since Wrapped Keys do not contain keys in plaintext with that all is done.