[Standards] UPDATED: XEP-0258 (Security Labels in XMPP)
dave at cridland.net
Mon Jul 27 12:46:31 UTC 2009
On Mon Jul 27 11:19:12 2009, Pedro Melo wrote:
> Section 5:
> "Otherwise, the clearance input is the nil clearance. The nil
> clearance is a clearance for which the ACDF always returns Deny
> when given as the clearance input"
> Isn't this mandating policy trough a XEP? Shouldn't this be left to
> each particular installation? I could decide to allow 'nil'
> clearance if the current message label is unclassified or missing.
> The same situation in the next paragraph: "The nil label is a label
> for which the ACDF always returns Deny when given as the label
As the XEP explains just before, the policy can also supply default
clearances and labels which would be used if there is no explicit
clearance for a particular entity, or if no label has been explicitly
put on the message.
So it's not mandating policy, it's just mandating that in the absence
of a default clearance, all labels will fail, and in the absence of a
default label, all unlabelled data will fail.
If you want to have the effect of all entities without an explicit
clearance being automatically cleared for data labelled with
UNCLASSIFIED, as in your example, you'd simply define the default
clearance as being cleared for UNCLASSIFIED. If you want to allow for
messages where the label is missing, too, then you'd need to define a
default label to use in the policy, as well.
Dave Cridland - mailto:dave at cridland.net - xmpp:dwd at dave.cridland.net
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade
More information about the Standards