[Standards] UPDATED: XEP-0258 (Security Labels in XMPP)

Dave Cridland dave at cridland.net
Mon Jul 27 12:46:31 UTC 2009

On Mon Jul 27 11:19:12 2009, Pedro Melo wrote:
> Section 5:
> "Otherwise, the clearance input is the nil clearance. The nil   
> clearance is a clearance for which the ACDF always returns Deny  
> when  given as the clearance input"
> Isn't this mandating policy trough a XEP? Shouldn't this be left to  
>  each particular installation? I could decide to allow 'nil'  
> clearance  if the current message label is unclassified or missing.
> The same situation in the next paragraph: "The nil label is a label  
>  for which the ACDF always returns Deny when given as the label  
> input".

As the XEP explains just before, the policy can also supply default  
clearances and labels which would be used if there is no explicit  
clearance for a particular entity, or if no label has been explicitly  
put on the message.

So it's not mandating policy, it's just mandating that in the absence  
of a default clearance, all labels will fail, and in the absence of a  
default label, all unlabelled data will fail.

If you want to have the effect of all entities without an explicit  
clearance being automatically cleared for data labelled with  
UNCLASSIFIED, as in your example, you'd simply define the default  
clearance as being cleared for UNCLASSIFIED. If you want to allow for  
messages where the label is missing, too, then you'd need to define a  
default label to use in the policy, as well.

Dave Cridland - mailto:dave at cridland.net - xmpp:dwd at dave.cridland.net
  - acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
  - http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade

More information about the Standards mailing list