[Standards] Proposed XMPP Extension: Security Labels in PubSub
Piers.Chivers at BoldonJames.com
Thu Aug 2 11:03:52 UTC 2012
[Boldon James classification: UNMARKED EXTERNAL]
Just a few notes on this:
1. Throughout: It's primarily written from a "Need to Know" basis i.e. don't show people stuff they aren't cleared for. I'd prefer to see equal emphasis on a "Need to Share" basis i.e. let people know there is something there but they currently don't have clearance. In a PubSub environment I think this makes more sense than randomly (at least it will seem random to the subscriber) filtering out stuff. Section 9.1 <insufficient_clearance> touches upon this but I'd prefer to see this mentioned throughout the document.
2. Section 2: "A client SHOULD only publish items to a node that are compatible with the Clearance of the node", why is this not "A client MUST NOT publish items to a node that are incompatible with the Clearance of the node"
3. Example 14: I'm struggling to think of a scenario where a notification without a payload needs a security label (this is a SECRET notification of Britain winning a Gold medal but this is an UNCLASSIFIED notification of Britain winning a Gold medal seems a little odd). If I'm cleared to subscribe to the node then....
4. Section 9: I think the draft hints at all the possible complexities here. Perhaps this XEP should limit itself to label based access at the node level only??
From: standards-bounces at xmpp.org [mailto:standards-bounces at xmpp.org] On Behalf Of Ashley Ward
Sent: 19 June 2012 17:58
To: XMPP Standards
Subject: Re: [Standards] Proposed XMPP Extension: Security Labels in PubSub
Yeah - sorry about that! I had two copies of it on my file system and of course sod's law meant that I sent the wrong one!
Thanks to Peter for updating it!
On 19/06/2012 17:47, "Todd Herman" <todd at apx-labs.com> wrote:
>I was going to say. There were no periods and parts had "blah blah blah"
>in it. :)
>From: standards-bounces at xmpp.org [mailto:standards-bounces at xmpp.org] On
>Behalf Of Peter Saint-Andre
>Sent: Tuesday, June 19, 2012 12:34 PM
>To: XMPP Standards
>Subject: Re: [Standards] Proposed XMPP Extension: Security Labels in
>The authors had sent me an outdated version. I've pushed a revised
>version to the website.
>On 6/19/12 10:17 AM, XMPP Extensions Editor wrote:
>> The XMPP Extensions Editor has received a proposal for a new XEP.
>> Title: Security Labels in PubSub
>> Abstract: This document describes an extension to XEP-0258 (Security
>>Labels in XMPP) to allow for the use of security labels in PubSub.
>>This document describes
>> how security label metadata can be applied to the various elements
>>within PubSub, including nodes and items.
>> URL: http://xmpp.org/extensions/inbox/pubsub-labels.html
>> The XMPP Council will decide in the next two weeks whether to accept
>>this proposal as an official XEP.
Email classified by Boldon James Classifier - www.boldonjames.com
More information about the Standards