Stephen,
There is a requirement to bind a user's clearance (i.e.
security-classification and security-categories) authorizations to her
identity and public key. One method to do this is to include the user's
clearance authorizations in an AC that is bound to the user's X.509
certificate which binds the user's identity with her digital signature
public key. When an originator wants to send a sensitive message to a
recipient, then the originator would obtain and validate the recipient's
X.509 cert and AC. The originator selects the ESSSecurityLabel
security-classification and security-category values required to label the
content. The originator ensures that the recipient's AC contains the
appropriate clearance authorizations indicating that the recipient is
authorized to access data labeled with the originator-selected
ESSSecurityLabel security-classification and security-category values. One
strategy is that the originator could send her X.509 cert and AC in the
signedData object. The recipient can then use the originator's X.509 cert
and AC to verify the originator's signature and to ensure that the
originator's AC contains the appropriate clearance authorizations indicating
that the originator was authorized to send the data as labeled with the
ESSSecurityLabel security-classification and security-category values.
================================
John Pawling, jsp(_at_)jgvandyke(_dot_)com
J.G. Van Dyke & Associates, Inc.
www.jgvandyke.com
================================