Weston:
I have two questions about the Internet-Draft.
QUESTION 1.
The Amoco policy defines confidentiality hierarchy and an integrity
hierarchy. In practice, is a piece of information marked with a
confidentiality value, an integrity value, or both? The ASN.1 defined in
the document leads me to believe that a particular piece of information has
either a confidentiality value or an integrity value, but never both.
You included the following ASN.1:
Amoco-SecurityClassification ::= {
amoco general (6),
amoco confidential (7),
amoco highly confidential (8),
amoco minimum (9),
amoco medium (10),
amoco maximum (11) }
Since the classification in the ESS security label is a single INTEGER,
only one of these values may be present in a particular instance of a
security label.
Is the integrity value ever used to make an access control decision? If
not, then perhaps the integrity value should be carried in the privacy mark.
QUESTION 2.
In the Whirlpool section, you say:
For WHIRLPOOL INTERNAL, additional markings or caveats are option at the
discretion of the information owner.
For WHIRLPOOL CONFIDENTIAL, add additional marking or caveats as
necessary to
comply with regulatory or heightened security
requirements. Examples: MAKE NO
COPIES, THIRD PARTY CONFIDENTIAL, ATTORNEY-CLIENT PRIVILEGED DOCUMENT,
DISTRIBUTION LIMITED TO ____, COVERED BY A NON-ANALYSIS AGREEMENT.
The examples listed can be characterized as guidance to the information
recipient about how the needs to be handled. Mostly, guidance is provided
about the redistribution of the information. Since these are examples, I
wonder if there is a example of a caveat on which one might expect
automated access control.
Russ