On Apr 4, 2009, at 3:46 PM, Santosh Chokhani wrote:
On the issue of authorization to "label" an object, I assume you are notsaying that write authorizations need to be separate from read authorization.
No, I am saying the lack of separate "to read"/"to label" authorizations is a significant limitation of the SDN SPIF model. For instance, one might not require any particular clearance to read UNCLASSIFIED//RELEASEABLE-TO-PUBLIC under a particular policy, but under that policy one might be required a specific clearance to create an object with a UNCLASSIFIED//RELEASEABLE-TO-PUBLIC label. (There are a number of real world national/international policies that have asymmetric "to read"/"to label" handling of security labels.) The SDN SPIF model, unfortunately, assumes that authorization to read implies authorization to label, so one cannot represent such a policy in a SPIF.
-- Kurt
Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.