On Mon Jul 27 11:19:12 2009, Pedro Melo wrote:
Section 5:
"Otherwise, the clearance input is the nil clearance. The nil
clearance is a clearance for which the ACDF always returns Deny
when given as the clearance input"
Isn't this mandating policy trough a XEP? Shouldn't this be left to
each particular installation? I could decide to allow 'nil'
clearance if the current message label is unclassified or missing.
The same situation in the next paragraph: "The nil label is a label
for which the ACDF always returns Deny when given as the label
input".
As the XEP explains just before, the policy can also supply default
clearances and labels which would be used if there is no explicit
clearance for a particular entity, or if no label has been explicitly
put on the message.
So it's not mandating policy, it's just mandating that in the absence
of a default clearance, all labels will fail, and in the absence of a
default label, all unlabelled data will fail.
If you want to have the effect of all entities without an explicit
clearance being automatically cleared for data labelled with
UNCLASSIFIED, as in your example, you'd simply define the default
clearance as being cleared for UNCLASSIFIED. If you want to allow for
messages where the label is missing, too, then you'd need to define a
default label to use in the policy, as well.
Dave.
--
Dave Cridland - mailto:d...@cridland.net - xmpp:d...@dave.cridland.net
- acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
- http://dave.cridland.net/
Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade