Mapping Company
Classification Policy to the
S/MIME Security Label
Weston Nicolls
wnicolls@telenisus.com
S/MIME Working Group Meeting
December 13, 2000
Purpose
• Informational RFC
• Build on Security Label feature defined
in ESS for S/MIME - RFC 2634
• Show how Security Label can used to
implement an organizational security
policy
Telenisus Corporation
2
3rd Draft
Classification Policies and Examples for:
– Amoco Corporation
• General, Confidential, Highly Confidential
– Caterpillar Inc
• Public, Confidential Green, Confidential Yellow,
Confidential Red
– Whirlpool Corporation
• Public, Internal, Confidential
Telenisus Corporation
3
3rd Draft
Security Categories syntax and examples
Attribute Owner Clearance examples
Privacy Mark examples
Telenisus Corporation
4
Security Category Syntax
SecurityCategories ::= SET
SIZE (1..ub-security-categories)
OF SecurityCategory
ub-security-categories INTEGER ::= 64
SecurityCategory ::= SEQUENCE {
type
[0] OBJECT IDENTIFIER
value
[1] ANY DEFINED BY type }
-- defined by type
Telenisus Corporation
5
Security Category Syntax
One example of a SecurityCategory syntax is
SecurityCategoryValues, as follows.
When id-securityCategoryValues is present in
the SecurityCategory type field, then the
SecurityCategory value field could take the
form of
SecurityCategoryValues as follows:
SecurityCategoryValues ::= SEQUENCE OF
UTF8String
Telenisus Corporation
6
Example ESSSecurityLabel:
security-policy-identifier: id-tsp-3
security-classification: 9
privacy-mark: ATTORNEY-CLIENT PRIVILEGED
INFORMATION
security-categories: SEQUENCE OF SecurityCategory
SecurityCategory #1
type: id-tsp-4
value: LAW DEPARTMENT USE ONLY
Telenisus Corporation
7
Example Clearance Attribute
(passes access control check):
Clearance:
policyId: id-tsp-3
classList BIT STRING: Bits 0, 1, 2, 9 are set to TRUE
securityCategories: SEQUENCE OF
SecurityCategory
SecurityCategory #1
type: id-tsp-4
value: LAW DEPARTMENT USE ONLY
Telenisus Corporation
8