One of the painful lessons we have learned is that the security policy for the domain must be applied consistently between those training the users to populate labels and those creating authorization information if an automated, label-based access control decision function is to work.
Weeding out inconsistent application of semantic content is resulting in significant cultural change.
I would be grateful if the extension of the attribute definition allows the use of a trigraph. It will be another element of information that needs to be profiled, but that's always the impact of using flexible standards.
Sandi
-----Original Message-----
From: Paul Koning [mailto:pkoning@xedia.com]
Sent: Tuesday, November 02, 1999 3:00 PM
To: samiklo@missi.ncsc.mil
Cc: barzin@secude.com; housley@spyrus.com; ietf-pkix@imc.org;
list@seis.nc-forum.com; stefan@accurata.se
Subject: RE: QC certificates and Nationality
Another way to look at the digraph vs. trigraph issue: given that the
draft refers to the ISO standard, and the latest rev of that standard
has both digraph and trigraph country codes, the obvious thing to do
is to track that standard and support both.
Of course, that does pose an interesting issue. If a cert shows
citizenship with a digraph country code and a security label has a
trigraph, is that a mismatch?
If yes, that means that you have to use a single form consistently
across your entire organization -- trigraph or digraph, whichever you
like, but only one. Is that an acceptable operational restriction?
If no, then you have to implement the conversion anyway, so you can
test for equality between a digraph and a trigraph country code.
paul