Skip Navigation Links | |
Exit Print View | |
Compartmented Mode Workstation Labeling: Encodings Format Oracle Solaris 11.1 Information Library |
2. Structure and Syntax of Encodings File
4. Information Label Encodings
5. Sensitivity Label, Clearance, Channels, and Printer Banner Encodings
6. Accreditation Range and Name Information Label Encodings
User Accreditation Range Examples
Specifying the User Accreditation Range
The All Compartment Combinations Valid Keyword
Specifying System Accreditation Range-Related Constants
The Minimum Clearance= Keyword
The Minimum Sensitivity Label= Keyword
The Minimum Protect As Classification= Keyword
Name Information Label Encodings
7. General Considerations for Specifying Encodings
8. Enforcing Proper Label Adjudications
A. Encodings Specifications Error Messages
The encodings for classifications and sensitivity label words specify which potential sensitivity labels are well formed. Based on these encodings alone, every potential sensitivity label may not be well formed. Given the compartments A, B, and C from the above example, if compartment C has a REQUIRED COMBINATION of C A, then compartment C can never appear in a well formed label without compartment A. Thus, the well formed sensitivity labels in the example would be:
TS TS A TS B TS A B TS A C TS A B CThe user accreditation range specification is stated in terms of the set of well formed sensitivity labels.
Whereas the above examples dealt with the classification TS only, specifying a user accreditation range in general requires specifying the compartment combinations valid with each classification in the user accreditation range. Furthermore, specifying the valid compartment combinations, in the case where all well formed combinations are not valid, can be done by specifying those combinations are valid, or by specifying those combinations that are not valid.
There must be one or more user accreditation range specifications. There should be one specification for each classification that appears in a sensitivity label in the user accreditation range. Each specification consists of a classification= keyword followed by one of the keywords all compartment combinations valid, all compartment combinations valid except:, or only valid compartment combinations:, as described below.
The classification= keyword should be specified for each classification in the user accreditation range. The keyword is followed by a valid classification (short, long, or alternate name) from the CLASSIFICATIONS: section, and one of the three keywords described below. The classification name is taken to begin with the first non-blank character following the blank after the keyword, and continues up to the next semicolon or the end of the line. The name specified must match either the short, long, or alternate name of one of the classifications specified in the classifications section of the encodings file.
The all compartment combinations valid keyword specifies that all well formed compartment combinations are valid along with the classification specified by the preceding classification= keyword. Note that only those compartment combinations that are well formed according to the encodings in the CLASSIFICATIONS: and SENSITIVITY LABELS: sections are valid. For example, if the SENSITIVITY LABELS: COMBINATIONS CONSTRAINTS: specifies
A ! B
Then compartment B cannot appear in a sensitivity label along with compartment A, regardless of the classification or the user accreditation range specification.
An example of a user accreditation range specification using the all compartment combinations valid keyword is:
classification= TS; all compartment combinations valid;
The all compartment combinations valid except: keyword specifies that all compartment combinations are valid along with the classification specified by the preceding classification= keyword, except those that are listed, one per line, on the lines that follow until the next keyword. Each subsequent line (other than blank lines and comment lines) should contain exactly one sensitivity label, up until a line containing a classification= or minimum clearance= keyword is found. At least one sensitivity label should be specified.
Each sensitivity label specified must be well formed according to the encodings in the CLASSIFICATIONS: and SENSITIVITY LABELS: sections. Furthermore, each sensitivity label must be in canonical form. A sensitivity label is in canonical form if it begins with the sname of a classification followed by the name of zero or more SENSITIVITY LABELS: WORDS:, in the order in which the words appear in the SENSITIVITY LABELS: section.
The sensitivity labels are used to specify compartment combinations only; the classification in the sensitivity label is ignored after validity checking. However, the classification in each sensitivity label must be the same as the classification= keyword that precedes it.
A specification of the realistic user accreditation range from the example above using the all compartment combinations valid except: keyword is:
classification= TS; all compartment combinations valid except: TS TS A TS B
The only valid compartment combinations: keyword specifies that no compartment combinations are valid along with the classification specified by the preceding classification= keyword, except those that are listed, one per line, on the lines that follow until the next keyword. Each subsequent line (other than blank lines and comment lines) should contain exactly one sensitivity label, up until a line containing a classification= or minimum clearance= keyword is found. At least one sensitivity label should be specified.
Each sensitivity label specified must be well formed according to the encodings in the CLASSIFICATIONS: and SENSITIVITY LABELS: sections. Furthermore, each sensitivity label must be in canonical form. A sensitivity label is in canonical form if it begins with the sname of a classification followed by the name of zero or more SENSITIVITY LABELS: WORDS:, in the order in which the words appear in the SENSITIVITY LABELS: section.
The sensitivity labels are used to specify compartment combinations only; the classification in the sensitivity label is ignored after validity checking. However, the classification in each sensitivity label must be the same as the classification= keyword that precedes it.
A specification of the realistic user accreditation range from the example above using the only valid compartment combinations: keyword is:
classification= TS; only valid compartment combinations: TS A B TS A C TS A B C
Appendix B, Annotated Sample Encodings contains more examples of each of the above types of user accreditation range specifications.