On Fri, Apr 03, 2009 at 11:22:38AM -0400, Santosh Chokhani wrote: > As part of MISSI and DMS, in mid to late 90's we did work on something > called Security Policy Information File (SPIF). Oh, very nice! Thanks for the pointer. That would be ISO15816. I've found the spec, though it's non-free (hadn't they learned the lesson with ASN.1?? will they ever learn it??). > At high level SPIF entailed the following: > > 1. It was ASN.1 based. Not surprisingly :) Converting that to XML is probably the correct first step in order to ensure adoption, sadly. (Actually, apparently that has already been done once, though outside the ISO/ITU-T.) > 2. It permitted you to convert the machine representation to human > readable representation. > 3. It permitted you to convert the human readable input to machine > representation. > 4. It mapped labels (hierarchical sensitivity levels and > non-hierarchical categories) from one labeling policy to another (i.e., > establish equivalency mapping) > 5. It allowed you to constrain labels since for some policies, > existence of a category may mean some categories, levels, may be > included and/or excluded. > > Different labeling policies were indicated by different policy OID. > > Some of the concept from that work may be applicable here. I think so! Except for the part about this spec being non-free. I think that means: start over in the IETF. Nico -- -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
