Network Working Group W. Nicolls
Request for Comments: 3114 Forsythe Solutions
Category: Informational May 2002
Network Working Group W. Nicolls
Request for Comments: 3114 Forsythe Solutions
Category: Informational May 2002
Implementing Company Classification Policy with the S/MIME Security Label
使用S/MIME安全标签实现公司分类策略
Status of this Memo
本备忘录的状况
This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.
本备忘录为互联网社区提供信息。它没有规定任何类型的互联网标准。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (2002). All Rights Reserved.
版权所有(C)互联网协会(2002年)。版权所有。
Abstract
摘要
This document discusses how company security policy for data classification can be mapped to the S/MIME security label. Actual policies from three companies provide worked examples.
本文档讨论如何将数据分类的公司安全策略映射到S/MIME安全标签。三家公司的实际政策提供了工作实例。
Security labels are an optional security service for S/MIME. A security label is a set of security information regarding the sensitivity of the content that is protected by S/MIME encapsulation. A security label can be included in the signed attributes of any SignedData object. A security label attribute may be included in either the inner signature, outer signature, or both. The syntax and processing rules for security labels are described in RFC 2634 [ESS].
安全标签是S/MIME的可选安全服务。安全标签是关于受S/MIME封装保护的内容的敏感度的一组安全信息。安全标签可以包含在任何SignedData对象的已签名属性中。安全标签属性可以包含在内部签名、外部签名或两者中。RFC 2634[ESS]中描述了安全标签的语法和处理规则。
The key words 'MUST', 'MUST NOT', 'REQUIRED', 'SHALL', 'SHALL NOT', 'SHOULD', 'SHOULD NOT', 'RECOMMENDED', 'MAY', and 'OPTIONAL' in this document are to be interpreted as described in RFC 2119 [MUSTSHOULD].
本文件中的关键词‘必须’、‘不得’、‘必需’、‘应’、‘不应该’、‘建议’、‘可能’和‘可选’应按照RFC 2119【必须’中的说明进行解释。
Information is an asset, but not all information has the same value for a business. Not all information needs to be protected as strongly as other information.
信息是一种资产,但并非所有信息对企业都具有相同的价值。并非所有信息都需要像其他信息那样得到强有力的保护。
Research and development plans, marketing strategies and manufacturing quality specifications developed and used by a company provide competitive advantage. This type of information needs
公司制定和使用的研发计划、营销策略和制造质量规范提供了竞争优势。这类信息需要
stronger protective measures than other information, which if disclosed or modified, would cause moderate to severe damage to the company.
比其他信息更强的保护措施,如果披露或修改,将对公司造成中度至严重损害。
Other types of information such as internal organization charts, employee lists and policies may need little or no protective measures based on value the organization places on it.
其他类型的信息,如内部组织结构图、员工名单和政策,可能需要很少或根本不需要根据组织对其的重视程度采取保护措施。
A corporate information classification policy defines how its information assets are to be protected. It provides guidance to employees on how to classify information assets. It defines how to label and protect an asset based on its classification and state (e.g., facsimile, electronic transfer, storage, shipping, etc.).
公司信息分类策略定义如何保护其信息资产。它为员工提供如何对信息资产进行分类的指导。它定义了如何根据资产的分类和状态(如传真、电子传输、存储、运输等)对资产进行标记和保护。
"Access control" is a means of enforcing authorizations. There are a variety of access control methods that are based on different types of policies and rely on different security mechanisms.
“访问控制”是执行授权的一种手段。有多种访问控制方法,它们基于不同类型的策略并依赖于不同的安全机制。
- Rule based access control is based on policies that can be algorithmically expressed.
- 基于规则的访问控制基于可以用算法表示的策略。
- Identity based access control is based on a policy which applies explicitly to an individual person or host entity, or to a defined group of such entities. Once identity has been authenticated, if the identity is verified to be on the access list, then access is granted.
- 基于身份的访问控制基于一种策略,该策略明确适用于个人或主机实体,或适用于此类实体的定义组。身份验证完成后,如果验证该身份是否在访问列表中,则授予访问权限。
- Rank base access control is based on a policy of hierarchical positions in an organization. It is based on who you are in the company structure. A rank-based policy would define what information that the position of Partner or Senior Consultant could access.
- 基于等级的访问控制基于组织中的分层位置策略。这取决于你在公司结构中的身份。基于级别的政策将定义合作伙伴或高级顾问职位可以访问的信息。
- Role based access control is based on a policy of roles in an organization. It may or may not be hierarchical. It is based on who you are in the company. The role-based policy would define what information that the role of Database Administrator, Network Administrator, Mailroom Clerk or Purchaser could access.
- 基于角色的访问控制基于组织中角色的策略。它可能是层次结构,也可能不是层次结构。这取决于你在公司里是谁。基于角色的策略将定义数据库管理员、网络管理员、邮件室职员或购买者角色可以访问的信息。
Rule, rank and role-based access control methods can rely on a security label as the security mechanism to convey the sensitivity or classification of the information. When processing an S/MIME encapsulated message, the sensitivity information in the message's security label can be compared with the recipient's authorizations to determine if the recipient is allowed to access the protected content.
基于规则、等级和角色的访问控制方法可以依赖安全标签作为安全机制来传达信息的敏感性或分类。处理S/MIME封装的邮件时,可以将邮件安全标签中的敏感信息与收件人的授权进行比较,以确定是否允许收件人访问受保护的内容。
An S/MIME security label may be included as a signed attribute in the inner (or only) signature or the outer signature. In the case of a triple-wrapped message as defined in RFC 2634, the inner signature would be used for access control decisions related to the plaintext original content, while the outer signature would be used for access control decisions related to the encrypted message.
S/MIME安全标签可以作为签名属性包含在内部(或唯一)签名或外部签名中。在RFC 2634中定义的三重包装消息的情况下,内部签名将用于与明文原始内容相关的访问控制决策,而外部签名将用于与加密消息相关的访问控制决策。
Users need to be granted authorizations to access information that has been classified by an authority. The sending and receiving agents need to be able to securely determine the user's authorizations for access control processing.
需要授予用户访问已被授权机构分类的信息的权限。发送和接收代理需要能够安全地确定用户访问控制处理的授权。
X.509 [X.509] and the Internet profile for X.509 certificates [CERTCRL] do not define the means to represent and convey authorizations in a certificate.
X.509[X.509]和X.509证书的Internet配置文件[CERTCRL]未定义在证书中表示和传递授权的方法。
X.501 [X.501] defines how to represent authorization in the form of a clearance attribute. The clearance attribute identifies the security policy in force to which a list of possible classifications and security categories relates.
X.501[X.501]定义了如何以许可属性的形式表示授权。“清除”属性标识与可能的分类和安全类别列表相关的有效安全策略。
X.501 also notes two means for binding the clearance to a named entity: an Attribute Certificate and a Certificate extension field (e.g., within the subjectDirectoryAttribute extension).
X.501还指出了将许可绑定到命名实体的两种方式:属性证书和证书扩展字段(例如,在subjectDirectoryAttribute扩展中)。
RFC 3281 [AC509] defines a profile of X.509 Attribute Certificate (AC) suitable for use with authorization information within Internet Protocols. One of the defined attributes is Clearance, which carries clearance (security labeling) information about the AC owner. The syntax for Clearance is imported from X.501.
RFC 3281[AC509]定义了X.509属性证书(AC)的配置文件,该配置文件适用于Internet协议中的授权信息。定义的属性之一是清除,它携带有关AC所有者的清除(安全标签)信息。清除的语法是从X.501导入的。
The following describes the information classification policies in effect at 3 companies.
以下介绍3家公司现行的信息分类政策。
The description for the Amoco information classification policy was taken from the Amoco Computer Security Guidelines. Amoco classifies its information assets based on confidentiality and integrity and defines 3 hierarchical classifications for each. The confidentiality
阿莫科信息分类政策的说明摘自《阿莫科计算机安全指南》。Amoco根据机密性和完整性对其信息资产进行分类,并为每个资产定义了3个层次分类。保密
and integrity polices are independent, so either or both may be applied to the information. Amoco also defines an availability classification for time critical information.
而完整性策略是独立的,因此可以对信息应用其中一个或两个策略。Amoco还为时间关键型信息定义了可用性分类。
HIGHLY CONFIDENTIAL - Information whose unauthorized disclosure will cause the company severe financial, legal or reputation damage. Examples: Certain acquisitions, bid economics, negotiation strategies.
高度机密-未经授权披露将对公司造成严重财务、法律或声誉损害的信息。示例:某些收购、投标经济、谈判策略。
CONFIDENTIAL - Information whose unauthorized disclosure may cause the company financial, legal, or reputation damage. Examples: Employee Personnel & Payroll Files, some interpreted Exploration Data.
机密-未经授权披露可能导致公司财务、法律或声誉受损的信息。示例:员工人事和工资单文件,一些解释的勘探数据。
GENERAL - Information that, because of its personal, technical, or business sensitivity is restricted for use within the company. Unless otherwise classified, all information within Amoco is in this category.
一般信息-因其个人、技术或业务敏感性而限制在公司内使用的信息。除非另有分类,否则阿莫科的所有信息均属于此类。
MAXIMUM - Information whose unauthorized modification and destruction will cause the company severe financial, legal, or reputation damage.
最大值-未经授权的修改和销毁将对公司造成严重财务、法律或声誉损害的信息。
MEDIUM - Information whose unauthorized modification and destruction may cause the company financial, legal, or reputation damage. Examples: Electronic Funds, Transfer, Payroll, and Commercial Checks.
媒体-未经授权的修改和销毁可能导致公司财务、法律或声誉受损的信息。例如:电子资金、转账、工资单和商业支票。
MINIMUM - Although an error in this data would be of minimal consequence, this is still important company information and therefore will require some minimal controls to ensure a minimal level of assurance that the integrity of the data is maintained. This applies to all data that is not placed in one of the above classifications. Examples: Lease Production Data, Expense Data, Financial Data, and Exploration Data.
最低限度-尽管此数据中的错误后果最小,但这仍然是重要的公司信息,因此需要一些最低限度的控制,以确保维持数据完整性的最低程度保证。这适用于未归入上述分类之一的所有数据。示例:租赁生产数据、费用数据、财务数据和勘探数据。
CRITICAL - It is important to assess the availability requirements of data, applications and systems. A business decision will be required to determine the length of unavailability that can be tolerated prior to expending additional resources to ensure the information availability that is required. Information should be labeled "CRITICAL" if it is determined that special procedures should be used to ensure its availability.
关键—评估数据、应用程序和系统的可用性要求非常重要。在花费额外资源以确保所需的信息可用性之前,需要做出业务决策,以确定可容忍的不可用时间长度。如果确定应使用特殊程序来确保信息的可用性,则应将信息标记为“关键”。
2.1.2 Caterpillar, Inc.
2.1.2 卡特彼勒公司。
The description for the Caterpillar information classification policy is taken from the Caterpillar Information Protection Guidelines. Caterpillar classifies its information assets based on confidentiality and defines 4 hierarchical classifications.
Caterpillar信息分类策略的说明摘自Caterpillar信息保护指南。Caterpillar根据机密性对其信息资产进行分类,并定义了4种分层分类。
Caterpillar Confidential Red - Provides a significant competitive advantage. Disclosure would cause severe damage to operations. Relates to or describes a long-term strategy or critical business plans. Disclosure would cause regulatory or contractual liability. Disclosure would cause severe damage to our reputation or the public image. Disclosure would cause a severe loss of market share or the ability to be first to market. Disclosure would cause a loss of an important customer, shareholder, or business partner. Disclosure would cause a long-term or severe drop in stock value. Strong likelihood somebody is seeking to acquire this information.
Caterpillar机密红色-提供了显著的竞争优势。泄露将对运营造成严重损害。关于或描述长期战略或关键业务计划。披露将导致监管或合同责任。披露会严重损害我们的声誉或公众形象。披露将导致市场份额或率先上市能力的严重损失。披露将导致重要客户、股东或业务合作伙伴的损失。披露将导致股票价值长期或严重下跌。很可能有人正在寻求获取此信息。
Caterpillar Confidential Yellow - Provides a competitive advantage. Disclosure could cause moderate damage to the company or an individual. Relates to or describes an important part of the operational direction of the company over time. Important technical or financial aspects of a product line or a business unit. Disclosure could cause a loss of Customer or Shareholder confidence. Disclosure could cause a temporary drop in stock value. A likelihood that somebody could seek to acquire this information.
Caterpillar机密黄色-提供竞争优势。披露可能对公司或个人造成中度损害。涉及或描述公司运营方向的重要部分。产品线或业务单位的重要技术或财务方面。披露可能导致客户或股东失去信心。披露可能导致股票价值暂时下跌。有人可能会试图获取这些信息。
Caterpillar Confidential Green - Might provide a business advantage over those who do not have access to the same information. Might be useful to a competitor. Not easily identifiable by inspection of a product. Not generally known outside the company or available from public sources. Generally available internally. Little competitive interest.
卡特彼勒机密绿色-可能比无法访问相同信息的用户提供业务优势。可能对竞争对手有用。通过检查产品不容易识别。在公司外通常不为人所知,也不可从公共来源获得。通常在内部提供。几乎没有竞争利益。
Caterpillar Public - Would not provide a business or competitive advantage. Routinely made available to interested members of the General Public. Little or no competitive interest.
Caterpillar Public-不会提供业务或竞争优势。定期向感兴趣的公众成员提供。很少或没有竞争利益。
The description for the Whirlpool information classification policy is taken from the Whirlpool Information Protection Policy. Whirlpool classifies its information assets based on confidentiality and defines 3 hierarchical classifications. The policy states that:
惠而浦信息分类政策的说明取自惠而浦信息保护政策。惠而浦根据机密性对其信息资产进行分类,并定义了3个层次分类。该政策规定:
"All information generated by or for Whirlpool, in whatever form, written, verbal, or electronic, is to be treated as WHIRLPOOL INTERNAL or WHIRLPOOL CONFIDENTIAL. Classification of information in either category depends on its value, the impact of unauthorized disclosure, legal requirements, and the manner in which it needs to be used by the company. Some WHIRLPOOL INTERNAL information may be authorized for public release."
“惠而浦产生的或为惠而浦产生的所有信息,无论是书面、口头或电子形式,均应视为惠而浦内部信息或惠而浦机密信息。任何一类信息的分类取决于其价值、未经授权披露的影响、法律要求以及公司使用信息的方式任何。一些惠而浦内部信息可能被授权公开发布。”
WHIRLPOOL CONFIDENTIAL - A subset of Whirlpool Internal information, the unauthorized disclosure or compromise of which would likely have an adverse impact on the company's competitive position, tarnish its reputation, or embarrass an individual. Examples: Customer, financial, pricing, or personnel data; merger/acquisition, product, or marketing plans; new product designs, proprietary processes and systems.
惠而浦机密信息-惠而浦内部信息的子集,未经授权的披露或泄露可能会对公司的竞争地位产生不利影响,损害其声誉,或使个人尴尬。示例:客户、财务、定价或人员数据;合并/收购、产品或营销计划;新产品设计、专有工艺和系统。
WHIRLPOOL INTERNAL - All forms of proprietary information originated or owned by Whirlpool, or entrusted to it by others. Examples: Organization charts, policies, procedures, phone directories, some types of training materials.
惠而浦内部-惠而浦发起或拥有或由他人委托的所有形式的专有信息。示例:组织结构图、政策、程序、电话簿、某些类型的培训材料。
WHIRLPOOL PUBLIC - Information officially released by Whirlpool for widespread public disclosure. Example: Press releases, public marketing materials, employment advertising, annual reports, product brochures, the public web site, etc.
惠而浦公开-惠而浦正式发布的信息,供广泛公开披露。例如:新闻稿、公共营销材料、招聘广告、年度报告、产品手册、公共网站等。
The policy also states that privacy markings are allowable. Specifically:
该政策还规定,隐私标记是允许的。明确地:
For WHIRLPOOL INTERNAL, additional markings or caveats are optional at the discretion of the information owner.
对于惠而浦内部,信息所有者可自行选择附加标记或警告。
For WHIRLPOOL CONFIDENTIAL, add additional marking or caveats as
necessary to comply with regulatory or heightened security
requirements. Examples: MAKE NO COPIES, THIRD PARTY CONFIDENTIAL,
ATTORNEY-CLIENT PRIVILEGED DOCUMENT, DISTRIBUTION LIMITED TO ____,
COVERED BY A NON-ANALYSIS AGREEMENT.
For WHIRLPOOL CONFIDENTIAL, add additional marking or caveats as
necessary to comply with regulatory or heightened security
requirements. Examples: MAKE NO COPIES, THIRD PARTY CONFIDENTIAL,
ATTORNEY-CLIENT PRIVILEGED DOCUMENT, DISTRIBUTION LIMITED TO ____,
COVERED BY A NON-ANALYSIS AGREEMENT.
RFC 2634 [ESS] defines the ESSSecurityLabel syntax and processing rules. This section builds upon those definitions to define detailed example policies.
RFC 2634[ESS]定义了ESSSecurityLabel语法和处理规则。本节基于这些定义来定义详细的示例策略。
The examples are detailed using the various components of the eSSSecurityLabel syntax.
使用eSSSecurityLabel语法的各个组件详细介绍了这些示例。
A security policy is a set of criteria for the provision of security services. The eSSSecurityLabel security-policy-identifier is used to identify the security policy in force to which the security label relates. It indicates the semantics of the other security label components.
安全策略是提供安全服务的一组标准。eSSSecurityLabel安全策略标识符用于标识与安全标签相关的有效安全策略。它指示其他安全标签组件的语义。
For the example policies, the following security policy object identifiers are defined:
对于示例策略,定义了以下安全策略对象标识符:
-- S/MIME Working Group Object Identifier Registry
id-smime OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
rsadsi(113549) pkcs(1) pkcs-9(9) 16 }
-- S/MIME Working Group Object Identifier Registry
id-smime OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840)
rsadsi(113549) pkcs(1) pkcs-9(9) 16 }
-- S/MIME Test Security Policy Arc
id-tsp OBJECT IDENTIFIER ::= { id-smime 7 }
-- S/MIME Test Security Policy Arc
id-tsp OBJECT IDENTIFIER ::= { id-smime 7 }
-- Test Security Policies
id-tsp-TEST-Amoco OBJECT IDENTIFIER ::= { id-tsp 1 }
id-tsp-TEST-Caterpillar OBJECT IDENTIFIER ::= { id-tsp 2 }
id-tsp-TEST-Whirlpool OBJECT IDENTIFIER ::= { id-tsp 3 }
-- Test Security Policies
id-tsp-TEST-Amoco OBJECT IDENTIFIER ::= { id-tsp 1 }
id-tsp-TEST-Caterpillar OBJECT IDENTIFIER ::= { id-tsp 2 }
id-tsp-TEST-Whirlpool OBJECT IDENTIFIER ::= { id-tsp 3 }
The security classification values and meanings are defined by the governing company policies. The security-classification values defined are hierarchical and do not use integers 0 through 5.
安全分类值和含义由管理公司政策定义。定义的安全分类值是分层的,不使用整数0到5。
Amoco-SecurityClassification ::= INTEGER {
amoco-general (6),
amoco-confidential (7),
amoco-highly-confidential (8) }
Amoco-SecurityClassification ::= INTEGER {
amoco-general (6),
amoco-confidential (7),
amoco-highly-confidential (8) }
Caterpillar-SecurityClassification ::= INTEGER {
caterpillar-public (6),
caterpillar-green (7),
caterpillar-yellow (8),
caterpillar-red (9) }
Caterpillar-SecurityClassification ::= INTEGER {
caterpillar-public (6),
caterpillar-green (7),
caterpillar-yellow (8),
caterpillar-red (9) }
Whirlpool-SecurityClassification ::= INTEGER {
whirlpool-public (6),
whirlpool-internal (7),
whirlpool-confidential (8) }
Whirlpool-SecurityClassification ::= INTEGER {
whirlpool-public (6),
whirlpool-internal (7),
whirlpool-confidential (8) }
Privacy marks are specified the Whirlpool policy. The policy
provides examples of possible markings but others can be defined by
users as necessary (though no guidance is given). The Whirlpool
policy provides the following examples: MAKE NO COPIES, THIRD PARTY
CONFIDENTIAL, ATTORNEY-CLIENT PRIVILEGED DOCUMENT, DISTRIBUTION
LIMITED TO ____, and COVERED BY A NON-ANALYSIS AGREEMENT.
Privacy marks are specified the Whirlpool policy. The policy
provides examples of possible markings but others can be defined by
users as necessary (though no guidance is given). The Whirlpool
policy provides the following examples: MAKE NO COPIES, THIRD PARTY
CONFIDENTIAL, ATTORNEY-CLIENT PRIVILEGED DOCUMENT, DISTRIBUTION
LIMITED TO ____, and COVERED BY A NON-ANALYSIS AGREEMENT.
The Amoco policy does not identify any privacy marks but the classification labels defined for availability and integrity would be most appropriately displayed here. The CRITICAL, MAXIMUM, MEDIUM, and MINIMUM labels are examples of information classifications that are not used for access control.
Amoco政策未识别任何隐私标记,但为可用性和完整性定义的分类标签最适合显示在此处。关键、最大、中等和最小标签是不用于访问控制的信息分类的示例。
In general, the privacy marks should provide brief but clear direction to the user on how to handle the information.
一般来说,隐私标志应为用户提供关于如何处理信息的简短而明确的指导。
Security categories or caveats are not specified in any of the sample policies. However, they are used in at least 2 of the companies. Though the security categories are not defined formally in their security policies, once locally defined they are formal and are to be enforced. The security categories are defined when necessary to provide identifiable proprietary information more granular access control. A category can be based organizationally or by project (i.e., Legal Only or Project Vallor).
任何示例策略中都没有指定安全类别或警告。然而,至少有两家公司使用了这种方法。虽然安全类别在其安全策略中没有正式定义,但一旦在本地定义,它们就是正式的,并且将被强制执行。必要时定义安全类别,以提供可识别的专有信息和更细粒度的访问控制。类别可以基于组织或项目(即,仅限法律或project Vallor)。
Security categories are represented in the RFC 2634 ESSSecurityLabel (to specify the sensitivity of labeled data) and X.501 Clearance attribute (to specify an entity's authorizations) using the following syntax.
安全类别在RFC 2634 ESSSecurityLabel(用于指定标记数据的敏感度)和X.501 Clearance属性(用于指定实体的授权)中使用以下语法表示。
SecurityCategories ::= SET SIZE (1..ub-security-categories)
OF SecurityCategory
SecurityCategories ::= SET SIZE (1..ub-security-categories)
OF SecurityCategory
ub-security-categories INTEGER ::= 64
ub-security-categories INTEGER ::= 64
SecurityCategory ::= SEQUENCE {
type [0] OBJECT IDENTIFIER
value [1] ANY DEFINED BY type } -- defined by type
SecurityCategory ::= SEQUENCE {
type [0] OBJECT IDENTIFIER
value [1] ANY DEFINED BY type } -- defined by type
One example of a SecurityCategory syntax is SecurityCategoryValues, as follows.
SecurityCategory语法的一个示例是SecurityCategoryValues,如下所示。
When id-securityCategoryValues is present in the SecurityCategory type field, then the SecurityCategory value field could take the form of:
当SecurityCategory类型字段中存在id SecurityCategory值时,SecurityCategory值字段可以采用以下形式:
SecurityCategoryValues ::= SEQUENCE OF UTF8String
SecurityCategoryValues ::= SEQUENCE OF UTF8String
An organization will define a securityCategoryType OID representing the syntax for representing a security category value within their security policy.
组织将定义一个securityCategoryType OID,表示在其安全策略中表示安全类别值的语法。
For the example security category syntax, a UTF8String is used to convey the security category value that applies to the labeled message. Access MUST be restricted to only those entities who are authorized to access every SecurityCategoryValue. Access is authorized if the ESSSecurityLabel SecurityCategoryValue EXACTLY matches the Clearance SecurityCategoryValue.
对于示例安全类别语法,UTF8String用于传递应用于标记消息的安全类别值。访问必须仅限于授权访问每个SecurityCategoryValue的实体。如果ESSSecurityLabel SecurityCategoryValue与Clearance SecurityCategoryValue完全匹配,则授权访问。
The security clearance and category authorizations for the user are defined in the clearance attribute.
用户的安全许可和类别授权在许可属性中定义。
Clearance: policyId: 1 2 840 113549 1 9 16 7 1 classList: amoco-general (6), amoco-confidential (7), amoco-highly-confidential (8)
许可:保单ID:12840 113549 1 9 16 7 1类别列表:阿莫科一般(6)、阿莫科机密(7)、阿莫科高度机密(8)
Clearance: policyId: 1 2 840 113549 1 9 16 7 2 classList: caterpillar-public (6), caterpillar-confidential-green (7), caterpillar-confidential-yellow (8), caterpillar-confidential-red (9)
许可:保单ID:1 2 840 113549 1 9 16 7 2类别列表:caterpillar公共(6)、caterpillar机密绿色(7)、caterpillar机密黄色(8)、caterpillar机密红色(9)
Clearance: policyId: 1 2 840 113549 1 9 16 7 3 classList: whirlpool-public (6), whirlpool-internal (7), whirlpool-confidential (8)
许可:保单ID:12840 113549 1 9 16 7 3类别列表:惠而浦公共(6)、惠而浦内部(7)、惠而浦机密(8)
This section includes an example RFC 2634 ESSSecurityLabel including the example Security Category syntax. This section also includes example X.501 Clearance attributes. One of the example Clearance attributes includes a set of authorizations that pass the access control check for the example ESSSecurityLabel. The other example Clearance attributes each include a set of authorizations that fail the access control check for the example ESSSecurityLabel.
本节包括示例RFC 2634 ESSSecurityLabel,其中包括示例安全类别语法。本节还包括示例X.501间隙属性。示例许可属性之一包括一组通过示例ESSSecurityLabel访问控制检查的授权。其他示例许可属性均包括一组未通过示例ESSSecurityLabel访问控制检查的授权。
These examples use the id-tsp-TEST-Whirlpool OID defined in section 2.2.1.1. Assume that the security policy identified by id-tsp-TEST-Whirlpool defines one securityCategoryType OIDs as follows:
这些示例使用第2.2.1.1节中定义的id tsp试验漩涡OID。假设id tsp TEST Whirlpool标识的安全策略定义了一个securityCategoryType OID,如下所示:
id-tsp-TEST-Whirlpool-Categories OBJECT IDENTIFIER ::= { id-tsp 4 }
id-tsp-TEST-Whirlpool-Categories OBJECT IDENTIFIER ::= { id-tsp 4 }
Example ESSSecurityLabel: security-policy-identifier: id-tsp-3 security-classification: 8 privacy-mark: ATTORNEY-CLIENT PRIVILEGED INFORMATION security-categories: SEQUENCE OF SecurityCategory
示例ESSSecurityLabel:安全策略标识符:id-tsp-3安全分类:8隐私标记:律师-客户特权信息安全类别:安全类别序列
SecurityCategory #1 type: id-tsp-4 value: LAW DEPARTMENT USE ONLY
证券类别#1类型:id-tsp-4值:仅限法律部门使用
Example Clearance Attribute #1 (passes access control check):
示例许可属性#1(通过访问控制检查):
Clearance: policyId: id-tsp-3 classList BIT STRING: Bits 6, 7, 8 are set to TRUE securityCategories: SEQUENCE OF SecurityCategory
清除:policyId:id-tsp-3类列表位字符串:位6、7、8设置为TRUE securityCategories:SEQUENCE OF securityCategories
SecurityCategory #1 type: id-tsp-4 value: LAW DEPARTMENT USE ONLY
证券类别#1类型:id-tsp-4值:仅限法律部门使用
Example Clearance Attribute #2 (fails access control check because SecurityCategoryValues do not match):
示例清除属性#2(由于SecurityCategoryValue不匹配,访问控制检查失败):
Clearance: policyId: id-tsp-3 classList BIT STRING: Bits 6, 7, 8 are set to TRUE securityCategories: SEQUENCE OF SecurityCategory
清除:policyId:id-tsp-3类列表位字符串:位6、7、8设置为TRUE securityCategories:SEQUENCE OF securityCategories
SecurityCategory #1: type: id-tsp-4 value: HUMAN RESOURCES USE ONLY
SecurityCategory#1:类型:id-tsp-4值:仅限人力资源使用
An implementation issue can be the mapping of the security label values to displayable characters. This is an issue for users who want to develop and retire their own classifications and categories on a regular basis and when the values are encoded in non-human readable form. Applications should provide a means for the enterprise to manage these changes. The practice of hard coding the mapping into the applications is discouraged.
实现问题可能是将安全标签值映射到可显示字符。对于那些希望定期开发和淘汰自己的分类和类别的用户来说,这是一个问题,当值以非人类可读的形式编码时。应用程序应该为企业提供管理这些更改的方法。不鼓励将映射硬编码到应用程序中。
This issue is viewed as local issue for the application vendor, as the solution does not need to be interoperable between vendors.
此问题被视为应用程序供应商的本地问题,因为解决方案不需要在供应商之间进行互操作。
An approach is the use of a Security Policy Information File (SPIF) [ISO15816]. A SPIF is a construct that conveys domain-specific security policy information. It is a signed object to protect it from unauthorized changes and to authenticate the source of the policy information. It contains critical display information such as the text string for security classifications and security categories to be displayed to the user, as well as additional security policy information.
一种方法是使用安全策略信息文件(SPIF)[ISO15816]。SPIF是一种传递特定于域的安全策略信息的结构。它是一个签名对象,用于保护它不受未经授权的更改,并验证策略信息的来源。它包含重要的显示信息,例如要向用户显示的安全分类和安全类别的文本字符串,以及其他安全策略信息。
Another implementation issue can be obtaining the recipient's certificate when sending a signed-only message with a security label. Normally the recipient's certificate is only needed when sending an encrypted message. Applications will need to be able to retrieve the recipient's certificate so that the recipient's clearance information is available for the access control check.
另一个实现问题可能是在发送带有安全标签的仅签名邮件时获取收件人的证书。通常,只有在发送加密邮件时才需要收件人的证书。应用程序需要能够检索收件人的证书,以便收件人的许可信息可用于访问控制检查。
All security considerations from RFC 2630 [CMS] and RFC 2634 [ESS] apply to applications that use procedures described in this document.
RFC 2630[CMS]和RFC 2634[ESS]中的所有安全注意事项适用于使用本文档中描述的过程的应用程序。
References
工具书类
[AC509] Farrell, S. and R. Housley, "An Internet Attribute Certificate Profile for Authorization", RFC 3281, April 2002.
[AC509]Farrell,S.和R.Housley,“用于授权的Internet属性证书配置文件”,RFC 3281,2002年4月。
[CERTCRL] Housley, R., Polk, W., Ford, W. and D. Solo, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 3280, April 2002.
[CERTCRL]Housley,R.,Polk,W.,Ford,W.和D.Solo,“Internet X.509公钥基础设施证书和证书撤销列表(CRL)配置文件”,RFC 32802002年4月。
[CMS] Housley, R., "Cryptographic Message Syntax", RFC 2630, June 1999.
[CMS]Housley,R.,“加密消息语法”,RFC 2630,1999年6月。
[ESS] Hoffman, P., Editor, "Enhanced Security Services for S/MIME", RFC 2634, June 1999.
[ESS]Hoffman,P.,编辑,“S/MIME增强安全服务”,RFC 2634,1999年6月。
[MUSTSHOULD] Bradner, S., "Key Words for Use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[MUSTSHOULD]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。
[X.501] "ITU-T Recommendation X.501: Information Technology - Open Systems Interconnection - The Directory: Models", 1993.
[X.501]“ITU-T建议X.501:信息技术——开放系统互连——目录:模型”,1993年。
[X.509] "ITU-T Recommendation X.509 (1997 E): Information Technology - Open Systems Interconnection - The Directory: Authentication Framework", June 1997.
[X.509]“ITU-T建议X.509(1997 E):信息技术——开放系统互连——目录:认证框架”,1997年6月。
[ISO15816] "Information Technology - Security Techniques - Security Information Objects for Access Control", ISO/IEC FDIS 15816:2000.
[ISO15816]“信息技术-安全技术-访问控制用安全信息对象”,ISO/IEC FDIS 15816:2000。
Acknowledgements
致谢
I would like to thank Russ Housley for helping me through the process of developing this document, John Pawling for his technical assistance and guidance, and Dan Quealy for his security policy expertise. I would like to thank Ernst & Young LLP and Telenisus for supporting the development of this document while I was employed there. I would also like to thank the good people at Amoco (bp), Caterpillar and Whirlpool who allowed me to use their policies as the real examples that make this document possible.
我要感谢Russ Housley在编写本文件的过程中帮助我,感谢John Pawling提供的技术援助和指导,感谢Dan Quealy提供的安全政策专业知识。我要感谢安永会计师事务所(Ernst&Young LLP)和泰利尼斯(Telenisus)在我任职期间对本文件开发的支持。我还要感谢阿莫科(bp)、卡特彼勒和惠而浦的优秀员工,他们让我将他们的政策作为真正的例子,使本文件成为可能。
Caterpillar and Whirlpool were each asked if they would like to provide contacts in regards to their security policies, but declined the offer.
卡特彼勒和惠而浦均被问及是否愿意就其安全政策提供联系,但均拒绝了这一提议。
Author's Address
作者地址
Weston Nicolls Forsythe Solutions 7500 Frontage Rd Skokie, IL 60077
威斯顿尼科尔斯-福赛斯解决方案伊利诺伊州斯科基临街路7500号,邮编60077
Phone: (847) 763-2370 EMail: wnicolls@forsythesolutions.com
电话:(847)763-2370电子邮件:wnicolls@forsythesolutions.com
Full Copyright Statement
完整版权声明
Copyright (C) The Internet Society (2002). All Rights Reserved.
版权所有(C)互联网协会(2002年)。版权所有。
This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English.
本文件及其译本可复制并提供给他人,对其进行评论或解释或协助其实施的衍生作品可全部或部分编制、复制、出版和分发,不受任何限制,前提是上述版权声明和本段包含在所有此类副本和衍生作品中。但是,不得以任何方式修改本文件本身,例如删除版权通知或对互联网协会或其他互联网组织的引用,除非出于制定互联网标准的需要,在这种情况下,必须遵循互联网标准过程中定义的版权程序,或根据需要将其翻译成英语以外的其他语言。
The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns.
上述授予的有限许可是永久性的,互联网协会或其继承人或受让人不会撤销。
This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件和其中包含的信息是按“原样”提供的,互联网协会和互联网工程任务组否认所有明示或暗示的保证,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。
Acknowledgement
确认
Funding for the RFC Editor function is currently provided by the Internet Society.
RFC编辑功能的资金目前由互联网协会提供。