Security Labels : Différence entre versions

De Trustedbird Client Wiki
Ligne 17 : Ligne 17 :
 
Additional resources:
 
Additional resources:
 
* [[Security Labels Technical Documentation|Technical Documentation]]
 
* [[Security Labels Technical Documentation|Technical Documentation]]
* RFC 2634 - Enhanced Security Services for S/MIME
+
* RFC 2634 - section 3 - Enhanced Security Services for S/MIME
 
* RFC 3114 - Implementing Company Classification Policy with the S/MIME Security Label
 
* RFC 3114 - Implementing Company Classification Policy with the S/MIME Security Label
 
* RFC 4134 - Examples of S/MIME Messages
 
* RFC 4134 - Examples of S/MIME Messages

Version du 20 septembre 2010 à 15:19

English | Français

> Documentation > Trustedbird > Security Labels > Technical Documentation


This feature is used to add security information in a message which will be used to handle authorizations and access rights.

It implements the security service "security labels" defined in RFC 2634 Enhanced Security Services for S/MIME. A security label is a set of security information regarding the sensitivity of the content that is protected by S/MIME encapsulation.

A security label is composed of:

  • Security Policy Identifier
  • Security Classification (optional)
  • Privacy Mark (optional)
  • Security Categories (optional)


Additional resources:


Installation

This feature is integrated in Trustedbird 2.

Usage

In order to define your own security policy, edit or add a new XML file (based on this XML Schema) in securityLabel folder in your profile directory.

Security policy example:

<?xml version="1.0" encoding="UTF-8"?>
<!-- ESS Security Label policy definition example -->
<securityLabel>

	<!--
	Security Policy Identifier
		value (attribute) [OID]
		label (attribute) [string]: displayed name of the policy
	-->
	<securityPolicyIdentifier value="1.2.840.113549.1.9.16.7.1" label="default" />
	
	
	<!--
	Security Classification
		valueDisplayed (attribute) [boolean]: decide if value is displayed or only label
		item (element):
			value (attribute) [integer]: must be in 0 - 256 range
			label (attribute) [string]: displayed name
	-->
	<securityClassification valueDisplayed="true">
		<item value="0" label="unmarked" />
		<item value="1" label="unclassified" />
		<item value="2" label="restricted" />
		<item value="3" label="confidential" />
		<item value="4" label="secret" />
		<item value="5" label="top-secret" />
	</securityClassification>
	
	
	<!--
	Privacy Mark
		freeText (attribute) [boolean]: define if free text if allowed
		item (element): add a predefined privacy mark
			value (attribute) [string]: displayed text and value of the privacy mark
	-->
	<privacyMark freeText="true">
		<item value="NOCONTRACTOR" />
		<item value="NOFORN" />
		<item value="保密" />
		<item value="प्रतिबंधित/सीमित" />
	</privacyMark>
	
	
	<!--
	Security Categories
		securityClassificationValue (attribute) [integer]: specify that these categories apply only to this classification
		item (element): category
			oid (attribute) [OID]: type of the category
			type (attribute) [integer]: data type of value attribute (1 for UTF-8 string, 2 for integer)
			value (attribute) [string]: text of the category
			label (attribute) [string]: displayed name of the category
	-->		

	<!-- For all Security Classification -->
	<securityCategories>
		<item oid="1.2.66.1.5" type="1" value="private" label="Private" />
		<item oid="1.2.66.1.89.4" type="1" value="EU Protected Information" label="Protected Information" />
	</securityCategories>
	
	<!-- Only for Security Classification 4 -->
	<securityCategories securityClassificationValue="4">
		<item oid="1.2.3.8" type="1" value="EYES ONLY" label="EYES ONLY" />
		<item oid="1.2.398.5" type="1" value="EU do not print" label="DO NOT PRINT" />
		<item oid="1.2.398.5" type="1" value="FR do not print" label="Ne pas imprimer" />
	</securityCategories>
	
	<!-- Only for Security Classification 5 -->
	<securityCategories securityClassificationValue="5">
		<item oid="1.2.324.74" type="1" value="NATO CONFIDENTIAL" label="NATO CONFIDENTIAL" />
		<item oid="1.2.324.75" type="1" value="NATO RESTRICTED" label="NATO RESTRICTED" />
		<item oid="1.2.99.2" type="1" value="高度機密" label="top-secret" />
		<item oid="1.2.99.3" type="2" value="57" label="a" />
		<item oid="1.2.99.4" type="2" value="6000" label="b" />
		<item oid="1.2.99.5" type="1" value="6000" label="c" />
	</securityCategories>
	
</securityLabel>


Screenshots

Trustedbird 3.1 (based on Thunderbird 3.1)

Compose window

Sl-compose.png

Settings

Sl-settings.png

Compose Info

Sl-compose-info.png

View and sort messages with the security classification column

Sl-read.png

Message security info

Sl-read-messageSecurity.png


Trustedbird 2 (based on Thunderbird 2)

Securitylabel.png