1 / 8

Mapping S/MIME Security Label to Organizational Policy

This document outlines how the ESS Security Label can be utilized to enforce organizational security policies with examples from Amoco Corporation, Caterpillar Inc., and Whirlpool Corporation. It provides sample policies for interoperability testing and discusses the way forward, including the need for Object Identifiers.

rocio
Télécharger la présentation

Mapping S/MIME Security Label to Organizational Policy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Mapping Company Classification Policy to the S/MIME Security Label<draft-ietf-smime-seclabel-00.txt> Russ Housley March 2000

  2. Weston Nicolls is the author.He could not attend this meeting,so I am providing the briefing inhis absence.

  3. Purpose and Scope • Informational RFC • Describe how the ESS Security Label can used to implement an organizational security policy • Three organizational examples • Provide sample policies for interoperability testing

  4. Organizations • Amoco Corporation • Caterpillar Inc • Whirlpool Corporation

  5. Amoco Corporation • Confidentiality • General • Confidential • Highly Confidential • Integrity • Minimum • Medium • Maximum

  6. Caterpillar Inc • Confidentiality • Public • Confidential Green • Confidential Yellow • Confidential Red

  7. Whirlpool Corporation • Confidentiality • Public • Internal • Confidential • Additional marks at discretion of owner • Privacy Marks? • Security Categories?

  8. Way Forward • First Internet-Draft published in December 1999 • Support interoperability testing • Need to assign Object Identifiers • IETF ones for this document and testing • Organizations assign their own • Determine correct way to handle the Whirlpool additional marks

More Related