(Apologies for all the posts. Just trying to keep the threads separate for commenting.)
It's important to acknowledge that many Advanced policies will required information about the message beyond just the Policy identifier. An example from the export control world: An email may be governed by the ITAR policy, however, access control decisions are made based ITAR and the specific export license or agreement that applies to the message. Simply identifying that the document is export controlled doesn't given the PDP enough information to make a grant or deny decision. Stated differently, an access decision is based on attributes about the requester, resource, environment, and action. The plasma scenarios for Advanced Policies should include the ability to convey attributes (labels) about the message (including, but not limited to the policy identifier) and attributes about the recipient. Scott Fitch Cyber Architect Lockheed Martin Enterprise Business Services _______________________________________________ plasma mailing list [email protected] https://www.ietf.org/mailman/listinfo/plasma
