Registry Specification for Mandatory Access Control (MAC) Security Label Formats
RFC 7569
|
Document |
Type |
|
RFC - Proposed Standard
(July 2015; No errata)
|
|
Last updated |
|
2018-12-20
|
|
Stream |
|
IETF
|
|
Formats |
|
plain text
html
pdf
htmlized
bibtex
|
|
Reviews |
|
|
Stream |
WG state
|
|
Submitted to IESG for Publication
|
|
Document shepherd |
|
Spencer Shepler
|
|
Shepherd write-up |
|
Show
(last changed 2014-11-18)
|
IESG |
IESG state |
|
RFC 7569 (Proposed Standard)
|
|
Consensus Boilerplate |
|
Yes
|
|
Telechat date |
|
|
|
Responsible AD |
|
Martin Stiemerling
|
|
Send notices to |
|
(None)
|
IANA |
IANA review state |
|
Version Changed - Review Needed
|
|
IANA action state |
|
RFC-Ed-Ack
|
Internet Engineering Task Force (IETF) D. Quigley
Request for Comments: 7569
Category: Standards Track J. Lu
ISSN: 2070-1721 Oracle
T. Haynes
Primary Data
July 2015
Registry Specification for Mandatory Access Control (MAC)
Security Label Formats
Abstract
In the past, Mandatory Access Control (MAC) systems have used very
rigid policies that were implemented in particular protocols and
platforms. As MAC systems become more widely deployed, additional
flexibility in mechanism and policy will be required. While
traditional trusted systems implemented Multi-Level Security (MLS)
and integrity models, modern systems have expanded to include such
technologies as type enforcement. Due to the wide range of policies
and mechanisms that need to be accommodated, it is unlikely that the
use of a single security label format and model will be viable.
To allow multiple MAC mechanisms and label formats to co-exist in a
network, this document creates a registry of label format
specifications. This registry contains label format identifiers and
provides for the association of each such identifier with a
corresponding extensive document outlining the exact syntax and use
of the particular label format.
Status of This Memo
This is an Internet Standards Track document.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 5741.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
http://www.rfc-editor.org/info/rfc7569.
Quigley, et al. Standards Track [Page 1]
RFC 7569 Labeled NFS Registry July 2015
Copyright Notice
Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction ....................................................3
2. Definitions .....................................................4
3. Existing Label Format Specifications ............................4
3.1. IP Security Option (IPSO), Basic Security Option (BSO) .....4
3.2. Commercial IP Security Option (CIPSO) ......................5
3.3. Common Architecture Label IPv6 Security Option (CALIPSO) ...5
3.4. Flux Advanced Security Kernel (FLASK) ......................5
4. Security Considerations .........................................5
5. IANA Considerations .............................................5
5.1. Initial Registry ...........................................6
5.2. Adding a New Entry to the Registry .........................7
5.3. Obsoleting a Label Format Specifier ........................8
5.4. Modifying an Existing Entry in the Registry ................8
6. References ......................................................9
6.1. Normative References .......................................9
6.2. Informative References .....................................9
Acknowledgments ...................................................10
Authors' Addresses ................................................10
Quigley, et al. Standards Track [Page 2]
RFC 7569 Labeled NFS Registry July 2015
1. Introduction
With the acceptance of security labels in several mainstream
operating systems, the need to communicate labels between these
systems becomes more important. In a typical client-and-server
scenario, the client request to the server acts as a subject trying
to access an object on the server [RFC7204]. Unfortunately, these
systems are diverse enough that attempts at establishing one common
label format have been unsuccessful. This is because systems
Show full document text