Browse Prior Art Database

Registry Specification for Mandatory Access Control (MAC) Security Label Formats (RFC7569) Disclosure Number: IPCOM000242445D
Original Publication Date: 2015-Jul-01
Included in the Prior Art Database: 2015-Jul-16
Document File: 20 page(s) / 22K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

D. Quigley: AUTHOR [+2]


With the acceptance of security labels in several mainstream operating systems, the need to communicate labels between these systems becomes more important. In a typical client-and-server scenario, the client request to the server acts as a subject trying to access an object on the server [RFC7204]. Unfortunately, these systems are diverse enough that attempts at establishing one common label format have been unsuccessful. This is because systems implement different Mandatory Access Control (MAC) models, which typically do not share any common ground.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 12% of the total text.

Internet Engineering Task Force (IETF)                        D. Quigley Request for Comments: 7569 Category: Standards Track                                          J. Lu ISSN: 2070-1721                                                   Oracle                                                                T. Haynes                                                             Primary Data                                                                July 2015

        Registry Specification for Mandatory Access Control (MAC)                          Security Label Formats


   In the past, Mandatory Access Control (MAC) systems have used very    rigid policies that were implemented in particular protocols and    platforms.  As MAC systems become more widely deployed, additional    flexibility in mechanism and policy will be required.  While    traditional trusted systems implemented Multi-Level Security (MLS)    and integrity models, modern systems have expanded to include such    technologies as type enforcement.  Due to the wide range of policies    and mechanisms that need to be accommodated, it is unlikely that the    use of a single security label format and model will be viable.

   To allow multiple MAC mechanisms and label formats to co-exist in a    network, this document creates a registry of label format    specifications.  This registry contains label format identifiers and    provides for the association of each such identifier with a    corresponding extensive document outlining the exact syntax and use    of the particular label format.

Status of This Memo

   This is an Internet Standards Track document.

   This document is a product of the Internet Engineering Task Force    (IETF).  It represents the consensus of the IETF community.  It has    received public review and has been approved for publication by the    Internet Engineering Steering Group (IESG).  Further information on    Internet Standards is available in Section 2 of RFC 5741.

   Information about the current status of this document, any errata,    and how to provide feedback on it may be obtained at

Quigley, et al.              Standards Track                    [Page 1]
 RFC 7569                  Labeled NFS Registry                 July 2015

 Copyright Notice

   Copyright (c) 2015 IETF Trust and the persons identified as the    document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal    Prov...