XEP-0258 (Security Labels in XMPP), authored by Kurt Zeilenga of Isode, has just been published:
Our product set includes a Security Label infrastructure that is being used by an increasing number of Isode products, as described in the whitepaper "Isode Security Policy, Security Label and Security Clearance Infrastructure" which can be found at http://www.isode.com/whitepapers/isode-security-infrastructure.html.
Our plan to support Security Labels in M-Link (our XMPP server) is described in another whitepaper, "Using Security Labels to Control Message Flow in XMPP Services" (http://www.isode.com/whitepapers/controlling-message-flow.html)
This plan includes support of future standards and our involvement in such standards, which is now reflected in XEP-0258. We'll be adding XEP-0258 support to M-Link.
XEPs (XMPP Extension Proposals) are the standardization framework used to extend XMPP. Some XEPs are stable standards, and others (including XEP-0258) are experimental, but expected to evolve int standards.
The key capability defined in XEP-0258 is a mechanism to carry Security Labels with XMPP messages. The mechanism is extensible, so that any Security Label format can be used, and a specification is included to use ESS Labels (as used by S/MIME and defined in RFC 2634). This gives a practical mechanism that can be deployed now, while enabling use of future standard label formats.
XEP-0258 is designed so that it can be used by XMPP clients in a very straightforward manner. In particular:
- Display information is carried with labels, so clients can easily display labels without understanding Security Label syntax or semantics (which in general is complex)
- A client can ask (discover) which Security Labels (including display information) can be used for a specific destination. This enables a client to add a valid security label to a message without understanding Security Label syntax or semantics.
We believe that this approach will enable many XMPP client developers to include Security Label support in their products or open source clients, without the need for extensive specialist code.
We are keen to work with others in this area, and encourage interested parties to contact Isode.