« Isode R14.4: Ongoing work on M-Switch GUI Configuration Management | Main | Isode R14.4: CCCP - Supporting External Content Checking and Converion of Internet Mail in M-Switch »

March 09, 2009

Isode R14.4: Security Policy Enhancements

This is the eleventh in a series of messages describing new features in Isode R14.4, scheduled to ship in April 2009. You can see all of the messages on this blog relating to R14.4 by clicking on this link



Isode provides a Security Policy Infrastructure to support applications controlling access using Security Labels.  This is described in the Isode whitepaper "Isode Security Policy, Security Label and Security Clearance Infrastructure". This document will be updated when R14.4 ships.

R14.4 makes a number of updates to this infrastructure:

  1. Support of NATO Security Categories.  Security Categories are used within Security Labels to provide finer grained control than Security Classification. R14.3 supported only US MISSI Security Categories, as defined in SDN.801c. NATO ACP 322 defines Security Categories with similar semantics to MISSI, but different syntax. R14.4 adds support for these categories, and control within the SPIF as to which syntax is used. This change means there is support for the two major definitions of Security Category, and that ACP 322 and UK JSP 457 can be fully supported.
  2. The Isode Security Policy has been extended to support Equivalent Policies in line with SDN.801c definitions. This enables a Security Policy to define labels from other policies that are equivalent to the local ones. These labels will then be verified according to this equivalence.
  3. Support of ESS Security Label formats in addition to X.501/X.411. This includes conversion between the formats.
  4. Security Clearances can now be included in certificates. Where there is a Security Clearance in a directory entry, Sodium can now include this in a PKCS#10 CSR (Certificate Signing Request) which will result in the Security Clearance being included with the X.509 Certificate as part of the Subject Directory Attributes Extension.
  5. Formal XML schema specifications of the Isode XML Security Label and Clearance formats are now provided.  Basic XML style sheets are also provided. This will facilitate external use and management of data in these formats.

Posted by Will Sheward on March 09, 2009 in R14.4 |

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d8341d814c53ef011168cdcb0a970c

Listed below are links to weblogs that reference Isode R14.4: Security Policy Enhancements:

Comments

Verify your Comment

Previewing your Comment

Posted by:  | 

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Comments are moderated, and will not appear until the author has approved them.