%ents; <label/>"> <catalog/>"> <item/>"> <securitylabel/>"> <displaymarking/>"> <equivalentlabel/>"> <headline/>"> <identity/>"> <publish/>"> ]>
Security Labels in PubSub This document describes an extension to XEP-0258 (Security Labels in XMPP) to allow for the use of security labels in PubSub. This document describes how security label metadata can be applied to the various elements within PubSub, including nodes and items. &LEGALNOTICE; xxxx ProtoXEP Standards Track Standards Council XMPP Core XEP-0060 XEP-0258 NOT_YET_ASSIGNED Ashley Ward ashley.ward@surevine.com ashley.ward@surevine.com Lloyd Watkin lloyd.watkin@surevine.com lloyd.watkin@surevine.com 0.0.1 2012-05-16 asw

First draft.

This XEP defines a method to include Security Labels (as defined in &xep0258;) into PubSub (as defined in &xep0060;). Security labels (sometimes referred to as confidentiality labels) blah blah blah

STRONGLY RECOMMENDED.

OPTIONAL.

Security Label
The schema defined in &xep0258; with the XML namespace "urn:xmpp:sec-label:0"

This section defines the use cases for and protocols to be used by any entity wishing to publish or subscribe to content with a Security Label

A server SHOULD provide a label feature and information discovery for each node

Clients SHOULD discover label feature and information on a per-node basis

The protocol for node discovery is as defined in &xep0060;, but with the caveat that the server SHOULD NOT return any nodes that have a security marking that the entity is not authorised to view.

If a service implements a hierarchy of nodes (via Collection Nodes) then the server MUST also prevent access to any child nodes of any nodes which the entity is not authorised to view, even if the node's individual security label would otherwise allow this

Each Item within a &PUBLISH; element may be individually labelled with a &SECURITYLABEL;

The server SHOULD apply the default label for the node to any items which do not contain a &SECURITYLABEL;

Soliloquy To be, or not to be: that is the question: Whether 'tis nobler in the mind to suffer The slings and arrows of outrageous fortune, Or to take arms against a sea of troubles, And by opposing end them? tag:denmark.lit,2003:entry-32397 2003-12-13T18:30:02Z 2003-12-13T18:30:02Z UNCLASSIFIED ]]>

The service then notifies appropriately cleared subscribers

Soliloquy To be, or not to be: that is the question: Whether 'tis nobler in the mind to suffer The slings and arrows of outrageous fortune, Or to take arms against a sea of troubles, And by opposing end them? tag:denmark.lit,2003:entry-32397 2003-12-13T18:30:02Z 2003-12-13T18:30:02Z UNCLASSIFIED ]]>

If the node is configured not to include payloads

OPTIONAL.

  1. Server responses from a request for a node which the entity is not authorised to view MUST be identical to a response as if that node did not exist. ]]>

OPTIONAL.

OPTIONAL.

OPTIONAL.

REQUIRED.

REQUIRED.

REQUIRED.

REQUIRED for protocol specifications.