Security Constraints

The SEDRIS Data Representation Model APPENDIX A - Classes Security Constraints

Class Name: Security Constraints

Superclass - <SEDRIS Abstract Base>

Subclasses

This DRM class is concrete and has no subclasses.

Definition

An instance of this DRM class specifies the security classification and any access and/or usage constraints for its containing DRM object, provided in a form compatible with ISO 19115.

Primary Page in DRM Diagram:

Secondary Pages in DRM Diagram:

This class appears on only one page of the DRM class diagram.

Example

Given a <Transmittal Root> instance that has restricted access (no access by non-U.S. citizens) and is for official use only, the fields of the <Security Constraints> instance's information might be set to

use_limitation_count 0

use_limitation {empty}

classification SE_MD_CLSCOD_SECRET

user_note "No access by non-U.S. citizens"

classification_system "United States Department of Defense"

handling_description "Downgrade on 31 Dec 2004"

FAQs

What is the purpose of this class?: This class supports the creation of transmittals that contain classified or sensitive data.
How is the security classification of a DRM object related to the security classifications of its component DRM objects, or to the security classification of its containing DRM object?: In general, the rules for security classification metadata for DRM objects within a transmittal are the same as the rules for security classification markings of the paragraphs and sections within a hierarchically structured classified document. The security classification of a DRM object shall be at least as high as the highest of the security classifications of its component DRM objects, and may be higher if the aggregation of the component DRM objects allows additional information to be inferred. Therefore, the security classification of a DRM object shall be no higher than the security classification of its containing DRM object. Unclassified DRM objects need not have an <Security Constraints> component, unless they are unclassified components of a classified containing DRM object.

Constraints

Component of (two-way)

one or more <Identification> instances

Inherited Field Elements

This class has no inherited field elements.

Field Elements

SE_Short_Integer_Unsigned	use_limitation_count;	¹
SE_String	use_limitation[];	²
SE_MD_ClassificationCode	classification;	³
SE_String	user_note;	⁴
SE_String	classification_system;	⁵
SE_String	handling_description;	⁶

Notes

Fields Notes

use_limitation_count

The use_limitation_count field specifies the number of use limitations specified in use_limitation.

use_limitation

If non-empty, each entry of the use_limitation field specifies a limitation affecting the fitness for use of the resource being described by the <Security Constraints> instance.

classification

The classification field identifies the handling restrictions on the resource being described by the <Security Constraints> instance.

The user_note field provides an explanation of the application of the legal constraints or other restrictions and legal prerequisites for obtaining and using the resource being described by the <Security Constraints> instance.

classification_system

The classification_system field identifies the classification system.

handling_description

The handling_description field provides any additional information about the restrictions on handling the resource being described by the <Security Constraints> instance.

Prev: SEC 3D Location. Next: SEDRIS Abstract Base. Up:Index.

Last updated: July 26, 2006

use_limitation_count	0
use_limitation	{empty}
classification	SE_MD_CLSCOD_SECRET
user_note	"No access by non-U.S. citizens"
classification_system	"United States Department of Defense"
handling_description	"Downgrade on 31 Dec 2004"