The Ominclass= Keyword

The optional ominclass= keyword specifies the output minimum classification for the word. The output minimum classification is the minimum classification with which the word can be output (i.e., appear in a human-readable representation of a label converted from internal format). The classification specified starts with the first non-blank character following the blank after the keyword, and continues up to the next semicolon or the end of the line. The classification can be the short, long, or alternate name of a classification defined in the CLASSIFICATIONS: section. If the output minimum classification with which a word can be associated is the classification with the lowest value (as defined by the value= keyword), then there is no need to make an ominclass= keyword specification.

The distinction between minclass= and ominclass= is subtle but very important. Specifying ominclass for a word prevents that word from appearing in human-readable labels with classifications below the ominclass, even if the internal representation of the label specifies the word. A word with an associated ominclass cannot be added to a label with a classification below that ominclass, unless the word also has a minclass that is greater than or equal to the ominclass.(In this case, the only reason the word can be added is that the minclass, being greater than or equal to the ominclass, causes the label's classification to be raised when the word is added, such that the classification of the label is greater than or equal to the ominclass, so that the word can appear in the label.) The following examples shed more light on the differences between ominclass and minclass.

Typically, ominclass= would be specified only for those inverse words associated only with inverse bits, when the word—by convention—is not shown in labels below a certain classification. (The most typical case of an inverse word is one associated with only inverse bits. This is the case for all the words of the form REL XX in Appendix B, Annotated Sample Encodings. However, more complex inverse words are possible. An example is the codeword bravo4 in Appendix B, Annotated Sample Encodings. This codeword is associated with an inverse bit and several non-inverse bits. There is no need to specify an ominclass for bravo4, primarily because of the presence of the non-inverse bits in its internal form.) The best example of such a word is a release marking, e.g., REL CNTRY1. The word REL CNTRY1 indicates that the information is releasable to CNTRY1. Therefore, CONFIDENTIAL information that was releasable to CNTRY1 would have a label of CONFIDENTIAL REL CNTRY1. However, note that UNCLASSIFIED information is—by virtue of its not being classified—releasable to CNTRY1. Therefore, the semantics of REL CNTRY1 is such that its internal representation must be present in UNCLASSIFIED labels, yet—by convention—it is not shown in the human-readable representation of the label UNCLASSIFIED. Therefore, specifying an ominclass= CONFIDENTIAL for the word REL CNTRY1 prevents REL CNTRY1 from appearing with UNCLASSIFIED in human-readable labels. In conjunction with specifying the CONFIDENTIAL output minimum classification for REL CNTRY1, the bit patterns that represent the presence of REL CNTRY1 in a label should be specified in the initial compartments and/or markings of all classifications below CONFIDENTIAL.

An ominclass can be specified in conjunction with a minclass, for a variety of reasons. As mentioned above, specifying a minclass equal to the ominclass allows adding the word to a label with a classification below the ominclass. Specifying an ominclass greater than the minclass is a common case, as indicated in the above REL CNTRY1 example, and automatically occurs when an ominclass greater than the lowest classification is specified, but no minclass is specified, in which case the minclass becomes the lowest classification.

It is meaningful, in some cases, to specify an ominclass below the minclass of the word. The word charlie in Appendix B, Annotated Sample Encodings illustrates such a case. The word charlie is an inverse word with a minclass of SECRET and an ominclass of CONFIDENTIAL. The internal representation of charlie is specified by UNCLASSIFIED labels. Ignoring the minclass specification, charlie looks very similar to the REL CNTRY1 word described above. However, with the minclass specified as SECRET, charlie can appear only in labels with classifications of SECRET or higher. Thus, UNCLASSIFIED labels have an internal representation that specifies charlie, but the word charlie does not appear in UNCLASSIFIED labels. CONFIDENTIAL labels have an internal representation that does not specify charlie, and charlie cannot appear in such a label. Adding charlie to such a label changes the classification in the label to SECRET. SECRET labels have an internal representation that does not specify charlie but charlie can be added to such a label without changing its classification, assuming the well formedness rules allow adding charlie to the label. If the ominclass for charlie was equal to the minclass instead of being below it, charlie could not be added to a confidential label (forcing the label to SECRET, as described above). With the word charlie, the choice of an ominclass of CONFIDENTIAL versus SECRET depends entirely on the desired behavior of the system when a user tries to add charlie to a CONFIDENTIAL label.