Domain of Interpretation (DOI)
A default Domain of Interpretation is assigned in the default templates for all host types. Two computers need to have the same DOI in order to communicate. Organizations with the same DOI need to agree among themselves about how labels and other security attributes are to be interpreted. Each host type has a DOI associated with it. By default each existing or new template has the default DOI specified in the DOI field. You do need to change the default DOI unless you have reasons for wanting to do so.
As mentioned under "Host Types", either the Trusted Solaris or TSIX host type can be specified in templates assigned to Trusted Solaris computers. If the NOTE in the first entry in Table 7-1 is true for your site, the Trusted Solaris or TSIX host-type computers can share the same DOI .
DOIs in Trusted Solaris IPv4 Packets
In Trusted Solaris IPv4 packets, the DOI is carried in the packet along with the label. In an IPv4 packet, the specified DOI is included both with the IP options (if any are specified) and in the SAMP header.
|
Headers ( Options [IP options including DOI] ) |
SAMP including DOI |
Data |
DOIs in Trusted Solaris IPv6 Packets
Note -
Trusted routing using IP labels is not supported with IPv6.
In Trusted Solaris IPv6 packets, label information is carried in multilevel security (MLS) options portion of the packet's Headers. Because label information is in the Headers portion of the packet, the packet's label can be used for routing.
|
Headers ( Options [SAMP MLS options including DOI] |
Data |
To specify a DOI other than the default, use the Advanced Security Attributes tabs.
- © 2010, Oracle Corporation and/or its affiliates