The following table shows session label limitations and availability based on users' session choices. The table continues the example from Figure 1–8.
Table 1–2 Labels in Trusted Extensions Sessions
|
Multilevel Session |
Single-level Session |
||
---|---|---|---|---|
|
General Case |
Example #1 |
General Case |
Example #2 |
|
|
Multilevel with clearance of SECRET A B |
|
Single-level with session label of SECRET A B |
Initial Workspace Label (at first login) |
Lowest label in account label range. |
CONFIDENTIAL |
Session label is specified by user |
SECRET A B |
Available Workspace Labels |
Any label in account label range up to the session clearance |
CONFIDENTIAL CONFIDENTIAL A B SECRET A B |
Session label is specified by user |
SECRET A B |
The left column identifies the types of label settings that are used in sessions.
The middle two columns apply to a Multilevel Session.
The right two columns apply to a Single-level Session.
The columns that are labeled General Case describe how the label types are determined.
The columns marked Example show a typical user's session selections at login.
In Example #1, the initial workspace label is set to CONFIDENTIAL, which is the label at the bottom of the user's account label range. The user can work at a label of CONFIDENTIAL, CONFIDENTIAL A B, or SECRET A B.
In Example #2, the user's initial workspace label is SECRET A B. Since the session is single-level, the only available workspace label is SECRET A B.