Trusted Extensions Label Administration

Exit Print View

Updated: July 2014

User Accreditation Range

The user accreditation range is the largest set of labels that regular users can access when using Trusted Extensions. The user accreditation range always excludes ADMIN_HIGH and ADMIN_LOW. The user accreditation range is further constrained by any rules that constrain the System Accreditation Range. In addition, the user accreditation range can be constrained by a set of rules in the ACCREDITATION RANGE section of the label_encodings file. Figure 1–5 continues the Figure 1–4 example. Figure 1–5 shows three different types of rules in the ACCREDITATION RANGE section and their effects on the user accreditation range. The lines bracket to the well-formed labels that the particular rule permits.

Figure 1-5  ACCREDITATION RANGE Section of label_encodings File

image:Graphic shows how the accreditation range constrains the potential labels to fewer available labels.

As shown in the box to the right, the user accreditation range excludes ADMIN_HIGH and ADMIN_LOW. The rule for the TS classification (shown in Figure 1–4) includes all TS combinations except TS B. However, because TS B, and S B and C B, were previously overruled by the REQUIRED COMBINATIONS rule B A (as shown in Figure 1–4), TS A B, TS A, and TS are the only allowed TS combinations. As shown in Figure 1–5, because S A B is defined as the only valid combination for the S classification, S B is excluded again. All C combinations except C A are valid, according the rule for the C classification. However, because C B was overruled earlier, the only permitted combinations for the C classification are C A B and C.