Capability (C089):— representing

Capability (C089):— representing_security

Date: 2012/05/23 15:58:39
Revision: 1.7

Cover Contents Intro.Overview Info. model Templates Issues

Business overview

This section provides a business level overview of this capability.

A security classification is the level of confidentiality that is required in order to protect product data against unauthorized usage. This capability describes how such a classification is assigned to product data.

Information model overview

This section provides an overview of the information model that supports this capability.

The EXPRESS-G for representing a security classification is shown in Figure 1 below and explained in the following sections.

Figure 1 — Information model overview

A security classification is represented by a Security_classification with the type of the classification being represented by reference data though the classification of the Security_classification by using the template assigning_reference_data.

Security_classification_assignment is used to associate the Security_classification to the product data being classified.

Model Characterization

This section specifies how the information model can be further characterized by the assignment of additional information such as dates, approvals and people or organizations.

The following characterizations may apply.

Characterization: Assigning time (Optional)

The date and time when the Security_classification was assigned can be represented by assigning a date and time (using the relationship Date_or_date_time_assignment) to the Security_classification_assignment using the assigning_time.

NOTE The assignment of dates and times is described the capability C036: assigning_date_time.

Characterization: Assigning person or organization as responsible for classification (Optional)

The person or organization that assigned the Security_classification can be represented by using the template assigning_person_in_organization or assigning_organization.

The assignment of the person or organization (Organization_or_person_in_organization_assignment) is classified as: "Security classifier of" (urn:plcs:rdl:std:Security classifier of) to indicate that this organization assigned the security classification.

Capability templates

The following sections define a set of templates for the capability, where a template is a specification of a set of entities that need to be instantiated to represent a given set of information.

Template: assigning_security_classification (Short name: asg_sec)

This section specifies the template assigning_security_classification.

NOTE An explanation of a template and the associated instantiation path is provided in the Template overview section.

Description

This template describes how to represent the assignment of a security classification to an item.

Model diagrams

The EXPRESS-G diagram in Figure 1 shows the templates and EXPRESS entities that are required to represent the template "assigning_security_classification". The text highlighted in blue shows the template parameters.

The actual security classification is provided by a classifying the Security_classification by using the template assigning_reference_data.

Figure 1 — An EXPRESS-G representation of the Information model for assigning_security_classification

The graphic for the template to be used in other EXPRESS-G diagrams is shown in Figure 2 below.

Figure 2 — The graphical representation of the assigning_security_classification template

Input parameters

The following input parameters are defined for this template:

security_class_name (Type='CLASS')

The name of the class being used to classify the security level. (Security_classification_assignment)

The following classes and their sub-classes can be used:

classifications: "Security_classification" (urn:plcs:rdl:std:Security_classification)

security_ecl_id (Default=urn:plcs:rdl:std,Type='URN', Optional)

The identifier of the External_class_library storing the definition of the class referenced by the parameter @security_class_name.

items (Type= 'SELECT (security_classification_item)' )

The items to which the security classification is assigned.

Reference parameters

The following reference parameters are defined for this template:

security_classification(Type='ENTITY (Security_classification)')

Allow the Security_classification entity instantiated in this path to be referenced when this template is used.

Note: The Security_classification entity can be referenced in a template path by:

%^target = $assigning_security_classification.security_classification%

where target is the parameter to which the Security_classification is bound.

security_assignment(Type='ENTITY (Security_classification_assignment)')

Allow the Security_classification_assignment entity instantiated in this path to be referenced when this template is used.

Note: The Security_classification_assignment entity can be referenced in a template path by:

%^target = $assigning_security_classification.security_assignment%

where target is the parameter to which the Security_classification_assignment is bound.

Uniqueness constraints

The following parameter combinations specify a uniqueness constraint:

Unique constraint: Security_classification

Each instance of the entity (Security_classification) within the data set shall be uniquely identified by a combination of the following parameters on this template (assigning_security_classification) namely: security_class_name, security_ecl_id.
The instance is referenced by the following template parameter: security_classification.

Unique constraint: Security_classification_assignment

Each instance of the entity (Security_classification_assignment) within the data set shall be uniquely identified by a combination of the following parameters on this template (assigning_security_classification) namely: items, security_class_name, security_ecl_id.
The instance is referenced by the following template parameter: security_assignment.

Instantiation path

The instantiation path shown below specifies the entities that are to be instantiated by the template.

A description of templates and the syntax for the instantiation path is provided in the Reading Capability Templates help section.

-- Instantiate a Security_classification
Security_classification

-- Mark the Security_classification entity as
-- referable when this template is used by binding it to the reference
-- parameter id_assgn
%^security_classification = Security_classification%
Security_classification.classification_level = '/IGNORE'
Security_classification.description = '/IGNORE'

-- provide the security classification by classifying the Identification_assignment
/assigning_reference_data(
    items=^security_classification,
    class_name=@security_class_name,
    ecl_id=@security_ecl_id)/

-- Instantiate a Security_classification_assignment
Security_classification_assignment

-- Mark the Security_classification_assignment entity as
-- referable when this template is used by binding it to the reference
-- parameter id_assgn
%^security_classification_assignment = Security_classification_assignment%
Security_classification_assignment.classification -> ^security_classification
Security_classification_assignment.items -> @items

The following entities are instantiated with attributes as specified:

Entity in path	Value	Inherited from
Security_classification.classification_level	'/IGNORE'	—
Security_classification.description	'/IGNORE'	—

Instance diagrams

The instance diagram in Figure 3 shows an example of the EXPRESS entities and templates that are instantiated by the template:

/assigning_security_classification(items='#1', class_name='Secret', ecl_id='urn:plcs:rdl:sample')/

(an illustration of the consolidated assigning_security_classification template is shown in Figure 4 below.)

Figure 3 — Entities instantiated by assigning_security_classification template

The instance diagram in Figure 4 shows the graphic symbol for the template that is to be used in other instance diagrams. The example template is:

/assigning_security_classification(items='#1', class_name='Secret', ecl_id='urn:plcs:rdl:sample')/

Figure 4 — Instantiation of assigning_security_classification template

Characterizations

The following section details how the assigning_security_classification template can be optionally characterized by assigning other constructs to it. These are characterizations commonly applied to the template. The ISO 10303-239 EXPRESS model may enable other assignments to the entities instantiated by the template.

The EXPRESS-G diagram in Figure 5 shows the possible characterizations of the template "assigning_security_classification".

Figure 5 — Characterizations for assigning_security_classification template

The following characterizations may apply:

Characterization Assigning time

NOTE this characterization is optional.

NOTE The assignment of dates and times is described in the capability C036: assigning_date_time.

Characterization Assigning person or organization responsible for the security classification

NOTE this characterization is optional.

The person or organization that assigned the Security_classification can be represented by using the template assigning_person_in_organization or assigning_organization.

The assignment of the person or organization (Organization_or_person_in_organization_assignment) is classified as: "Security classifier of" (urn:plcs:rdl:std:Security classifier of) to indicate that the person or organization was responsible for assigning the security classification.

Characterization Assigning dated effectivity to a security classification

NOTE this characterization is optional.

The security classification of an item may change over time. This is represented by associating a dated effectivity with the assignment of a security classification where the effectivity represents the period over which the classification was in force.

The dated effectivity is represented by using the template assigning_dated_effectivity to assign a start and end-bound date to an Security_classification_assignment.