6th European Conference - Academic Conferences
6th European Conference - Academic Conferences
6th European Conference - Academic Conferences
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Harm Schotanus et al.<br />
In the remainder of this paper we will often use the term information domain. This is defined as a<br />
collection of information under one responsibility (e.g. a nation, or organisation) that operates for a<br />
single purpose (e.g. a mission) and has a single security policy.<br />
2. Meta-information and labelling<br />
A new information management strategy could be based on mechanisms that make decisions based<br />
on meta-information instead of on the information itself. By adding relevant meta-information, the user<br />
can effectively control on what conditions information can be released.<br />
Meta-data or meta-information is information about information. For example, a military security<br />
marking (such as NATO SECRET) on the top and bottom of each page of a document is a form of<br />
meta-information because it conveys the classification of the document, in other words it is (security<br />
specific) meta-information about other information. To enable regulated sharing of information<br />
between different information domains or with partners in a coalition, meta-information can be used to<br />
describe certain properties of information objects. These properties can be used to enforce decisions<br />
in a release mechanism whether information should or should not be shared. The meta-information is<br />
often called a label, and the process of creating a label is called labelling. This reflects two important<br />
concepts:<br />
Sharing information between coalition partners presumes a way of deciding whether a specific<br />
information object may or may not be shared.<br />
For each information object a set of properties can be determined that can form a basis decision<br />
process for sharing information.<br />
The crucial concept in our labelling approach is that we separate the logic to enforce decisions from<br />
the intelligence to determine the properties of the information. This means we can reduce the<br />
complexity of the decision making process.<br />
2.1 Examples of meta-information<br />
The use of properties of the information in addition to the original information, creates new<br />
possibilities. If information objects such as files carry meta-information, for example the type-of-file<br />
(presentation, document or image), file extension (ppt, doc, pdf, jpg), author, security marking, timeof-creation,<br />
then these meta-information properties can be used for making decisions in several<br />
scenarios [see Figure 1].<br />
Figure 1: Examples of information with their meta-information<br />
Because our aim is to both facilitate regulated sharing mechanisms and to present the power and<br />
flexibility of meta-information, we categorised these new possibilities in two categories: use cases<br />
within a single information domain and use cases in federated information domains.<br />
Many software applications already store meta-information within information objects. Image files for<br />
example carry resolution information while photos carry the camera manufacturer and model that was<br />
used to take the photo. One problem with proprietary file formats and closed-source applications (e.g.<br />
Microsoft Word) is that the meta-information cannot be easily accessed outside the native software<br />
application because the file is a black box. A second problem is that each file format will have its own<br />
approach to storing meta-information. That implies that a labelling solution has to be adjusted for<br />
every format. A solution for this problem is an application-independent approach where information is<br />
stored in a separate object. Storing meta-information separately from information objects in a<br />
standardised format also improves the flexibility to work with meta-information without having to<br />
depend on the knowledge of the file format or implementation in software.<br />
In certain use-case scenarios where third parties need to process another one’s meta-data, a<br />
standardized specification for conveying the meta-data is needed. NATO has proposed a standard<br />
based on XML labelling (Eggen 2010)(Oudkerk 2010). On september 1 st 2009 POWDER (Protocol for<br />
Web Description Resources) became a W3C recommendation (POWDER 2009). The POWDER suite<br />
229