Users are each assigned a set of attributes, defined through an external source. This denotes their clearance level, which defines the attributes they can use and what level of clearance they can view messages up to.
After authentication, users may exchange messages with each other but must assign classification attribute(s) to the message first. The attributes are built through the classification picker UI and determine the clearance level required to view the messages.
Highest common attributes
In order for a user to send a message, they must mark it with a classification clearance that their account is provisioned with. Users cannot send messages above their clearance. To receive a message a user must have the same or higher clearance than the level the message is marked with.
This two-way rule behaves differently depending on the type of conversation (IM or Multiparty).
IM : In a 1-2-1 conversation the highest common attributes are used to determine what markings can be set. The classification picker will only include the shared attributes of both users.
Multiparty : Multiparty conversations consist of multiple participants by nature. Instead of determining the picker contents from the highest common attributes of every single user, and adjusting it as people join/leave, users are instead restricted by one set classification upon multiparty creation. After setting the classification attributes in the multiparty creation window, the list of available users to invite will dynamically adjust to only provide valid users.
the classification picker will build attributes into a classification string that will then be assigned to the sent message(s). The attributes shown in the picker will be derived from the Highest common attributes (see above) of the conversation participants.
There are several banners that the user will see. They show several attribute sets :
a) User's maximum clearance: Shown at the top and bottom of the web client. The string is comprised of the user's maximum clearance attributes.
A configuration option in the management tool allows this banner to be enabled/disabled globally.
b) Picker banner: While building a classification, using the picker, the current attributes are shown as a string within the picker.
After clicking save in the picker, the banner can also be seen next to the 'Type message...' input.
c) Conversation Header: The messages sent into the conversation will be marked with classifications. The conversation banner will show an attribute string comprised of the maximum classification level of all loaded messages.
Loaded history, loading more history, and sending new messages all dynamically update this banner.
These banners help visually identify the classification levels utilised throughout the client.