adobe
Data classification annotations in XDM
What are the schemas that are affected by the issue
A standalone schema descriptor to add data classification annotations. This descriptor can be applied to all XDM schemas to indicate data classification levels:
- restricted
- confidential
- internal
- public
The classification levels can be applied to properties in a XDM schema definition, for example:
"xdm:confidential": [
"repo:name",
"repo:path"
]
In addition to xdm:confidential, xdm:restricted and xdm:internal are possible.
This is a full example of the Asset schema:
{
"meta:license": [
"Copyright 2018 Adobe Systems Incorporated. All rights reserved.",
"This work is licensed under a Creative Commons Attribution 4.0 International (CC BY 4.0) license",
"you may not use this file except in compliance with the License. You may obtain a copy",
"of the License at https://creativecommons.org/licenses/by/4.0/"
],
"$schema": "http://json-schema.org/draft-06/schema#",
"$id": "http://ns.adobe.com/adobecloud/core/1.0/asset",
"type": "object",
"title": "Asset",
"meta:extends": [
"http://ns.adobe.com/adobecloud/core/1.0#/definitions/common-properties",
"http://ns.adobe.com/adobecloud/core/1.0#/definitions/date-properties",
"https://ns.adobe.com/xdm/external/hal/resource#/definitions/hal"
],
"meta:extensible": true,
"description":
"An asset in Adobe Cloud Platform. It is not neccessarily a Digital Asset in the sense of Digital Asset Management, but a piece of content or data that can be represented in the form of a file.",
"definitions": {
"asset": {
"properties": {
"repo:id": {
"type": "string",
"meta:immutable": true,
"meta:usereditable": false,
"description":
"A unique identifier given to every addressable asset in a given repository.",
"examples": ["urn:aaid:sc:US:6dc33479-13ca-4b19-b25d-c805eff8a69e"]
},
"repo:etag": {
"meta:usereditable": false,
"type": "string",
"title": "ETag",
"description":
"An ETag is an HTTP response header returned by an HTTP/1.1 compliant web server used to determine change in content of a resource at a given URL. "
},
"repo:version": {
"type": "string",
"meta:immutable": true,
"meta:usereditable": false,
"description":
"The version ID of the piece of content. It will be generated both on explicit and implicit save or upload."
},
"tiff:imageWidth": {
"title": "Width",
"description": "Width in pixels",
"type": "integer",
"meta:usereditable": false,
"minimum": 0,
"example": 768
},
"tiff:imageLength": {
"title": "Length",
"description":
"Height in pixels. To maintain continuity with the XMP and TIFF standards, the height of an image or video is specified in the property `imageLength`. The duration of the video (also commonly called length) is specified in the property `extent`",
"type": "integer",
"meta:usereditable": false,
"minimum": 0,
"example": 1024
},
"repo:size": {
"meta:usereditable": false,
"type": "integer",
"title": "Size",
"description": "Size of the asset in bytes."
}
}
}
},
"allOf": [
{
"$ref": "#/definitions/asset"
},
{
"$ref":
"http://ns.adobe.com/adobecloud/core/1.0#/definitions/common-properties"
},
{
"$ref":
"http://ns.adobe.com/adobecloud/core/1.0#/definitions/date-properties"
},
{
"$ref": "https://ns.adobe.com/xdm/external/hal/resource#/definitions/hal"
}
],
"required": [
"repo:name",
"repo:path",
"dc:format",
"repo:createdDate",
"repo:lastModifiedDate",
"repo:id",
"repo:etag",
"repo:version",
"repo:size"
],
"meta:status": "experimental",
"xdm:confidential": [
"repo:name",
"repo:path"
]
}
The example above marks the fields repo:name and repo:path as confidential.
What are examples of products that are impacted by the issue
ACP
There is a use-case where there are fields that need to remain private to the "repo", For example billing information. We may want to set the internal to setting to be Adobe only. Do you think this would work for that?
Sounds similar. The idea is to annotate fields in XDM schemas. These schemas are used as payload in events. Consumers of these events should be able to automatically identify properties, that are classified as restricted or confidential etc.
Also similar seems to be the request from the Search team: #489