Abstract
Cross Domain Controlled Interface and Labeling (CDCIL) is intended to provide a capability that will allow web services in separate security policy domains to exchange eXtended Markup Language (XML) objects (messages, documents, web-based content) securely across domain boundaries, while preventing the flow of content not authorized to cross those boundaries. In this way, CDCIL will provide a framework for enabling the creation of a single service oriented architecture (SOA) composed of multiple security policy domains, each with its own security requirements and attributes.
The CDCIL services have been conceived as standards based web services that will provide mechanisms to (1) persistently bind a label (metadata header) containing flexibly-derived set of security attributes to XML objects exchanged by web services in different domains, and (2) enforce security policies that govern those exchanges. The CDCIL services go beyond other cross domain solutions being used to control XML exchanges in their ability to (1) accommodate a broader definition of