Skip to main content

Identity Label Parser

A simple guide to the KDP4 Identity Label Parser

The Identity Parser is a more powerful security label parser than the simple variant. The Identity Parser will allow you to incorporate your own logic into the parser including compound labels and even expressions using logical operators.

At this time, the following logical operators are supported:

  • AND: &
  • OR: |
  • GROUPING: ( )

For example, if you wanted to apply a label that would allow access if label “A” or grouped labels “C” and “X” simultaneously, or “F” in addition to ungrouped label “D” the expression would look like:

D&(A|F|(C&X))

Something more relatable may be a classification label and the related programs. If you wanted to ensure data that was classified “Secret” under the program “Achilles” with a “C” or “J” identifier was only accessible to those possessing the requisite labels matching the below syntax:

Secret&Achilles&(C|J)

If any of the requisite ABAC attributes were missing, such as “Secret”, “Achilles”, or one of either “C” or “J” the data would not be visible, nor would its existence be able to be verified, ensuring extreme security. Several more examples can be found below:

  • A - to view a user must have access to A
  • A|B - to view a user must have access to A or B
  • A&B - to view a user must have access to both A and B
  • (A|B|C)&Z - to view a user must have access to A or B or C and always Z