Classification other than U.S. Federal Government security classification

[JaapFrancke]

Organization: 2

Type:

Reference (Include section and paragraph number): 1.2 3.2.1.5

Comment (Include rationale for comment): The report states in sectiuon 1.2: "While the schema in this document is intended to demonstrate the value of attribute metadata in supporting U.S. Federal Government use cases, the ideal metadata schema could be used in both commercial and public sector implementations, thus serving as a foundation to enable greater federation across markets and sectors. " However the description/definition of classification-metadata is written to accomodate Federal Government use cases.

Suggested Change: Classification: "The regulatory classification level of the attribute." For example, in the European Union, different regulations will apply to personal data such as the GDPR. In the Attribute metadata "Allowed Values", it can be made specific which regulatory classifications are applicable.

Probably the Releasability can be gneralised as well.

Another consideration would be if the classification-metadata is really attribute VALUE metadata or attribute metadata (on schema level).

---

Organization: 1 = Federal, 2 = Industry, 3 = Other

[RGalluzzo]

We modified how we described these elements so as not to limit potential classifications from across public and private sector use cases. However, the recommended values are based on US federal government for the purposes of this document. Again, this is not intended to limit expanded value sets being used in different frameworks and scenarios in the future.