I’m trying to build a marketplace product that allows dynamic declassifying of data (via stop_propagating() and stop_requiring() of markings)
I know that Markings can be taken in as input to a Marketplace product, but is it possible to map that marking down to the code-repository so it can be fed into the “stop_propagating()” method calls for a given input.
Hi!
Yes, it’s possible!
If your transform sets stop_propagating or stop_requiring for certain datasets and you package this transform with Marketplace, your product will end up with those markings as inputs. When installing the product you may or may not specify a set of Markings for each original Marking set.
So markings aren’t mapped to markings but instead sets of markings are mapped to other sets.
Please note that even though your transform will unmark as expected after installation, your repo’s source code will not reflect the newly set unmarkings. Instead, it will only show “<redacted>” in place of each original marking’s ID. We did this to avoid more complex AST manipulation for the source code replacement feature. However, if you have a compelling reason, we could put up an FR to support source code replacement for Markings.
Hey @andras, thank you!
Just so I understand, if I’ve got Marking “MarkingA” being stop_propagating() in my transform with rid “abcdef” - stop_propagating(Marking(“abcdef”))
And I publish a marketplace product, the installer can select “MarkingB” (with rid “ijkl”) as input and while the code still says stop_propagating(Marking(“abdef”)) the actual declassify will be for “ijkl”?
What happens if the dataset has both MarkingA and MarkingB, how will I be able to identify what’s being declassifed?
Thank you!
And I publish a marketplace product, the installer can select “MarkingB” (with rid “ijkl”) as input and while the code still says stop_propagating(Marking(“abdef”)) the actual declassify will be for “ijkl”?
The actual declassify will be for “ijkl”. And the code will say Marking("<redacted>") instead of the original MarkingId in order to stop any confusion.
In fact, at installation-time, users can select multiple markings even if the original transform only used one. It will still work as expected. That’s the main reason why we don’t attempt to replace the identifiers in your source code, because it may not be a 1-to-1 mapping.
Hey Andras,
This is really helpful information,
Thank you!