Sensitivity Taxonomy
Purpose
Sensitivity labels define who may access a knowledge artifact. They are immutable in design, business-agnostic, and universal across all organization types.
Sensitivity is one of the three independent control planes of UBKDS. It must never be conflated with classification (meaning) or lifecycle (change).
Canonical Rule
Sensitivity defines eligibility — not timing.
Sensitivity governs whether a person or group may access an artifact. It does not control when they may edit it — that is the role of the Lifecycle plane.
Implementation Principle
Sensitivity is implemented via groups by default. Individual-level access may be used when necessary or appropriate, but group-based access is the canonical posture.
Sensitivity intent is stable. Labels are not swapped constantly — they reflect the intended access posture of the artifact, not its current workflow state.
Canonical Sensitivity Labels (UBKDS v1.1)
There are six canonical sensitivity labels, organized into three tiers:
External
| Label | Description |
|---|---|
| External – General | Publicly accessible to any external audience without restriction. |
| External – Scoped | Accessible to specific external audiences defined by scope (e.g., registered partners, clients, approved vendors). |
Internal
| Label | Description |
|---|---|
| Internal – General | Accessible to all members of the organization by default. |
| Internal – Scoped | Accessible to specific internal audiences defined by scope (e.g., department, role, location, segment). |
Controlled
| Label | Description |
|---|---|
| Controlled – Restricted | Accessible only to explicitly designated individuals or groups. Requires deliberate access grant. |
| Controlled – Confidential | Highest access restriction. Accessible only to named stewards or designated principals. Not distributed by default. |
Scope Refinement
Scoped sensitivity labels (External – Scoped, Internal – Scoped) support fine-grained access control through scope dimensions.
- Scope dimensions
- Up to three scope dimensions may be applied per artifact.
- Multi-select
- Each scope dimension is multi-select — more than one value may apply.
- Logic
- OR logic applies within a scope dimension. AND logic applies across scope dimensions.
- Scope metadata
- Scopes map to organization metadata such as department, role, location, employment type, or audience segment.
Canonical Rules
- Sensitivity labels are immutable in structure — they may not be renamed or reordered
- Sensitivity is implemented via groups by default; individuals when necessary or appropriate
- Sensitivity defines eligibility, not timing
- Sensitivity must never control lifecycle or classification
- Scoped labels require at least one scope dimension to be meaningful
Cross-References
- The Standard — Three-Layer Model overview
- Canonical Domains
- Functional Subcodes
- Lifecycle Model
- RID Specification
- Canonical Registry