Information labels have the ability to ``float'', which is the feature that separates this mechanism from the MAC mechanism. In general terms, an information label is moved ``up'' or ``down'' (according to an implementation defined hierarchy) as information is introduced or deleted from the given object. Technically a new label is created for the object that is the combination of the labels of the two parties (subject and object, object to object, or object to subject). The calculation of the new information label is implementation defined. Information labels only apply to the data portion of the file, and not the control portion. Hence, floating occurs only when the data portion of the file is effected.
Information labels used in conjunction with MAC labels can provide useful information that MAC labels alone cannot provide. The two types of labels can use the same label levels. For example, the general MAC restriction of labeling a new object with the same label as the subject (MacLabelA), gives the new object a label of MacLabelA (regardless of whether the information content is actually MacLabelA sensitive). However the object's information content might actually be much lower that of MacLabelA. Using information labels in this scenario would provide the user with additional guidance about the sensitivity of informational content of the file. The information label of the newly created file would represent that the information is at a label ``below'' MacLabelA, since it does not actually contain information at the sensitivity level of MacLabelA. The information label in this example only provides additional information about the file. It is still the MAC label that is used in access control decisions.
Similar to the MAC labeling scheme, the information label schemes defines both subjects and objects. An information label subject is the same as a MAC label subject, that is, a process is a subject. Information label objects are defined by POSIX.6 as passive entities that contain or receive data. (Unlike the MAC mechanism definitions, the information labeling mechanisms do not consider processes (that are receiving data) and directories to be objects, and thus are not subject to having an information label associated with them.) The POSIX.6 standards considers regular files, FIFO-special files, (unnamed) pipes, and audit trails to be information label objects. POSIX.6 further specifies that each object that contains data must have associated with it an information label at all times. The POSIX.6 standard places restrictions on the use of the mechanism that are similar to the MAC restrictions. The general restriction is that when unprivileged subjects cause data to flow from a source with information label (Label1) to a destination with information label (Label2), the destination's information label shall be automatically set to the value returned by the ``float'' function that is specified (i.e., float(Label1, Label2)). This means that when information is moved from one file to another, the resulting information label of the receiving file is a combination of the two files. The ``combination'' of two labels is not specified by the POSIX.6 standard, but is determined by the implementation. Further restrictions that are specified by POSIX.6 for information labels (that also somewhat mirror the MAC restrictions) include: when an unprivileged process with an information label (ILabel1) writes data to a file with an information label (ILabel2), the information label of the file shall automatically be set to the value returned by the ``float'' function; when a newly created file is assigned an information label, the information label shall be equivalent to the value returned by the ``initial information label'' label interface. This value is implementation- defined; however, the label must be valid and it must be consistent with the information label policy of the system.
The restrictions placed on processes (subjects) state that when a process with an information label (ILabel1) reads data from a file, or executes a file with information label (ILabel2), the information label of the process shall automatically be set to the value returned by float(ILabel1, ILabel2). Further, a newly created process shall be assigned the information label of the creating subject (process).