SIGIL – Classification Metadata for .NET

Overview

Project SIGIL delivers a developer-friendly .NET library for programmatically applying, validating, and enforcing UK Government classification metadata within datasets, documents, and communications.

Available as the AIC.Classifier NuGet package, SIGIL enables applications to append, verify, and act on OFFICIAL, SECRET, and TOP SECRET labels, including caveats and handling instructions, ensuring that information flows remain compliant with UK Government Security Classifications (GSC) and MOD JSP 440/604 standards.

The package provides both runtime enforcement and metadata binding, allowing developers to implement classification-aware workflows, access controls, and audit mechanisms directly inside their systems — from document pipelines to email gateways and data repositories.

Core Capabilities

• Metadata Annotation API – Append classification levels and caveats (UK.OFFICIAL, UK.SECRET, UK.TOP_SECRET, etc.) to structured or unstructured data.

• Automatic Enforcement Hooks – Integrate with file I/O, email services, and APIs to prevent data mishandling or unauthorised transmission.

• Serialization Support – Embed classification metadata in JSON, XML, and document properties (e.g. DOCX, MSG, PDF).

• Validation & Compliance Layer – Verify markings, inheritance rules, and caveat validity at runtime.

• Attribute Model for .NET – Apply [Classification("OFFICIAL")] attributes at class, property, or assembly level.

• Audit & Policy Triggers – Generate structured logs and enforce escalation paths for over- or under-classified data.

• Plug-in Enforcement Engine – Extend classification rules via custom policy adapters (e.g. MOD, Home Office, Police).

• Integration with AEGIS-ID – Link identity context and clearance level to classification handling logic.

Technical Architecture

Example Usage

[Classification("UK.OFFICIAL", Caveats = "SENSITIVE")]
public class CaseFile
{
    public string Title { get; set; }
    public string Content { get; set; }
}

var classifier = new ClassificationService();
classifier.Enforce(filePath, ClassificationLevel.Secret);

Key Advantages

• Compliance-by-Design: Native enforcement of UK GSC policy within .NET systems.

• Developer Simplicity: Intuitive APIs and attributes for quick adoption.

• Interoperability: Compatible with email, SharePoint, Teams, and data stores.

• Automation-Ready: Easily extended into Azure Functions or pipelines for bulk enforcement.

• Defence-Grade Integrity: Built with zero-trust validation and full auditability.

Use Cases

• Government & Defence Systems: Automate classification labelling and access control.

• Enterprise Document Management: Ensure regulated handling of sensitive corporate data.

• Legal & Investigative Services: Embed confidentiality levels directly into records and evidence.

• Email Gateways & Messaging: Enforce outbound classification checks.

• Data Pipelines: Guarantee correct metadata tagging through every stage of processing.

Strategic Value

Project SIGIL closes the gap between security policy and application logic, bringing information assurance principles directly into the software layer.
By enforcing classification integrity at the point of data creation, SIGIL prevents inadvertent leaks, supports accreditation, and ensures that all information is handled according to its authorised level.

It is the trusted mark of compliance — a digital seal ensuring that every byte of data carries its rightful protection.