Summary
One classification taxonomy for the whole platform: Restricted,
Internal, Public. Three tiers, one masking policy per tier, enforced
at the contract boundary. This RFD fixes the decision.
What we're refusing
A taxonomy of fifty. We have been here before; every time the platform
has more than a handful of tiers, stewards pick the wrong one half the
time and enforcement rots inside a quarter.
The three tiers
- Restricted: PII or confidential. Masked on read for all but
privileged roles. No export to external LLMs.
- Internal: company-private. No export to external LLMs. No
masking.
- Public: shareable under existing company disclosure policy.
No masking, export permitted with consent flag on the contract.
Enforcement
- The catalog shows the tier as a chip on every dataset.
- The policy engine refuses a Gold promotion whose masking policy
does not match its tier.
- The export-rights gate on the contract supersedes the tier on any
per-right export decision, but never downgrades masking.