2.6.3 LabelInfo versus Custom Document Properties

When reading sensitivity label metadata from a persisted document, it shall exist in custom document properties ([MS-OI29500] section 2.1.31) or a LabelInfo stream (2) location specified in section 2.6.2. Implementations shall use both sensitivity label policy and actual location of the sensitivity label metadata to determine where to read and write sensitivity label metadata as follows.

When reading sensitivity label metadata, for each sensitivity label implementations have these cases to consider:

1. If the sensitivity label policy opts in to the LabelInfo stream (2) then all applicable sensitivity label metadata shall be first read from the LabelInfo location (section 2.6.2), and subsequently metadata shall only be read for custom document properties where there is no label element (section 2.6.4.4). This preserves the sensitivity label metadata so the sensitivity label policy can change from opted out to opted in without losing applicable sensitivity label metadata for content created and persisted prior to the policy change.

2. If the sensitivity label policy is known and does not opt in to the LabelInfo stream (2) then all applicable sensitivity label metadata shall only be read from custom document properties.

3. If the sensitivity label policy is not known, then it shall be inferred to be opted in to the LabelInfo stream (2) or not by the presence or absence of sensitivity label metadata in the LabelInfo stream (2) per Azure AD tenant as given by the siteId attribute value of the corresponding label element (section 2.6.4.4).

When writing, for each sensitivity label implementations have these cases to consider:

1. If the sensitivity label policy opts in to the LabelInfo stream (2) OR is unknown but the sensitivity label metadata originally was present in the LabelInfo stream (2) then the sensitivity label metadata shall be written to the LabelInfo stream (2) and any sensitivity label metadata associated with the same Azure AD tenant that was present in custom document properties shall be preserved as-is in the custom document properties even if the sensitivity label was removed or changed.

2. If the sensitivity label policy is known and does not opt in to the LabelInfo stream (2) OR is unknown and the sensitivity label metadata originally was not present in the LabelInfo stream (2) then the sensitivity label metadata shall be written to the custom document properties.

Note that for the case where sensitivity label policy opts in to the LabelInfo stream (2) but there is sensitivity label metadata present only in custom document properties, on read this custom document property sensitivity label metadata shall be read and on write it shall be written as-is to the custom document property stream (2) AND it shall be written to the LabelInfo stream (2). Any metadata that existed in custom document properties and for which there is no LabelInfo stream (2) schema (section 2.6.4.4) for (such as parent labels, Application, Owner, Name, SetDate, and others) shall not be written to the LabelInfo stream (2) and any sensitivity label metadata formats shall be converted to be compatible. For example, Enabled value in custom document properties being True shall be written as enabled="1" or Method of Auto shall be written as method="Standard" to conform to the LabelInfo schema detailed in section 2.6.4, especially section 2.6.4.4. The same conversion shall be done regardless of the source of the sensitivity label metadata when writing to the LabelInfo stream (2).

Implementations shall not read the sensitivity label metadata from the LabelInfo stream (2) if policy is known for the sensitivity labels from that Azure AD tenant to not opt in to the LabelInfo stream (2). The presence of a label element in the LabelInfo stream (2) and absence of corresponding sensitivity label metadata for the same Azure AD tenant in the custom document properties shall not result in the transfer of sensitivity label metadata from the LabelInfo stream (2) to the custom document properties for any cases, since it would render older or unaware implementations or implementations which chose to ignore the policy unable to remove sensitivity label metadata.

All implementations which read sensitivity label metadata from the LabelInfo stream (2) and subsequently remove the sensitivity label and corresponding sensitivity label metadata shall write a label element (section 2.6.4.4) with removed="1" on write. The presence of the label element (section 2.6.4.4) with removed="1" shall indicate on subsequent read that corresponding sensitivity label metadata shall not be read from custom document properties for that Azure AD tenant given by the siteId attribute (section 2.6.4.4). In the absence of label policy the SiteId sensitivity label metadata value included in custom document property ([MS-OI29500] section 2.1.31) might be used, if present.