Thread Links			Date Links
Thread Prev	Thread Next	Thread Index	Date Prev	Date Next	Date Index

[2600] proposed new text for PP guide discussion of FMT_MSA.3

To: STDS-2600@xxxxxxxxxxxxxxxxx
Subject: [2600] proposed new text for PP guide discussion of FMT_MSA.3
From: Brian Smithson <brian.smithson@xxxxxxxxxxxxx>
Date: Thu, 6 Aug 2009 15:53:07 -0700
Delivered-to: mhonarc@xxxxxxxxxxxxxxxx
List-help: <http://listserv.ieee.org/cgi-bin/wa?LIST=STDS-2600>, <mailto:LISTSERV@LISTSERV.IEEE.ORG?body=INFO%20STDS-2600>
List-owner: <mailto:STDS-2600-request@LISTSERV.IEEE.ORG>
List-subscribe: <mailto:STDS-2600-subscribe-request@LISTSERV.IEEE.ORG>
List-unsubscribe: <mailto:STDS-2600-unsubscribe-request@LISTSERV.IEEE.ORG>
Openpgp: id=073BBD1C
Organization: Ricoh Americas Corporation
Reply-to: Brian Smithson <brian.smithson@xxxxxxxxxxxxx>
User-agent: Thunderbird 2.0.0.22 (Windows/20090605)

During the most recent P2600 meeting, we left an action item open to
gather more input from Canon and consider other changes to clause 6.6,
page 54, lines 33-44. Canon has supplied more information. I propose
that we replace lines 33-44 with the following text:

    "FMT_MSA.3.2(a) allows an authorized role to alter the default
    attribute values when an object or information is created.
    Typically, either U.ADMINISTRATOR or Nobody will be allowed to alter
    default attribute values. It is possible in some implementations
    that a U.NORMAL will be allowed to alter default attribute values
    associated with some of their own data, and such allowance should be
    specified carefully so that access control is not compromised."

Keeping in mind that FMT_MSA.3.2 deals with permission to alter the
/default/ attribute values, I think that the most typical cases will be
that either U.ADMINISTRATOR is allowed or Nobody is allowed. Therefore,
I don't think we should spend much time on an unusual case in which a
normal user is allowed to change defaults on some attributes.

-- 
Regards,
Brian Smithson
PM, Security Research
PMP, CSM, CISSP, CISA, ISO 27000 PA
Advanced Imaging and Network Technologies
Ricoh Americas Corporation
(408)346-4435

Follow-Ups:
- Re: [2600] proposed new text for PP guide discussion of FMT_MSA.3
  - From: Don Wright

Prev by Date: Re: [2600] proposed new text for PP guide discussion of FMT_MSA.3
Next by Date: [2600] minutes and action items posted from July 31 teleconference
Previous by thread: [2600] minutes and action items posted from July 31 teleconference
Next by thread: Re: [2600] proposed new text for PP guide discussion of FMT_MSA.3
Index(es):
- Date
- Thread