![[Public Interpretations Database]](http://www.niap-ccevs.org/assets/images/precedent-db.jpg){kind=small}
PD-0042: Can User Identity Be Listed As An Attribute for FIA_ATD.1?
This decision represents a long-term technical decision based on an OD, and may not be the same as the final results of the source OD. With respect to published criteria documentation and scheme documents, it provides suggested guidance on evaluation direction, but is not authoritative. Authoritative decisions are provided through the published criteria documents and published scheme and international interpretations thereof. With respect to published PPs, PDs are authoritative corrections to the PP, based on input from the PP author (if available), that are in force until the publication of the next revision of that PP.
| Effective Date: | 2002-06-11 |
| Last Modified | 2006-08-02 |
Issue
Can components such as user identifier be listed for FIA_ATD.1? The CC states that FIA_ATD.1 is used to identify attributes *other* than user identity. A profile under evaluation lists user identity as an attribute.
Resolution
Inclusion of both a user identifier and other attributes of a user identity is appropriate.
Support
There is a distinction between a user "identity" and a user "identifier". A user identity is a concept, while a user identifier is an implementation construct (usually in the form of an alphanumeric string or numeric value) referring to the user identity. In addition, there need not be a strong association between one user identity and one user identifier. Consider the following cases:
-
A user has multiple user identifiers, perhaps to implement multiple roles. In this case, FIA_ATD.1 associates a given user identifier with its appropriate security attributes.
-
A TOE does not implement user identifiers based on real user identities, for example, for anonymity requirements. There are still individual users, and so FIA.ATD.1 still applies, but the concept of user "identity" may not be relevant.
-
A TOE does not implement user identifiers at all, as for single-user systems. FIA_ATD.1 is relevant because of the single-user constraint.
Modification History:
- 2004-08-12
- Updated effective date to reflect the date the PD was issued. (August 2004 NIB 6.c.xiv)
References:
- ALFWPPv1.c
Related NIs:
- I-0376: Dependencies Between FIA_UID And FIA_ATD
Related CCIMB-INTERPs:
- None
Source OD: 0114