[Zope3-checkins] SVN: Zope3/trunk/doc/security/SecurityTarget.txt
added some security objectiv rationales
Christian Zagrodnick
cz at gocept.com
Mon Apr 18 09:47:51 EDT 2005
Log message for revision 30023:
added some security objectiv rationales
I'm not quite sure about them though.. we'll discuss that.
Changed:
U Zope3/trunk/doc/security/SecurityTarget.txt
-=-
Modified: Zope3/trunk/doc/security/SecurityTarget.txt
===================================================================
--- Zope3/trunk/doc/security/SecurityTarget.txt 2005-04-18 13:47:37 UTC (rev 30022)
+++ Zope3/trunk/doc/security/SecurityTarget.txt 2005-04-18 13:47:51 UTC (rev 30023)
@@ -1259,26 +1259,41 @@
O.IA
This security objective is necessary to counter the threat T.IA
- because it requires that users must be accuratly identified and
+ because it requires that users must be accurately identified and
authenticated or incorporate the anonymous principal.
O.Delegation
+ This security objective is necessary to counter the threat T.Perm
+ because a user must only be able to delegate the permissions he
+ is allowed to delegate. It must not be possible for him to gain
+ any extra permissions.
+
O.Audit
+ This security objective is necessary to counter the threat T.AuditFake
+ because it loggs security relevant events and thus supports an
+ administrator in finding those events.
O.Protect
+ XXX
+O.Access
+ This security objective is necessary to counter the threat T.Operation
+ because it prevents performing operations on an object without haveing the
+ correct permission.
+
+
Table: Mapping of Threats to Security Objectives
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
T.IA T.Perm T.Operation T.AuditFake T.Import T.RIP T.Transaction T.Undo T.USB T.Timestamps T.Trustedpath T.Host
O.IA X
- O.Delegation
- O.Audit
+ O.Delegation X
+ O.Audit X
O.Protect
- O.Access
+ O.Access X
O.Integrity
O.Attributes
O.ManageRisk
More information about the Zope3-Checkins
mailing list