[Zope3-checkins] SVN: Zope3/trunk/doc/security/SecurityTarget.tex - Updated the overview to explain the derivative version for CC conformance.

Christian Theune ct at gocept.com
Wed Nov 7 04:57:24 EST 2007 

Log message for revision 81582:
  - Updated the overview to explain the derivative version for CC conformance.
  - Fixed observation 2.3: removed the augmentation of ADV_SPM.1 as we're not
    gonna use it.
  

Changed:
  U   Zope3/trunk/doc/security/SecurityTarget.tex

-=-
Modified: Zope3/trunk/doc/security/SecurityTarget.tex
===================================================================
--- Zope3/trunk/doc/security/SecurityTarget.tex	2007-11-07 09:51:24 UTC (rev 81581)
+++ Zope3/trunk/doc/security/SecurityTarget.tex	2007-11-07 09:57:24 UTC (rev 81582)
@@ -113,7 +113,7 @@
   Evalation, Version 2.3, 2005 (also known as IEC/ISO 15408:2005) and all
   corresponding final interpretations.
 
-  \item[Evaluation Assurance Level:] EAL 1 augmented with ADV\_SPM.1
+  \item[Evaluation Assurance Level:] EAL 1
 
   \item[PP Conformance:] none
 
@@ -124,12 +124,16 @@
 
 \section{ST overview}
 
-The Target of Evaluation is Zope 3.3 in its non-default ``secure''
-configuration (hereinafter called Zope for simplicity), a general purpose, open
-source web application server and framework. It is used as a runtime
-environment for custom applications that are build using the Zope 3 API and
-component library.
+The Target of Evaluation is ``Zope 3 Common Criteria Edition'', a derivation
+of the Zope 3 application server from the 3.3 release series.
 
+The ``Common Criteria Edition'' provides additional functionality to the
+standard release to support functions as required in this security target.
+
+Zope is a general purpose, open source web application server and framework.
+It is used as a runtime environment for custom applications that are build
+using the Zope 3 API and component library.
+
 Zope clients are standards conformant web browsers using HTTP or other network
 client programs accessing the various network services provided by Zope. The
 secure configuration for this evaluation considers only the use of the HTTP
@@ -139,7 +143,7 @@
 Zope includes security functionality on three levels: 1. the definition of
 permissions and privileges by developers and administrators, 2. the definition
 of users and groups and granting privileges to them for various objects by
-administrators and 3. the enforcement of those permissions during the runtime 
+administrators and 3. the enforcement of those permissions during the runtime
 when an application is beeing used.
 
 A summary of the TOE security functions can be found in Chapter ``TOE

More information about the Zope3-Checkins mailing list