[Zope3-dev] Security Target cleanup

[Christian Theune]

Hi (Jim, Steve),

i'm currently continuing to review the Security Target document we worked on 
and stumbled about some inconsistency about roles.

IMHO we agreed to not do Roles at all in the certified version, to stay with a 
simpler and cleaner security model.

Now there is the section:

<snip>
FMT_SMR.1 Security roles
~~~~~~~~~~~~~~~~~~~~~~~~

FMT_SMR.1.1
    The TSF shall maintain *[

    authorized administrator
       Users who can perform system-wide security functions. These are
       people who have the zope.ManageSecurity permission.       

    Grantor 
       Users who have the ability to grant or deny permissions to
       users for objects.  These are users who have any of the grant
       meta-permissions.

    users authorized to modify their own authentication data
       The role name says it all.

    ]*.

FMT_SMR.1.2
    The TSF shall be able to associate *[principals]* with roles.
</snip>

I think about dropping this section as it states the opposite of "having no 
roles".

Comments?


-- 
Christian Theune - gocept gmbh & co. kg
phone +4934963099112 - fax +4934963099118
ct at gocept.com