Re: Browser in the TOE for web-based administration?
On Wednesday 12 July 2006 11:58, Richie wrote:
> As already stated, the scope of the TOE is up to the developer to
> decide. I'd suggest placing the browser in the operational environment
> and using FCO and FIA functional requirements to mediate the
> communications between this client and your TOE system. If these are
> specified sensibly, and in response to threats that a web client
> presents, then you should be able to avoid having to place crippling
> assumptions on the browser and the platform it runs on.
> Check out the Functional Paradigm in CC v.3.0 part 1 for suggestions
> on how to model the TOE, its components and its environment.
First a nitpick: The functional paradigm in CCv3.0 is in Part 2.
And CCv3.1 (to be issued real soon now) has reverted back to the CCv2.3 Part 2
functional paradigm, thereby superseding the CCv3.0 functional paradigm.
Date Index |
Thread Index |
Problems or questions? Contact firstname.lastname@example.org