search

commoncriteria / authserver

Authentication Server
The Unlicense
0 stars 0 forks source link

authentication failure handling #1

Closed jfisherbah closed 2 years ago

jfisherbah commented 3 years ago

The current Auth Server Module draft lists FIA_AFL.1 as a Modified SFR from the NDcPP but does not make any refinements or other modifications to it. This SFR applies to authentication failure handling for administrators (i.e. individuals who would authenticate to the TOE to manage it). We currently do not have an SFR to capture authentication failure handling for users (i.e. individuals who are trying to access some other enterprise resources where the TOE is responsible for authenticating them as part of determining whether the access should be authorized).

The following is proposed:

  1. Remove FIA_AFL.1 from the NDcPP modified SFRs section because the Module does not change what the NDcPP requires for that SFR.
  2. Add an iteration of FIA_AFL.1 (e.g. FIA_AFL.1/AuthSvr) to section 5.3 specifically for the case of user authentication failures
ajlaing commented 3 years ago

Agree that the current refinement does not change the base SFR, and that an iteration for user authentication failures is good. Will bring up at TC.

jfisherbah commented 2 years ago

Iteration FIA_AFL.1/AuthSvr was added, assume this is now resolved.