9.2 Pseudonymity (FPR_PSE)

Family behaviour

This family ensures that a user may use a resource or service without disclosing its user identity, but can still be accountable for that use.

Component levelling

FPR_PSE.1 Pseudonymity requires that a set of users and/or subjects are unable to determine the identity of a user bound to a subject or operation, but that this user is still accountable for its actions.

FPR_PSE.2 Reversible pseudonymity requires the TSF to provide a capability to determine the original user identity based on a provided alias.

FPR_PSE.3 Alias pseudonymity requires the TSF to follow certain construction rules for the alias to the user identity.

Management: FPR_PSE.1 Pseudonymity, FPR_PSE.2, FPR_PSE.3

There are no management activities foreseen for these components.

Audit: FPR_PSE.1, FPR_PSE.2, FPR_PSE.3

The following actions shall be auditable if FAU_GEN Security audit data generation is included in the PP / ST:

a)    Minimal: The subject/user that requested resolution of the user identity should be audited.