FIA_UAU.1 Timing of authentication
User application notes
This component requires that the PP/ST author define the TSF-mediated actions that can be performed by the TSF on behalf of the user before the claimed identity of the user is authenticated. The TSF-mediated actions should have no security concerns with users incorrectly identifying themselves prior to being authenticated. For all other TSF-mediated actions not in the list, the user must be authenticated before the action can be performed by the TSF on behalf of the user.
This component cannot control whether the actions can also be performed before the identification took place. This requires the use of either FIA_UID.1 and FIA_UID.2 with the appropriate assignments.
Operations
Assignment:
In FIA_UAU.1.1, the PP/ST author should specify a list of TSF-mediated actions that can be performed by the TSF on behalf of a user before the claimed identity of the user is authenticated. This list cannot be empty. If no actions are appropriate, component FIA_UAU.2 should be used instead. An example of such an action might include the request for help on the login procedure.