This component specifies requirements on the revocation of rights. It requires the specification of the revocation rules. Examples are:
a) Revocation will take place on the next login of the user;
b) Revocation will take place on the next attempt to open the file;
c) Revocation will take place within a fixed time. This might mean that all open connections are re-evaluated every x minutes.
Operations
Selection:
In FMT_REV.1.1, the PP/ST author should specify whether the ability to revoke security attributes from users, subjects, objects, or any other resources shall be provided by the TSF. If the last option is chosen, then the PP/ST author should use the refinement operation to define the resources.
Assignment:
In FMT_REV.1.1 the PP/ST author should specify the roles that are allowed to modify the functions in the TSF. The possible roles are specified in FMT_SMR.1.
In FMT_REV.1.2, the PP/ST author should specify the revocation rules. Examples of these rules could include: "prior to the next operation on the associated resource", or "for all new subject creations".