FPR_PSE.2 Reversible pseudonymity
User application notes
In this component, the TSF shall ensure that under specified conditions the user identity related to a provided reference can be determined.
In FPR_PSE.1 the TSF shall provide an alias instead of the user identity. When the specified conditions are satisfied, the user identity to which the alias belong can be determined. An example of such a condition in an electronic cash environment is: "The TSF shall provide the notary a capability to determine the user identity based on the provided alias only under the conditions that a check has been issued twice".
Operations
Assignment:
In FPR_PSE.2.1 the PP/ST author should specify the set of users and/or subjects against which the TSF must provide protection. For example, even if the PP/ST author specifies a single user or subject role, the TSF must not only provide protection against each individual user or subject, but must protect with respect to cooperating users and/or subjects. A set of users, for example, could be a group of users which can operate under the same role or can all use the same process(es).
In FPR_PSE.2.1 the PP/ST author should identify the list of subjects and/or operations and/or objects where the real user name of the subject should be protected, for example, 'the accessing of job offers'. Note that 'objects' includes any other attributes that might enable another user or subject to derive the actual identity of the user.
In FPR_PSE.2.2 the PP/ST author should identify the (one or more) number of aliases the TSF, is able to provide.
In FPR_PSE.2.2 the PP/ST author should identify the list of subjects to whom the TSF is able to provide an alias.
Selection:
In FPR_PSE.2.3 the PP/ST author should specify whether the user alias is generated by the TSF or supplied by the user.
Assignment:
In FPR_PSE.2.3 the PP/ST author should identify the metric to which the TSF-generated or user-generated alias should conform.
Selection:
In FPR_PSE.2.4 the PP/ST author should select whether the authorised user and/or trusted subjects can determine the real user name.
Assignment:
In FPR_PSE.2.4 the PP/ST author should identify the list of trusted subjects that can obtain the real user name under a specified condition, for example, a notary or special authorised user.
In FPR_PSE.2.4 the PP/ST author should identify the list of conditions under which the trusted subjects and authorised user can determine the real user name based on the provided reference. These conditions can be conditions such as time of day, or they can be administrative such as on a court order.