|
|
| Line 1: |
Line 1: |
| ''This is a draft document.''
| | < |
| | |
| == Specification of Roles ==
| |
| | |
| The NSS cryptographic module supports two authorized roles for operators.
| |
| | |
| * The NSS User Role provides access to all cryptographic and general purpose services (except those that perform an initialization function) and all keys stored in the private key database. An NSS User utilizes secure services and is also responsible for the retrieval, updating, and deletion of keys from the private key database.
| |
| | |
| * The Crypto Officer Role is supported for the installation (see [http://wiki.mozilla.org/FIPS_Design_Assurance#Installation Installation]) and initialization of the module. The Crypto Officer must control the access to the module both before and after installation. Control consists of management of physical access to the computer executing the NSS cryptographic module code as well as management of the security facilities provided by the operating system.
| |
| | |
| The NSS cryptographic module uses a combined role approach -- by authenticating to the module, an operator assumes both the NSS User Role and the Crypto Officer Role at the same time.
| |
| | |
| == Specification of Maintenance Roles ==
| |
| | |
| This section is not
| |