Table of Contents
Advertisement
communicate with the DRM securely, the DRM administrator creates a CA
user in the DRM with the Trusted Manager role. All communications
between the CA and DRM are then made through this special user with the
CA's certificate over SSL client-authentication and Trusted Manager role
authorization.
OCSP
•
Administrators
Can start/stop server (from the command-line).
Can perform all configuration management for DRM (via the CMS
Console).
Can backup (CMSBackup) and restore (CMSRestore) the subsystem from
the command-line.
•
Online Certificate Status Manager Agents
Can add CRLs (to the OCSP Responder Agent interface via SSL-capable
browsers).
Can define supported CAs (via SSL-capable browsers to the OCSP
Responder Agent interface).
•
Auditors
Can view signed audit logs (via the CMS Console). This is the only role
allowed this privilege.
Can verify audit log signatures by running the AuditVerify tool (from the
IT environment).
About Roles
Of all privileged roles supported by CMS, the Certificate Manager Agents role, the
Registration Manager Agents role, and the DRM Agent Role are the ones that map
directly to the "Officer" role defined in the ST and the CIMC PP. The Online
Certificate Status Manager Agents are a sub-group of the Administrator role
defined in the CIMC PP. The following further specifies this mapping:
Appendix B
Common Criteria Environment: Setup and Operations
CMS Privileged Users and Groups (Roles)
683
Advertisement
Table of Contents
