Loading EN-304-617.md +18 −8 Original line number Diff line number Diff line Loading @@ -1320,24 +1320,34 @@ The following steps are to be carried out in order: - Extension console log. ### Assessment of [REQ-STORE-ACC-3] ### [ACC-STORE-ACC-3] Assessment of [REQ-STORE-ACC-3] - **Assessment Reference:** The product shall enforce Same Origin Policy access control for storage data outside rendering processes. - **Assessment Objective:** Assess whether the product enforces separation of data across browser profiles. - **Assessment Preparation:** - Identify a relevant website that can be used to set uniquely identifiable data. - Prepare tooling that will provide visibility into data available for a given browser profile. - Identify supported browser profiles (eg private browsing, user profiles etc). - Reset browser to factory default settings. - Prepare browser configuration to support available browser profiles. - **Assessment Activities:** - Open the website in the default browser profile, and note the data set by the website. - Open the website in each other browser profile, and note the data available in each profile. - Using the default browser profile, reload the website and note the data available. 1. Open the website in the default browser profile, and note the data set by the website. 2. Open the website in each other browser profile, and note the data available in each profile. 3. Using the default browser profile, reload the website and note the data available. - **Assignment of Verdict:** - **Pass** - The data gets set in the default browser profile when visiting the website. - For each browser profile available, the data is set by the browser profile context successfully. - The data set in the default browser profile is not available in any other browser profile. - Upon returning to the website, the data set initially is still available, and data set in individual profiles are not available. - **Fail**: Any of the above are not fulfilled. - **Supporting Evidence**: - Screenshot or log output from tooling at each step to demonstrate. Loading Loading
EN-304-617.md +18 −8 Original line number Diff line number Diff line Loading @@ -1320,24 +1320,34 @@ The following steps are to be carried out in order: - Extension console log. ### Assessment of [REQ-STORE-ACC-3] ### [ACC-STORE-ACC-3] Assessment of [REQ-STORE-ACC-3] - **Assessment Reference:** The product shall enforce Same Origin Policy access control for storage data outside rendering processes. - **Assessment Objective:** Assess whether the product enforces separation of data across browser profiles. - **Assessment Preparation:** - Identify a relevant website that can be used to set uniquely identifiable data. - Prepare tooling that will provide visibility into data available for a given browser profile. - Identify supported browser profiles (eg private browsing, user profiles etc). - Reset browser to factory default settings. - Prepare browser configuration to support available browser profiles. - **Assessment Activities:** - Open the website in the default browser profile, and note the data set by the website. - Open the website in each other browser profile, and note the data available in each profile. - Using the default browser profile, reload the website and note the data available. 1. Open the website in the default browser profile, and note the data set by the website. 2. Open the website in each other browser profile, and note the data available in each profile. 3. Using the default browser profile, reload the website and note the data available. - **Assignment of Verdict:** - **Pass** - The data gets set in the default browser profile when visiting the website. - For each browser profile available, the data is set by the browser profile context successfully. - The data set in the default browser profile is not available in any other browser profile. - Upon returning to the website, the data set initially is still available, and data set in individual profiles are not available. - **Fail**: Any of the above are not fulfilled. - **Supporting Evidence**: - Screenshot or log output from tooling at each step to demonstrate. Loading
