Certification Rules 1 and 2

CR1     When any IVP is run, it must ensure all CDIs are in a valid state

CR2     For some associated set of CDIs, a TP must transform those CDIs in a valid state into a (possibly different) valid state

–    Defines relation certified that associates a set of CDIs with a particular TP

–    Example: TP balance, CDIs accounts, in bank example

Enforcement Rules 1 and 2

ER1     The system must maintain the certified relations and must ensure that only TPs certified to run on a CDI manipulate that CDI.

ER2     The system must associate a user with each TP and set of CDIs. The TP may access those CDIs on behalf of the associated user. The TP cannot access that CDI on behalf of a user not associated with that TP and CDI.

–    System must maintain, enforce certified relation

–    System must also restrict access based on user ID (allowed relation)