W3C home > Mailing lists > Public > www-tag@w3.org > April 2002

Information Space Definition and Auditability

From: Bullard, Claude L (Len) <clbullar@ingr.com>
Date: Tue, 16 Apr 2002 09:28:33 -0500
Message-ID: <2C61CCE8A870D211A523080009B94E4306FEEB7F@HQ5>
To: www-tag@w3.org
I am not sure if it is appropriate to respond 
to the meeting minutes.  If not, please advise.

Two comments on "Summary of 15 April 2002 TAG meeting":

1.  Information space seems to be an unusually 
weak descriptor for the web unless "information" as 
a unit is defined as that which is addressable 
even if unnamed.   This corresponds to the 
Boltzman concepts for entropy (not that I suggest 
one discuss that).

2.  Berners-Lee is quite right about the need 
to record transactions based on the responsibility 
of the owner of the agent.  Regardless of the 
outcome of the debate, the web architecture 
must support auditability of transactions. I 
am unsure how this is done with web systems, 
that is, how to pair the transactions of a 
client and server.  "Information space" based 
definitions appear to make this abstract unless 
they are based on the identity of the participants.  What 
information items are needed to identify transactions 
between web clients and web servers (ie, between 
http://www.foo.com and http://www.bar.com)?

As an example, our products support auditability 
by recording the following typical information 
items:

ADDTIME  Date and time *this* record was created 
ADDUSER  Logon ID of the user who created this record 
MODTIME  Date and time this record was last modified 
MODUSER  Logon ID of the user who last modified this record 
ADDCONSOLE  Node name of console from which record was created 

More useful definitions might include agency identifiers as well.

While not a web requirement per se, the web architecture 
or best practices must not prevent proper recording of 
such items as they are key to auditing the system and 
auditing is essential for agency interactions.  The 
example given is not a suggestion for the web system 
per se, but an example of how auditing is supported 
in a non-web system, and a query as to how this is 
extended for web-based processing?

len bullard
Received on Tuesday, 16 April 2002 10:29:04 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 26 April 2012 12:47:06 GMT