W3C home > Mailing lists > Public > www-ws-arch@w3.org > July 2002

RE: AG004 Closure Sought

From: Prafullchandra, Hemma <hprafullchandra@verisign.com>
Date: Thu, 25 Jul 2002 13:29:05 -0700
Message-ID: <FBDFBCB7591BD611AB4A00D0B79E60B0010BB12B@vhqpostal2.verisign.com>
To: www-ws-arch@w3.org


From a service provider perspective, this is also important
in that the rules & procedures by which it claims to operate
can be said to be within compliance by external auditors
on a regular basis, by analyzing these audit logs.
So there is
- malicious activity by internal or external individual 
- malicious play by a company as a whole
- the ability to gather "un-modified" evidence to substantiate
or negate any accusations.

Hemma

-----Original Message-----
From: Hal Lockhart [mailto:hal.lockhart@entegrity.com]

[snip]
IMHO, the major benefit of a secure audit trail is deterrence against abuse
of authority. For example, in any system, somebody has to be empowered to
create user accounts, alter access rights and so on. However, if it is known
for a certainty that when the effects of unauthorized actions by authorized
users is discovered, it will be possible to determine who is responsible,
this will tend to deter insiders from abuse. Its like the cameras in the
ceiling in gambling casinos. The other side of the coin is that it can clear
the innocent from suspicion.
Hal 
Received on Thursday, 25 July 2002 16:28:32 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 3 July 2007 12:25:03 GMT