W3C home > Mailing lists > Public > www-ws-arch@w3.org > July 2002

RE: Glossary Definition for Audit(ing) [Was: RE: AG004 Closure S ought]

From: Prafullchandra, Hemma <hprafullchandra@verisign.com>
Date: Thu, 25 Jul 2002 18:01:45 -0700
Message-ID: <FBDFBCB7591BD611AB4A00D0B79E60B0010BB13E@vhqpostal2.verisign.com>
To: www-ws-arch@w3.org
Text A: 
  Auditing provides passive tracking and logging of 
  security-related activities, incidents, and events 
   (such as authentication events, unproven claims, or bad 
  signature occurrences). Administrator can securely managed 
  and analyze these audit records to take appropriate action 
   against antagonists. 

Text B:
  Audit: A service that reliably records security-related events
  for future reference. The resulting audit trail may be used to
  detect attacks, confirm compliance with policy, deter abuse
  of authority or other purposes. 
 
Final:A+B:
Auditing: A service that reliably and securely records security-related
events (such as authentication events, policy enforcement decisions,
abnormal (deviations from the norm) events). The resulting audit trail
may be used to detect attacks, confirm compliance with policy, deter
abuse of authority or other purposes. 
 
Unless there was something specific in A, about the players involved that
you
wanted to capture or the nature of this activity. Feel free to polish A+B
further
but I really think this captures the essence of what we want to say given
all the other restrictions!
 
hemma
Received on Thursday, 25 July 2002 21:01:08 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 3 July 2007 12:25:03 GMT