RE: Glossary Definition for Audit(ing) [Was: RE: AG004 Closure S ought]

I would call this particular auditing security auditing because auditing can
also be used for service level agreement.
 
How about a more general auditing?
 
Auditing: A service that reliably and securely records 
events (such as authentication events, policy enforcement decisions,
abnormal (deviations from the norm) events). The resulting audit trail
may be used to detect attacks, confirm compliance with policy and service
level agreement, deter abuse of authority or other purposes. 
 
Hao

-----Original Message-----
From: Prafullchandra, Hemma [mailto:hprafullchandra@verisign.com]
Sent: Friday, July 26, 2002 11:02 AM
To: www-ws-arch@w3.org
Subject: RE: Glossary Definition for Audit(ing) [Was: RE: AG004 Closure S
ought]


Text A: 
  Auditing provides passive tracking and logging of 
  security-related activities, incidents, and events 
   (such as authentication events, unproven claims, or bad 
  signature occurrences). Administrator can securely managed 
  and analyze these audit records to take appropriate action 
   against antagonists. 

Text B:
  Audit: A service that reliably records security-related events
  for future reference. The resulting audit trail may be used to
  detect attacks, confirm compliance with policy, deter abuse
  of authority or other purposes. 
 
Final:A+B:
Auditing: A service that reliably and securely records security-related
events (such as authentication events, policy enforcement decisions,
abnormal (deviations from the norm) events). The resulting audit trail
may be used to detect attacks, confirm compliance with policy, deter
abuse of authority or other purposes. 
 
Unless there was something specific in A, about the players involved that
you
wanted to capture or the nature of this activity. Feel free to polish A+B
further
but I really think this captures the essence of what we want to say given
all the other restrictions!
 
hemma