RE: Glossary Definition for Audit(ing) [Was: RE: AG004 Closure S ought] from Joseph Hui on 2002-07-26 (www-ws-arch@w3.org from July 2002)

From: Joseph Hui <Joseph.Hui@exodus.net>
Date: Thu, 25 Jul 2002 18:38:10 -0700
To: "Hao He" <Hao.He@thomson.com.au>, "Prafullchandra, Hemma" <hprafullchandra@verisign.com>, <www-ws-arch@w3.org>
Message-ID: <45258A4365C6B24A9832BFE224837D5523BC50@SJDCEX01.int.exodus.net>

Thanks, Hoa.

I'm noting yours as Text B embellished.
I think we'd better not mention SLA at all.

Joe Hui
Exodus, a Cable & Wireless service
====================================================

> -----Original Message-----
> From: Hao He [mailto:Hao.He@thomson.com.au]
> Sent: Thursday, July 25, 2002 6:08 PM
> To: 'Prafullchandra, Hemma'; www-ws-arch@w3.org
> Subject: RE: Glossary Definition for Audit(ing) [Was: RE: 
> AG004 Closure
> S ought]
> 
> 
> I would call this particular auditing security auditing 
> because auditing can
> also be used for service level agreement.
>  
> How about a more general auditing?
>  
> Auditing: A service that reliably and securely records 
> events (such as authentication events, policy enforcement decisions,
> abnormal (deviations from the norm) events). The resulting audit trail
> may be used to detect attacks, confirm compliance with policy 
> and service
> level agreement, deter abuse of authority or other purposes. 
>  
> Hao
> 
> -----Original Message-----
> From: Prafullchandra, Hemma [mailto:hprafullchandra@verisign.com]
> Sent: Friday, July 26, 2002 11:02 AM
> To: www-ws-arch@w3.org
> Subject: RE: Glossary Definition for Audit(ing) [Was: RE: 
> AG004 Closure S
> ought]
> 
> 
> Text A: 
>   Auditing provides passive tracking and logging of 
>   security-related activities, incidents, and events 
>    (such as authentication events, unproven claims, or bad 
>   signature occurrences). Administrator can securely managed 
>   and analyze these audit records to take appropriate action 
>    against antagonists. 
> 
> Text B:
>   Audit: A service that reliably records security-related events
>   for future reference. The resulting audit trail may be used to
>   detect attacks, confirm compliance with policy, deter abuse
>   of authority or other purposes. 
>  
> Final:A+B:
> Auditing: A service that reliably and securely records 
> security-related
> events (such as authentication events, policy enforcement decisions,
> abnormal (deviations from the norm) events). The resulting audit trail
> may be used to detect attacks, confirm compliance with policy, deter
> abuse of authority or other purposes. 
>  
> Unless there was something specific in A, about the players 
> involved that
> you
> wanted to capture or the nature of this activity. Feel free 
> to polish A+B
> further
> but I really think this captures the essence of what we want 
> to say given
> all the other restrictions!
>  
> hemma
> 
>

Received on Thursday, 25 July 2002 21:37:21 UTC