- From: Darran Rolls <Darran.Rolls@waveset.com>
- Date: Fri, 26 Jul 2002 08:08:49 -0500
- To: "Joseph Hui" <Joseph.Hui@exodus.net>, "Prafullchandra, Hemma" <hprafullchandra@verisign.com>, <www-ws-arch@w3.org>
- Message-ID: <6244FCD1F88EC14BACDD2A319FD338242DC75B@hawaii.waveset.com>
Joe/Hav/Memma 1 - We should prefix auditing with the word "security" as that is what we are defining. Without that qualifier in the glossary, an independent evaluator might question why we are only auditing "security events" and not understand the difference between security auditing and generalized logging used to say audit/track a transactions history. 2 - Would you all consider "policy enforcement decisions" to be a super-set of authZ? Personally I would, but could see that others might read this as the AuthN/AuthZ twins missing a sibling. 3 - You'll note I've added security as a prefix to the phrase "audit trail" in text below. Again, the term audit trail without this, IMO has to include any generalized event logging I care to throw into the application just in case. 4. Consider the following (minor) changes to the text: Security Auditing: A service that reliably and securely records security-related Events, such as authentication events, policy enforcement decisions, and any general event that deviated from an established norm to imply a security relevant event has taken place. The resulting security audit trail may then be used to detect attacks, confirm compliance with policy, deter abuse of authority or other purposes -------------------------------------------------------- Darran Rolls http://www.waveset.com Waveset Technologies Inc drolls@waveset.com (512) 657 8360 -------------------------------------------------------- -----Original Message----- From: Joseph Hui [mailto:Joseph.Hui@exodus.net] Sent: Thursday, July 25, 2002 8:47 PM To: Prafullchandra, Hemma; www-ws-arch@w3.org Subject: RE: Glossary Definition for Audit(ing) [Was: RE: AG004 Closure S ought] Thanks again, Hemma. I'm also noting your A+B as Text B embellished. If the similarity shared by yours and Hoa's is also shared by popular sentiment, then I think we're just aboutt there. Joe Hui Exodus, a Cable & Wireless service =================================== -----Original Message----- From: Prafullchandra, Hemma [mailto:hprafullchandra@verisign.com] Sent: Thursday, July 25, 2002 6:02 PM To: www-ws-arch@w3.org Subject: RE: Glossary Definition for Audit(ing) [Was: RE: AG004 Closure S ought] Text A: Auditing provides passive tracking and logging of security-related activities, incidents, and events (such as authentication events, unproven claims, or bad signature occurrences). Administrator can securely managed and analyze these audit records to take appropriate action against antagonists. Text B: Audit: A service that reliably records security-related events for future reference. The resulting audit trail may be used to detect attacks, confirm compliance with policy, deter abuse of authority or other purposes. Final:A+B: Auditing: A service that reliably and securely records security-related events (such as authentication events, policy enforcement decisions, abnormal (deviations from the norm) events). The resulting audit trail may be used to detect attacks, confirm compliance with policy, deter abuse of authority or other purposes. Unless there was something specific in A, about the players involved that you wanted to capture or the nature of this activity. Feel free to polish A+B further but I really think this captures the essence of what we want to say given all the other restrictions! hemma
Received on Friday, 26 July 2002 09:09:22 UTC