RE: Glossary Definition for Audit(ing) [Was: RE: AG004 Closure S ought] from Hal Lockhart on 2002-07-26 (www-ws-arch@w3.org from July 2002)

From: Hal Lockhart <hal.lockhart@entegrity.com>
Date: Fri, 26 Jul 2002 11:20:49 -0400
To: "'Dave Hollander'" <dmh@contivo.com>, "'Pete Wenzel '" <pete@seebeyond.com>, "'Joseph Hui '" <Joseph.Hui@exodus.net>
Cc: "'Prafullchandra, Hemma '" <hprafullchandra@verisign.com>, "'www-ws-arch@w3.org '" <www-ws-arch@w3.org>
Message-ID: <899128A30EEDD1118FC900A0C9C74A34010341AD@bigbird.gradient.com>

The original context of this discussion, as I understand it, was to define
what I would call a Secure Audit Trail, which had already been given the
label of "Audit" and needed a glossary definition. 

I have been down this road before. (The first time was with DCE circa 1992.)
People always suggest combining security auditing with generalized auditing
or even a generalized event service. The problem is that once you start to
look into it, the requirements diverge to a sufficient extent that you end
up defining two distinct facilities. (Security Audit has much higher
requirements for assurance, availability and formal trust, which negatively
impact performance and complexity of a general event reporting service.) 

I would like to avoid repeating this process, so I would resist redefining
this into a generalized service. On the other hand, I have no problem with
changing the term being defined from "Audit" to "Security Audit".

Hal

> -----Original Message-----
> From: Dave Hollander [mailto:dmh@contivo.com]
> Sent: Friday, July 26, 2002 10:48 AM
> To: 'Pete Wenzel '; 'Joseph Hui '
> Cc: 'Prafullchandra, Hemma '; 'www-ws-arch@w3.org '
> Subject: RE: Glossary Definition for Audit(ing) [Was: RE: 
> AG004 Closure
> S ought]
> 
> 
> 
> I like this wording. I am curious why "security-related events" as
> opposed to simply "events".
> 
> Can not auditing be used for purposes beyound security? Is there some
> reason to not use the same mechanisms for any metric that there is
> reason to audit?
> 
> Also, the nesting of perenthisis is probably a sign that the phrase
> needs a little tuning. Perhaps there is a better word than abnormal.
> 
> Regards,
> Dave
> 
> 
> > Final:A+B:
> > Auditing: A service that reliably and securely records 
> security-related
> > events (such as authentication events, policy enforcement decisions,
> > abnormal (deviations from the norm) events). The resulting 
> audit trail
> > may be used to detect attacks, confirm compliance with policy, deter
> > abuse of authority or other purposes. 
> >  
>

Received on Friday, 26 July 2002 11:22:18 UTC