RE: Glossary Definition for Audit(ing) [Was: RE: AG004 Closure S ought] from Dave Hollander on 2002-07-26 (www-ws-arch@w3.org from July 2002)

From: Dave Hollander <dmh@contivo.com>
Date: Fri, 26 Jul 2002 08:29:01 -0700
To: "'www-ws-arch@w3.org '" <www-ws-arch@w3.org>
Message-ID: <BD52C6379806D51188DD00508BEEC96C4B64AE@mail.contivo.com>
(Sorry, I saw this message after sending my earlier one today.)

If we are limiting this to security auditing:

1) prepend security before "policy enforcement decisions". There are
lots of types of policies.

2) we should describe a family of auditing and event tracking classes,
or at least security auditing as one of many classes.

3) prepend security before "other purposes". 

4) define auditing as well as "security auditing"

5) address sharing of implementation infrastructure (logging, reporting,
etc) with other auditing purposes. I would expect that it should be
allowed, but would defer to the experts if they disagree.

Overall, I am not sure if the focus on security and not other purposes
is intentially describing a separate sub-system or just describing
minimum requirements for security purposes.

Regards,
Dave


-----Original Message-----
From: Darran Rolls
To: Joseph Hui; Prafullchandra, Hemma; www-ws-arch@w3.org
Sent: 7/26/2002 6:08 AM
Subject: RE: Glossary Definition for Audit(ing)  [Was: RE: AG004 Closure
Sought]

Joe/Hav/Memma

 

1 - We should prefix auditing with the word "security" as that is what
we are defining.  Without that qualifier in the glossary, an independent
evaluator might question why we are only auditing "security events" and
not understand the difference between security auditing and generalized
logging used to say audit/track a transactions history.

 

2 - Would you all consider "policy enforcement decisions" to be a
super-set of authZ?  Personally I would, but could see that others might
read this as the AuthN/AuthZ twins missing a sibling.

 

3 - You'll note I've added security as a prefix to the phrase "audit
trail" in text below.  Again, the term audit trail without this, IMO has
to include any generalized event logging I care to throw into the
application just in case. 

 

4. Consider the following (minor) changes to the text:

 

Security Auditing: A service that reliably and securely records
security-related

Events, such as authentication events, policy enforcement decisions,

and any general event that deviated from an established norm to imply a
security relevant event has taken place. The resulting security audit
trail may then be used to detect attacks, confirm compliance with
policy, deter abuse of authority or other purposes

 

--------------------------------------------------------

Darran Rolls                      http://www.waveset.com

Waveset Technologies Inc          drolls@waveset.com 

(512) 657 8360                    

--------------------------------------------------------

 

-----Original Message-----
From: Joseph Hui [mailto:Joseph.Hui@exodus.net] 
Sent: Thursday, July 25, 2002 8:47 PM
To: Prafullchandra, Hemma; www-ws-arch@w3.org
Subject: RE: Glossary Definition for Audit(ing) [Was: RE: AG004 Closure
S ought]

 

Thanks again, Hemma.

 

I'm also noting your A+B as Text B embellished.

If the similarity shared by yours and Hoa's is also shared

by popular sentiment, then I think we're just aboutt there.

 

Joe Hui

Exodus, a Cable & Wireless service

===================================

 

 -----Original Message-----
From: Prafullchandra, Hemma [mailto:hprafullchandra@verisign.com]
Sent: Thursday, July 25, 2002 6:02 PM
To: www-ws-arch@w3.org
Subject: RE: Glossary Definition for Audit(ing) [Was: RE: AG004 Closure
S ought]

Text A: 

  Auditing provides passive tracking and logging of 
  security-related activities, incidents, and events 
   (such as authentication events, unproven claims, or bad 
  signature occurrences). Administrator can securely managed 
  and analyze these audit records to take appropriate action 
   against antagonists. 

Text B:

  Audit: A service that reliably records security-related events

  for future reference. The resulting audit trail may be used to

  detect attacks, confirm compliance with policy, deter abuse

  of authority or other purposes. 

 

Final:A+B:

Auditing: A service that reliably and securely records security-related

events (such as authentication events, policy enforcement decisions,

abnormal (deviations from the norm) events). The resulting audit trail

may be used to detect attacks, confirm compliance with policy, deter

abuse of authority or other purposes. 

 

Unless there was something specific in A, about the players involved
that you

wanted to capture or the nature of this activity. Feel free to polish
A+B further

but I really think this captures the essence of what we want to say
given all the other restrictions!

 

hemma
Received on Friday, 26 July 2002 11:32:00 UTC