[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Audit trails with Credential Server

To: "'Michael Leahy'" <Michael.Leahy@xxxxxx>, ietf-sacred@xxxxxxx
Subject: RE: Audit trails with Credential Server
From: "Miklos, Sue A." <samiklo@xxxxxxxxxxxxxx>
Date: Wed, 27 Sep 2000 13:17:55 -0400
List-archive: <http://www.imc.org/ietf-sacred/mail-archive/>
List-id: <ietf-sacred.imc.org>
List-unsubscribe: <mailto:ietf-sacred-request@imc.org?body=unsubscribe>
Sender: owner-ietf-sacred@xxxxxxxxxxxx

Is there any intent to allow remote access to audit information to manage
thresholds, retrieve logs?  Will this default to the most recent SNMP (or
equivalent) standards as opposed to trying to re-create this work?

regards,
Sandi Miklos

-----Original Message-----
From: Michael Leahy [mailto:Michael.Leahy@xxxxxx]
Sent: Tuesday, September 26, 2000 7:09 AM
To: ietf-sacred@xxxxxxx
Subject: Re: Audit trails with Credential Server


Hi Stephen

true, it does not affect interoperability. So just defining a minimum set of
attributes {or data blocks} that should be logged would suffice and any
gotcha's that might be associated with these. 

Regards
Michael
----- Original Message ----- 
From: Stephen Farrell <stephen.farrell@xxxxxxxxxxxx>
To: Michael Leahy <Michael.Leahy@xxxxxx>
Cc: <ietf-sacred@xxxxxxx>
Sent: Tuesday, September 26, 2000 11:30 AM
Subject: Re: Audit trails with Credential Server


> 
> Michael,
> 
> You're right that audit is important, however, I don't see 
> where any of this affects interoperability, at least not 
> with the data you suggest auditing. If that's true, then 
> it doesn't belong in our specs, except perhaps if we want
> to give some guidance in an area where folks are otherwise
> likely to go wrong.
> 
> Stephen.
> 
> > Michael Leahy wrote:
> > 
> > Hi
> > 
> > "You are only as secure as your last audit trail" - Someone once said
this to me (can not remember
> > who) and it always sticks in my mind. So any thoughts on what
information {if any} SHOULD be
> > logged by the credential server. I don't really want to go down the
route of notaries but I do
> > beleive that some minimum information should be kept.
> > 
> > Here's a list that comes to mind
> > 1. User login ID (in whatever form the user authenticates themselves)
> > 2. Time that request was made
> > 3. User ip address - Since we have not decided on TCP/IP as the
transport mechanism then what we
> > log here will obviously change.
> > 4. I would also recommend logging the request syntax (user) and server
response. This way whatever
> > we decide on as the authentication mechanism we would get for free in
the log
> > 
> > Again I realize that what gets logged will be implementation dependent
but it is in my opinion a
> > necessary function - so I beleive me should define a minimum set.
> > 
> > Any thoughts ?
> > 
> > Regards
> > Michael
> 
> -- 
> ____________________________________________________________
> Stephen Farrell            
> Baltimore Technologies,   tel: (direct line) +353 1 647 7406
> 61 Fitzwilliam Lane,                    fax: +353 1 647 7499
> Dublin 2.                mailto:stephen.farrell@xxxxxxxxxxxx
> Ireland                             http://www.baltimore.com



****************************************************************************
*
This confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.
****************************************************************************
**

Follow-Ups:
- Re: Audit trails with Credential Server
  - From: Al Arsenault

Prev by Date: Re: [Fwd: new draft (draft-arsenault-sacred-reqs-00.txt)]
Next by Date: Re: Audit trails with Credential Server
Previous by thread: Re: Audit trails with Credential Server
Next by thread: Re: Audit trails with Credential Server
Index(es):
- Date
- Thread