[Date Prev][Date Next] [Chronological] [Thread] [Top]

[ldapext] [Fwd: I-D ACTION:draft-hall-ldap-audit-00.txt]

I'd like to get some feedback on this idea.

Background -- I'm working on an application where WHOIS data will be
stored and exchanged over LDAP. Some registration bodies already store
some auditing information in their private databases, and I'd like to
provide a common mechanism for this kind of data. However, it seems that
this kind of data/usage has broader applicability, and rather than define
it exclusively for use with this application, it seems that it would be
better for the community to define it for general-use.

This draft was assembled in a hurry, so I'm sure there are some basic
errors with it. Otherwise, would this be useful as a common schema, and
are there any significant architectural concerns? or should I go back and
specify it for use with this application in particular?

Thanks

ps--I'm aware of the changelog work that's going on, but that work deals
with data-stores as a whole, and does not readily allow for auditing the
changes made to specific entries.

-- 
Eric A. Hall                                        http://www.ehsco.com/
Internet Core Protocols          http://www.oreilly.com/catalog/coreprot/
--- Begin Message --- 
A New Internet-Draft is available from the on-line Internet-Drafts directories.


	Title		: The generalizedAudit object class and 
                          the generalizedAuditEvent attribute
	Author(s)	: E. Hall
	Filename	: draft-hall-ldap-audit-00.txt
	Pages		: 0
	Date		: 2003-3-31
	
This document defines an LDAP auxiliary object class and a single 
attribute, which together can be used to store and track the 
entities who may have accessed or modified a specific entry in an 
LDAP directory information tree. For example, an LDAP application 
may need to store information which can indicate when an entry was 
created, when it was accessed, who modified it, and other kinds of 
similar information, with this information acting as a general-
purpose auditing log for that entry. 
The object class and attributes defined herein are designed for that 
purpose in particular, and are not intended to serve as detailed 
auditing information capable of withstanding court-of-law scrutiny, 
nor are they designed to be used for journaling-playback purposes. 
They are simply to be used for storing general information about the 
changes which have been made to a specific entry.

A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-hall-ldap-audit-00.txt

To remove yourself from the IETF Announcement list, send a message to 
ietf-announce-request with the word unsubscribe in the body of the message.

Internet-Drafts are also available by anonymous FTP. Login with the username
"anonymous" and a password of your e-mail address. After logging in,
type "cd internet-drafts" and then
	"get draft-hall-ldap-audit-00.txt".

A list of Internet-Drafts directories can be found in
http://www.ietf.org/shadow.html 
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt


Internet-Drafts can also be obtained by e-mail.

Send a message to:
	mailserv@ietf.org.
In the body type:
	"FILE /internet-drafts/draft-hall-ldap-audit-00.txt".
	
NOTE:	The mail server at ietf.org can return the document in
	MIME-encoded form by using the "mpack" utility.  To use this
	feature, insert the command "ENCODING mime" before the "FILE"
	command.  To decode the response(s), you will need "munpack" or
	a MIME-compliant mail reader.  Different MIME-compliant mail readers
	exhibit different behavior, especially when dealing with
	"multipart" MIME messages (i.e. documents which have been split
	up into multiple messages), so check your local documentation on
	how to manipulate these messages.
		
		
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
<ftp://ftp.ietf.org/internet-drafts/draft-hall-ldap-audit-00.txt>

--- End Message ---