[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
[ldapext] [Fwd: I-D ACTION:draft-hall-ldap-audit-00.txt]
- To: ldapext@ietf.org
- Subject: [ldapext] [Fwd: I-D ACTION:draft-hall-ldap-audit-00.txt]
- From: "Eric A. Hall" <ehall@ehsco.com>
- Date: Tue, 01 Apr 2003 08:20:22 -0600
- User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.3) Gecko/20030312
I'd like to get some feedback on this idea.
Background -- I'm working on an application where WHOIS data will be
stored and exchanged over LDAP. Some registration bodies already store
some auditing information in their private databases, and I'd like to
provide a common mechanism for this kind of data. However, it seems that
this kind of data/usage has broader applicability, and rather than define
it exclusively for use with this application, it seems that it would be
better for the community to define it for general-use.
This draft was assembled in a hurry, so I'm sure there are some basic
errors with it. Otherwise, would this be useful as a common schema, and
are there any significant architectural concerns? or should I go back and
specify it for use with this application in particular?
Thanks
ps--I'm aware of the changelog work that's going on, but that work deals
with data-stores as a whole, and does not readily allow for auditing the
changes made to specific entries.
--
Eric A. Hall http://www.ehsco.com/
Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
--- Begin Message ---
- To: IETF-Announce: ;
- Subject: I-D ACTION:draft-hall-ldap-audit-00.txt
- From: Internet-Drafts@ietf.org
- Date: Tue, 01 Apr 2003 06:49:05 -0500
A New Internet-Draft is available from the on-line Internet-Drafts directories.
Title : The generalizedAudit object class and
the generalizedAuditEvent attribute
Author(s) : E. Hall
Filename : draft-hall-ldap-audit-00.txt
Pages : 0
Date : 2003-3-31
This document defines an LDAP auxiliary object class and a single
attribute, which together can be used to store and track the
entities who may have accessed or modified a specific entry in an
LDAP directory information tree. For example, an LDAP application
may need to store information which can indicate when an entry was
created, when it was accessed, who modified it, and other kinds of
similar information, with this information acting as a general-
purpose auditing log for that entry.
The object class and attributes defined herein are designed for that
purpose in particular, and are not intended to serve as detailed
auditing information capable of withstanding court-of-law scrutiny,
nor are they designed to be used for journaling-playback purposes.
They are simply to be used for storing general information about the
changes which have been made to a specific entry.
A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-hall-ldap-audit-00.txt
To remove yourself from the IETF Announcement list, send a message to
ietf-announce-request with the word unsubscribe in the body of the message.
Internet-Drafts are also available by anonymous FTP. Login with the username
"anonymous" and a password of your e-mail address. After logging in,
type "cd internet-drafts" and then
"get draft-hall-ldap-audit-00.txt".
A list of Internet-Drafts directories can be found in
http://www.ietf.org/shadow.html
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
Internet-Drafts can also be obtained by e-mail.
Send a message to:
mailserv@ietf.org.
In the body type:
"FILE /internet-drafts/draft-hall-ldap-audit-00.txt".
NOTE: The mail server at ietf.org can return the document in
MIME-encoded form by using the "mpack" utility. To use this
feature, insert the command "ENCODING mime" before the "FILE"
command. To decode the response(s), you will need "munpack" or
a MIME-compliant mail reader. Different MIME-compliant mail readers
exhibit different behavior, especially when dealing with
"multipart" MIME messages (i.e. documents which have been split
up into multiple messages), so check your local documentation on
how to manipulate these messages.
Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Internet-Draft.
- <ftp://ftp.ietf.org/internet-drafts/draft-hall-ldap-audit-00.txt>
-
--- End Message ---