You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
« Previous
Version 2
Next »
The following questions need to be resolved by the next audit service meeting (to be scheduled between March 4-6). In each case, a default answer has been provided in case there is insufficient community input in the allotted time. The default answers are highlighted in green.
Should there be support for adding external events to the Audit Service?
- If yes, what restrictions, if any, should be enforced on this capability? (e.g. only when migrating from Fedora3? only by administrators?)
- If yes, what should the import format be?
| Answer | Submitted by |
|---|
| Yes. By default, no restrictions will be enforced. | David Wilcox |
| Yes. No restrictions enforced. Capturing the event's source (or agent) to distinguish between internal/imported. | Ralf Claussnitzer |
| | |
For event tracking, where is the user principal expected to come from?
| Answer | Submitted by |
|---|
| Fedora will use servlet-request#getUserPrincipal to get the principal. This means that applications will need to pass user principals to Fedora in order for them to be recognized by the audit service. | David Wilcox |
| User Principle applies if no other principal is provided. Problem with entities other than users ("frontendServer1"?). Providing "On-Behalf-Of" mechanism (SWORD Authentication and Mediated Deposit) might help. | Ralf Claussnitzer |
| | |
How will user principals be mapped to persistent user identifiers?
This is related to the previous question, and need not be resolved as quickly as the other questions.
| Answer | Submitted by |
|---|
| I suggest Fedora internal PUIDs bound to the Authentication System. | Ralf Claussnitzer |
| | |
| | |
