<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<body link="#355491" alink="#4262a1" vlink="#355491" style="background: #e2e2e2; margin: 0; padding: 20px;">
<div>
<table cellpadding="0" bgcolor="#FFFFFF" border="0" cellspacing="0" style="border: 1px solid #dadada; margin-bottom: 30px; width: 100%; -moz-border-radius: 6px; -webkit-border-radius: 6px;">
<tbody>
<tr>
<td>
<table border="0" cellpadding="0" cellspacing="0" bgcolor="#FFFFFF" style="border: solid 2px #ccc; background: #dadada; width: 100%; -moz-border-radius: 6px; -webkit-border-radius: 6px;">
<tbody>
<tr>
<td bgcolor="#000000" valign="middle" height="58px" style="border-bottom: 1px solid #ccc; padding: 20px; -moz-border-radius-topleft: 3px; -moz-border-radius-topright: 3px; -webkit-border-top-right-radius: 5px; -webkit-border-top-left-radius: 5px;">
<h1 style="color: #333333; font: bold 22px Arial, Helvetica, sans-serif; margin: 0; display: block !important;">
<!-- To have a header image/logo replace the name below with your img tag -->
<!-- Email clients will render the images when the message is read so any image -->
<!-- must be made available on a public server, so that all recipients can load the image. -->
<a href="http://community.jboss.org/index.jspa" style="text-decoration: none; color: #E1E1E1">JBoss Community</a></h1>
</td>
</tr>
<tr>
<td bgcolor="#FFFFFF" style="font: normal 12px Arial, Helvetica, sans-serif; color:#333333; padding: 20px; -moz-border-radius-bottomleft: 4px; -moz-border-radius-bottomright: 4px; -webkit-border-bottom-right-radius: 5px; -webkit-border-bottom-left-radius: 5px;"><h3 style="margin: 10px 0 5px; font-size: 17px; font-weight: normal;">
XACML Audit/Reporting
</h3>
<span style="margin-bottom: 10px;">
created by <a href="http://community.jboss.org/people/dgradl">Dan Gradl</a> in <i>PicketBox Development</i> - <a href="http://community.jboss.org/message/639687#639687">View the full discussion</a>
</span>
<hr style="margin: 20px 0; border: none; background-color: #dadada; height: 1px;">
<div class="jive-rendered-content"><p>This is a post in a serious of discussions I am starting to get some discussion going on XACML.  I led the implementation of XACML on a large scale using the original SunXACML libraries as the PDP and I am sharing some of my insights as a way to elicit some requirements on the further development of XACML.   The original post and index to these discussions is <a class="" href="http://community.jboss.org/thread/175091?tstart=0">http://community.jboss.org/thread/175091?tstart=0</a>.</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>This thread discusses Audit/Reporting.</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>I don't have a whole lot to say here.   IT Security department, auditors and government agencies may require information on who has access to what.  Deriving that from XACML policy files is not reasonable, so some reporting capability is necessary.  I think it needs to be central.. or able to assemble a single report about all policies wherever they may be.    </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>The second type of auditing might simply be logging of decisions as they are done realtime.  This should not be turned on all the time as it could be a performance bottleneck.  But for troubleshooting policies or for specific incidents it might need to be enabled on a limited basis.</p></div>
<div style="background-color: #f4f4f4; padding: 10px; margin-top: 20px;">
<p style="margin: 0;">Reply to this message by <a href="http://community.jboss.org/message/639687#639687">going to Community</a></p>
<p style="margin: 0;">Start a new discussion in PicketBox Development at <a href="http://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2088">Community</a></p>
</div></td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</div>
</body>
</html>