Dan Gradl [
http://community.jboss.org/people/dgradl] created the discussion
"XACML Audit/Reporting"
To view the discussion, visit:
http://community.jboss.org/message/639687#639687
--------------------------------------------------------------
This is a post in a serious of discussions I am starting to get some discussion going on
XACML. I led the implementation of XACML on a large scale using the original SunXACML
libraries as the PDP and I am sharing some of my insights as a way to elicit some
requirements on the further development of XACML. The original post and index to these
discussions is
http://community.jboss.org/thread/175091?tstart=0
http://community.jboss.org/thread/175091?tstart=0.
This thread discusses Audit/Reporting.
I don't have a whole lot to say here. IT Security department, auditors and
government agencies may require information on who has access to what. Deriving that from
XACML policy files is not reasonable, so some reporting capability is necessary. I think
it needs to be central.. or able to assemble a single report about all policies wherever
they may be.
The second type of auditing might simply be logging of decisions as they are done
realtime. This should not be turned on all the time as it could be a performance
bottleneck. But for troubleshooting policies or for specific incidents it might need to
be enabled on a limited basis.
--------------------------------------------------------------
Reply to this message by going to Community
[
http://community.jboss.org/message/639687#639687]
Start a new discussion in PicketBox Development at Community
[
http://community.jboss.org/choose-container!input.jspa?contentType=1&...]