Re: [OAUTH-WG] New Version Notification for draft-tsitkov-oauth-audit-02.txt
Zhanna Tsitkov <tsitkova@mit.edu> Fri, 30 January 2015 17:51 UTC
Return-Path: <tsitkova@mit.edu>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC92E1A9142 for <oauth@ietfa.amsl.com>; Fri, 30 Jan 2015 09:51:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.211
X-Spam-Level:
X-Spam-Status: No, score=-4.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o-CAhSWe0lvT for <oauth@ietfa.amsl.com>; Fri, 30 Jan 2015 09:51:38 -0800 (PST)
Received: from dmz-mailsec-scanner-7.mit.edu (dmz-mailsec-scanner-7.mit.edu [18.7.68.36]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ECAE01A913D for <oauth@ietf.org>; Fri, 30 Jan 2015 09:51:36 -0800 (PST)
X-AuditID: 12074424-f791c6d000000d25-78-54cbc4a77d8c
Received: from mailhub-auth-4.mit.edu ( [18.7.62.39]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-7.mit.edu (Symantec Messaging Gateway) with SMTP id 1C.43.03365.7A4CBC45; Fri, 30 Jan 2015 12:51:35 -0500 (EST)
Received: from outgoing-exchange-1.mit.edu (outgoing-exchange-1.mit.edu [18.9.28.15]) by mailhub-auth-4.mit.edu (8.13.8/8.9.2) with ESMTP id t0UHpZrc028193 for <oauth@ietf.org>; Fri, 30 Jan 2015 12:51:35 -0500
Received: from W92EXEDGE6.EXCHANGE.MIT.EDU (w92exedge6.exchange.mit.edu [18.7.73.28]) by outgoing-exchange-1.mit.edu (8.13.8/8.12.4) with ESMTP id t0UHpYPD024618 for <oauth@ietf.org>; Fri, 30 Jan 2015 12:51:35 -0500
Received: from OC11EXHUB12.exchange.mit.edu (18.9.3.26) by W92EXEDGE6.EXCHANGE.MIT.EDU (18.7.73.28) with Microsoft SMTP Server (TLS) id 14.3.158.1; Fri, 30 Jan 2015 12:50:38 -0500
Received: from OC11EXPO25.exchange.mit.edu ([169.254.1.131]) by OC11EXHUB12.exchange.mit.edu ([18.9.3.26]) with mapi id 14.03.0158.001; Fri, 30 Jan 2015 12:51:34 -0500
From: Zhanna Tsitkov <tsitkova@mit.edu>
To: "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: New Version Notification for draft-tsitkov-oauth-audit-02.txt
Thread-Index: AQHQN0ULH4/mvfV0/ESS10XyYDgMMJzZUAmA
Date: Fri, 30 Jan 2015 17:51:33 +0000
Message-ID: <A711FBE4-0CFC-43A8-BEAF-47FC94018CEF@mit.edu>
References: <20150123194427.30022.72182.idtracker@ietfa.amsl.com>
In-Reply-To: <20150123194427.30022.72182.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [18.101.8.86]
Content-Type: text/plain; charset="Windows-1252"
Content-ID: <FB0803B14D0F9E48A9EF473EDD16864C@exchange.mit.edu>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrBKsWRmVeSWpSXmKPExsUixG6nrrv8yOkQgwdrTCxOvn3F5sDosWTJ T6YAxigum5TUnMyy1CJ9uwSujCf7zrEULBOomDX7KFsD41TeLkZODgkBE4mes51MELaYxIV7 69m6GLk4hAQWM0l8+t3FCOFcZZR4/WEBVOY2o0T7rzVMEM52RokXJ+9BOasZJZr+NjGDDGMT UJd4vHURK4gtIqAqse/oFXYQW1jAS2Lb78VAcQ6guLfEkQf6ECVGEgen/GcDsVmAyh+2TQFr 5RWwkjjVuBTMFhJwlLi56CvYGE4BJ4nPn/6B1TMC3f391BqwH5gFxCVuPZkP9Y+gxKLZe5hh fvu36yEbhC0vMXnxbTaIegOJ9+fmM0PY9hKrXx5nhLC1JZYtfM0McYOgxMmZT1gmMErOQrJi FpL2WUjaZyFpn4WkfQEj6ypG2ZTcKt3cxMyc4tRk3eLkxLy81CJdc73czBK91JTSTYzgCHVR 2cHYfEjpEKMAB6MSD++Cp6dChFgTy4orcw8xSnIwKYnyTl57OkSILyk/pTIjsTgjvqg0J7X4 EKMEB7OSCO+USUA53pTEyqrUonyYlDQHi5I476YffCFCAumJJanZqakFqUUwWRkODiUJ3sDD QI2CRanpqRVpmTklCGkmDk6Q4TxAwzNAaniLCxJzizPTIfKnGBWlxHmTQRICIImM0jy4XlgC fcUoDvSKMO9KkCoeYPKF634FNJgJaHDg4hMgg0sSEVJSDYy1nuzL5h4TufWNcVfiiYW3boWt uWH9q82pbU2G2NS9RnVX4q58/DcrKFnwkJuK3ePjArzFrfoOwi/rgqsvGsvXpKxwdeiYc3hy k6LNoRdNKxR+twT8PD1tn/Jk5rWVy/3D/mXZVi89UnNI3EdDw5dzg1uPz/raW23uX4KStswM 2rBJqW3H57NKLMUZiYZazEXFiQBqqZ44ewMAAA==
Archived-At: <http://mailarchive.ietf.org/arch/msg/oauth/-ECVOrh6JQCO_rusekZRiQy5KPs>
Subject: Re: [OAUTH-WG] New Version Notification for draft-tsitkov-oauth-audit-02.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Jan 2015 17:51:41 -0000
Hello, I have uploaded a new revision of the Audit draft. It discusses an audit feature in OAuth 2.0 environments, namely, - the parameters that are valuable for audit purposes, - the audit log examination and querying, - audit records privacy and security. As it is currently stated in the draft, the Audit is presented as OAuth2 feature, but can be potentially extended to UMA (with much stronger emphasis on resource server’s auditability), etc. Your feedback and comments, as always, are very much appreciated. Thanks, Zhanna On Jan 23, 2015, at 2:44 PM, internet-drafts@ietf.org wrote: > > A new version of I-D, draft-tsitkov-oauth-audit-02.txt > has been successfully submitted by Zhanna Tsitkov and posted to the > IETF repository. > > Name: draft-tsitkov-oauth-audit > Revision: 02 > Title: Audit in OAuth 2.0 > Document date: 2015-01-21 > Group: Individual Submission > Pages: 7 > URL: http://www.ietf.org/internet-drafts/draft-tsitkov-oauth-audit-02.txt > Status: https://datatracker.ietf.org/doc/draft-tsitkov-oauth-audit/ > Htmlized: http://tools.ietf.org/html/draft-tsitkov-oauth-audit-02 > Diff: http://www.ietf.org/rfcdiff?url2=draft-tsitkov-oauth-audit-02 > > Abstract: > This specification is an effort to provide guidelines for > implementing the Audit functionality for OAuth 2.0 enabled > environments. The data of interest for the OAuth 2.0 audit includes > scopes, permissions, policies and other authorization and > authentication related information. It can be used by resource and > authorization servers for detecting security-related problems in real > time and fast violation response, or by government agencies and > various institutions for after-the-fact forensic and compliance > analysis. > > > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > The IETF Secretariat >
- Re: [OAUTH-WG] New Version Notification for draft… Zhanna Tsitkov