| Thread Previous • Date Previous • Date Next • Thread Next |
Public bug reported:
When enabling CADF notifications, each event notification contains an
initiator object, this object contains an id, typeuri, project_id, etc.
This notification is useful for auditors to determine who has
authenticated and/or what action a user has performed.
The various examples in the OpenStack CADF standard[0] show a user name
as part of the initiator, however most notifications only contain the
user_id. For deployments that contain non-local users, this only
provides a UUID as the user_id, and it is not immediately clear which
user performed an action. Additional work has to be done, either
manually or via an alerting process to query each user_id against
keystone to determine which user performed what action.
To better conform to the standard[0], keystone should be including
usernames as part of the initiator object.
[0]
https://www.dmtf.org/sites/default/files/standards/documents/DSP2038_1.1.0.pdf#page=12
** Affects: keystone
Importance: Undecided
Status: New
** Tags: notifications
** Summary changed:
- CADF Notifications are missing user name in initiator
+ CADF Notifications are missing user name in initiator object
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1856904
Title:
CADF Notifications are missing user name in initiator object
Status in OpenStack Identity (keystone):
New
Bug description:
When enabling CADF notifications, each event notification contains an
initiator object, this object contains an id, typeuri, project_id,
etc. This notification is useful for auditors to determine who has
authenticated and/or what action a user has performed.
The various examples in the OpenStack CADF standard[0] show a user
name as part of the initiator, however most notifications only contain
the user_id. For deployments that contain non-local users, this only
provides a UUID as the user_id, and it is not immediately clear which
user performed an action. Additional work has to be done, either
manually or via an alerting process to query each user_id against
keystone to determine which user performed what action.
To better conform to the standard[0], keystone should be including
usernames as part of the initiator object.
[0]
https://www.dmtf.org/sites/default/files/standards/documents/DSP2038_1.1.0.pdf#page=12
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1856904/+subscriptions
| Thread Previous • Date Previous • Date Next • Thread Next |
