OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

id-cloud message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Gap Analysis Use Case 3: Identity Audit


---

This discussion thread is to start an on-list discussion on the Gap Analysis
of individual use cases. Use case numbers refer to the use cases as
described in the 'OASIS Identity in the Cloud TC Use Cases' Version 1.0,
Working Draft 02, 15 December 2011, which is available at
http://www.oasis-open.org/committees/document.php?document_id=44915&wg_abbre
v=id-cloud

The information below describes the current state. You are invited to
respond on-list to this thread with any comments, insights, additions, etc.
All input will be gathered from the list and consolidated into the next
revision of the Gap Analysis document.

---

Use Case 3: Identity Audit

Short description:
Feature the importance of auditing/logging of sensitive operations performed
by users and administrators in the cloud.

Relevant applicable standards:
- CloudAudit

Analysis notes:
- When speaking about auditing, we need to be clear on what type of
auditing, e.g. technical, business, policy, etc. 
- Policy auditing: notion of trying to show there is a relation between
policies.

Possible GAPs identified:

The following possible GAPs have been identified:
- No real standards on auditing for the cloud space; applicable to all
auditing elements in use cases so far.

---



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]