Hello, I have uploaded a new revision of the Audit draft. It discusses an audit feature in OAuth 2.0 environments, namely, - the parameters that are valuable for audit purposes, - the audit log examination and querying, - audit records privacy and security. As it is currently stated in the draft, the Audit is presented as OAuth2 feature, but can be potentially extended to UMA (with much stronger emphasis on resource server’s auditability), etc.
Your feedback and comments, as always, are very much appreciated. Thanks, Zhanna On Jan 23, 2015, at 2:44 PM, internet-dra...@ietf.org wrote: > > A new version of I-D, draft-tsitkov-oauth-audit-02.txt > has been successfully submitted by Zhanna Tsitkov and posted to the > IETF repository. > > Name: draft-tsitkov-oauth-audit > Revision: 02 > Title: Audit in OAuth 2.0 > Document date: 2015-01-21 > Group: Individual Submission > Pages: 7 > URL: > http://www.ietf.org/internet-drafts/draft-tsitkov-oauth-audit-02.txt > Status: https://datatracker.ietf.org/doc/draft-tsitkov-oauth-audit/ > Htmlized: http://tools.ietf.org/html/draft-tsitkov-oauth-audit-02 > Diff: http://www.ietf.org/rfcdiff?url2=draft-tsitkov-oauth-audit-02 > > Abstract: > This specification is an effort to provide guidelines for > implementing the Audit functionality for OAuth 2.0 enabled > environments. The data of interest for the OAuth 2.0 audit includes > scopes, permissions, policies and other authorization and > authentication related information. It can be used by resource and > authorization servers for detecting security-related problems in real > time and fast violation response, or by government agencies and > various institutions for after-the-fact forensic and compliance > analysis. > > > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org. > > The IETF Secretariat > _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
