Logging and auditing relationship with your security/auditors

[Cantor, Scott]

On 5/18/20, 4:49 PM, "users on behalf of Mak, Steve" <users-bounces at shibboleth.net on behalf of makst at upenn.edu> wrote:

> I'm curious what sorts of things the other universities are doing with their IdP to address the auditing needs of their
> organization.

My audit log format is quite extensive, the V4 defaults are close to, though not exactly, what I had been doing. The V3 defaults are awful, they were based on V2, which was not well-thought out from a deployer's perspective.

I have gradually added more and more to the log as use cases arose, and virtually all of them are out of the box options now. I still have some custom extractors that pull actual data out of attributes and include a form of them in the audit records (e.g. I log abbreviations for affiliation, department ID, and IDM assigned ID number).

I of course have no idea what Cosign does so I can't comment.

-- Scott