Logging and auditing relationship with your security/auditors
cantor.2 at osu.edu
Mon May 18 21:04:35 UTC 2020
On 5/18/20, 4:49 PM, "users on behalf of Mak, Steve" <users-bounces at shibboleth.net on behalf of makst at upenn.edu> wrote:
> I'm curious what sorts of things the other universities are doing with their IdP to address the auditing needs of their
My audit log format is quite extensive, the V4 defaults are close to, though not exactly, what I had been doing. The V3 defaults are awful, they were based on V2, which was not well-thought out from a deployer's perspective.
I have gradually added more and more to the log as use cases arose, and virtually all of them are out of the box options now. I still have some custom extractors that pull actual data out of attributes and include a form of them in the audit records (e.g. I log abbreviations for affiliation, department ID, and IDM assigned ID number).
I of course have no idea what Cosign does so I can't comment.
More information about the users