[openstack-dev] [Oslo] Bringing audit standards to Openstack

Gordon Chung chungg at ca.ibm.com
Thu Jul 4 20:50:17 UTC 2013



hi Folks,

just wanted to bring everyone's attention to this blueprint we have in
Ceilometer:
https://blueprints.launchpad.net/ceilometer/+spec/support-standard-audit-formats
 (detailed bp:
https://wiki.openstack.org/wiki/Ceilometer/blueprints/support-standard-audit-formats#Provide_support_for_auditing_events_in_standardized_formats
 )

as a little background, there are many projects that use Ceilometer to
track usage information for statistical usage analysis and billing.  these
projects are seeing similar auditing requirements which are missing
currently.  the above blueprint's proposal is to add support for auditing
APIs access using the Distributed Mgmt. Task Force?s (DMTF) ?Cloud Audit?
standard (CADF).  you can read further into the spec via the latest public
draft here:
http://dmtf.org/sites/default/files/standards/documents/DSP0262_1.0.0a_0.pdf
 but to highlight the standard, it is an open standard developed by
multiple enterprises -- IBM, NetIQ, Microsoft, VMware, and Fujitsu to name
a few.  Also, the model is regulatory compliant (e.g. PCI-DSS, SoX, ISO
27017, etc.) and extensible so it should adapt to a broad range of uses.

initially, we drafted this to be part of Ceilometer but as we've worked
through it, we've noticed it is applicable in multiple projects. during the
course of our discussions with Keystone developers to assure we were
recording the correct data for audit, we found that Keystone itself had a
blueprint to add notifications and log audit data for their APIs:
https://blueprints.launchpad.net/keystone/+spec/notifications.

i thought i'd present this on the mailing list to gather feedback on the
idea of adopting CADF and discuss possibly its inclusion in Oslo so that
all the projects can use the same open standard when capturing events.

cheers,

gordon chung

openstack, ibm software standards
email: chungg at ca.ibm.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130704/a98e068e/attachment.html>


More information about the OpenStack-dev mailing list