Public bug reported: When enabling CADF notifications, each event notification contains an initiator object, this object contains an id, typeuri, project_id, etc. This notification is useful for auditors to determine who has authenticated and/or what action a user has performed.
The various examples in the OpenStack CADF standard[0] show a user name as part of the initiator, however most notifications only contain the user_id. For deployments that contain non-local users, this only provides a UUID as the user_id, and it is not immediately clear which user performed an action. Additional work has to be done, either manually or via an alerting process to query each user_id against keystone to determine which user performed what action. To better conform to the standard[0], keystone should be including usernames as part of the initiator object. [0] https://www.dmtf.org/sites/default/files/standards/documents/DSP2038_1.1.0.pdf#page=12 ** Affects: keystone Importance: Undecided Status: New ** Tags: notifications ** Summary changed: - CADF Notifications are missing user name in initiator + CADF Notifications are missing user name in initiator object -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1856904 Title: CADF Notifications are missing user name in initiator object Status in OpenStack Identity (keystone): New Bug description: When enabling CADF notifications, each event notification contains an initiator object, this object contains an id, typeuri, project_id, etc. This notification is useful for auditors to determine who has authenticated and/or what action a user has performed. The various examples in the OpenStack CADF standard[0] show a user name as part of the initiator, however most notifications only contain the user_id. For deployments that contain non-local users, this only provides a UUID as the user_id, and it is not immediately clear which user performed an action. Additional work has to be done, either manually or via an alerting process to query each user_id against keystone to determine which user performed what action. To better conform to the standard[0], keystone should be including usernames as part of the initiator object. [0] https://www.dmtf.org/sites/default/files/standards/documents/DSP2038_1.1.0.pdf#page=12 To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1856904/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
