Audit events

Registered by xingzhou on 2013-05-09

In order to properly audit the access or management of data or workloads governed by a cloud platform, regardless of industry (e.g. Banking, Financial, Healthcare, etc.) or compliance regulations (e.g. Basil, SSAE16, HIPAA, ISO 27000, etc.), all low-level security decisions based upon security identities and policies (including access control groups management and administrator/privileged actions) need precise audit information to be recorded.

Ceilometer has recently added support for standardized auditing of external OpenStack APIs using the DMTF Cloud Audit Standard ( http://dmtf.org/sites/default/files/standards/documents/DSP0262_1.0.0b.pd ). Here we leverage this work to add internal auditing of keystone authentication operations.

More information on Ceilometer's standards auditing support can be found at https://wiki.openstack.org/wiki/Ceilometer/blueprints/support-standard-audit-formats#Provide_support_for_auditing_events_in_standardized_formats

More details from the icehouse design summit on this feature can be found at https://etherpad.openstack.org/p/icehouse-auditing

Blueprint information

Status:
Complete
Approver:
Dolph Mathews
Priority:
Medium
Drafter:
xingzhou
Direction:
Needs approval
Assignee:
Brad Topol
Definition:
New
Series goal:
Accepted for icehouse
Implementation:
Implemented
Milestone target:
milestone icon 2014.1
Started by
Dolph Mathews on 2014-01-25
Completed by
Dolph Mathews on 2014-02-18

Related branches

Sprints

Whiteboard

@Dolph, just noticed that the status of this blueprints has been updated, I've assigned myself as the this blueprint's assignee, I noticed that also in Ceilometer, there already a standard audit format blueprint which supports CADF format is under implementation(https://blueprints.launchpad.net/ceilometer/+spec/support-standard-audit-formats), and I think this blueprint can be co-work with this one
                                                                             xingzhou

xingzhou, please work with Brad Topol, who helped get CADF support into ceilometer and has just started the effort to integrate CADF into keystone in the first patchset below. We're looking to land this in icehouse and only have until February 18th to do so, so your assistance is much appreciated! Thanks, -Dolph

relevant summit etherpad- https://etherpad.openstack.org/p/icehouse-auditing

Gerrit topic: https://review.openstack.org/#q,topic:bp/audit-event-record,n,z

Addressed by: https://review.openstack.org/69632
    Adds Cloud Audit (DMTF CADF) Support for keystone authentication

(?)

Work Items

Dependency tree

* Blueprints in grey have been implemented.

This blueprint contains Public information 
Everyone can see this information.