search

eiffel-community / eiffel

The Eiffel framework vocabulary, descriptions, guides and schemas along with links to relevant implementation repositories.
Apache License 2.0
121 stars 59 forks source link

ActF/TCF/TSF should include digest of persistent log contents #358

Closed magnusbaeck closed 3 weeks ago

magnusbaeck commented 1 year ago

Description

Just like ArtC can include the digest of the artifact files to enable detection of tampering (via data.fileInformation.integrityProtection), it should also be possible to include the digest of the persistent logs announced in ActF, TCF, and TSF (e.g. data.persistentLogs.integrityProtection).

If implemented, we should probably define a new struct type (like EiffelMetaProperty and EiffelEventLink) for the integrityProtection members to reduce duplication and enable nicer SDKs.

Motivation

Activity logs could contain audit information or similar where it's vital that tampering (or corruption) is detected. Right now the only way of using Eiffel to convey that information is to expose the logs as artifacts, and while that's not completely unreasonable, we already provide a standard mechanism for exposing activity logs and it would be a pity to not support this use case.

Exemplification

N/A

Benefits

Allow detection of tampering or corruption of activity logs (if that information is provided by the publisher).

Possible Drawbacks

None.

m-linner-ericsson commented 1 year ago

Sounds like an reasonable idea. We do have the same type of logs in TCF and TSF, should we add it for those events also?

magnusbaeck commented 1 year ago

Ah, right. Forgot about those. Yes, definitely. And that makes the case for a new struct type even stronger.