davidlago
commented
1 year ago We need to better understand what compliance requirements look like around these new use cases.
Open RyanL1997 opened 1 year ago
davidlago
commented
1 year ago We need to better understand what compliance requirements look like around these new use cases.
peternied
commented
1 year ago Cannot make progress on this item until [1] is resolved
davidlago
commented
1 year ago Resolving https://github.com/opensearch-project/security/issues/3098, but removing triaged label from this issue to signal that requirements are still needed in its description.
setiah
commented
1 year ago This seems to be coming from Extensions and not a standalone user request. @dagneyb if you have an opinion from extensions pov. I suggest starting with basic auditing support on token usage. Some ideas below -
We can evolve this in future as we get more incremental user feedback around this.
peternied
commented
1 year ago @RyanL1997 from what @setiah has added here, I think adding an audit category, and then adding another task for the documentation and what we have above should be all we need. What do you think?
If you think so can you update this issue and the related issues?
stephen-crawford
commented
1 year ago [Triage] Just following up @RyanL1997. Thank you!
stephen-crawford
commented
1 year ago [Triage] Hi @RyanL1997, please add information for the exit criteria of this issue and then assign the triaged label.
RyanL1997
commented
1 year ago Hi @scrawfor99, I just added the exit criteria of this issue.
Description
After the JwtVendor has generated an OBO token, it's essential that we link the audit log to track its usage, along with any specific information pertaining to this token.
Some of the information that should be traceable:
Exit Criteria