Please note: This schedule is for OpenStack Active Technical Contributors participating in the Icehouse Design Summit sessions in Hong Kong. These are working sessions to determine the roadmap of the Icehouse release and make decisions across the project. To see the full OpenStack Summit schedule, including presentations, panels and workshops, go to http://openstacksummitnovember2013.sched.org.
Discuss designs for auditing Notifications for Low-Level Authentication, Authorization and Policy Decisions
In order to properly audit the access or management of an data or workload governed by a cloud platform, regardless of industry (e.g. Banking, Financial, Healthcare, etc.) or compliance regulations (e.g. Basil, SSAE16, HIPAA, ISO 27000, etc.), all low-level security decisions based upon security identities and policies (including access control groups management and administrator/privileged actions) need precise audit information to be recorded. Ceilometer has recently added support for standardized auditing of external OpenStack APIs which can leveraged for internal auditing of such critical security events. However, these API records need to be correlated to the "control" decisions made by Keystone that the API access decision was based upon.
