[Standards] eventlogging xeps

Teemu Väisänen uolevi at gmail.com
Wed Dec 11 08:29:00 UTC 2013


Yes, it is better now.

-Teemu

2013/12/10 Peter Waher <Peter.Waher at clayster.com>:
> Hello Teemu
>
> Thanks for the feedback. The description in §7.3.2 was perhaps a bit minimalistic. I extended it as follows:
>
> Event messages could be published using Publish-Subscribe. Unless there's absolute control of who can subscribe to the information published in this manner, the information should be considered open and freely available. In such cases extra care should be taken to not publish information of a sensitive nature, or information that can be mined for information, behavior patterns, trends, etc., that can be viewed as being of a sensitive nature. If there's a risk that either absolute control cannot be achieved and information is of a sensitive nature, this pattern should be avoided.
>
> Ok?
>
> Best regards,
> Peter Waher
>
>
> -----Original Message-----
> From: Teemu Väisänen [mailto:uolevi at gmail.com]
> Sent: den 10 december 2013 14:37
> To: XMPP Standards; Peter Waher
> Subject: Re: [Standards] eventlogging xeps
>
> Hi Peter.
>
> Section 7.3.2 Publish/Subscribe describes: "Event messages could be published using Publish-Subscribe. But, even more care should be taken to log only information that can be published openly. If there's risk for sensitive information to be logged, the publish/subscribe pattern should be avoided."
>
> If information is sensitive, the information should not be logged, as said in 7.2. Do you mean that if sensitive information is still sent using pubsub, there are more actors (pubsub server, subscribers) that might log and/or leak the sensitive information and because of that the pubsub pattern should be avoided?
>
> Would it be wise to move the second line "But, even more care should be taken to log only information that can be published openly.", e.g., to section 7.2. because it relates also to other cases than pubsub?
>
> Could the last sentence be something more like: "If there's risk for sensitive information to be logged, the publish/subscribe pattern should be avoided in systems that contain any not trusted or any uncontrolled actors." That is because we could have a setup where we have a trusted pubsub server and we log (also) sensitive information in several trusted subscribers/loggers.
>
> BR, Teemu
>
> -----
> No virus found in this message.
> Checked by AVG - www.avg.com
> Version: 2014.0.4259 / Virus Database: 3658/6904 - Release Date: 12/09/13



More information about the Standards mailing list