[TSG-Access-RD] Data Transport/Storage and Audit
Andrew Newton
andy at hxr.us
Tue Jan 8 19:07:20 UTC 2019
On the agenda for the F2F next week, there is a section titled "Data
Transport/Storage and Audit".
The following are the items:
1. For queries that are required to be logged, how would a
specification allow choices on who would log such queries and how such
logging could be done?
2. How could a query that is required not to be logged be identified as such?
3. How could access be provided to authorized parties when it is
decided who/how/when logs may be accessed?
To jump start that part of our discussion and because engineers gotta
engineer, I'd like to suggest we consider the following:
For the second part of question 1 ("how such logging could be done"),
I recommend using Json Lines (http://jsonlines.org/) as the format.
This gives us extensibility in a format where each logged query can
simply be appended to the file. It also doesn't require the receiver
to use a pull parser. Even a bash script and a few utilities can break
down the file.
For question 3, I propose that the files be made available on a web
site, and they be PGP encrypted. Therefore access to the information
can be granted via key distribution.
-andy
More information about the TSG-Access-RD
mailing list