Enable audit
To chronicle the history of policy and its violations, Congress should persistently log pertinent information. Ideally this would include
- policy violations
- changes in the policy definitions
- changes in the data
- the actions that were executed
One option for adding this functionality is to create a new node on the DSE bus that subscribes to all policy violation tables, all policy changes, all changes in table data, and all actions that are executed, and then log all received messages to disk. That sequence of messages allows an auditor to ask at any point in time what all the violations were by running the log forward.
The downside to this option is that everything that was auditable would need to be messaged using pub/sub instead of RPC, e.g. API calls that modify policy and action execution. This is unnatural because RPC calls typically require a response (e.g. the policy engine might reject a policy modification, and the action execution could cause an error). The audit-module would need to understand the meaning of those responses.
Another option is to log all of that same information from within the policy engine itself. The drawback is that auditing would be ingrained within the policy engine. The benefit is that the rest of the system would function naturally.
Blueprint information
- Status:
- Not started
- Approver:
- Tim Hinrichs
- Priority:
- Medium
- Drafter:
- Tim Hinrichs
- Direction:
- Approved
- Assignee:
- None
- Definition:
- Approved
- Series goal:
- None
- Implementation:
-
Not started
- Milestone target:
- None
- Started by
- Completed by
