[stork-users] UC7 - Audit, Stork Configuration Management

[Buclin, Bertrand]

Hi,

Good to see progress on Stork as a configuration agent for Kea. A few additional requirements/suggestions to make this operationally more attractive:


  *   We should be able to integrate Stork in a Single Sign-On environment (like OAuth) to facilitate role administration and designate who is entitled to make changes vs who has “read-only” access, or simply operational access to Stork. It is OK to implement this role management in Stork only, and have Stork use its own credential to authenticate with the Kea server that are different than the Stork’s user credentials.
  *   Any change pushed from Stork to Kea should be traceable and auditable (as mentioned in UC7), so that one can find out who did what, when and how, and a historical log can be kept for as long as the Stork administrator would like to (and that Stork administrator would be a different role than the Kea “configurator” role). However, to keep things manageable, it should be possible to “baseline” a given configuration state, meaning that once baselined, incremental changes keep being logged, but the material from before that “baselining” is archived and can’t be reverted to anymore, even if the log/audit trail is still available for one to view what was previously done.
  *   The audit trail should have its own access control, allowing a user to read the trail or not, depending on whether that user has the appropriate role.

Regards,

Bertrand Buclin
Director, Access Technology Management
Global Connectivity Management

AT&T Global Network Services (Switzerland) Sàrl
m +41 79 333 0020 | bbuclin at att.com<mailto:bbuclin at att.com>
Buclin, Bertrand
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/stork-users/attachments/20220302/b814444b/attachment-0001.htm>