File tree Expand file tree Collapse file tree
docs/contribute/wip/5_Audit_Logs_Standardization/meeting_notes Expand file tree Collapse file tree Original file line number Diff line number Diff line change 1+ # Notes
2+
3+ * Frameworks
4+ * AGNTCY Observe
5+ * Still needs user context
6+ * OpenTelemetry
7+ * How the above two are related / overlapping?
8+ * OASF / OCSF
9+ * Homegrown systems?
10+ * What vs how?
11+ * Are we focused only on identity or the whole thing?
12+ * User context: whether the agent is acting on behalf of a user (delegation, impersonation)
13+ * Privacy? Set aside for now, bring it in later
14+ * Comparison to “normal” distributed systems
15+ * Deterministic vs stochastic
16+ * Why was the path chosen? What other paths could have been taken?
17+ * Problems we’re trying to solve
18+ * What are we expecting?
19+ * Capturing identity context
20+ * Capturing authorization context (was it OAuth? SAML? API token?)
21+
22+ Documents reviewed:
23+ * https://opentelemetry.io/docs/specs/semconv/gen-ai/gen-ai-spans/
24+ * Seems like Otel’s conventions plus attributes to help record ` slim ` ?
25+ * https://diforum.community/posts/trust-frameworks-for-ai-agents-traceability
26+ * https://github.com/agntcy/observe/tree/main/schema
27+
28+ Action Items:
29+
30+ * Jim: NIST controls
31+ * Alan: make a spreadsheet of frameworks and perform a gap assessment (check if there are already extensions)
32+ * Alan: create a list of problems we’re trying to solve / capabilities we expect the framework to have
33+ * Mohamed: Talk to Outshift folks working on Observe
34+ * Mohamed: Test AGNTCY observe SDK for auditing capabilities
You can’t perform that action at this time.
0 commit comments