Skip to content

Commit b68c74d

Browse files
alanisaacmkedjour
authored andcommitted
docs: added meeting notes for audit logging wg track and updated charter
Signed-off-by: Alan Pinkert <apinkert@cisco.com>
1 parent dee7844 commit b68c74d

2 files changed

Lines changed: 72 additions & 2 deletions

File tree

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
# Notes
2+
3+
* Writing spec proposals: how do we do it?
4+
* Ask AGNTCY documentation group?
5+
* Start and fix it as we go!
6+
* Suggestion: legal contacts to understand more about compliance professionals
7+
* Worked on charter
8+
* What standards should we look at? Only open source or commercial as well?
9+
* What motivates these groups to want to adopt our proposals?
10+
* If we see something interesting in commercial software, is it something we are allowed to adopt / partner on?
Lines changed: 62 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,64 @@
11
# Audit Logs & Standardization
22

3-
Defining standards for audit logging to capture critical data points such as intent, tasks, delegation chains, and related metadata. This would improve transparency, accountability, and support compliance or forensic analysis.
4-
Include privacy implications on what can be captured and should not be captured. (Potential alignment with MELT-style observability and telemetry frameworks.
3+
This is the charter for the AGNTCY Identity Working Group Audit Logs & Standardization track.
4+
5+
Our goal is to define and propose enhancements for standards for audit logging to capture valuable data points in agentic workflows such as intent, tasks, delegation chains, and related metadata. This would improve transparency, accountability, and support compliance or forensic analysis.
6+
7+
## Personas
8+
9+
Our primary persona is the **security professional**. In the context of agentic workflows, they care about:
10+
* where did credentials come from,
11+
* what type of credentials are they (service account, impersonation, on behalf of),
12+
* which agent used it,
13+
* what access does it represent (resource, internal vs external),
14+
* what policies were enforced, and what was the verdict (both approved and rejected access)
15+
* who is responsible for the system(s) in question (agent, resource, credential, etc.)
16+
* and that audit logs are machine-readable, and can be fed into agentic support systems
17+
18+
A secondary persona is the **compliance professional**. In the context of agentic workflows, they care about:
19+
* are the systems involved compliant with various frameworks
20+
* what are the boundaries between internal and external systems
21+
* how is data transferred and across what geographies / jurisdictions
22+
* how are privacy and security handled in the involved systems
23+
* data retention and destruction (log storage)
24+
25+
For the scope of this working group, we are not focused on agentic workflow developers as a persona.
26+
27+
## Requirements
28+
29+
In order to best serve these target personas, standards which capture audit logs for agentic interactions should be capable of the following:
30+
31+
* Capture core attributes for agentic interactions
32+
* Capture agentic context
33+
* Agent classification (instance of agent -> type of agent)
34+
* Agentic frameworks and technologies used (LLMs, connective frameworks, etc.)
35+
* Agentic user input (prompts, documents, files)
36+
* Agentic application context (version, host, device, etc.)
37+
* Capture resource context
38+
* MCP servers and tools used
39+
* A2A agent/skills used
40+
* Shell commands used
41+
* Computer use commands
42+
* Etc.
43+
* Capture identity & authorization context
44+
* Credentials used to access resources (and type: SAML, * OAuth, API keys)
45+
* Mechanism:
46+
* Identities acting on behalf of
47+
* Delegation chains
48+
* "token exchange" of various forms
49+
* Impersonation
50+
* Policy decisions
51+
* Agentic identifiers (verifiable credentials, e.g.)
52+
* Capture non-functional characteristics of interactions
53+
* Duration
54+
* Errors
55+
* Flexibility to capture additional key/value attributes
56+
* Traceability ... can connect multiple events within:
57+
* a user session using an agent
58+
* the lifecycle of an agent
59+
* the same authorization session to one or more resources
60+
* a single request transversing a web of interconnected systems (e.g. distributed tracing)
61+
* Privacy & Security
62+
* Privacy preserving (when needed)
63+
* Does not log sensitive information (no credential leakage, e.g.)
64+
* Compliance status (e.g. list the compliance status of X system in a multi-agent system)

0 commit comments

Comments
 (0)