Skip to content

Commit c11ff92

Browse files
committed
docs: added meeting notes for audit logging wg track
Signed-off-by: Alan Pinkert <apinkert@cisco.com>
1 parent 0368c48 commit c11ff92

1 file changed

Lines changed: 51 additions & 0 deletions

File tree

  • docs/contribute/wip/5_Audit_Logs_Standardization/meeting_notes
Lines changed: 51 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,51 @@
1+
# Notes
2+
3+
* Reviewed last session’s meeting notes
4+
* Reviewed auditing requirements document
5+
* Privacy & Security
6+
* Compliance frameworks are interesting
7+
* We should focus on areas where no one is working
8+
* Identity & AuthZ
9+
* Biggest challenge at the conference was “acting on behalf-of”
10+
* Many are doing impersonation (hand your personal creds to the agent)
11+
* Delegation chains (agent inheriting two roles)
12+
* Example: order a new laptop
13+
* Finance agent needs to check budget and need to check the employee’s context
14+
* In the end, it’s still token exchange
15+
* Customer conversations?
16+
* Who is using MAS systems and can we ask about their use cases
17+
* Action Item: Julu + Chun set up conversation with users
18+
* Action Item: are there any customers worried about compliance with AI acts?
19+
* The rest of the meeting focused on a discussion of use cases and personas. Here's what the group came up with for personas:
20+
21+
* Personas
22+
* Higher priority - Identity
23+
* Security Professionals
24+
* Cares about:
25+
* where did credentials come from,
26+
* what type of credentials are they (service account, impersonation, on behalf of),
27+
* which agent used it,
28+
* what access does it represent (resource, internal vs external),
29+
* what policies were enforced, and what was the verdict (both approved and rejected access)
30+
* who is responsible for the system(s) in question (agent, resource, credential, etc.)
31+
* audit logs are machine-readable, can be fed into agentic support systems
32+
* Support Teams (audit-logs-as-training-data)
33+
* Compliance Professionals
34+
* Cares about:
35+
* are the systems involved compliant with various frameworks
36+
* what are the boundaries between internal and external systems
37+
* how is data transferred and across what geographies / jurisdictions
38+
* how are privacy and security handled in the involved systems
39+
* data retention and destruction (log storage)
40+
* Lower priority (not a part of the identity working group)
41+
* Agent and Agentic Resource Developers
42+
43+
# Action Items
44+
45+
1. Continue nailing down persona / use cases
46+
1. Ask Jim about the Support Team persona
47+
2. Julu + Chun set up conversation with folks with Multi-Agent Systems
48+
3. General call: are there any practitioners worried about compliance with AI acts?
49+
2. What are the data points that we need recorded
50+
3. Look at existing standards & frameworks, compare to 2. above
51+
4. Converge: pursue these tracks

0 commit comments

Comments
 (0)