Anonymous_User Absent Member.
Absent Member.
325 views

taxonomy for user logins

Hi,

According to http://www.novell.com/developer/sentinel_taxonomy.html we
have:

- Create a user session: The establishment of a processing environment to
service an end user, e.g. authentication or logging in
- Authenticate user: In most cases this is part of the login process, but in
some environments the authentication happens separately from the creation of
the session.

Now if we have an application that generates authentication events (LOGIN)
separately from session creation events (CONNECT), an XDAS_AE_CREATE_SESSION
event with an outcome of XDAS_OUT_SUCCESS does not necessarily mean that a
user logged in successfully. That kind of defeats the use of a taxonomy to
specify queries in a device independent fashion.

So what would be the correct taxonomy to query for all successful user
logins?

Norbert
0 Likes
2 Replies
Anonymous_User Absent Member.
Absent Member.

Re: taxonomy for user logins


Really? I would think that a user has to successfully pass
authentication before a session would be created for that user. Once the
session is established successfully, I would assume that the user has
successfully "logged in" in colloquial terms. If you know of a system
that creates sessions for users before they've authenticated, I'd think
that system is pretty fundamentally broken!


--
DCorlette
------------------------------------------------------------------------
DCorlette's Profile: http://forums.novell.com/member.php?userid=4437
View this thread: http://forums.novell.com/showthread.php?t=442339

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: taxonomy for user logins

>>> On 28.07.2011 at 04:56, DCorlette<DCorlette@no-mx.forums.novell.com>
wrote:

> Really? I would think that a user has to successfully pass
> authentication before a session would be created for that user. Once the
> session is established successfully, I would assume that the user has
> successfully "logged in" in colloquial terms. If you know of a system
> that creates sessions for users before they've authenticated, I'd think
> that system is pretty fundamentally broken!
>


That depends on how you define "session" in this context. If you think
creating a TCP session, a Java HttpSession or forking a worker process, then
that will happen before authentication.

My main problem is that I don't see the pattern, how collectors use these
two taxonomies: Going by the description, normally authentication should be
XDAS_AE_CREATE_SESSION. Only if "authentication happens separately from the
creation of the session" and a separate event is generated for that, then
that is event should be classified as XDAS_AE_AUTHENTICATE_ACCOUNT.
So we should have either
- one XDAS_AE_CREATE_SESSION event or
- first an XDAS_AE_AUTHENTICATE_ACCOUNT event and then an
XDAS_AE_CREATE_SESSION event.

Doing a quick grep on taxonomy.map files, the following collectors generate
*only* XDAS_AE_AUTHENTICATE_ACCOUNT events, which should not happen:

CA_SiteMinder_6.1r1
Cisco_Security-Agent_6.1r2
IBM_DB2_6.1r2
McAfee_Firewall-Enterprise_6.1r1
McAfee_Network-Security-Platform_6.1r2
McAfee_VirusScan-Enterprise_6.1r2
Microsoft_DHCP_6.1r1
Microsoft_ISA-Server_6.1r1
Novell_Access-Governance-Suite_6.1r1
Novell_iManager_6.1r4

Norbert
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.