Date: Thu, 28 Mar 2024 09:15:00 +0000 (UTC) Message-ID: <891119998.5508.1711617300531@fra-prod-wiki01.geant.org> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_5507_199968050.1711617300522" ------=_Part_5507_199968050.1711617300522 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
F-Tic=
ks - A Federation Log Format.htm (F-Ticks - A Federation Log Format
4.Common F-ticks Attributes= span>
In general a log consumer should not = assume that any one attribute is present. Depending on the situation any on= e of these (or any other defined attributes) may be missing from an F-ticks= message.
4.1. REALM
The REALM attribute is used to convey= the AAA-realm (eg RADIUS) of the authentication event. The presence of the= REALM attribute implies that the message was generated by a AAA-based iden= tity provider.
4.2. VISCOUNTRY
The ISO country code of the entity th= at generated the log messages.
4.3. VISINST
TODO
4.4.= CSI
The Calling Station ID of the subject= associated with the authentication event. The presence of this attribute i= mplies that the message was generated by an AAA-based identity provider.
4.5. RESULT
The success-state of the event - eith= er 'OK' or 'FAIL'. For identity providers, this implies that a successful a= uthentication request was returned to a relying party. For relying parties = it means a successful authentication response was received from an identity= provider.
4.6. RP
Relying Party identifier. A string un= iquely identifying the relying party involved in the authentication event. = This is typically a URI and will often be technology-dependent. Implementat= ions should expect and be able to process any string.
4.7. AP
Asserting party identifier - often an= identity provider. A string uniquely identifying the party making the clai= m towards the relying party. For an authentication event this is the identi= ty provider. This is typically a URI and will often be technology-dependent= . Implementations should expect and be able to process any string.= p>
4.8. TS
A POSIX timestamp (aka unix time) ass= ociated with the authentication event. If this attribute is absent the cons= umer MAY choose to use a timestamp provided by the log message system (eg s= yslog) instead.
4.9. AM
Authentication Method identifier. Thi= s is normally a URI that identifies the type of authentication that was use= d. Values may be technology-dependent.
4.10. AL
Assurance Level Identifier. This is n= ormally a URN that identifies the level of assurance (aka LoA) that was ass= ociated with the security association event. Level of assurance identifiers= SHOULD be registered according to RFC6711 [RFC6711] and= SHOULD NOT be technology-dependent. If registered identifiers are used, th= eir short form may be used depending on the underlying technology used. Lon= g-form (URI) and short-form level-of assurance identifiers are equivalent.<= /span>
4.11. PN
A unique identifier for the subject i= nvolved in the event.
An F-ticks log message is a text string that fulfills the following ABNF [RFC5234]:
fticks =3D "F-TICKS/" federation-identifier "/" version attribute-list label =3D 1*( ALPHA / DIGIT / '_' / '-' / ':' / '.' / ',' / ';') federation-identifier =3D label version =3D label attribute-list =3D 1*("#" attribute "=3D" value ) "#" value =3D label attribute =3D 1*( ALPHA / DIGIT )
The federation-identifier and version can be used by federations and oth= er communities to indicate the type of attributes used. This document does = not describe any mandatory attributes but instead provides a list of attrib= utes in use in various communities today.
Future versions of this document may want to define an IANA registry for= f-tick attribute definitions.
Because of size constraints common to several log systems it is expected= that f-ticks attributes are kept short.
F-TICKS/<federation-id>/1.0#AP=3D<SAML-IdP-entityID>#RP=3D= <SAML-SP-entityID>#RESULT=3D<authentication-result-code>#CSI=3D= <SAML-session-id-hash>#PN=3D<pseudonymised-userid>#TS=3D<tim= estamp>