1. The Purpose of Open XDAS
  2. Compliance
    1. Auditing
      1. Past Compliance
      2. Future Compliance
  3. A Standards-Based Approach
    1. The Software
    2. A Widely Used Wire Format
  4. Frequently Asked Questions

The Purpose of Open XDAS

Novell has a world-class auditing infrastructure, so why is Novell doing an open source project for compliance auditing? We're glad you asked. There are three key facts that are critical to the answer:

  1. Compliance and auditing is a big deal today, and all the signs indicate that it's going to become a far bigger deal in the near future.
  2. Enterprise software is moving more and more each year into the open source world. Given the amount and general quality of open source software available for the enterprise today, prudence demands that IT folks at least check into it before making a major software infrastructure decision. If they're looking, they're consuming.
  3. There is currently no other general purpose open source auditing framework available. Existing frameworks are special purpose. We wanted to create something that anyone could use to instrument their apps (open source or otherwise) for audit records. With our common, standards-based event taxonomy, back-end collector and analysis tools can use anyone's data effectively.

These three facts combine to indicate that there is an incredible market opportunity for Novell and other potential audit service providers. By creating an open source framework for auditing, and by instrumenting other key frameworks for audit logging (eg., the Bandit project Authorization interface), Open XDAS is positioned to become the key audit instrumentation API for third-party, high-performance, back-end service providers (Novell Sentinel, for example).

While Open XDAS, coupled with existing free data stores, provides a complete solution, it is a minimal solution - more than adequate for open source projects, and small shops. A corporation, intent on ensuring the integrity of its audit log, and wanting a fully featured back-end and better analysis tools will require a much more robust and feature-rich back-end solution, such as Novell's Sentinel product - to which this framework will happily send audit events, if configured to do so.

Because the Open XDAS project is open source, however, there are no limitations on who can provide back-end services and analysis tools.

Compliance

Enterprise Corporate Governance Compliance can be considered in terms of "past compliance" (did we comply with governance requirements in the past?), and "future compliance", also known as "what if" scenarios (what if user "John" was asked to perform a certain specific task?).

Auditing

While it may seem advantageous to create a system that can check everyone against everything possible, this is not, in fact, how audits generally work. A typical auditor will do just as the above scenario implies - check a relatively small sampling of identities against several possibilities. If the system seems to be covering all bases without problems, the auditor assumes that all possible such checks will work correctly.

Past Compliance

Past compliance involves primarily logging audit records and then providing good tools to dredge these records looking for compliance deviations. If none are found, the logged entity is considered "in compliance" with corporate governance standards and regulations with respect to past performance - at least within the small realm we just confirmed.

Future Compliance

Future compliance is more difficult. Applications that log audit records must be written with the ability to handle "effective rights" requests. This amounts to calculating the outcome of a request without actually performing the request. The results (success, or access denied failure) are returned to the caller without actually performing the request.

A Standards-Based Approach

The keystone of Bandit component design is open standards, and Open XDAS is no exception. Audit records are not useful if the event record format is not widely accepted as reasonable, flexible and complete, and yet another wire protocol is the last thing the world needs today. This is not to say that new wire protocols aren't helpful, but consuming an existing, widely-deployed protocol just makes everyone's lives easier.

The Software

Bandit has adopted the OpenGroup Distributed Auditing System (XDAS) as the standard upon which to build a world-class software audit instrumentation library. The software development project, hosted by SourceForge.net, is called OpenXDAS.

A Widely Used Wire Format

The OpenXDAS library will translate instrumention API calls into payloads with a standard XDAS format within network messages. These messages, sent to logging servers on the network, will be in the form of syslog wire protocol (RFC 3195) messages. A good set of references to free syslog servers is available on the syslog Wikipedia web page.

Frequently Asked Questions

Answers to frequently asked questions about Bandit and Open XDAS may be found here.