Decision #212
What level of logging information should be available to whom
100%
Description
Previous discussions have indicated that the owner of an object should be able to at least see the logs for access to that object. This is generally reasonable, but there are privacy issues that need to be addressed. What level of logging? Should the owner always be able to see, for example, the username/IP address of all read operations for that object, or simply the number of times it was accessed?
Given that the 0.3 implementation has no authentication, we cannot have authenticated log access, so owners in that sense can't have access to the log information for only their objects. And there are definitely privacy implications to having log file information publicly readable
History
#1 Updated by Matthew Jones almost 15 years ago
I added an initial draft of a logging schema description to the system architecture documents. See:
I also added example instance documents to the schemas directory. See:
https://repository.dataone.org/software/cicore/trunk/schemas/log_instance_example.xml