An Audit Service is an architectural building block of the EIRA Technical view - application supporting the Technical interoperability layer of the European Interoperability Framework.
It is included in the Enabler grouping Application Security Enablers.


A is a specialisation of Application Service. It shares the audit functionality of providing support for the principle of accountability, which is holding users of a system accountable for their actions within the system, and detection of policy violations. The audit policy defines the elements of an information system which need to be traced, for example to assure traceability of actions: what, how, when, where and with what.


The Audit Service ABB is salient for technical interoperability because it defines the elements of an information system which need to be traced, for example to assure traceability of user actions as stated in the Security and privacy chapter of the Conceptual model for integrated public services provision : "Public administrations should ensure that a 'data access and authorisation plan’ which determines who has access to what data and under what conditions, to ensure privacy. Unauthorised access and security breaches should be monitored and appropriate actions should be taken to prevent any recurrence of breaches"


Example

The following implementation is an example on how this specific Architecture Building Block (ABB) can be instantiated as a Solution Building Block (SBB):

OpenIAM audit service
OpenIAM Auditing Service ensures that detailed information about events and activities associated with identities or resources are logged into a centralized repository and be tracked. It offers the following features:

  • Sign-on, Sign-off
  • User: create, update, delete or disable accounts
  • Role: create, update, delete or disable accounts
  • Resource: create, update, delete or disable accounts
  • Password changes, resets, challenge response questions changes
  • Synchronization events
  • Reconciliation events

Several reporting templates are provided for a BIRT report writer for use in an Eclipse designer. Organizations can also generate their own reports in BIRT with SQL. More details Audit & Compliance (a feature of OpenIAM Identity Governance)



The latest release of the EIRA© is available on Joinup.


Source: European Interoperability Reference Architecture (EIRA version 3) (url) (with information on the 3rd release at the website of the ISA² - Interoperability solutions for public administrations, businesses and citizens).