microsoft-authentication-library-for-dotnet icon indicating copy to clipboard operation
microsoft-authentication-library-for-dotnet copied to clipboard

Published 20 hours ago verified publisher icon AzureAD

[Feature Request] Provide granular PII obfuscation mechanism

Open rymeskar opened this issue 4 years ago • 5 comments
trafficstars

Today, the pii handling in the log callback forces the consumers to one of the following:

  • receive the same log messages twice
    • once with blurred out PII so missing the possibility for backtracking/debugging the issue in all the detail.
    • once in plaintext but without the possibility to selectively obfuscate some of the arguments in order to have both a meaningful backtracking/debugging low-level mechanism as well as the privacy.
  • receive only the blurred out PII msessage.

The ask is to:

  • Log the same message only once (performance)
  • Have debugging capabilities as well as privacy support through custom-obfuscating parts of the log message. The customers could then implement their chosen mechanism for obfuscation parts of the message that still keeps the low-level debugging features.

rymeskar avatar Sep 07 '21 21:09 rymeskar

See ILogScrubber in MISE

bgavrilMS avatar Sep 15 '21 10:09 bgavrilMS

Yeah, ILogScrubber ala MISE would be great.

rymeskar avatar Sep 15 '21 11:09 rymeskar

Thanks @rymeskar, @sruke will be picking this work up. Plan is to offer something similar to MISE concept all down the stack (and into MS.IM/Wilson

TimHannMSFT avatar Dec 01 '21 20:12 TimHannMSFT

Is MISE a Microsoft internal library (maybe an abbreviation for Microsoft.Internal.Security.Extensions) and ILogScrubber an interface in it? I found only https://github.com/microsoft/Omex/pull/417.

KalleOlaviNiemitalo avatar Dec 07 '21 13:12 KalleOlaviNiemitalo

Microsoft.Extensions 8 now has a redaction support: https://learn.microsoft.com/en-us/dotnet/api/microsoft.extensions.compliance.redaction.redactor?view=dotnet-plat-ext-8.0

rymeskar avatar Jan 11 '24 14:01 rymeskar