vc-authn-oidc icon indicating copy to clipboard operation
vc-authn-oidc copied to clipboard
verified publisher icon bcgov

Security Metrics

Open esune opened this issue 4 months ago • 0 comments

When used in an Enterprise context as Identity Provider, it would be nice to be able to obtain high-level metrics about each auth transaction to monitor service quality and potential security/abuse issues.

Some of these metrics may include information such as:

  • User Agent
  • IP Address (mobile app)
  • Presentation Request Id (which proof request was processed)
  • Transaction (presentation exchange) Id
  • Timestamp of the operation
  • etc.

This loosely relates to #768 as it also focuses on service usage.

The course of action will likely be:

  • Determine which metrics can be obtained by the service while preserving privacy-oriented interactions
  • Determine how to turn these metrics on/off per deployment, and whether they can be fine-tuned (i.e.: choose what is logged)
  • Implement code changes to add metric collection and storage

esune avatar Aug 26 '25 15:08 esune