telemetry icon indicating copy to clipboard operation
telemetry copied to clipboard

Published 20 hours ago verified publisher icon jupyter

Trusted events

Open jaipreet-s opened this issue 5 years ago • 1 comments

From the JEP, a conversation came up around being able to identify if events came from trusted components. For example, if a system is interested in capturing an audit trail of server activity, an important required would be to validate that these audit events came from a trusted source.

I'm writing down my thoughts on how the telemetry framework could make this easier

  1. Provide a set of helper libraries to for publishers to sign events, and for consumers to validate the digest
  2. Add fields in the record_event interface to allow event publishers to sign these events.
  3. Provide other types of abstractions like a SigningEventConsumer or SigningEventPublisherto allow easier signing of events

cc @westurner @betatim @Zsailer @yuvipanda

jaipreet-s avatar Aug 01 '19 23:08 jaipreet-s

I think for the audit use-case a set of guidelines/instructions about what properties a trusted source has to have would be important and helpful to users. For example a source that runs in the frontend or takes inputs (that it can't verify) from a thing that runs in the frontend should not be a trusted source. For a server extension it is less clear, for example what if the jupyter server uses a Python installation that allows users to install modules. Is that trusted or not (a user could probably install some code that modifies the server extension)?

-> having a set of guidelines how to assess if something is a trusted source and best practices for setting one up (where to store keys, where to run the code, etc) would be as important as signing events.

betatim avatar Aug 02 '19 06:08 betatim