Uploaded image for project: 'mod-login'
  1. mod-login
  2. MODLOGIN-36

Security: Logging to support local password management (Technical design)

    XMLWordPrintable

Details

    • Story
    • Status: Closed (View Workflow)
    • P3
    • Resolution: Done
    • None
    • None
    • EPAM Sprint 3, EPAM Sprint 4, EPAM BatchLoader Sprint 0
    • 5
    • Folijet

    Description

      As a person responsible for securing Folio
      I want certain activities related to accessing Folio logged/audited
      So that I can monitor any suspicious activity

      Requirements

      • Log Change/Reset Password requests
      • Log Failed Attempts
      • Log blocked user
      • Log time, IP address, and browser information
        - Will need to consider any GDPR implications

      How to log

      • store logs into database storage in a scope of [mod-login] module
      • only authorized folks have this information

      Approach

      • configuration option to log with GDPR compliance flag
      • tenant level

      Open items

      – determine database to use (EBSCO team)
      – standardized schema (EBSCO team)

      UI requirements are not taken into account in design and will be clarified in future.

      TestRail: Results

        Attachments

          Issue Links

            Activity

              People

                kgambrell Khalilah Gambrell
                kgambrell Khalilah Gambrell
                Khalilah Gambrell Khalilah Gambrell
                Votes:
                0 Vote for this issue
                Watchers:
                8 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  TestRail: Runs

                    TestRail: Cases