Monday, November 30, 2009

Cross Linking

One of the benefits of working with other experts is the ability to cross link information they generate with information that you generate to save time and effort.  Today, John Moehrke writes about reasons why you shouldn't try to use audit logs as disclosure logs in his blog.  I'm going to save myself a longer post and refer you to his blog because what he has to say about ATNA and Accounting of Disclosures is important before you read further.

This is another case of the "If I had a hammer" syndrome that I posted on 18 months ago, but in this case the tool is a crescent wrench and the object it is being pounded on is a phillips screw.  If you really compare the requirements of an Audit Log and of a Disclosure Log you will see that you have almost none of the same business requirements, and only about a 60-70% overlap in the information requirements.  Yes, there is a common core there, but that doesn't make one equivalent to, or a superset of the other.  Some of the requirements also conflict with each other. An Audit log almost certainly includes more details used for forensic investigations that would never be released in a Disclosure Log.

So, what we have identified here is two different use cases with some overlapping requirements.  This is a pretty common phenomena in computer architecture.  The occurence of an overlap may point to a common ancestor in the analysis and design, but it does not imply equivialence or supersetting of requirements, nor need it.  Sometimes overlaps are interesting and useful, and this one certainly is, but not nearly so much as some would expect.


Post a Comment