Presentation is loading. Please wait.

Presentation is loading. Please wait.

Client / Server Correlation Values

Published byKimberly Preston Modified over 6 years ago

Similar presentations

Presentation on theme: "Client / Server Correlation Values"— Presentation transcript:

1 Client / Server Correlation Values
Anthony Berglas

2 Revision History Logging spec note – Sue G
Renamed Client/Server to Request/Response for notify/put – Bruce R Repeat Request Correlation in response – Bruce R Addressed Unique Batch Item ID, Asynchronous Correlation Value, Batch Order Option – David F Request Globally Unique identifier note – Mark J

3 Customer Requirement Need to be able to include client context in server logs E.g. Which storage device is being processed? Need to be able to store server context in client logs So can ask server administrator “What went wrong with request s739c983nf?” Would like globally unique request identifier Good logging is essential for security and usability (Actual logging not part of the specification)

4 Proposed Solution Add Request Correlation as a simple string in request header Add Response Correlation as a simple string in response header Plus MUST include Request Correlation if provided Server should log Request Correlation value Server should be able to identify log record using Response Correlation value (Visa versa for server to client.) Usage Guide warns not to include content useful to an attacker

5 Example Request <RequestMessage> <RequestHeader> <ProtocolVersion> … <ProtocolVersion> <BatchCount type="Integer" value="1"/> <RequestCorrelation type=“TextString” value=“sid=s348sa3d”/> </RequestHeader> …

6 Example Response <ResponseMessage> <ResponseHeader> <ProtocolVersion> … </ProtocolVersion> <TimeStamp type="DateTime" value=" T08:14:42+00:00"/> <BatchCount type="Integer" value="1"/> <RequestCorrelation type=“TextString” value=“sid=s348sa3d”/> <ResponseCorrelation type=“TextString” value=“s34:d8a8g7fd900a9d”/> </ResponseHeader> …

7 Alternatives Use Unique Batch Item Id
Current implementations only unique within a batch – 0, 1, 2 Changing the interpretation of an existing field bad Use Asynchronous Correlation Value Again, an changed meaning to an existing field

8 Conclusion Very simple additions
Enhance logging and analysis capabilities Important information for forensic analysis Very helpful information for diagnosing issues

Download ppt "Client / Server Correlation Values"

Similar presentations

Doc.: IEEE 802.11-00/087 Submission May, 2000 Steven Gray, NOKIA Jyri Rinnemaa, Jouni Mikkonen Nokia Slide 1.

Doc.: IEEE /087 Submission May, 2000 Steven Gray, NOKIA Jyri Rinnemaa, Jouni Mikkonen Nokia Slide 1.
Mitigate Unauthorized Tracking in RFID Discovery Service Qiang Yan 1, Robert H. Deng 1, Zheng Yan 2, Yingjiu Li 1, Tieyan Li 3 1 Singapore Management University,

Mitigate Unauthorized Tracking in RFID Discovery Service Qiang Yan 1, Robert H. Deng 1, Zheng Yan 2, Yingjiu Li 1, Tieyan Li 3 1 Singapore Management University,
Business Development Suit Presented by Thomas Mathews.

Business Development Suit Presented by Thomas Mathews.
EFRONT V4 EXTENSIONS ARCHITECTURE. The goal  To offer more flexibility to 3 rd party users to modify eFront functionality  To further extend eFront.

EFRONT V4 EXTENSIONS ARCHITECTURE. The goal  To offer more flexibility to 3 rd party users to modify eFront functionality  To further extend eFront.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.
Presentation by: Peter Thomas Blue Lance, Inc Using SIEM Solutions Effectively to meet Security, Audit, and Compliance Requirements.

Presentation by: Peter Thomas Blue Lance, Inc Using SIEM Solutions Effectively to meet Security, Audit, and Compliance Requirements.
PRIME Concepts used in BluES’n Demonstration and Briefing Meeting 17/18 November 2005 in Dresden.

PRIME Concepts used in BluES’n Demonstration and Briefing Meeting 17/18 November 2005 in Dresden.
© 2009 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice KMIP Key Naming for Removable Media.

© 2009 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice KMIP Key Naming for Removable Media.
KMIP Vendor Extension Management KMIP supports ‘extensions’ but provides no mechanism for coordination of values between clients and servers or between.

KMIP Vendor Extension Management KMIP supports ‘extensions’ but provides no mechanism for coordination of values between clients and servers or between.
TAC Vista Security. Target  TAC Vista & Security Integration  Key customer groups –Existing TAC Vista users Provide features and hardware for security.

TAC Vista Security. Target  TAC Vista & Security Integration  Key customer groups –Existing TAC Vista users Provide features and hardware for security.
Table design screen Field name Data type Field size Other properties.

Table design screen Field name Data type Field size Other properties.
Toolbox Mirror -Overview Effective Distributed Learning.

Toolbox Mirror -Overview Effective Distributed Learning.
Website Development Registering Users – Introducing Cookies.

Website Development Registering Users – Introducing Cookies.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 7: Advanced File System Management.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 7: Advanced File System Management.
1 The World Wide Web. 2  Web Fundamentals  Pages are defined by the Hypertext Markup Language (HTML) and contain text, graphics, audio, video and software.

1 The World Wide Web. 2  Web Fundamentals  Pages are defined by the Hypertext Markup Language (HTML) and contain text, graphics, audio, video and software.
0 EMAIL 5000 Series DATA MANAGEMENT. 1 Why Email? Alarm/Status Notification –Remote unattended sites »Pumping stations –Pharmaceutical/Plant maintenance.

Series DATA MANAGEMENT. 1 Why ? Alarm/Status Notification –Remote unattended sites »Pumping stations –Pharmaceutical/Plant maintenance.
Mastering Windows Network Forensics and Investigation Chapter 11: Text Based Logs.

Mastering Windows Network Forensics and Investigation Chapter 11: Text Based Logs.
1 © 2006 Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Using the Cisco Technical Support & Documentation Website for Security.

1 © 2006 Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Using the Cisco Technical Support & Documentation Website for Security.
Presented by: Alvaro Llanos E.  Motivation and Overview  Frangipani Architecture overview  Similar DFS  PETAL: Distributed virtual disks ◦ Overview.

Presented by: Alvaro Llanos E.  Motivation and Overview  Frangipani Architecture overview  Similar DFS  PETAL: Distributed virtual disks ◦ Overview.
A Comprehensive Solution Team Mag 5 Valerie B., Derek C., Jimmy C., Julia M., Mark Z.

A Comprehensive Solution Team Mag 5 Valerie B., Derek C., Jimmy C., Julia M., Mark Z.

Similar presentations

Ads by Google