From c809107e1a9cc5290c69160f36abf208c15e2d0b Mon Sep 17 00:00:00 2001 From: heyams Date: Tue, 11 Jun 2024 16:27:03 -0700 Subject: [PATCH 01/18] Add user.anonymous_id --- model/registry/user.yaml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/model/registry/user.yaml b/model/registry/user.yaml index 98792de275..3cbecc987d 100644 --- a/model/registry/user.yaml +++ b/model/registry/user.yaml @@ -28,8 +28,15 @@ groups: type: string stability: experimental brief: > - Unique identifier of the user. + Unique identifier of an authenticated user. examples: ['S-1-5-21-202424912787-2692429404-2351956786-1000'] + - anonymous_id + type: string + stability: experimental + brief: > + Unique identifier of an anonymous user who interacts with a system or service without providing personal information or authentication credentials. + It allows the system to track user activity while maintaining anonymity. + examples: ['QdH5CAWJgqVT4rOr0qtumf'] - id: name type: string stability: experimental From 1eb9c37b7d532c8344d22e25bfe7c3177325f637 Mon Sep 17 00:00:00 2001 From: heyams Date: Tue, 11 Jun 2024 16:30:06 -0700 Subject: [PATCH 02/18] Format --- model/registry/user.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/model/registry/user.yaml b/model/registry/user.yaml index 3cbecc987d..768e337d44 100644 --- a/model/registry/user.yaml +++ b/model/registry/user.yaml @@ -34,8 +34,7 @@ groups: type: string stability: experimental brief: > - Unique identifier of an anonymous user who interacts with a system or service without providing personal information or authentication credentials. - It allows the system to track user activity while maintaining anonymity. + Unique identifier of an anonymous user who interacts with a system or service without providing personal information or authentication credentials. It allows the system to track user activity while maintaining anonymity. examples: ['QdH5CAWJgqVT4rOr0qtumf'] - id: name type: string From 1fd26483e5f3ae8626a4f8f0eef1ce01d9364587 Mon Sep 17 00:00:00 2001 From: heyams Date: Tue, 11 Jun 2024 16:34:59 -0700 Subject: [PATCH 03/18] Update changelog --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9a4f606d30..0deb7da64b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,8 @@ +- `user`: Add `anonymous_id` (#1146) + ## v1.26.0 ### 🛑 Breaking changes 🛑 From db88ea77a276e22f5b00670617d323aeace235f8 Mon Sep 17 00:00:00 2001 From: heyams Date: Tue, 11 Jun 2024 16:56:21 -0700 Subject: [PATCH 04/18] Autogenerate changelog and markdown --- CHANGELOG.md | 2 -- docs/attributes-registry/user.md | 17 +++++++++-------- model/registry/user.yaml | 2 +- 3 files changed, 10 insertions(+), 11 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0deb7da64b..9a4f606d30 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,8 +7,6 @@ -- `user`: Add `anonymous_id` (#1146) - ## v1.26.0 ### 🛑 Breaking changes 🛑 diff --git a/docs/attributes-registry/user.md b/docs/attributes-registry/user.md index 1268d2c848..8703052604 100644 --- a/docs/attributes-registry/user.md +++ b/docs/attributes-registry/user.md @@ -10,13 +10,14 @@ Describes information about the user. -| Attribute | Type | Description | Examples | Stability | -| ---------------- | -------- | ---------------------------------------------------------------------------- | -------------------------------------------------- | ---------------------------------------------------------------- | -| `user.email` | string | User email address. | `a.einstein@example.com` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | -| `user.full_name` | string | User's full name | `Albert Einstein` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | -| `user.hash` | string | Unique user hash to correlate information for a user in anonymized form. [1] | `364fc68eaf4c8acec74a4e52d7d1feaa` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | -| `user.id` | string | Unique identifier of the user. | `S-1-5-21-202424912787-2692429404-2351956786-1000` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | -| `user.name` | string | Short name or login/username of the user. | `a.einstein` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | -| `user.roles` | string[] | Array of user roles at the time of the event. | `["admin", "reporting_user"]` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | +| Attribute | Type | Description | Examples | Stability | +| ------------------- | -------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------- | ---------------------------------------------------------------- | +| `user.anonymous_id` | string | Unique identifier of an anonymous user who interacts with a system or service without providing personal information or authentication credentials. It allows the system to track user activity while maintaining anonymity. | `QdH5CAWJgqVT4rOr0qtumf` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | +| `user.email` | string | User email address. | `a.einstein@example.com` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | +| `user.full_name` | string | User's full name | `Albert Einstein` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | +| `user.hash` | string | Unique user hash to correlate information for a user in anonymized form. [1] | `364fc68eaf4c8acec74a4e52d7d1feaa` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | +| `user.id` | string | Unique identifier of an authenticated user. | `S-1-5-21-202424912787-2692429404-2351956786-1000` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | +| `user.name` | string | Short name or login/username of the user. | `a.einstein` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | +| `user.roles` | string[] | Array of user roles at the time of the event. | `["admin", "reporting_user"]` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | **[1]:** Useful if `user.id` or `user.name` contain confidential information and cannot be used. diff --git a/model/registry/user.yaml b/model/registry/user.yaml index 768e337d44..21bcf32dbe 100644 --- a/model/registry/user.yaml +++ b/model/registry/user.yaml @@ -30,7 +30,7 @@ groups: brief: > Unique identifier of an authenticated user. examples: ['S-1-5-21-202424912787-2692429404-2351956786-1000'] - - anonymous_id + - id: anonymous_id type: string stability: experimental brief: > From 58a109662d2844f2c42aa699ef6d1910e81b3210 Mon Sep 17 00:00:00 2001 From: heyams Date: Wed, 12 Jun 2024 09:54:12 -0700 Subject: [PATCH 05/18] Add note to user.anonymous_id --- docs/attributes-registry/user.md | 22 ++++++++++++---------- model/registry/user.yaml | 5 ++++- 2 files changed, 16 insertions(+), 11 deletions(-) diff --git a/docs/attributes-registry/user.md b/docs/attributes-registry/user.md index 8703052604..bd4e05e2cd 100644 --- a/docs/attributes-registry/user.md +++ b/docs/attributes-registry/user.md @@ -10,14 +10,16 @@ Describes information about the user. -| Attribute | Type | Description | Examples | Stability | -| ------------------- | -------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------- | ---------------------------------------------------------------- | -| `user.anonymous_id` | string | Unique identifier of an anonymous user who interacts with a system or service without providing personal information or authentication credentials. It allows the system to track user activity while maintaining anonymity. | `QdH5CAWJgqVT4rOr0qtumf` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | -| `user.email` | string | User email address. | `a.einstein@example.com` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | -| `user.full_name` | string | User's full name | `Albert Einstein` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | -| `user.hash` | string | Unique user hash to correlate information for a user in anonymized form. [1] | `364fc68eaf4c8acec74a4e52d7d1feaa` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | -| `user.id` | string | Unique identifier of an authenticated user. | `S-1-5-21-202424912787-2692429404-2351956786-1000` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | -| `user.name` | string | Short name or login/username of the user. | `a.einstein` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | -| `user.roles` | string[] | Array of user roles at the time of the event. | `["admin", "reporting_user"]` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | +| Attribute | Type | Description | Examples | Stability | +| ------------------- | -------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------- | ---------------------------------------------------------------- | +| `user.anonymous_id` | string | Unique identifier of an anonymous user who interacts with a system or service without providing personal information or authentication credentials. It allows the system to track user activity while maintaining anonymity. [1] | `QdH5CAWJgqVT4rOr0qtumf` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | +| `user.email` | string | User email address. | `a.einstein@example.com` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | +| `user.full_name` | string | User's full name | `Albert Einstein` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | +| `user.hash` | string | Unique user hash to correlate information for a user in anonymized form. [2] | `364fc68eaf4c8acec74a4e52d7d1feaa` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | +| `user.id` | string | Unique identifier of an authenticated user. | `S-1-5-21-202424912787-2692429404-2351956786-1000` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | +| `user.name` | string | Short name or login/username of the user. | `a.einstein` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | +| `user.roles` | string[] | Array of user roles at the time of the event. | `["admin", "reporting_user"]` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | -**[1]:** Useful if `user.id` or `user.name` contain confidential information and cannot be used. +**[1]:** It can be a random guid or a hash of the user's IP address. This is different from `user.hash` which is a hash of a known `user.id` or `user.name`. + +**[2]:** Useful if `user.id` or `user.name` contain confidential information and cannot be used. diff --git a/model/registry/user.yaml b/model/registry/user.yaml index 21bcf32dbe..502b4a466d 100644 --- a/model/registry/user.yaml +++ b/model/registry/user.yaml @@ -34,7 +34,10 @@ groups: type: string stability: experimental brief: > - Unique identifier of an anonymous user who interacts with a system or service without providing personal information or authentication credentials. It allows the system to track user activity while maintaining anonymity. + Unique identifier of an anonymous user who interacts with a system or service without providing personal information or authentication credentials. + It allows the system to track user activity while maintaining anonymity. + note: > + It can be a random guid or a hash of the user's IP address. This is different from `user.hash` which is a hash of a known `user.id` or `user.name`. examples: ['QdH5CAWJgqVT4rOr0qtumf'] - id: name type: string From 3dfb9716ef7c408615ce57e437982d67fa15e33c Mon Sep 17 00:00:00 2001 From: heyams Date: Wed, 12 Jun 2024 17:31:36 -0700 Subject: [PATCH 06/18] Update anonymous_id brief --- docs/attributes-registry/user.md | 18 +++++++++--------- model/registry/user.yaml | 3 +-- 2 files changed, 10 insertions(+), 11 deletions(-) diff --git a/docs/attributes-registry/user.md b/docs/attributes-registry/user.md index bd4e05e2cd..187b5b4b76 100644 --- a/docs/attributes-registry/user.md +++ b/docs/attributes-registry/user.md @@ -10,15 +10,15 @@ Describes information about the user. -| Attribute | Type | Description | Examples | Stability | -| ------------------- | -------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------- | ---------------------------------------------------------------- | -| `user.anonymous_id` | string | Unique identifier of an anonymous user who interacts with a system or service without providing personal information or authentication credentials. It allows the system to track user activity while maintaining anonymity. [1] | `QdH5CAWJgqVT4rOr0qtumf` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | -| `user.email` | string | User email address. | `a.einstein@example.com` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | -| `user.full_name` | string | User's full name | `Albert Einstein` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | -| `user.hash` | string | Unique user hash to correlate information for a user in anonymized form. [2] | `364fc68eaf4c8acec74a4e52d7d1feaa` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | -| `user.id` | string | Unique identifier of an authenticated user. | `S-1-5-21-202424912787-2692429404-2351956786-1000` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | -| `user.name` | string | Short name or login/username of the user. | `a.einstein` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | -| `user.roles` | string[] | Array of user roles at the time of the event. | `["admin", "reporting_user"]` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | +| Attribute | Type | Description | Examples | Stability | +| ------------------- | -------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -------------------------------------------------- | ---------------------------------------------------------------- | +| `user.anonymous_id` | string | Identifier for a user who interacts with a system. This identifier may be unique only through best-effort means and does not imply that the user is authenticated to the system. [1] | `QdH5CAWJgqVT4rOr0qtumf` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | +| `user.email` | string | User email address. | `a.einstein@example.com` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | +| `user.full_name` | string | User's full name | `Albert Einstein` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | +| `user.hash` | string | Unique user hash to correlate information for a user in anonymized form. [2] | `364fc68eaf4c8acec74a4e52d7d1feaa` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | +| `user.id` | string | Unique identifier of an authenticated user. | `S-1-5-21-202424912787-2692429404-2351956786-1000` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | +| `user.name` | string | Short name or login/username of the user. | `a.einstein` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | +| `user.roles` | string[] | Array of user roles at the time of the event. | `["admin", "reporting_user"]` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | **[1]:** It can be a random guid or a hash of the user's IP address. This is different from `user.hash` which is a hash of a known `user.id` or `user.name`. diff --git a/model/registry/user.yaml b/model/registry/user.yaml index 502b4a466d..af61470d77 100644 --- a/model/registry/user.yaml +++ b/model/registry/user.yaml @@ -34,8 +34,7 @@ groups: type: string stability: experimental brief: > - Unique identifier of an anonymous user who interacts with a system or service without providing personal information or authentication credentials. - It allows the system to track user activity while maintaining anonymity. + Identifier for a user who interacts with a system. This identifier may be unique only through best-effort means and does not imply that the user is authenticated to the system. note: > It can be a random guid or a hash of the user's IP address. This is different from `user.hash` which is a hash of a known `user.id` or `user.name`. examples: ['QdH5CAWJgqVT4rOr0qtumf'] From 6731337be5b5bab0328d0627b5b9ba94e962a782 Mon Sep 17 00:00:00 2001 From: Helen <56097766+heyams@users.noreply.github.com> Date: Wed, 17 Jul 2024 10:36:54 -0700 Subject: [PATCH 07/18] Comment Co-authored-by: Alexandra Konrad --- model/registry/user.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/model/registry/user.yaml b/model/registry/user.yaml index af61470d77..83acb2f2bd 100644 --- a/model/registry/user.yaml +++ b/model/registry/user.yaml @@ -28,7 +28,7 @@ groups: type: string stability: experimental brief: > - Unique identifier of an authenticated user. + Unique identifier of the user. In the authentication context, this field should be treated as an authenticated user id, as opposed to the `anonymous_id` field. examples: ['S-1-5-21-202424912787-2692429404-2351956786-1000'] - id: anonymous_id type: string From f2c47829c24c63665ca1af2f515264d5cccee852 Mon Sep 17 00:00:00 2001 From: heyams Date: Mon, 22 Jul 2024 08:30:26 -0700 Subject: [PATCH 08/18] Update markdown --- docs/attributes-registry/user.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/attributes-registry/user.md b/docs/attributes-registry/user.md index 187b5b4b76..2450a0e90f 100644 --- a/docs/attributes-registry/user.md +++ b/docs/attributes-registry/user.md @@ -16,7 +16,7 @@ Describes information about the user. | `user.email` | string | User email address. | `a.einstein@example.com` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | | `user.full_name` | string | User's full name | `Albert Einstein` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | | `user.hash` | string | Unique user hash to correlate information for a user in anonymized form. [2] | `364fc68eaf4c8acec74a4e52d7d1feaa` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | -| `user.id` | string | Unique identifier of an authenticated user. | `S-1-5-21-202424912787-2692429404-2351956786-1000` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | +| `user.id` | string | Unique identifier of the user. In the authentication context, this field should be treated as an authenticated user id, as opposed to the `anonymous_id` field. | `S-1-5-21-202424912787-2692429404-2351956786-1000` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | | `user.name` | string | Short name or login/username of the user. | `a.einstein` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | | `user.roles` | string[] | Array of user roles at the time of the event. | `["admin", "reporting_user"]` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | From c80b910d0763a8d0a3685cf9e69cb7954856ff22 Mon Sep 17 00:00:00 2001 From: heyams Date: Tue, 6 Aug 2024 10:33:16 -0700 Subject: [PATCH 09/18] Update user with subnamespace authentication --- model/registry/user.yaml | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/model/registry/user.yaml b/model/registry/user.yaml index 83acb2f2bd..e25662ab1d 100644 --- a/model/registry/user.yaml +++ b/model/registry/user.yaml @@ -28,16 +28,20 @@ groups: type: string stability: experimental brief: > - Unique identifier of the user. In the authentication context, this field should be treated as an authenticated user id, as opposed to the `anonymous_id` field. - examples: ['S-1-5-21-202424912787-2692429404-2351956786-1000'] - - id: anonymous_id - type: string - stability: experimental - brief: > - Identifier for a user who interacts with a system. This identifier may be unique only through best-effort means and does not imply that the user is authenticated to the system. + Identifier of a user who interacts with a system. This identifier may be unique only through best-effort means and does not imply that the user is authenticated to the system. note: > It can be a random guid or a hash of the user's IP address. This is different from `user.hash` which is a hash of a known `user.id` or `user.name`. examples: ['QdH5CAWJgqVT4rOr0qtumf'] + - id: authentication + prefix: user.authentication + type: attribute_group + brief: "Describes information about the user authentication." + attributes: + - id: id + type: string + brief: "Unique identifier of an authenticated user in the system." + examples: ['S-1-5-21-202424912787-2692429404-2351956786-1000'] + stability: experimental - id: name type: string stability: experimental From 53a121cf28bd545b9241a9a5a67fc2d028a64197 Mon Sep 17 00:00:00 2001 From: heyams Date: Tue, 6 Aug 2024 11:05:34 -0700 Subject: [PATCH 10/18] Update markdown --- docs/attributes-registry/user.md | 22 +++++++++++----------- model/registry/user.yaml | 15 +++++---------- 2 files changed, 16 insertions(+), 21 deletions(-) diff --git a/docs/attributes-registry/user.md b/docs/attributes-registry/user.md index 2450a0e90f..17cc186329 100644 --- a/docs/attributes-registry/user.md +++ b/docs/attributes-registry/user.md @@ -10,16 +10,16 @@ Describes information about the user. -| Attribute | Type | Description | Examples | Stability | -| ------------------- | -------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -------------------------------------------------- | ---------------------------------------------------------------- | -| `user.anonymous_id` | string | Identifier for a user who interacts with a system. This identifier may be unique only through best-effort means and does not imply that the user is authenticated to the system. [1] | `QdH5CAWJgqVT4rOr0qtumf` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | -| `user.email` | string | User email address. | `a.einstein@example.com` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | -| `user.full_name` | string | User's full name | `Albert Einstein` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | -| `user.hash` | string | Unique user hash to correlate information for a user in anonymized form. [2] | `364fc68eaf4c8acec74a4e52d7d1feaa` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | -| `user.id` | string | Unique identifier of the user. In the authentication context, this field should be treated as an authenticated user id, as opposed to the `anonymous_id` field. | `S-1-5-21-202424912787-2692429404-2351956786-1000` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | -| `user.name` | string | Short name or login/username of the user. | `a.einstein` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | -| `user.roles` | string[] | Array of user roles at the time of the event. | `["admin", "reporting_user"]` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | +| Attribute | Type | Description | Examples | Stability | +| ------------------------ | -------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------- | ---------------------------------------------------------------- | +| `user.authentication.id` | string | Unique identifier of an authenticated user in the system. | `S-1-5-21-202424912787-2692429404-2351956786-1000` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | +| `user.email` | string | User email address. | `a.einstein@example.com` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | +| `user.full_name` | string | User's full name | `Albert Einstein` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | +| `user.hash` | string | Unique user hash to correlate information for a user in anonymized form. [1] | `364fc68eaf4c8acec74a4e52d7d1feaa` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | +| `user.id` | string | Identifier of a user who interacts with a system. This identifier may be unique only through best-effort means and does not imply that the user is authenticated to the system. [2] | `QdH5CAWJgqVT4rOr0qtumf` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | +| `user.name` | string | Short name or login/username of the user. | `a.einstein` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | +| `user.roles` | string[] | Array of user roles at the time of the event. | `["admin", "reporting_user"]` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | -**[1]:** It can be a random guid or a hash of the user's IP address. This is different from `user.hash` which is a hash of a known `user.id` or `user.name`. +**[1]:** Useful if `user.id` or `user.name` contain confidential information and cannot be used. -**[2]:** Useful if `user.id` or `user.name` contain confidential information and cannot be used. +**[2]:** It can be a random guid or a hash of the user's IP address. This is different from `user.hash` which is a hash of a known `user.id` or `user.name`. diff --git a/model/registry/user.yaml b/model/registry/user.yaml index 78f9df2338..1eb7b77c56 100644 --- a/model/registry/user.yaml +++ b/model/registry/user.yaml @@ -33,16 +33,11 @@ groups: note: > It can be a random guid or a hash of the user's IP address. This is different from `user.hash` which is a hash of a known `user.id` or `user.name`. examples: ['QdH5CAWJgqVT4rOr0qtumf'] - - id: authentication - prefix: user.authentication - type: attribute_group - brief: "Describes information about the user authentication." - attributes: - - id: id - type: string - brief: "Unique identifier of an authenticated user in the system." - examples: ['S-1-5-21-202424912787-2692429404-2351956786-1000'] - stability: experimental + - id: authentication.id + type: string + brief: "Unique identifier of an authenticated user in the system." + examples: ['S-1-5-21-202424912787-2692429404-2351956786-1000'] + stability: experimental - id: name type: string stability: experimental From 1bc5f88e69948aa09a921be68b009a75b5d69078 Mon Sep 17 00:00:00 2001 From: heyams Date: Tue, 6 Aug 2024 11:54:45 -0700 Subject: [PATCH 11/18] Update generate identity markdown --- docs/general/attributes.md | 5 ++--- model/general.yaml | 10 +++++----- 2 files changed, 7 insertions(+), 8 deletions(-) diff --git a/docs/general/attributes.md b/docs/general/attributes.md index cb3f3360ca..6487e4a78e 100644 --- a/docs/general/attributes.md +++ b/docs/general/attributes.md @@ -409,9 +409,8 @@ These attributes may be used for any operation with an authenticated and/or auth | Attribute | Type | Description | Examples | [Requirement Level](https://opentelemetry.io/docs/specs/semconv/general/attribute-requirement-level/) | Stability | |---|---|---|---|---|---| -| [`enduser.id`](/docs/attributes-registry/enduser.md) | string | Deprecated, use `user.id` instead. | `username` | `Recommended` | ![Deprecated](https://img.shields.io/badge/-deprecated-red)
Replaced by `user.id` attribute. | -| [`enduser.role`](/docs/attributes-registry/enduser.md) | string | Deprecated, use `user.roles` instead. | `admin` | `Recommended` | ![Deprecated](https://img.shields.io/badge/-deprecated-red)
Replaced by `user.roles` attribute. | -| [`enduser.scope`](/docs/attributes-registry/enduser.md) | string | Deprecated, no replacement at this time. | `read:message, write:files` | `Recommended` | ![Deprecated](https://img.shields.io/badge/-deprecated-red)
Removed. | +| [`user.authentication.id`](/docs/attributes-registry/user.md) | string | Unique identifier of an authenticated user in the system. | `S-1-5-21-202424912787-2692429404-2351956786-1000` | `Recommended` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | +| [`user.roles`](/docs/attributes-registry/user.md) | string[] | Array of user roles at the time of the event. | `["admin", "reporting_user"]` | `Recommended` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | diff --git a/model/general.yaml b/model/general.yaml index 26df3efc1a..5ccf6183cc 100644 --- a/model/general.yaml +++ b/model/general.yaml @@ -37,13 +37,13 @@ groups: - id: identity type: span brief: > - These attributes may be used for any operation with an authenticated and/or authorized enduser. + These attributes may be used for any operation with an authenticated and/or authorized user. + note: > + `enduser` namespace has been deprecated. When `user.authentication.id` is present, it is strongly recommended to provide `user.id` as well. attributes: - - ref: enduser.id + - ref: user.authentication.id requirement_level: recommended - - ref: enduser.role - requirement_level: recommended - - ref: enduser.scope + - ref: user.roles requirement_level: recommended - id: thread type: span From 443f49755b51ed5fc7ca7480775d4d870660c0ba Mon Sep 17 00:00:00 2001 From: heyams Date: Tue, 6 Aug 2024 12:21:02 -0700 Subject: [PATCH 12/18] Update changelog --- .../add_authentication_user_subnamespace.yaml | 23 +++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 .chloggen/add_authentication_user_subnamespace.yaml diff --git a/.chloggen/add_authentication_user_subnamespace.yaml b/.chloggen/add_authentication_user_subnamespace.yaml new file mode 100644 index 0000000000..b988456cd2 --- /dev/null +++ b/.chloggen/add_authentication_user_subnamespace.yaml @@ -0,0 +1,23 @@ +# Use this changelog template to create an entry for release notes. +# +# If your change doesn't affect end users you should instead start +# your pull request title with [chore] or use the "Skip Changelog" label. + +# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix' +change_type: 'enhancement' + +# The name of the area of concern in the attributes-registry, (e.g. http, cloud, db) +component: user + +# A brief description of the change. Surround your text with quotes ("") if it needs to start with a backtick (`). +note: introduce a new subnamespace `authentication` under `user` with a new attribute `user.authentication.id` + +# Mandatory: One or more tracking issues related to the change. You can use the PR number here if no issue exists. +# The values here must be integers. +issues: [1104] + +# (Optional) One or more lines of additional information to render under the primary note. +# These lines will be padded with 2 spaces and then inserted directly into the document. +# Use pipe (|) for multiline entries. +subtext: Update `identity` attributes under general attribute doc. + From 63af0085d1008d7387498b9fcf1e42c31eb7e294 Mon Sep 17 00:00:00 2001 From: heyams Date: Tue, 6 Aug 2024 13:46:23 -0700 Subject: [PATCH 13/18] Fix yamllint --- .chloggen/add_authentication_user_subnamespace.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.chloggen/add_authentication_user_subnamespace.yaml b/.chloggen/add_authentication_user_subnamespace.yaml index b988456cd2..9a326d564f 100644 --- a/.chloggen/add_authentication_user_subnamespace.yaml +++ b/.chloggen/add_authentication_user_subnamespace.yaml @@ -20,4 +20,3 @@ issues: [1104] # These lines will be padded with 2 spaces and then inserted directly into the document. # Use pipe (|) for multiline entries. subtext: Update `identity` attributes under general attribute doc. - From 615ff2cfcf66a0bb0c7d85543392c0fb3e6c9a94 Mon Sep 17 00:00:00 2001 From: heyams Date: Tue, 6 Aug 2024 14:13:28 -0700 Subject: [PATCH 14/18] Fix make command error --- docs/attributes-registry/user.md | 18 +++++++++--------- docs/general/attributes.md | 2 +- model/general.yaml | 2 +- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/docs/attributes-registry/user.md b/docs/attributes-registry/user.md index 17cc186329..e3ce2cfe28 100644 --- a/docs/attributes-registry/user.md +++ b/docs/attributes-registry/user.md @@ -10,15 +10,15 @@ Describes information about the user. -| Attribute | Type | Description | Examples | Stability | -| ------------------------ | -------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------- | ---------------------------------------------------------------- | -| `user.authentication.id` | string | Unique identifier of an authenticated user in the system. | `S-1-5-21-202424912787-2692429404-2351956786-1000` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | -| `user.email` | string | User email address. | `a.einstein@example.com` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | -| `user.full_name` | string | User's full name | `Albert Einstein` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | -| `user.hash` | string | Unique user hash to correlate information for a user in anonymized form. [1] | `364fc68eaf4c8acec74a4e52d7d1feaa` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | -| `user.id` | string | Identifier of a user who interacts with a system. This identifier may be unique only through best-effort means and does not imply that the user is authenticated to the system. [2] | `QdH5CAWJgqVT4rOr0qtumf` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | -| `user.name` | string | Short name or login/username of the user. | `a.einstein` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | -| `user.roles` | string[] | Array of user roles at the time of the event. | `["admin", "reporting_user"]` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | +| Attribute | Type | Description | Examples | Stability | +| ------------------- | -------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------- | ---------------------------------------------------------------- | +| `authentication.id` | string | Unique identifier of an authenticated user in the system. | `S-1-5-21-202424912787-2692429404-2351956786-1000` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | +| `name` | string | Short name or login/username of the user. | `a.einstein` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | +| `user.email` | string | User email address. | `a.einstein@example.com` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | +| `user.full_name` | string | User's full name | `Albert Einstein` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | +| `user.hash` | string | Unique user hash to correlate information for a user in anonymized form. [1] | `364fc68eaf4c8acec74a4e52d7d1feaa` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | +| `user.id` | string | Identifier of a user who interacts with a system. This identifier may be unique only through best-effort means and does not imply that the user is authenticated to the system. [2] | `QdH5CAWJgqVT4rOr0qtumf` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | +| `user.roles` | string[] | Array of user roles at the time of the event. | `["admin", "reporting_user"]` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | **[1]:** Useful if `user.id` or `user.name` contain confidential information and cannot be used. diff --git a/docs/general/attributes.md b/docs/general/attributes.md index abb1e5de77..2eb596ac06 100644 --- a/docs/general/attributes.md +++ b/docs/general/attributes.md @@ -409,7 +409,7 @@ These attributes may be used for any operation with an authenticated and/or auth | Attribute | Type | Description | Examples | [Requirement Level](https://opentelemetry.io/docs/specs/semconv/general/attribute-requirement-level/) | Stability | |---|---|---|---|---|---| -| [`user.authentication.id`](/docs/attributes-registry/user.md) | string | Unique identifier of an authenticated user in the system. | `S-1-5-21-202424912787-2692429404-2351956786-1000` | `Recommended` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | +| [`authentication.id`](/docs/attributes-registry/user.md) | string | Unique identifier of an authenticated user in the system. | `S-1-5-21-202424912787-2692429404-2351956786-1000` | `Recommended` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | | [`user.roles`](/docs/attributes-registry/user.md) | string[] | Array of user roles at the time of the event. | `["admin", "reporting_user"]` | `Recommended` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | diff --git a/model/general.yaml b/model/general.yaml index 6c80dc8416..812a26fbdf 100644 --- a/model/general.yaml +++ b/model/general.yaml @@ -40,7 +40,7 @@ groups: note: > `enduser` namespace has been deprecated. When `user.authentication.id` is present, it is strongly recommended to provide `user.id` as well. attributes: - - ref: user.authentication.id + - ref: authentication.id requirement_level: recommended - ref: user.roles requirement_level: recommended From 81d63601db4309d9250d878fdb6cf32162c94dc6 Mon Sep 17 00:00:00 2001 From: heyams Date: Tue, 6 Aug 2024 14:17:44 -0700 Subject: [PATCH 15/18] Update id --- docs/attributes-registry/user.md | 18 +++++++++--------- docs/general/attributes.md | 2 +- model/general.yaml | 2 +- model/registry/user.yaml | 4 ++-- 4 files changed, 13 insertions(+), 13 deletions(-) diff --git a/docs/attributes-registry/user.md b/docs/attributes-registry/user.md index e3ce2cfe28..17cc186329 100644 --- a/docs/attributes-registry/user.md +++ b/docs/attributes-registry/user.md @@ -10,15 +10,15 @@ Describes information about the user. -| Attribute | Type | Description | Examples | Stability | -| ------------------- | -------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------- | ---------------------------------------------------------------- | -| `authentication.id` | string | Unique identifier of an authenticated user in the system. | `S-1-5-21-202424912787-2692429404-2351956786-1000` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | -| `name` | string | Short name or login/username of the user. | `a.einstein` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | -| `user.email` | string | User email address. | `a.einstein@example.com` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | -| `user.full_name` | string | User's full name | `Albert Einstein` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | -| `user.hash` | string | Unique user hash to correlate information for a user in anonymized form. [1] | `364fc68eaf4c8acec74a4e52d7d1feaa` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | -| `user.id` | string | Identifier of a user who interacts with a system. This identifier may be unique only through best-effort means and does not imply that the user is authenticated to the system. [2] | `QdH5CAWJgqVT4rOr0qtumf` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | -| `user.roles` | string[] | Array of user roles at the time of the event. | `["admin", "reporting_user"]` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | +| Attribute | Type | Description | Examples | Stability | +| ------------------------ | -------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------- | ---------------------------------------------------------------- | +| `user.authentication.id` | string | Unique identifier of an authenticated user in the system. | `S-1-5-21-202424912787-2692429404-2351956786-1000` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | +| `user.email` | string | User email address. | `a.einstein@example.com` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | +| `user.full_name` | string | User's full name | `Albert Einstein` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | +| `user.hash` | string | Unique user hash to correlate information for a user in anonymized form. [1] | `364fc68eaf4c8acec74a4e52d7d1feaa` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | +| `user.id` | string | Identifier of a user who interacts with a system. This identifier may be unique only through best-effort means and does not imply that the user is authenticated to the system. [2] | `QdH5CAWJgqVT4rOr0qtumf` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | +| `user.name` | string | Short name or login/username of the user. | `a.einstein` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | +| `user.roles` | string[] | Array of user roles at the time of the event. | `["admin", "reporting_user"]` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | **[1]:** Useful if `user.id` or `user.name` contain confidential information and cannot be used. diff --git a/docs/general/attributes.md b/docs/general/attributes.md index 2eb596ac06..abb1e5de77 100644 --- a/docs/general/attributes.md +++ b/docs/general/attributes.md @@ -409,7 +409,7 @@ These attributes may be used for any operation with an authenticated and/or auth | Attribute | Type | Description | Examples | [Requirement Level](https://opentelemetry.io/docs/specs/semconv/general/attribute-requirement-level/) | Stability | |---|---|---|---|---|---| -| [`authentication.id`](/docs/attributes-registry/user.md) | string | Unique identifier of an authenticated user in the system. | `S-1-5-21-202424912787-2692429404-2351956786-1000` | `Recommended` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | +| [`user.authentication.id`](/docs/attributes-registry/user.md) | string | Unique identifier of an authenticated user in the system. | `S-1-5-21-202424912787-2692429404-2351956786-1000` | `Recommended` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | | [`user.roles`](/docs/attributes-registry/user.md) | string[] | Array of user roles at the time of the event. | `["admin", "reporting_user"]` | `Recommended` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | diff --git a/model/general.yaml b/model/general.yaml index 812a26fbdf..6c80dc8416 100644 --- a/model/general.yaml +++ b/model/general.yaml @@ -40,7 +40,7 @@ groups: note: > `enduser` namespace has been deprecated. When `user.authentication.id` is present, it is strongly recommended to provide `user.id` as well. attributes: - - ref: authentication.id + - ref: user.authentication.id requirement_level: recommended - ref: user.roles requirement_level: recommended diff --git a/model/registry/user.yaml b/model/registry/user.yaml index b855a8ada9..c862fe0d4a 100644 --- a/model/registry/user.yaml +++ b/model/registry/user.yaml @@ -32,12 +32,12 @@ groups: note: > It can be a random guid or a hash of the user's IP address. This is different from `user.hash` which is a hash of a known `user.id` or `user.name`. examples: ['QdH5CAWJgqVT4rOr0qtumf'] - - id: authentication.id + - id: user.authentication.id type: string brief: "Unique identifier of an authenticated user in the system." examples: ['S-1-5-21-202424912787-2692429404-2351956786-1000'] stability: experimental - - id: name + - id: user.name type: string stability: experimental brief: > From bf8e35e7506e4351766b3621050e85d3a0c49925 Mon Sep 17 00:00:00 2001 From: heyams Date: Thu, 8 Aug 2024 11:48:48 -0700 Subject: [PATCH 16/18] Address comments --- .../add_authentication_user_subnamespace.yaml | 4 +-- docs/attributes-registry/user.md | 30 +++++++++++-------- docs/general/attributes.md | 13 +++++++- model/general.yaml | 7 +++-- model/registry/user.yaml | 14 ++++++--- 5 files changed, 45 insertions(+), 23 deletions(-) diff --git a/.chloggen/add_authentication_user_subnamespace.yaml b/.chloggen/add_authentication_user_subnamespace.yaml index 9a326d564f..df80f22dfe 100644 --- a/.chloggen/add_authentication_user_subnamespace.yaml +++ b/.chloggen/add_authentication_user_subnamespace.yaml @@ -4,13 +4,13 @@ # your pull request title with [chore] or use the "Skip Changelog" label. # One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix' -change_type: 'enhancement' +change_type: enhancement # The name of the area of concern in the attributes-registry, (e.g. http, cloud, db) component: user # A brief description of the change. Surround your text with quotes ("") if it needs to start with a backtick (`). -note: introduce a new subnamespace `authentication` under `user` with a new attribute `user.authentication.id` +note: introduce subnamespace `user.authentication` with a new attribute `user.authentication.id` # Mandatory: One or more tracking issues related to the change. You can use the PR number here if no issue exists. # The values here must be integers. diff --git a/docs/attributes-registry/user.md b/docs/attributes-registry/user.md index 17cc186329..d22ea7cac8 100644 --- a/docs/attributes-registry/user.md +++ b/docs/attributes-registry/user.md @@ -10,16 +10,20 @@ Describes information about the user. -| Attribute | Type | Description | Examples | Stability | -| ------------------------ | -------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------- | ---------------------------------------------------------------- | -| `user.authentication.id` | string | Unique identifier of an authenticated user in the system. | `S-1-5-21-202424912787-2692429404-2351956786-1000` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | -| `user.email` | string | User email address. | `a.einstein@example.com` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | -| `user.full_name` | string | User's full name | `Albert Einstein` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | -| `user.hash` | string | Unique user hash to correlate information for a user in anonymized form. [1] | `364fc68eaf4c8acec74a4e52d7d1feaa` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | -| `user.id` | string | Identifier of a user who interacts with a system. This identifier may be unique only through best-effort means and does not imply that the user is authenticated to the system. [2] | `QdH5CAWJgqVT4rOr0qtumf` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | -| `user.name` | string | Short name or login/username of the user. | `a.einstein` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | -| `user.roles` | string[] | Array of user roles at the time of the event. | `["admin", "reporting_user"]` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | - -**[1]:** Useful if `user.id` or `user.name` contain confidential information and cannot be used. - -**[2]:** It can be a random guid or a hash of the user's IP address. This is different from `user.hash` which is a hash of a known `user.id` or `user.name`. +| Attribute | Type | Description | Examples | Stability | +| ------------------------ | -------- | ------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------- | ---------------------------------------------------------------- | +| `user.authentication.id` | string | Unique identifier of an authenticated user in the system. [1] | `S-1-5-21-202424912787-2692429404-2351956786-1000` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | +| `user.email` | string | User email address. | `a.einstein@example.com` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | +| `user.full_name` | string | User's full name | `Albert Einstein` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | +| `user.hash` | string | Unique user hash to correlate information for a user in anonymized form. [2] | `364fc68eaf4c8acec74a4e52d7d1feaa` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | +| `user.id` | string | Identifies a user interacting with a system regardless of user authentication status. This identifier may be unique only through best-effort means. [3] | `QdH5CAWJgqVT4rOr0qtumf` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | +| `user.name` | string | Short name or login/username of the user. | `a.einstein` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | +| `user.roles` | string[] | Array of user roles at the time of the event. | `["admin", "reporting_user"]` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | + +**[1]:** The `user.authentication.id` MAY be used to identify a user attempting to authenticate if it's known at this stage. + +**[2]:** Useful if `user.authentication.id` or `user.name` contain confidential information and cannot be used. + +**[3]:** The `user.id`, when populated, is expected to be generated before user is authenticated and SHOULD NOT change after the user logs in. In browser scenarios `user.id` is usually stored in cookies. +It's NOT RECOMMENDED to populate this attribute when unauthenticated users are not tracked or identified by the system. +It can be a random guid or a hash of the user's IP address. This is different from `user.hash` which is a hash of a known `user.id` or `user.name`. diff --git a/docs/general/attributes.md b/docs/general/attributes.md index abb1e5de77..6612f976e7 100644 --- a/docs/general/attributes.md +++ b/docs/general/attributes.md @@ -409,9 +409,20 @@ These attributes may be used for any operation with an authenticated and/or auth | Attribute | Type | Description | Examples | [Requirement Level](https://opentelemetry.io/docs/specs/semconv/general/attribute-requirement-level/) | Stability | |---|---|---|---|---|---| -| [`user.authentication.id`](/docs/attributes-registry/user.md) | string | Unique identifier of an authenticated user in the system. | `S-1-5-21-202424912787-2692429404-2351956786-1000` | `Recommended` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | +| [`user.id`](/docs/attributes-registry/user.md) | string | Identifies a user interacting with a system regardless of user authentication status. This identifier may be unique only through best-effort means. [1] | `QdH5CAWJgqVT4rOr0qtumf` | `Conditionally Required` [2] | ![Experimental](https://img.shields.io/badge/-experimental-blue) | +| [`user.authentication.id`](/docs/attributes-registry/user.md) | string | Unique identifier of an authenticated user in the system. [3] | `S-1-5-21-202424912787-2692429404-2351956786-1000` | `Recommended` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | | [`user.roles`](/docs/attributes-registry/user.md) | string[] | Array of user roles at the time of the event. | `["admin", "reporting_user"]` | `Recommended` | ![Experimental](https://img.shields.io/badge/-experimental-blue) | +**[1]:** The `user.id`, when populated, is expected to be generated before user is authenticated and SHOULD NOT change after the user logs in. In browser scenarios `user.id` is usually stored in cookies. +It's NOT RECOMMENDED to populate this attribute when unauthenticated users are not tracked or identified by the system. +It can be a random guid or a hash of the user's IP address. This is different from `user.hash` which is a hash of a known `user.id` or `user.name`. + +**[2]:** If instrumentation supports tracking unauthenticated users and if `user.authentication.id` is set, recommended otherwise. + +**[3]:** The `user.authentication.id` MAY be used to identify a user attempting to authenticate if it's known at this stage. + + + diff --git a/model/general.yaml b/model/general.yaml index 6c80dc8416..8c8157469d 100644 --- a/model/general.yaml +++ b/model/general.yaml @@ -34,12 +34,13 @@ groups: - ref: peer.service requirement_level: recommended - id: identity - type: span + type: attribute_group brief: > These attributes may be used for any operation with an authenticated and/or authorized user. - note: > - `enduser` namespace has been deprecated. When `user.authentication.id` is present, it is strongly recommended to provide `user.id` as well. attributes: + - ref: user.id + requirement_level: + conditionally_required: If instrumentation supports tracking unauthenticated users and if `user.authentication.id` is set, recommended otherwise. - ref: user.authentication.id requirement_level: recommended - ref: user.roles diff --git a/model/registry/user.yaml b/model/registry/user.yaml index c862fe0d4a..e1ad9b5ab2 100644 --- a/model/registry/user.yaml +++ b/model/registry/user.yaml @@ -22,19 +22,25 @@ groups: brief: > Unique user hash to correlate information for a user in anonymized form. note: > - Useful if `user.id` or `user.name` contain confidential information and cannot be used. + Useful if `user.authentication.id` or `user.name` contain confidential information and cannot be used. examples: ['364fc68eaf4c8acec74a4e52d7d1feaa'] - id: user.id type: string stability: experimental brief: > - Identifier of a user who interacts with a system. This identifier may be unique only through best-effort means and does not imply that the user is authenticated to the system. - note: > + Identifies a user interacting with a system regardless of user authentication status. This identifier may be unique only through best-effort means. + note: > + The `user.id`, when populated, is expected to be generated before user is authenticated and SHOULD NOT change after the user logs in. In browser scenarios `user.id` is usually stored in cookies. + + It's NOT RECOMMENDED to populate this attribute when unauthenticated users are not tracked or identified by the system. + It can be a random guid or a hash of the user's IP address. This is different from `user.hash` which is a hash of a known `user.id` or `user.name`. examples: ['QdH5CAWJgqVT4rOr0qtumf'] - id: user.authentication.id type: string - brief: "Unique identifier of an authenticated user in the system." + brief: Unique identifier of an authenticated user in the system. + note: > + The `user.authentication.id` MAY be used to identify a user attempting to authenticate if it's known at this stage. examples: ['S-1-5-21-202424912787-2692429404-2351956786-1000'] stability: experimental - id: user.name From 6f7dc086318ee12647ec8116be084c834a6d9c63 Mon Sep 17 00:00:00 2001 From: heyams Date: Thu, 8 Aug 2024 11:57:15 -0700 Subject: [PATCH 17/18] Fix yamllint --- model/registry/user.yaml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/model/registry/user.yaml b/model/registry/user.yaml index e1ad9b5ab2..e0b61f69f7 100644 --- a/model/registry/user.yaml +++ b/model/registry/user.yaml @@ -29,8 +29,9 @@ groups: stability: experimental brief: > Identifies a user interacting with a system regardless of user authentication status. This identifier may be unique only through best-effort means. - note: > - The `user.id`, when populated, is expected to be generated before user is authenticated and SHOULD NOT change after the user logs in. In browser scenarios `user.id` is usually stored in cookies. + note: > + The `user.id`, when populated, is expected to be generated before user is authenticated and SHOULD NOT change after the user logs in. + In browser scenarios `user.id` is usually stored in cookies. It's NOT RECOMMENDED to populate this attribute when unauthenticated users are not tracked or identified by the system. From 5a6d337680294a547a8c5729a19f611e96d5d96d Mon Sep 17 00:00:00 2001 From: heyams Date: Thu, 8 Aug 2024 13:29:25 -0700 Subject: [PATCH 18/18] Update user.hash referrence to user.authentication.id everywhere --- docs/attributes-registry/user.md | 2 +- docs/general/attributes.md | 2 +- model/registry/user.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/attributes-registry/user.md b/docs/attributes-registry/user.md index d22ea7cac8..4cc6cf05d1 100644 --- a/docs/attributes-registry/user.md +++ b/docs/attributes-registry/user.md @@ -26,4 +26,4 @@ Describes information about the user. **[3]:** The `user.id`, when populated, is expected to be generated before user is authenticated and SHOULD NOT change after the user logs in. In browser scenarios `user.id` is usually stored in cookies. It's NOT RECOMMENDED to populate this attribute when unauthenticated users are not tracked or identified by the system. -It can be a random guid or a hash of the user's IP address. This is different from `user.hash` which is a hash of a known `user.id` or `user.name`. +It can be a random guid or a hash of the user's IP address. This is different from `user.hash` which is a hash of a known `user.authentication.id` or `user.name`. diff --git a/docs/general/attributes.md b/docs/general/attributes.md index 6612f976e7..bb0290c9c0 100644 --- a/docs/general/attributes.md +++ b/docs/general/attributes.md @@ -415,7 +415,7 @@ These attributes may be used for any operation with an authenticated and/or auth **[1]:** The `user.id`, when populated, is expected to be generated before user is authenticated and SHOULD NOT change after the user logs in. In browser scenarios `user.id` is usually stored in cookies. It's NOT RECOMMENDED to populate this attribute when unauthenticated users are not tracked or identified by the system. -It can be a random guid or a hash of the user's IP address. This is different from `user.hash` which is a hash of a known `user.id` or `user.name`. +It can be a random guid or a hash of the user's IP address. This is different from `user.hash` which is a hash of a known `user.authentication.id` or `user.name`. **[2]:** If instrumentation supports tracking unauthenticated users and if `user.authentication.id` is set, recommended otherwise. diff --git a/model/registry/user.yaml b/model/registry/user.yaml index e0b61f69f7..a3c0fe8011 100644 --- a/model/registry/user.yaml +++ b/model/registry/user.yaml @@ -35,7 +35,7 @@ groups: It's NOT RECOMMENDED to populate this attribute when unauthenticated users are not tracked or identified by the system. - It can be a random guid or a hash of the user's IP address. This is different from `user.hash` which is a hash of a known `user.id` or `user.name`. + It can be a random guid or a hash of the user's IP address. This is different from `user.hash` which is a hash of a known `user.authentication.id` or `user.name`. examples: ['QdH5CAWJgqVT4rOr0qtumf'] - id: user.authentication.id type: string