The audit logging sounds interesting. If you combine it with some kind of encryption, then I can imagine it working pretty well. Aside from the logistical problems/gas cost, that is.
nibblebit@programming.dev 11 months ago
Audit logs and Access control paper trails.
Security event logging has to be:
- Broadly accessible
- Write-protected
- offering some proof of completeness.
These three requirements are tricky and often conflicting. Block-chain might be an inefficient way to achieve these, but the glove does fit quite neatly.
Logistical paperwork
- Purchase Orders/Invoices and packing slips
- Waybills/Bills of lading and CMR’s These kinds of documents require multiple stages of matching and approval by untrusted 3rd parties There are dozens of ecosystems all interracting that support these documents, but most people still use paper, because its more reliable, but incredibly prone to fraud and forgery. Having all of these approvals and transactions tracked on a blockchain and letting different systems interact with the same chain, would make it possible without each ERP having a rest API to each other ERP.
Mikina@programming.dev 11 months ago
atheken@programming.dev 11 months ago
There is no incentive for adding the friction of gas or PoW for these types of systems.
The parties involved can have a shared log and private keys for signing entries. Party A provides a thing and Party B signs an entry that says they were provided with the thing. Party A can wait for that signed entry before releasing the goods, etc. The problem with block chain to track physical stuff is that that handoffs are not instantaneous, so there’s always lag between the real state of the world and what the log says. In practice, this may be a few seconds, and a human might wait for confirmation before physically granting access to a recipient.
nibblebit@programming.dev 11 months ago
Yeah it’s not ideal, but you only need to pay the gas cost when you need to prove integrity and that’s alot cheaper than having to constantly be in sync with the world.
MiddleKnight@discuss.tchncs.de 11 months ago
I fail to see what blockchain can provide in the realm of audit logging?
Fundamentally, you need to trust the systems which are logging events to log the correct events at the correct time. How does blockchain change this?
pjhenry1216@kbin.social 11 months ago
It's more about tampering with the audit log. "Company A provided their audit logs to prove their innocence." Did they? Well. Maybe. How do we know it's the full log. How do we know it wasn't altered? Sure, the company can digitally sign it, but what does that prove?
MiddleKnight@discuss.tchncs.de 11 months ago
Then sign and send the audit log in realtime to the authority which A provided their logs to. Same effect no blockchain.
You could also encrypt and publish it. But realistically there is always going to be some entity actually responsible for enacting the consequences for non-compliance and they are the only entity that really ever needs to check these logs.
I am not sure I understand what the incentives to “mine” this blockchain would be. Without a certain block difficulty, which requires many miners, it will be trivial to rewrite the entire chain.