open-telemetry · heyams · Oct 7, 2024 · Oct 7, 2024 · Oct 7, 2024 · Oct 7, 2024
@@ -0,0 +1,24 @@
+# Use this changelog template to create an entry for release notes.
+#
+# If your change doesn't affect end users you should instead start
+# your pull request title with [chore] or use the "Skip Changelog" label.
+
+# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix'
+change_type: enhancement
+
+# The name of the area of concern in the attributes-registry, (e.g. http, cloud, db)
+component: enduser
+
+# A brief description of the change. Surround your text with quotes ("") if it needs to start with a backtick (`).
+note: introduce new attribute `enduser.authentication.id`, replace `enduser.id` with `enduser.pseudo.id`, and deprecate `enduser.authentication.role`, and `enduser.authentication.scope`.
+
+# Mandatory: One or more tracking issues related to the change. You can use the PR number here if no issue exists.
+# The values here must be integers.
+issues: [1104]
+
+# (Optional) One or more lines of additional information to render under the primary note.
+# These lines will be padded with 2 spaces and then inserted directly into the document.
+# Use pipe (|) for multiline entries.
+subtext: |
+  The new attribute `enduser.authentication.id` is intended to provide an unique identifier of an authenticated enduser.
+  The deprecated attributes `enduser.authentication.role` and `enduser.authentication.scope` are removed from the enduser registry.
@@ -41,6 +41,7 @@ body:
         - area:disk
         - area:dns
         - area:dotnet
+        - area:enduser
         - area:error
         - area:event
         - area:exception

@@ -33,6 +33,7 @@ body:
         - area:disk
         - area:dns
         - area:dotnet
+        - area:enduser
         - area:error
         - area:event
         - area:exception

@@ -42,6 +42,7 @@ body:
         - area:disk
         - area:dns
         - area:dotnet
+        - area:enduser
         - area:error
         - area:event
         - area:exception

@@ -6,12 +6,24 @@
 
 # Enduser
 
+- [End User Attributes](#end-user-attributes)
+- [Deprecated End User Attributes](#deprecated-end-user-attributes)
+
+## End User Attributes
+
+Describes information about the end user, which can be used as a subdomain of browser, client, or user domains.
+
+| Attribute | Type | Description | Examples | Stability |
+|---|---|---|---|---|
+| <a id="enduser-authentication-id" href="#enduser-authentication-id">`enduser.authentication.id`</a> | string | Unique identifier of an authenticated user in the system. | `S-1-5-21-202424912787-2692429404-2351956786-1000` | ![Experimental](https://img.shields.io/badge/-experimental-blue) |
+| <a id="enduser-pseudo-id" href="#enduser-pseudo-id">`enduser.pseudo.id`</a> | string | Pseudonymous identifier of an end user. This identifier is unique to the user but does not reveal their actual identity. | `QdH5CAWJgqVT4rOr0qtumf` | ![Experimental](https://img.shields.io/badge/-experimental-blue) |
+
 ## Deprecated End User Attributes
 
-Describes deprecated enduser attributes. Complete enduser namespace has been deprecated
+Describes deprecated end user attributes.
 
 | Attribute | Type | Description | Examples | Stability |
 |---|---|---|---|---|
-| <a id="enduser-id" href="#enduser-id">`enduser.id`</a> | string | Deprecated, use `user.id` instead. | `username` | ![Deprecated](https://img.shields.io/badge/-deprecated-red)<br>Replaced by `user.id` attribute. |
-| <a id="enduser-role" href="#enduser-role">`enduser.role`</a> | string | Deprecated, use `user.roles` instead. | `admin` | ![Deprecated](https://img.shields.io/badge/-deprecated-red)<br>Replaced by `user.roles` attribute. |
-| <a id="enduser-scope" href="#enduser-scope">`enduser.scope`</a> | string | Deprecated, no replacement at this time. | `read:message, write:files` | ![Deprecated](https://img.shields.io/badge/-deprecated-red)<br>Removed. |
+| <a id="enduser-id" href="#enduser-id">`enduser.id`</a> | string | Deprecated, use `enduser.pseudo.id` instead. | `QdH5CAWJgqVT4rOr0qtumf` | ![Deprecated](https://img.shields.io/badge/-deprecated-red)<br>Replaced by `enduser.pseudo.id`. |
+| <a id="enduser-role" href="#enduser-role">`enduser.role`</a> | string | Actual/assumed role the client is making the request under extracted from token or application security context. | `admin` | ![Deprecated](https://img.shields.io/badge/-deprecated-red)<br>Removed. |
+| <a id="enduser-scope" href="#enduser-scope">`enduser.scope`</a> | string | Scopes or granted authorities the client currently possesses extracted from token or application security context. The value would come from the scope associated with an [OAuth 2.0 Access Token](https://tools.ietf.org/html/rfc6749#section-3.3) or an attribute value in a [SAML 2.0 Assertion](http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0.html). | `read:message, write:files` | ![Deprecated](https://img.shields.io/badge/-deprecated-red)<br>Removed. |
@@ -396,9 +396,13 @@ These attributes may be used for any operation with an authenticated and/or auth
 
 | Attribute  | Type | Description  | Examples  | [Requirement Level](https://opentelemetry.io/docs/specs/semconv/general/attribute-requirement-level/) | Stability |
 |---|---|---|---|---|---|
-| [`enduser.id`](/docs/attributes-registry/enduser.md) | string | Deprecated, use `user.id` instead. | `username` | `Recommended` | ![Deprecated](https://img.shields.io/badge/-deprecated-red)<br>Replaced by `user.id` attribute. |
-| [`enduser.role`](/docs/attributes-registry/enduser.md) | string | Deprecated, use `user.roles` instead. | `admin` | `Recommended` | ![Deprecated](https://img.shields.io/badge/-deprecated-red)<br>Replaced by `user.roles` attribute. |
-| [`enduser.scope`](/docs/attributes-registry/enduser.md) | string | Deprecated, no replacement at this time. | `read:message, write:files` | `Recommended` | ![Deprecated](https://img.shields.io/badge/-deprecated-red)<br>Removed. |
+| [`enduser.authentication.id`](/docs/attributes-registry/enduser.md) | string | Unique identifier of an authenticated user in the system. [1] | `S-1-5-21-202424912787-2692429404-2351956786-1000` | `Required` | ![Experimental](https://img.shields.io/badge/-experimental-blue) |
+| [`enduser.id`](/docs/attributes-registry/enduser.md) | string | Deprecated, use `enduser.pseudo.id` instead. | `QdH5CAWJgqVT4rOr0qtumf` | `Recommended` | ![Deprecated](https://img.shields.io/badge/-deprecated-red)<br>Replaced by `enduser.pseudo.id` attribute. |
+| [`enduser.pseudo.id`](/docs/attributes-registry/enduser.md) | string | Pseudonymous identifier of an end user. This identifier is unique to the user but does not reveal their actual identity. | `QdH5CAWJgqVT4rOr0qtumf` | `Recommended` | ![Experimental](https://img.shields.io/badge/-experimental-blue) |
+| [`enduser.role`](/docs/attributes-registry/enduser.md) | string | Actual/assumed role the client is making the request under extracted from token or application security context. | `admin` | `Recommended` | ![Deprecated](https://img.shields.io/badge/-deprecated-red)<br>Removed. |
+| [`enduser.scope`](/docs/attributes-registry/enduser.md) | string | Scopes or granted authorities the client currently possesses extracted from token or application security context. The value would come from the scope associated with an [OAuth 2.0 Access Token](https://tools.ietf.org/html/rfc6749#section-3.3) or an attribute value in a [SAML 2.0 Assertion](http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0.html). | `read:message, write:files` | `Recommended` | ![Deprecated](https://img.shields.io/badge/-deprecated-red)<br>Removed. |
+
+**[1] `enduser.authentication.id`:** The `enduser.authentication.id` attribute is intended to provide an unique identifier of an authenticated enduser. The deprecated attributes `enduser.authentication.role` and `enduser.authentication.scope` are removed from the enduser registry.
 
 <!-- markdownlint-restore -->
 <!-- prettier-ignore-end -->
@@ -410,34 +414,7 @@ system. It is expected this information would be propagated unchanged from node-
 using the Baggage mechanism. These attributes should not be used to record system-to-system
 authentication attributes.
 
-Examples of where the `enduser.id` value is extracted from:
-
-| Authentication protocol | Field or description            |
-| :---------------------- | :------------------------------ |
-| [HTTP Basic/Digest Authentication] | `username`               |
-| [OAuth 2.0 Bearer Token] | [OAuth 2.0 Client Identifier] value from `client_id` for the [OAuth 2.0 Client Credentials Grant] flow and `subject` or `username` from get token info response for other flows using opaque tokens. |
-| [OpenID Connect 1.0 IDToken] | `sub` |
-| [SAML 2.0 Assertion] | `urn:oasis:names:tc:SAML:2.0:assertion:Subject` |
-| [Kerberos] | `PrincipalName` |
-
-| Framework               | Field or description            |
-| :---------------------- | :------------------------------ |
-| [JavaEE/JakartaEE Servlet] | `javax.servlet.http.HttpServletRequest.getUserPrincipal()` |
-| [Windows Communication Foundation] | `ServiceSecurityContext.Current.PrimaryIdentity` |
-
-[SAML 2.0 Assertion]: http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0.html
-[HTTP Basic/Digest Authentication]: https://tools.ietf.org/html/rfc2617
-[OAuth 2.0 Bearer Token]: https://tools.ietf.org/html/rfc6750
-[OAuth 2.0 Client Identifier]: https://tools.ietf.org/html/rfc6749#section-2.2
-[OAuth 2.0 Client Credentials Grant]: https://tools.ietf.org/html/rfc6749#section-4.4
-[OpenID Connect 1.0 IDToken]: https://openid.net/specs/openid-connect-core-1_0.html#IDToken
-[Kerberos]: https://tools.ietf.org/html/rfc4120
-[JavaEE/JakartaEE Servlet]: https://jakarta.ee/specifications/platform/8/apidocs/javax/servlet/http/HttpServletRequest.html
-[Windows Communication Foundation]: https://docs.microsoft.com/dotnet/api/system.servicemodel.servicesecuritycontext?view=netframework-4.8
-
-Given the sensitive nature of this information, SDKs and exporters SHOULD drop these attributes by
-default and then provide a configuration parameter to turn on retention for use cases where the
-information is required and would not violate any policies or regulations.
+`enduser.pseudo.id` attribute can be set by a specific client component, e.g. through a cookie out of the Span's HTTP request headers. Client side application should be able to stamp this attribute on any telemetry item emitted by the application whenever this cookie is available.
 
 ## General thread attributes
 

@@ -0,0 +1,22 @@
+groups:
+  - id: identity
+    type: attribute_group
+    brief: >
+      These attributes may be used for any operation with an authenticated and/or authorized enduser.
-      These attributes may be used for any operation with an authenticated and/or authorized enduser.
+      Describes end user identity. 
-      These attributes may be used for any operation with an authenticated and/or authorized enduser.
+      Describes end user identity. 
+    attributes:
+      - ref: enduser.id
+        deprecated: Replaced by `enduser.pseudo.id` attribute.
+        requirement_level: recommended
+      - ref: enduser.pseudo.id
+        requirement_level: recommended
+      - ref: enduser.role
+        deprecated: "Removed."
+        requirement_level: recommended
+      - ref: enduser.scope
+        deprecated: "Removed."
+        requirement_level: recommended
+      - ref: enduser.authentication.id
+        requirement_level: required
+        note: >
+          The `enduser.authentication.id` attribute is intended to provide an unique identifier of an authenticated enduser.
+          The deprecated attributes `enduser.authentication.role` and `enduser.authentication.scope` are removed from the enduser registry.
-          The deprecated attributes `enduser.authentication.role` and `enduser.authentication.scope` are removed from the enduser registry.
-          The deprecated attributes `enduser.authentication.role` and `enduser.authentication.scope` are removed from the enduser registry.
@@ -2,23 +2,27 @@ groups:
   - id: registry.enduser.deprecated
     type: attribute_group
     display_name: Deprecated End User Attributes
-    brief: Describes deprecated enduser attributes. Complete enduser namespace has been deprecated
+    brief: "Describes deprecated end user attributes."
-    brief: "Describes deprecated end user attributes."
+    brief: "Describes deprecated enduser attributes."
-    brief: "Describes deprecated end user attributes."
+    brief: "Describes deprecated enduser attributes."
     attributes:
       - id: enduser.id
         type: string
+        brief: 'Deprecated, use `enduser.pseudo.id` instead.'
         stability: experimental
-        deprecated: Replaced by `user.id` attribute.
-        brief: "Deprecated, use `user.id` instead."
-        examples: 'username'
+        deprecated: "Replaced by `enduser.pseudo.id`."
+        examples: ['QdH5CAWJgqVT4rOr0qtumf']
       - id: enduser.role
         type: string
+        deprecated: "Removed."
         stability: experimental
-        deprecated: Replaced by `user.roles` attribute.
-        brief: "Deprecated, use `user.roles` instead."
+        brief: 'Actual/assumed role the client is making the request under extracted from token or application security context.'
         examples: 'admin'
       - id: enduser.scope
         type: string
+        deprecated: "Removed."
         stability: experimental
-        deprecated: Removed.
-        brief: "Deprecated, no replacement at this time."
+        brief: >
+          Scopes or granted authorities the client currently possesses extracted from token
+          or application security context. The value would come from the scope associated
+          with an [OAuth 2.0 Access Token](https://tools.ietf.org/html/rfc6749#section-3.3)
+          or an attribute value in a [SAML 2.0 Assertion](http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0.html).
         examples: 'read:message, write:files'
@@ -0,0 +1,18 @@
+groups:
+  - id: registry.enduser
+    type: attribute_group
+    display_name: End User Attributes
+    brief: >
+      Describes information about the end user, which can be used as a subdomain of browser, client, or user domains.
-      Describes information about the end user, which can be used as a subdomain of browser, client, or user domains.
+      Describes the end user.
-      Describes information about the end user, which can be used as a subdomain of browser, client, or user domains.
+      Describes the end user.
+    attributes:
+      - id: enduser.pseudo.id
+        type: string
+        stability: experimental
-        stability: experimental
+        stability: development 
-        stability: experimental
+        stability: development 
+        brief: >
+          Pseudonymous identifier of an end user. This identifier is unique to the user but does not reveal their actual identity.
+        examples: ['QdH5CAWJgqVT4rOr0qtumf']
+      - id: enduser.authentication.id
+        type: string
+        brief: "Unique identifier of an authenticated user in the system."
+        examples: [ 'S-1-5-21-202424912787-2692429404-2351956786-1000' ]
         note: | 
           ... 
           > [!WARNING] 
           > 
           > This attribute contains sensitive (PII) information. 
     ``` 
         note: | 
           ... 
  
           > [!WARNING] 
           > 
           > This attribute contains sensitive (PII) information. 
     ``` 
+        stability: experimental