-
Notifications
You must be signed in to change notification settings - Fork 175
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update enduser domain and add enduser.authentication.id
#1456
base: main
Are you sure you want to change the base?
Conversation
0a8b0e8
to
ee0970f
Compare
brief: > | ||
Describes information about the end user, which can be used as a subdomain of browser, client, or user domains. | ||
attributes: | ||
- id: enduser.id |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It seems confusing to set enduser.id = "QdH5CAWJgqVT4rOr0qtumf"
and enduser.authentication.id = "lmolkova"
, based on the
https://github.com/open-telemetry/semantic-conventions/pull/1146/files#r1712997369 and https://github.com/open-telemetry/semantic-conventions/pull/1146/files#r1710187141
It'd be more clear if we called this one enduser.tracking.id
or enduser.anonymous.id
so that people would not put PII there.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
per earlier discussion, it seemed that anonymous
was confusing to some.
i'm good with enduser.anonymous_id
or enduser.tracking_id
. neither tracking
nor anonymous
a namespace, nesting here doesn't seem to follow the naming convention?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
do you mean that enduser.tracking.id
would not follow the naming convention? Why?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I like enduser.tracking.id
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
some examples
semantic-conventions/schemas/1.19.0
Line 32 in d5d2b9d
messaging.consumer_id: messaging.consumer.id |
nesting is used for .
if not, use _
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not that I really want to extend the discussion further, but based on @jsuereth comments and understanding from his perspective, I can see how anonymous
could also be misunderstood and given his suggestions of
"user.unknown_id", "anonymous_user.id", "user.unauth_id".
From these comments, I would suggest the unauth_id
option, would identify the meaning better as it's not "unknown" but rather than a random (anonymous) identifier for the current enduser
which (from a RUM perspective) is persisted for some period of time. As its unlikely that unauth
would represent some common (extended) namespace then either _
or .
would work.
It's also represents a possible "linkable" identifier, while on it's own it doesn't identify the user, but in conjunction with other attributes it (may) be possible to identify the enduser
so from that perspective it's not "truely" anonymous, which I infer is Josh's point on the name.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My concerns around anonymous still apply. I don't think the id is really anonymous and can't be considered as such. It's a tracking id, and should be considered sensitive
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
how about enduser.unauthenticated.id
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
enduser.pseudo.id
Let's create a list of options and add pros/cons.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@lmolkova @trisch-me Please review and fill in anything that i may have missed.:
enduser.pseudo.id
- pros: it's clear to know this id is not authenticated
- cons: it might lead to misinterpretation of this id, like it's not a real id, a testing id, a temporary id?
enduser.tracking.id' - pros: it's clear that this id is used to track a particular user. - cons:
tracking` may raise privacy concerns, as it implies monitoring user behavior, which could lead to user distrust. it also lacks context of what exactly is being tracked (e.g. user actions, sessions, locations, etc)
enduser.unauth.id
- pros: unauth
is short
- cons: unauth
is ambiguous, as it can be unauthenticated
or unauthorized
. additionally, acronym is not a good naming practice and leads to more confusion.
enduser.temp.id
or enduser.transient.id
- pros: it suggests that this id is temporary and associated with user who has not been authenticated.
- cons: it lacks context about the id is temporary for what context (e.g. session, authentication)
enduser.unauthenticated.id
- pro: it's clear to indicate an authenticated user.
- cons: it collides with enduser.authentication.id
, which can be renamed to enduser.authenticated.id
, then it would have been fine?
enduser.anonymous.id
- pros: it's clear that this id is anonymous.
- cons: it can be confusing and lacks context. as long we have a clear documentation, this should be ok?
enduser.authentication.id
…s/semantic-conventions into heya/add-enduser-namespace
|
||
# Authentication | ||
|
||
## Authentication Attributes |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this should be inside enduser.md
. If you add it like this, it will introduce a new "area" called authentication
which is not what you are doing in this PR. The authentication attributes are inside enduser
namespace which is the area. Please move it to enduser.md
Fixes #1104