Claims from JWT used for distributed tracing

[Michael Hofmann]

Hi,

to gather infos from the behaviour of the users and to analyse bugs, it would be helpful to identify this person and integrate this info into the trace-output.
Is this planned for the future release opentracing?

Using a special claim in the incoming jwt token (jti for example) could be automatically extracted and transfered into the tracing output.

If you don't use security, an alternative could be something like a correlation-id (UUID) which can be included in the HTTP header. If this exists, we could use this value to identify the caller.

Regards,
Michael

[Alasdair Nottingham]

Could it not use the upn which is already there?

--
You received this message because you are subscribed to the Google Groups "Eclipse MicroProfile" group.
To unsubscribe from this group and stop receiving emails from it, send an email to microprofile...@googlegroups.com.
To post to this group, send email to microp...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/microprofile/64472b24-2876-4e56-9794-a2199183724a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Michael Hofmann]

In germany/europe we have strict laws concering protection of personal data. Therefore it might be forbidden in some cases to trace this data. It would be easier to specify (config-value) the claim-name for trace information. This makes us more flexible.