最终,您应该根据官方和合规性/隐私/安全性审查,从合规性/隐私/安全性角度确定要记录的内容以及如何记录日志和公司内部或第三方的认证.
撇开免责声明:
- 租户ID和App Client ID通常不被视为PII或机密.
- 不是PII,因为它们本身不会告诉您用户是谁.
- 不是秘密,因为它们很容易获得.尝试登录到您的应用程序的任何人都将受到这些攻击,因为它们包含在授权请求中.
-
Tenant ID and App Client ID aren't generally considered PII nor secrets.
- Not PII because, by themselves, they won't tell you who the user is.
- Not secrets because they are very easy to obtain. Anyone attempting to log in to your application will be exposed to these as they are included in the authorization request.
- 不是PII,因为它本身不会告诉您用户是谁.
- 可能是个秘密,因为它并不容易公开给所有人.可以认为这不是秘密,因为没有授权用户或应用程序的令牌也无法进行任何事情.
请注意,一些公司和隐私评论通常将这3个数据点视为组织可识别信息(OII),有时会制定处理这些数据的政策(尽管不如PII严格).
Do note that some companies and privacy reviews often consider these 3 data points as Organization Identifiable Information (OII) and sometimes have policies for handling those (less stringent that PII though).