open-telemetry · lmolkova · May 28, 2024 · Feb 9, 2024 · Feb 9, 2024 · Feb 9, 2024
@@ -0,0 +1,22 @@
+# Use this changelog template to create an entry for release notes.
+#
+# If your change doesn't affect end users you should instead start
+# your pull request title with [chore] or use the "Skip Changelog" label.
+
+# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix'
+change_type: new_component
+
+# The name of the area of concern in the attributes-registry, (e.g. http, cloud, db)
+component: user
+
+# A brief description of the change. Surround your text with quotes ("") if it needs to start with a backtick (`).
+note: Add new user namespace
+
+# Mandatory: One or more tracking issues related to the change. You can use the PR number here if no issue exists.
+# The values here must be integers.
+issues: [731]
+
+# (Optional) One or more lines of additional information to render under the primary note.
+# These lines will be padded with 2 spaces and then inserted directly into the document.
+# Use pipe (|) for multiline entries.
+subtext:
@@ -34,7 +34,6 @@ body:
  - area:device
  - area:disk
  - area:dns
- - area:enduser
  - area:error
  - area:event
  - area:exception
@@ -70,6 +69,7 @@ body:
  - area:tls
  - area:url
  - area:user-agent
+ - area:user
  - area:webengine
  # End semconv area list
  - type: textarea

@@ -27,7 +27,6 @@ body:
  - area:device
  - area:disk
  - area:dns
- - area:enduser
  - area:error
  - area:event
  - area:exception
@@ -63,6 +62,7 @@ body:
  - area:tls
  - area:url
  - area:user-agent
+ - area:user
  - area:webengine
  # End semconv area list
  - type: textarea

@@ -36,7 +36,6 @@ body:
  - area:device
  - area:disk
  - area:dns
- - area:enduser
  - area:error
  - area:event
  - area:exception
@@ -72,6 +71,7 @@ body:
  - area:tls
  - area:url
  - area:user-agent
+ - area:user
  - area:webengine
  # End semconv area list
  - type: textarea

@@ -82,6 +82,7 @@ Currently, the following namespaces exist:
 - [Thread](thread.md)
 - [TLS](tls.md)
 - [URL](url.md)
+- [User](user.md)
 - [User Agent](user-agent.md)
 - [Webengine](webengine.md)
 

@@ -6,12 +6,12 @@
 
 # Enduser
 
-## Enduser Attributes
+## Enduser Deprecated Attributes
 
-This document defines attributes for operations with an authenticated and/or authorized enduser.
+Describes deprecated enduser attributes. Complete enduser namespace has been deprecated
 
-| Attribute | Type | Description      | Examples | Stability |
-| --------------- | ------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------- | ---------------------------------------------------------------- |
-| `enduser.id` | string | Username or client_id extracted from the access token or [Authorization](https://tools.ietf.org/html/rfc7235#section-4.2) header in the inbound request from outside the system.  | `username` | ![Experimental](https://img.shields.io/badge/-experimental-blue) |
-| `enduser.role` | string | Actual/assumed role the client is making the request under extracted from token or application security context. | `admin` | ![Experimental](https://img.shields.io/badge/-experimental-blue) |
-| `enduser.scope` | string | Scopes or granted authorities the client currently possesses extracted from token or application security context. The value would come from the scope associated with an [OAuth 2.0 Access Token](https://tools.ietf.org/html/rfc6749#section-3.3) or an attribute value in a [SAML 2.0 Assertion](http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0.html). | `read:message, write:files` | ![Experimental](https://img.shields.io/badge/-experimental-blue) |
+| Attribute | Type | Description | Examples | Stability |
+| --------------- | ------ | ------------------------------------- | --------------------------- | ---------------------------------------------------------------------------------------------- |
+| `enduser.id` | string | Deprecated, use `user.id` instead. | `username` | ![Deprecated](https://img.shields.io/badge/-deprecated-red)<br>use the `user.id` attribute.  |
+| `enduser.role` | string | Deprecated, use `user.roles` instead. | `admin` | ![Deprecated](https://img.shields.io/badge/-deprecated-red)<br>use the `user.roles` attribute. |
+| `enduser.scope` | string | Deprecated, use `user.scope` instead. | `read:message, write:files` | ![Deprecated](https://img.shields.io/badge/-deprecated-red)<br>use the `user.scope` attribute. |
@@ -0,0 +1,23 @@
+<!--- Hugo front matter used to generate the website version of this page:
+--->
+
+<!-- NOTE: THIS FILE IS AUTOGENERATED. DO NOT EDIT BY HAND. -->
+<!-- see templates/registry/markdown/attribute_namespace.md.j2 -->
+
+# User
+
+## User Attributes
+
+Describes information about the user that is relevant to the event.
+
+| Attribute | Type | Description | Examples | Stability |
+| ---------------- | -------- | ---------------------------------------------------------------------------------------------------- | -------------------------------------------------- | ---------------------------------------------------------------- |
+| `user.domain` | string | Name of the directory the user is a member of. For example, an LDAP or Active Directory domain name. | `internal.example.com` | ![Experimental](https://img.shields.io/badge/-experimental-blue) |
+| `user.email` | string | User email address. | `a.einstein@example.com` | ![Experimental](https://img.shields.io/badge/-experimental-blue) |
+| `user.full_name` | string | User's full name | `Albert Einstein` | ![Experimental](https://img.shields.io/badge/-experimental-blue) |
+| `user.hash` | string | Unique user hash to correlate information for a user in anonymized form. [1] | `364fc68eaf4c8acec74a4e52d7d1feaa` | ![Experimental](https://img.shields.io/badge/-experimental-blue) |
+| `user.id` | string | Unique identifier of the user. | `S-1-5-21-202424912787-2692429404-2351956786-1000` | ![Experimental](https://img.shields.io/badge/-experimental-blue) |
+| `user.name` | string | Short name or login/username of the user. | `a.einstein` | ![Experimental](https://img.shields.io/badge/-experimental-blue) |
+| `user.roles` | string[] | Array of user roles at the time of the event. | `admin`; `reporting_user` | ![Experimental](https://img.shields.io/badge/-experimental-blue) |
+
+**[1]:** Useful if `user.id` or `user.name` contain confidential information and cannot be used.
@@ -311,9 +311,9 @@ These attributes may be used for any operation with an authenticated and/or auth
 <!-- semconv identity -->
 | Attribute | Type | Description | Examples | [Requirement Level](https://opentelemetry.io/docs/specs/semconv/general/attribute-requirement-level/) | Stability |
 |---|---|---|---|---|---|
-| [`enduser.id`](/docs/attributes-registry/enduser.md) | string | Username or client_id extracted from the access token or [Authorization](https://tools.ietf.org/html/rfc7235#section-4.2) header in the inbound request from outside the system. | `username` | `Recommended` | ![Experimental](https://img.shields.io/badge/-experimental-blue) |
-| [`enduser.role`](/docs/attributes-registry/enduser.md) | string | Actual/assumed role the client is making the request under extracted from token or application security context. | `admin` | `Recommended` | ![Experimental](https://img.shields.io/badge/-experimental-blue) |
-| [`enduser.scope`](/docs/attributes-registry/enduser.md) | string | Scopes or granted authorities the client currently possesses extracted from token or application security context. The value would come from the scope associated with an [OAuth 2.0 Access Token](https://tools.ietf.org/html/rfc6749#section-3.3) or an attribute value in a [SAML 2.0 Assertion](http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0.html). | `read:message, write:files` | `Recommended` | ![Experimental](https://img.shields.io/badge/-experimental-blue) |
+| [`enduser.id`](/docs/attributes-registry/enduser.md) | string | Deprecated, use `user.id` instead. | `username` | `Recommended` | ![Deprecated](https://img.shields.io/badge/-deprecated-red)<br>use the `user.id` attribute. |
+| [`enduser.role`](/docs/attributes-registry/enduser.md) | string | Deprecated, use `user.roles` instead. | `admin` | `Recommended` | ![Deprecated](https://img.shields.io/badge/-deprecated-red)<br>use the `user.roles` attribute. |
+| [`enduser.scope`](/docs/attributes-registry/enduser.md) | string | Deprecated, use `user.scope` instead. | `read:message, write:files` | `Recommended` | ![Deprecated](https://img.shields.io/badge/-deprecated-red)<br>use the `user.scope` attribute. |
 <!-- endsemconv -->
 
 These attributes describe the authenticated user driving the user agent making requests to the instrumented

@@ -0,0 +1,24 @@
+groups:
+ - id: registry.enduser.deprecated
+ prefix: enduser
+ type: attribute_group
+ brief: Describes deprecated enduser attributes. Complete enduser namespace has been deprecated
+ attributes:
+ - id: id
+ type: string
+ stability: experimental
+ deprecated: use the `user.id` attribute.
+ brief: "Deprecated, use `user.id` instead."
+ examples: 'username'
+ - id: role
+ type: string
+ stability: experimental
+ deprecated: use the `user.roles` attribute.
+ brief: "Deprecated, use `user.roles` instead."
+ examples: 'admin'
+ - id: scope
+ type: string
+ stability: experimental
+ deprecated: use the `user.scope` attribute.
+ brief: "Deprecated, use `user.scope` instead."
+ examples: 'read:message, write:files'
@@ -0,0 +1,50 @@
+groups:
+ - id: registry.user
+ prefix: user
+ type: attribute_group
+ brief: "Describes information about the user that is relevant to the event."
+ attributes:
+ - id: domain
+ type: string
+ stability: experimental
+ brief: >
+ Name of the directory the user is a member of. For example, an LDAP or Active Directory domain name.
+ examples: ['internal.example.com']
+ - id: email
+ type: string
+ stability: experimental
+ brief: >
+ User email address.
+ examples: ['a.einstein@example.com']
+ - id: full_name
+ type: string
+ stability: experimental
+ brief: >
+ User's full name
+ examples: ['Albert Einstein']
+ - id: hash
+ type: string
+ stability: experimental
+ brief: >
+ Unique user hash to correlate information for a user in anonymized form.
+ note: >
+ Useful if `user.id` or `user.name` contain confidential information and cannot be used.
+ examples: ['364fc68eaf4c8acec74a4e52d7d1feaa']
+ - id: id
+ type: string
+ stability: experimental
+ brief: >
+ Unique identifier of the user.
+ examples: ['S-1-5-21-202424912787-2692429404-2351956786-1000']
+ - id: name
+ type: string
+ stability: experimental
+ brief: >
+ Short name or login/username of the user.
+ examples: ['a.einstein']
+ - id: roles
+ type: string[]
+ stability: experimental
+ brief: >
+ Array of user roles at the time of the event.
+ examples: ["admin", "reporting_user"]
@@ -35,6 +35,14 @@ versions:
  - db.client.connections.create_time
  - db.client.connections.wait_time
  - db.client.connections.use_time
+ all:
+ changes:
+ # https://github.com/open-telemetry/semantic-conventions/pull/731/
+ - rename_attributes:
+ attribute_map:
+ enduser.id: user.id
+ enduser.role: user.roles
+ enduser.scope: user.scope
 
  1.25.0:
  spans: