The UI has the ability to look at the history of a group if an account has admin access to that group. We would like to see something similar in the Web Service calls. The information returned should include the timestamp of the operation that is easily parseable. The person the action was done against, the person making the action (Including act as users if applicable). Having all the same fields as the UI version would be preferred.
Assuming the service account has access to the group, allow a request that specifies a time frame of which the changes can be displayed from the audit log
Return the last change to a group (To simplify the identity who granted/revoked access for example)
If possible select a user and see what changes were applied to that user in a given time frame. It would be implied that only changes to groups the service account has access too will be displayed. If there are groups that the service account doesn’t have access to. (Including act as users). Then those group change messages should be filtered out. This is a nice to have and if too difficult can be left off.