[Openid-specs-authzen] Initial thoughts on interop scenario planning
eve at xmlgrrl.com
eve at xmlgrrl.com
Fri Dec 15 22:58:02 UTC 2023
I reviewed all of the extant materials, including historical ones, and put together a "meta-interop-scenario" document <https://hackmd.io/4IaZmp2lSHaWXphriXiVOg> in HackMD. It proposes a way forward.
I also did a very crude sketch to get some observations out of my head – I didn’t see a way to embed it, but it’s attached here. This diagram is helping me to articulate some of the questions I have about standards prioritization, design principles, and community engagement. For example, how important are the various “Clarify Access” scenarios vs. basic “Enforce Access” ones? Is there a way to categorize, and maybe prioritize, coverage of by-value inputs into policy decision requests? When SAML decided to solve only IdP-initiated SSO in its V1, it had a useful MVP that gave us runway to get to V2 and start doing SP-initiated SSO; what’s our most powerful MVP?
The API spec doc and the PDP-PEP Use Cases doc align with a “protocol” view of the world, I believe, and the “PAD” (design patterns) doc adds real-world deployment considerations. There is some overlap; PAD includes both “architecture” and “model” patterns, and architecture somewhat relates to protocol design. Note that the “Alternate” block on the right is trying to hint at ways OAuth is fundamentally different, though you could see how to make its version of such a diagram consonant with this one.
My diagram blocks are meant to be functional and descriptive and are not prescriptive in any way! If you think this is on the way to being helpful but want to revise, feel free. If it’s wrong-headed, let me know. :)
Have a great weekend, all!

Eve Maler | cell and Signal +1 425.345.6756
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-authzen/attachments/20231215/741af3e0/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: AuthZEN landscape.jpeg
Type: image/jpeg
Size: 192445 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-authzen/attachments/20231215/741af3e0/attachment-0001.jpeg>
More information about the Openid-specs-authzen
mailing list