[Openid-specs-authzen] Inconsistencies in the Interop payloads?
David Brossard
david.brossard at gmail.com
Tue Apr 30 16:31:01 UTC 2024
Dear all,
It seems as though there are inconsistencies in the payload examples. I'm
using the following docs:
- the website: https://authzen-interop.net/docs/scenarios/todo
- the hackmd note: https://hackmd.io/gNZBRoTfRgWh_PNM0y2wDA?view
- the github tests file:
https://github.com/openid/authzen/blob/main/interop/authzen-todo-backend/test/decisions.json
In all cases, we use either userID or owner in the resource category to
describe the user:
{
"subject": {
"identity": "<subject_from_jwt>"
},
"action": {
"name": "can_read_user"
},
"resource": {
"userID": "<email_OR_subject>"
},
"context": {
}
}
or
{
"subject": {
"identity": "<subject_from_jwt>"
},
"action": {
"name": "can_update_todo"
},
"resource": {
"ownerID": "<email_of_owner>",
"type": "todo"
},
"context": {
}
}
Is that intentional? It would make more sense to always use owner since
it's the grammatical purpose of the attribute in the resource category. Am
I missing something?
Thanks,
David.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-authzen/attachments/20240430/d65e38c4/attachment-0001.html>
More information about the Openid-specs-authzen
mailing list