[Openid-specs-authzen] AuthZEN WG notes from 2024-08-06
Omri Gazitt
omri at aserto.com
Tue Aug 6 23:35:19 UTC 2024
Hi folks!
Some notes from today's call:
- David has completed the "Security Considerations" section of the
AuthZEN 1.0 spec, and Gerry has the "Notes" section (mostly boilerplate)
ready to go. We are planning to submit the AuthZEN 1.0 spec to the OIDF
board as an Implementer's Draft this week, and no later than Wednesday
August 14, so that we can get AuthZEN 1.0 ratified as an Implementer's
Draft in time for Authenticate 2024 (October 14).
- Our next interop event will be at Authenticate 2024. The FIDO Alliance
granted us an interop timeslot and a report-out, both on Tuesday October
15, in addition to the Authorization panel on Oct 14. We need a marketing
plan for the interop so that we can get more implementations and relying
parties involved :)
- We will be working on boxcarring interop (the AuthZEN 1.1 spec) by
extending the Todo scenario. AlexO will look at the Todo app this week and
make a recommendation at the next AuthZEN call. The use-case is
multi-delete of todo's - where a single AuthZEN evaluations request can
represent a number of delete requests, which share subject and action, but
each has its own resource .
- We still need to "fix up" the current todo interop scenario by making
it compliant with the spec, which makes both type and id mandatory for both
the subject and the resource. I plan on looking at it this week. I will try
to make this backwards-compatible but it could mean changes in all the
current implementations.
--
<http://www.aserto.com/>
Omri Gazitt | CEO
Aserto <http://www.aserto.com/> Inc. | (425) 765-0079
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-authzen/attachments/20240806/d8d00cc4/attachment.html>
More information about the Openid-specs-authzen
mailing list