From david.brossard at gmail.com Tue Dec 3 17:03:18 2024 From: david.brossard at gmail.com (David Brossard) Date: Tue, 3 Dec 2024 09:03:18 -0800 Subject: [Openid-specs-authzen] Agenda for today's call Message-ID: Dear all, As we near the end of the year, it's time we plan what we aim to achieve in 2025. As such, here's an agenda of items we can discuss on today's call (3 pm PT) - API endpoints - Evaluation API: this API is complete. It's in implementor's draft and we can consider changes moving forward but the idea is that it's stable and good enough - Evaluations API: the overall principle is complete but we have outstanding ideas & feedback to walk through such as the ability to control the evaluation behavior - Search API: this is our biggest work-in-progress. Vladi has a draft proposal as did Atul in the original spec. We believe we can split the work into - a predicate-based API that returns predicates/filters - a listing API that returns the entitled data - Discovery endpoint: Given that PDPs can support a subset of authorization APIs, we need a means to discover what that subset is. The discovery endpoint can give us that (and more). - Outreach: for AuthZEN to be successful, we need to spread the word and encourage others to implement AuthZEN (as did Curity; Strata has plans for internal use). There are different groups we can address - the Analyst community: Omri and I are speaking to Homan F. from Gartner and we need more interactions with other analysts - the IdP vendors/software: let's talk to Entra, PingAccess, Okta, Gluu, etc... to get them to implement a PEP in their product for a wide range of use cases (on us: define the use cases) - the API gateways. I put together a list (thanks to Gartner's Mark O'Neill) that you can browse here: https://hackmd.io/@oidf-wg-authzen/target-integrations - Others: SaaS, COTS? - Design patterns: we need to continue that stream of work and publicize the results so we can guide practitioners into the adoption of externalized authorization - In particular in light of OAuth: how can we collaborate? Notes are in HackMD as usual and linked to from our GitHub Wiki site . One last housekeeping item: let's go ahead and cancel 12/24 and 12/31. Who wants to talk about authorization on Christmas Eve? Thanks, Omri, Gerry, and David. -------------- next part -------------- An HTML attachment was scrubbed... URL: From andy at rocksolidknowledge.com Tue Dec 3 17:15:24 2024 From: andy at rocksolidknowledge.com (Andrew Clymer) Date: Tue, 3 Dec 2024 17:15:24 +0000 Subject: [Openid-specs-authzen] Agenda for today's call In-Reply-To: References: Message-ID: RSK is updating its PDP to support AuthZen spec, and will be released before xmas, as part of our ALFA 2.0 release. Andy ?We are the first IdentityServer partner to become a Certified B Corporation?. ?Head to our mission statement to read more about the ways we?re using business as a force for good. ? ?Rock Solid Knowledge Ltd is a company registered in England and Wales under number 6811209. Registered office: C2, Vantage Office Park, Old Gloucester Road, Bristol, BS16 1GW, United Kingdom ?Vat registered: GB948 1966 72 ________________________________ From: Openid-specs-authzen on behalf of David Brossard via Openid-specs-authzen Sent: 03 December 2024 17:03 To: AuthZEN Working Group List Cc: David Brossard Subject: [Openid-specs-authzen] Agenda for today's call Dear all, As we near the end of the year, it's time we plan what we aim to achieve in 2025. As such, here's an agenda of items we can discuss on today's call (3 pm PT) * API endpoints * Evaluation API: this API is complete. It's in implementor's draft and we can consider changes moving forward but the idea is that it's stable and good enough * Evaluations API: the overall principle is complete but we have outstanding ideas & feedback to walk through such as the ability to control the evaluation behavior * Search API: this is our biggest work-in-progress. Vladi has a draft proposal as did Atul in the original spec. We believe we can split the work into * a predicate-based API that returns predicates/filters * a listing API that returns the entitled data * Discovery endpoint: Given that PDPs can support a subset of authorization APIs, we need a means to discover what that subset is. The discovery endpoint can give us that (and more). * Outreach: for AuthZEN to be successful, we need to spread the word and encourage others to implement AuthZEN (as did Curity; Strata has plans for internal use). There are different groups we can address * the Analyst community: Omri and I are speaking to Homan F. from Gartner and we need more interactions with other analysts * the IdP vendors/software: let's talk to Entra, PingAccess, Okta, Gluu, etc... to get them to implement a PEP in their product for a wide range of use cases (on us: define the use cases) * the API gateways. I put together a list (thanks to Gartner's Mark O'Neill) that you can browse here: https://hackmd.io/@oidf-wg-authzen/target-integrations * Others: SaaS, COTS? * Design patterns: we need to continue that stream of work and publicize the results so we can guide practitioners into the adoption of externalized authorization * In particular in light of OAuth: how can we collaborate? Notes are in HackMD as usual and linked to from our GitHub Wiki site. One last housekeeping item: let's go ahead and cancel 12/24 and 12/31. Who wants to talk about authorization on Christmas Eve? Thanks, Omri, Gerry, and David. -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image351824.png Type: image/png Size: 67887 bytes Desc: image351824.png URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image744586.png Type: image/png Size: 31014 bytes Desc: image744586.png URL: From david.brossard at gmail.com Tue Dec 3 18:09:55 2024 From: david.brossard at gmail.com (David Brossard) Date: Tue, 3 Dec 2024 10:09:55 -0800 Subject: [Openid-specs-authzen] Agenda for today's call In-Reply-To: References: Message-ID: Great news @Andrew Clymer . Gabriel, please do add it to the list. It's probably missing because I was talking about "traditional" API gateways not necessarily micro-gateways but we definitely should add them. On Tue, Dec 3, 2024 at 9:24?AM Gabriel Manor wrote: > Missing Envoy from the API Gateway list, and I know the community is > working to standard it (also) as an API gateway. It's worth adding, IMO. > > On Tue, Dec 3, 2024 at 7:03?PM David Brossard via Openid-specs-authzen < > openid-specs-authzen at lists.openid.net> wrote: > >> Dear all, >> >> As we near the end of the year, it's time we plan what we aim to achieve >> in 2025. As such, here's an agenda of items we can discuss on today's call >> (3 pm PT) >> >> >> - API endpoints >> - Evaluation API: this API is complete. It's in implementor's >> draft and we can consider changes moving forward but the idea is that it's >> stable and good enough >> - Evaluations API: the overall principle is complete but we have >> outstanding ideas & feedback to walk through such as the ability to control >> the evaluation behavior >> - Search API: this is our biggest work-in-progress. Vladi has a >> draft proposal as did Atul in the original spec. We believe we can split >> the work into >> - a predicate-based API that returns predicates/filters >> - a listing API that returns the entitled data >> - Discovery endpoint: Given that PDPs can support a subset of >> authorization APIs, we need a means to discover what that subset is. The >> discovery endpoint can give us that (and more). >> - Outreach: for AuthZEN to be successful, we need to spread the word >> and encourage others to implement AuthZEN (as did Curity; Strata has plans >> for internal use). There are different groups we can address >> - the Analyst community: Omri and I are speaking to Homan F. from >> Gartner and we need more interactions with other analysts >> - the IdP vendors/software: let's talk to Entra, PingAccess, Okta, >> Gluu, etc... to get them to implement a PEP in their product for a wide >> range of use cases (on us: define the use cases) >> - the API gateways. I put together a list (thanks to Gartner's >> Mark O'Neill) that you can browse here: >> https://hackmd.io/@oidf-wg-authzen/target-integrations >> - Others: SaaS, COTS? >> - Design patterns: we need to continue that stream of work and >> publicize the results so we can guide practitioners into the adoption of >> externalized authorization >> - In particular in light of OAuth: how can we collaborate? >> >> Notes are in HackMD >> as usual and >> linked to from our GitHub Wiki site >> . >> >> One last housekeeping item: let's go ahead and cancel 12/24 and 12/31. >> Who wants to talk about authorization on Christmas Eve? >> >> Thanks, >> Omri, Gerry, and David. >> -- >> Openid-specs-authzen mailing list >> Openid-specs-authzen at lists.openid.net >> https://lists.openid.net/mailman/listinfo/openid-specs-authzen >> > -- --- David Brossard http://www.linkedin.com/in/davidbrossard http://twitter.com/davidjbrossard http://about.me/brossard --- Stay safe on the Internet: IC3 Prevention Tips Prenez vos pr?cautions sur Internet: https://cyber.gouv.fr/bonnes-pratiques-protegez-vous -------------- next part -------------- An HTML attachment was scrubbed... URL: From david.brossard at gmail.com Wed Dec 4 00:06:19 2024 From: david.brossard at gmail.com (David Brossard) Date: Tue, 3 Dec 2024 16:06:19 -0800 Subject: [Openid-specs-authzen] Notes from today's call Message-ID: Meeting Notes 2024-12-03 <#Attendees>Attendees Omri Gazitt David Brossard Vladi Berger Gerry Gebel Alex Babeanu Eve Maler George Fletcher Dinesh <#Agenda>Agenda - Presentation of work items for 2025 - APIs - Design patterns document - Industry Outreach <#Notes>Notes - API endpoints - *Draft 1 (First Implementers Draft)* (1.0.01) - Evaluation API: this API is complete. This is now an immutable document, and implementers can target it. - *Draft 2 - Jan: Evaluations API* (1.0.02): the overall principle is complete but we have outstanding ideas & feedback to walk through such as the ability to control the evaluation behavior (evaluate all, deny on first deny, allow on first allow). - Omri to propose further clarifications on how to process evaluations on deny on first deny, permit on first permit, etc. - *Draft 3 - Feb: Search and Partial Evaluation APIs* (1.0.03): this is our biggest work-in-progress. - Partial Evaluation: Vladi has a draft proposal as did Atul in the original spec. - Search: AlexB and Omri will come up with a proposal a predicate-based API that returns predicates/filters a listing API that returns the entitled data - *Draft 4 (Implementers Draft) - March* (1.0.04): Discovery endpoint: Given that PDPs can support a subset of authorization APIs, we need a means to discover what that subset is. The discovery endpoint can give us that (and more). - *June: Finalize AuthZEN 1.0* (1.0.05) and submit it for review as a "Final Specification" - Conformance suites on the APIs - Talk to Joseph Heenan to discuss creating formal conformance tests for AuthZEN - Start building test harness - evaluation API first - evaluations API next once the spec is finalized - search API last when we have agreement on the format - The conformance tests focus exclusively on the well-formedness of the requests and responses aiming to cover all features of a request/response but do not intend to validate the semantics of the response (whether we get true or false is out of scope to the conformance suite) - The conformance tests should highlight the mandatory vs. optional features of the request/response structures. - Outreach: for AuthZEN to be successful, we need to spread the word and encourage others to implement AuthZEN (as did Curity; Strata has plans for internal use). There are different groups we can address - the Analyst community: Omri and David are speaking to Homan F. from Gartner and we need more interactions with other analysts - the IdP vendors/software: let's talk to Entra, PingAccess, Okta, Gluu, etc? to get them to implement a PEP in their product for a wide range of use cases (on us: define the use cases) - the API gateways. I put together a list (thanks to Gartner's Mark O'Neill) that you can browse here: https://hackmd.io/@oidf-wg-authzen/target-integrations - Others: SaaS, COTS? - Design patterns: we need to continue that stream of work and publicize the results so we can guide practitioners into the adoption of externalized authorization In particular in light of OAuth: how can we collaborate? <#Other-Notes>Other Notes - Note that there will be no meeting on Dec 24 or 31 - An interop is planned for Gartner IAM in London March 24-25, 2025 - Building SDKs for broader adoption - Code that would live under github.com/authzen (not github.com/openid/authzen) - Plug 'n Play - Target popular languages: Typescript/JS, Golang, Protobufs, other - George's areas - Where can I go? (access policy) - What can I do? (privileges) - What are my limitations? (restrictions) - AuthZ Lifecycle - access management <#Action-Items>Action Items - Those of us who have vendors assigned (Vladi, Omri, Gabriel, David, Dinesh?) figure out a contact -------------- next part -------------- An HTML attachment was scrubbed... URL: From gerry at strata.io Tue Dec 10 16:42:38 2024 From: gerry at strata.io (Gerry Gebel) Date: Tue, 10 Dec 2024 09:42:38 -0700 Subject: [Openid-specs-authzen] Proposed agenda for Dec 10 Message-ID: Hi everyone, For those who not attending Gartner IAM and are able to join, here is our agenda: - AuthZEN at Gartner IAM notes - Review Search API proposal (Vladi) Best regards, Gerry -------------- next part -------------- An HTML attachment was scrubbed... URL: From mike at gluu.org Thu Dec 12 16:32:41 2024 From: mike at gluu.org (Michael Schwartz) Date: Thu, 12 Dec 2024 10:32:41 -0600 Subject: [Openid-specs-authzen] Authzen Configuration metadata claim for Access Evaluation Message-ID: On the call last week, I think Gerry asked me what was the claim name we used for the Jans Auth Server response to .well-known/authzen-configuration. I looked it up and we're using: access_evaluation_v1_endpoint But as I mentioned on the call, we're expecting y'all to change that! I found this info on the docs for the Jans Auth Server Authzen endpoint (link to the HEAD of the docs): https://docs.jans.io/head/janssen-server/auth-server/endpoints/access-evaluation/ - Mike PS: Don't miss Rohit Khare and Alex Olivier on the IOH livestream today at 10am PST! Rohit is presenting his A-Z of Authorization. It's going to be the most fun talk of 2024 on Authz! -------------------------------------- Michael Schwartz Gluu Founder/CEO mike at gluu.org https://www.linkedin.com/in/nynymike -- *CONFIDENTIALITY NOTICE* This message may contain confidential or legally privileged information. If you are not the intended recipient, please immediately advise the sender by reply e-mail that you received this message, and delete this e-mail from your system. Thank you for your cooperation -------------- next part -------------- An HTML attachment was scrubbed... URL: From gerry at strata.io Fri Dec 13 21:36:23 2024 From: gerry at strata.io (Gerry Gebel) Date: Fri, 13 Dec 2024 14:36:23 -0700 Subject: [Openid-specs-authzen] Meeting notes for 2024-12-10 Message-ID: Attendees Gerry Gebel Michiel Trimpe Shikha Alex Babeanu Nicola Gallo David Hyland Antono Radesca Michael Schwartz Elie Azerad <#Agenda>Agenda - AuthZEN at Gartner! - Review Partial Evaluation API proposal (Vladi) - https://hackmd.io/@oidf-wg-authzen/HkLiZVdb1l <#Notes>Notes - There was some general discussion on the partial evaluation API proposal that Vladi wrote but he was not able to attend today's call so we will defer that to the next meeting - Mike: Discovery endpoint will be included in the list of APIs? - yes, that was decided last week. - Mike said he would be willing to share what they have already built when the WG starts talking about that endpoint - Mike: Cedarling project includes an AuthZEN API support (Mike is doing a webinar on this next week) - Michiel: Talking with internal team about implementing AuthZEN in home-grown api gateway and the had questions on how to map HTTP requests to the AuthZEN data model - Mike - mapping may still be somewhat platform specific. In Cedarling, they used method (POST, GET, etc) as action and url as resource. - David - Ping authorize has a number of plugins for different API gateways and include the mapping in the plugin (for request and response) - David H has also looked at some standards and drafted a proposal that allow (grant management API) to use an evaluation endpoint. You need to , from an oauth client perspective, account on what client can do on behalf of subject. -------------- next part -------------- An HTML attachment was scrubbed... URL: From Michiel.Trimpe at VNG.NL Mon Dec 16 12:06:15 2024 From: Michiel.Trimpe at VNG.NL (Michiel Trimpe) Date: Mon, 16 Dec 2024 12:06:15 +0000 Subject: [Openid-specs-authzen] Mailing list & HackMD Membership Message-ID: Hi AuthZEN Core team, Mike, My organization submitted our contributor agreement a while ago but, as far as I know, I'm still not able to contribute to the mailing list or join HackMD. Do you know if there is anything more required for this or how I can speed this up? I've created a draft proposal for a possible extension (Generic HTTP request to AuthZEN information model mapping) which I'd like to share before next working group meeting so I'd love to receive access for that. Looking forward to hearing from you soon! Kind regards, Michiel Trimpe -------------- next part -------------- An HTML attachment was scrubbed... URL: From Michiel.Trimpe at VNG.NL Tue Dec 17 11:19:46 2024 From: Michiel.Trimpe at VNG.NL (Michiel Trimpe) Date: Tue, 17 Dec 2024 11:19:46 +0000 Subject: [Openid-specs-authzen] Proposal for HTTP mapping extension Message-ID: Hi all, As discussed in last call my organization would like to define a profile/extension to map 'generic' HTTP requests to the AuthZEN information model. I've included this in the Dutch version of our standard last week and decided to translate it available in English as well so that we might also make this available as an AuthZEN extension. You can find my translated version at https://hackmd.io/@oidf-wg-authzen/HJR-hCCE1e I look forward to hearing what everyone's take is on it tonight and how/if/when AuthZEN would like to handle extension proposals. Regards, Michiel -------------- next part -------------- An HTML attachment was scrubbed... URL: From omri at aserto.com Tue Dec 17 20:17:30 2024 From: omri at aserto.com (Omri Gazitt) Date: Tue, 17 Dec 2024 12:17:30 -0800 Subject: [Openid-specs-authzen] Authzen Configuration metadata claim for Access Evaluation In-Reply-To: References: Message-ID: Thanks for forwarding Mike, this is cool! What role does Janssen play in this scenario? Is it acting as a PEP and could be configured to call an AuthZEN-compliant PDP? Or is it a PDP itself? Or both? On Thu, Dec 12, 2024 at 8:33?AM Michael Schwartz via Openid-specs-authzen < openid-specs-authzen at lists.openid.net> wrote: > On the call last week, I think Gerry asked me what was the claim name we > used for the Jans Auth Server response to > .well-known/authzen-configuration. I looked it up and we're using: > > access_evaluation_v1_endpoint > > But as I mentioned on the call, we're expecting y'all to change that! I > found this info on the docs for the Jans Auth Server Authzen endpoint (link > to the HEAD of the docs): > > https://docs.jans.io/head/janssen-server/auth-server/endpoints/access-evaluation/ > > - Mike > > PS: Don't miss Rohit Khare and Alex Olivier on the IOH livestream today at > 10am PST! Rohit is presenting his A-Z of Authorization. It's going to be > the most fun talk of 2024 on Authz! > > -------------------------------------- > Michael Schwartz > Gluu > Founder/CEO > mike at gluu.org > https://www.linkedin.com/in/nynymike > > > ------------------------------ > *CONFIDENTIALITY NOTICE* > This message may contain confidential or legally privileged information. > If you are not the intended recipient, please immediately advise the > sender by reply e-mail that you received this message, and delete this > e-mail from your system. > Thank you for your cooperation > -- > Openid-specs-authzen mailing list > Openid-specs-authzen at lists.openid.net > https://lists.openid.net/mailman/listinfo/openid-specs-authzen > -------------- next part -------------- An HTML attachment was scrubbed... URL: From omri at aserto.com Tue Dec 17 21:30:49 2024 From: omri at aserto.com (Omri Gazitt) Date: Tue, 17 Dec 2024 13:30:49 -0800 Subject: [Openid-specs-authzen] Agenda for 2024-12-17 call Message-ID: Hi folks! Here is our agenda for today's meeting. - Update from Gartner IAM US (Grapevine) - Potential plans for Gartner IAM London - Access Evaluations semantic proposal - https://hackmd.io/wnRZovyfS4GJVE3ozqkqmA?view - JSON schema for access evaluation request/response - https://github.com/openid/authzen/pull/186 - Volunteer needed: can someone volunteer to create a docker image to build the AuthZEN spec? - https://github.com/openid/authzen/issues/150 - Michiel added a proposed HTTP request extension - https://hackmd.io/@oidf-wg-authzen/HJR-hCCE1e - Discuss Vladi's partial evaluation proposal -- Omri Gazitt | CEO Aserto Inc. | (425) 765-0079 -------------- next part -------------- An HTML attachment was scrubbed... URL: From omri at aserto.com Wed Dec 18 18:53:05 2024 From: omri at aserto.com (Omri Gazitt) Date: Wed, 18 Dec 2024 10:53:05 -0800 Subject: [Openid-specs-authzen] Notes from 2024-12-17 call Message-ID: Hi folks! Here are the notes as captured in HackMD . # Meeting Notes 2024-12-17 ## Attendees Omri Gazitt Gerry Gebel Michiel Trimpe Vladi Berger Phillip Messerschmidt Julio Auto De Medeiros Alex Babeanu Amos Alubala Roland Baum ## Agenda - Update from Gartner IAM US (Grapevine) - Potential plans for Gartner IAM London - Access Evaluations semantic proposal - https://hackmd.io/wnRZovyfS4GJVE3ozqkqmA?view - JSON schema for access evaluation request/response - https://github.com/openid/authzen/pull/186 - Volunteer needed: can someone volunteer to create a docker image to build the AuthZEN spec? - https://github.com/openid/authzen/issues/150 - Michiel added a proposed HTTP request extension - https://hackmd.io/@oidf-wg-authzen/HJR-hCCE1e - Discuss Vladi's partial evaluation proposal ## Notes - Gerry is reviewing the process for IP contributions with OIDF - Gartner IAM - Omri, David and Homan had the last session of the event, which was well attended - Eve hosted a social at her house :-) - Gartner analysts a little on the fence regarding our effort, but seem to be warming up. - Almost all the analysts that mentioned future trends, mentioned AuthZEN (including the keynote) - CAEP was the darling of the event - There was a session early on Tues by Atul and a couple analysts - Erik W - "This standard is ready!" Omri comment - but it is not even a final spec yet. - Gartner feels like it has a role in the creation of CAEP - There were 6!! interop sessions with 5 tables showing demonstrations/talks - Can we do something similar for Gartner IAM in London and TX next year? - Next big item is to complete the Evaluations spec - One thing to add is an evaluations semantic proposal - Proposal is to add flag that details the evaluation semantic - execute all - deny on first deny - permit on first permit - Please take a look and provide feedback: https://hackmd.io/wnRZovyfS4GJVE3ozqkqmA?view - Please also review and comment on the JSON schema proposal that was recently submitted: https://github.com/openid/authzen/pull/186 - One last thing to wrap up 2024: A request has been made to simplify the spec build process. One suggestion in the issue is to create a Docker image (https://github.com/openid/authzen/issues/150). That seems like a reasonable suggestion, but YOU may have another idea :-) - Send a note to the email list if you are going to pick this up during the holiday break. - That's all folks, see you in 2025!! -- Omri Gazitt | CEO Aserto Inc. | (425) 765-0079 -------------- next part -------------- An HTML attachment was scrubbed... URL: From jautodemedei at bloomberg.net Thu Dec 19 17:32:00 2024 From: jautodemedei at bloomberg.net (Julio Auto De Medeiros (BLOOMBERG/ 731 LEX)) Date: Thu, 19 Dec 2024 17:32:00 -0000 Subject: [Openid-specs-authzen] =?utf-8?q?Notes_from_2024-12-17_call?= In-Reply-To: Message-ID: <676458900000B1020C340001@message.bloomberg.net> I had some spare cycles and gave the Docker image thing a shot - posted it on the github issue. Letting everyone here know to avoid duplicating the effort. From: openid-specs-authzen at lists.openid.net At: 12/18/24 13:53:50 UTC-5:00To: openid-specs-authzen at lists.openid.net Cc: omri at aserto.com Subject: [Openid-specs-authzen] Notes from 2024-12-17 call Hi folks! Here are the notes as captured in HackMD. # Meeting Notes 2024-12-17 ## Attendees Omri Gazitt Gerry Gebel Michiel Trimpe Vladi Berger Phillip Messerschmidt Julio Auto De Medeiros Alex Babeanu Amos Alubala Roland Baum ## Agenda - Update from Gartner IAM US (Grapevine) - Potential plans for Gartner IAM London - Access Evaluations semantic proposal - https://hackmd.io/wnRZovyfS4GJVE3ozqkqmA?view - JSON schema for access evaluation request/response - https://github.com/openid/authzen/pull/186 - Volunteer needed: can someone volunteer to create a docker image to build the AuthZEN spec? - https://github.com/openid/authzen/issues/150 - Michiel added a proposed HTTP request extension - https://hackmd.io/@oidf-wg-authzen/HJR-hCCE1e - Discuss Vladi's partial evaluation proposal ## Notes - Gerry is reviewing the process for IP contributions with OIDF - Gartner IAM - Omri, David and Homan had the last session of the event, which was well attended - Eve hosted a social at her house :-) - Gartner analysts a little on the fence regarding our effort, but seem to be warming up. - Almost all the analysts that mentioned future trends, mentioned AuthZEN (including the keynote) - CAEP was the darling of the event - There was a session early on Tues by Atul and a couple analysts - Erik W - "This standard is ready!" Omri comment - but it is not even a final spec yet. - Gartner feels like it has a role in the creation of CAEP - There were 6!! interop sessions with 5 tables showing demonstrations/talks - Can we do something similar for Gartner IAM in London and TX next year? - Next big item is to complete the Evaluations spec - One thing to add is an evaluations semantic proposal - Proposal is to add flag that details the evaluation semantic - execute all - deny on first deny - permit on first permit - Please take a look and provide feedback: https://hackmd.io/wnRZovyfS4GJVE3ozqkqmA?view - Please also review and comment on the JSON schema proposal that was recently submitted: https://github.com/openid/authzen/pull/186 - One last thing to wrap up 2024: A request has been made to simplify the spec build process. One suggestion in the issue is to create a Docker image (https://github.com/openid/authzen/issues/150). That seems like a reasonable suggestion, but YOU may have another idea :-) - Send a note to the email list if you are going to pick this up during the holiday break. - That's all folks, see you in 2025!! -- Omri Gazitt | CEO Aserto Inc. | (425) 765-0079 -- Openid-specs-authzen mailing list Openid-specs-authzen at lists.openid.net https://lists.openid.net/mailman/listinfo/openid-specs-authzen -------------- next part -------------- An HTML attachment was scrubbed... URL: From omri at aserto.com Thu Dec 19 19:17:36 2024 From: omri at aserto.com (Omri Gazitt) Date: Thu, 19 Dec 2024 11:17:36 -0800 Subject: [Openid-specs-authzen] Notes from 2024-12-17 call In-Reply-To: <676458900000B1020C340001@message.bloomberg.net> References: <676458900000B1020C340001@message.bloomberg.net> Message-ID: Awesome - thanks!! Will check it out this weekend. On Thu, Dec 19, 2024 at 9:32?AM Julio Auto De Medeiros (BLOOMBERG/ 731 LEX) via Openid-specs-authzen wrote: > I had some spare cycles and gave the Docker image thing a shot - posted it > on the github issue. Letting everyone here know to avoid duplicating the > effort. > > From: openid-specs-authzen at lists.openid.net At: 12/18/24 13:53:50 UTC-5:00 > To: openid-specs-authzen at lists.openid.net > Cc: omri at aserto.com > Subject: [Openid-specs-authzen] Notes from 2024-12-17 call > > Hi folks! Here are the notes as captured in HackMD > . > > > # Meeting Notes 2024-12-17 > > ## Attendees > Omri Gazitt > Gerry Gebel > Michiel Trimpe > Vladi Berger > Phillip Messerschmidt > Julio Auto De Medeiros > Alex Babeanu > Amos Alubala > Roland Baum > > > > ## Agenda > - Update from Gartner IAM US (Grapevine) > - Potential plans for Gartner IAM London > - Access Evaluations semantic proposal > - https://hackmd.io/wnRZovyfS4GJVE3ozqkqmA?view > - JSON schema for access evaluation request/response > - https://github.com/openid/authzen/pull/186 > - Volunteer needed: can someone volunteer to create a docker image to > build the AuthZEN spec? > - https://github.com/openid/authzen/issues/150 > - Michiel added a proposed HTTP request extension > - https://hackmd.io/@oidf-wg-authzen/HJR-hCCE1e > - Discuss Vladi's partial evaluation proposal > > ## Notes > - Gerry is reviewing the process for IP contributions with OIDF > > - Gartner IAM > - Omri, David and Homan had the last session of the event, which was > well attended > - Eve hosted a social at her house :-) > - Gartner analysts a little on the fence regarding our effort, but > seem to be warming up. > - Almost all the analysts that mentioned future trends, mentioned > AuthZEN (including the keynote) > - CAEP was the darling of the event > - There was a session early on Tues by Atul and a couple analysts > - Erik W - "This standard is ready!" Omri comment - but it is not > even a final spec yet. > - Gartner feels like it has a role in the creation of CAEP > - There were 6!! interop sessions with 5 tables showing > demonstrations/talks > - Can we do something similar for Gartner IAM in London and TX > next year? > - Next big item is to complete the Evaluations spec > - One thing to add is an evaluations semantic proposal > - Proposal is to add flag that details the evaluation semantic > - execute all > - deny on first deny > - permit on first permit > - Please take a look and provide feedback: > https://hackmd.io/wnRZovyfS4GJVE3ozqkqmA?view > - Please also review and comment on the JSON schema proposal that was > recently submitted: https://github.com/openid/authzen/pull/186 > - One last thing to wrap up 2024: A request has been made to simplify the > spec build process. One suggestion in the issue is to create a Docker image > (https://github.com/openid/authzen/issues/150). That seems like a > reasonable suggestion, but YOU may have another idea :-) > - Send a note to the email list if you are going to pick this up > during the holiday break. > - That's all folks, see you in 2025!! > > > -- > > > > Omri Gazitt | CEO > > Aserto Inc. | (425) 765-0079 > > -- > Openid-specs-authzen mailing listOpenid-specs-authzen at lists.openid.nethttps://lists.openid.net/mailman/listinfo/openid-specs-authzen > > > -- > Openid-specs-authzen mailing list > Openid-specs-authzen at lists.openid.net > https://lists.openid.net/mailman/listinfo/openid-specs-authzen > -------------- next part -------------- An HTML attachment was scrubbed... URL: