[Openid-specs-authzen] Agenda for today's call

Tue Dec 3 18:09:55 UTC 2024

Great news @Andrew Clymer <andy at rocksolidknowledge.com> .

Gabriel, please do add it to the list. It's probably missing because I was
talking about "traditional" API gateways not necessarily micro-gateways but
we definitely should add them.

On Tue, Dec 3, 2024 at 9:24 AM Gabriel Manor <gabriel at permit.io> wrote:

> Missing Envoy from the API Gateway list, and I know the community is
> working to standard it (also) as an API gateway. It's worth adding, IMO.
>
> On Tue, Dec 3, 2024 at 7:03 PM David Brossard via Openid-specs-authzen <
> openid-specs-authzen at lists.openid.net> wrote:
>
>> Dear all,
>>
>> As we near the end of the year, it's time we plan what we aim to achieve
>> in 2025. As such, here's an agenda of items we can discuss on today's call
>> (3 pm PT)
>>
>>
>>    - API endpoints
>>       - Evaluation API: this API is complete. It's in implementor's
>>       draft and we can consider changes moving forward but the idea is that it's
>>       stable and good enough
>>       - Evaluations API: the overall principle is complete but we have
>>       outstanding ideas & feedback to walk through such as the ability to control
>>       the evaluation behavior
>>       - Search API: this is our biggest work-in-progress. Vladi has a
>>       draft proposal as did Atul in the original spec. We believe we can split
>>       the work into
>>          - a predicate-based API that returns predicates/filters
>>          - a listing API that returns the entitled data
>>       - Discovery endpoint: Given that PDPs can support a subset of
>>       authorization APIs, we need a means to discover what that subset is. The
>>       discovery endpoint can give us that (and more).
>>    - Outreach: for AuthZEN to be successful, we need to spread the word
>>    and encourage others to implement AuthZEN (as did Curity; Strata has plans
>>    for internal use). There are different groups we can address
>>       - the Analyst community: Omri and I are speaking to Homan F. from
>>       Gartner and we need more interactions with other analysts
>>       - the IdP vendors/software: let's talk to Entra, PingAccess, Okta,
>>       Gluu, etc... to get them to implement a PEP in their product for a wide
>>       range of use cases (on us: define the use cases)
>>       - the API gateways. I put together a list (thanks to Gartner's
>>       Mark O'Neill) that you can browse here:
>>       https://hackmd.io/@oidf-wg-authzen/target-integrations
>>       - Others: SaaS, COTS?
>>    - Design patterns: we need to continue that stream of work and
>>    publicize the results so we can guide practitioners into the adoption of
>>    externalized authorization
>>       - In particular in light of OAuth: how can we collaborate?
>>
>> Notes are in HackMD
>> <https://hackmd.io/@oidf-wg-authzen/wg-meeting-20241203> as usual and
>> linked to from our GitHub Wiki site
>> <https://github.com/openid/authzen/wiki/Meetings>.
>>
>> One last housekeeping item: let's go ahead and cancel 12/24 and 12/31.
>> Who wants to talk about authorization on Christmas Eve?
>>
>> Thanks,
>> Omri, Gerry, and David.
>> --
>> Openid-specs-authzen mailing list
>> Openid-specs-authzen at lists.openid.net
>> https://lists.openid.net/mailman/listinfo/openid-specs-authzen
>>
>

-- 
---
David Brossard
http://www.linkedin.com/in/davidbrossard
http://twitter.com/davidjbrossard
http://about.me/brossard
---
Stay safe on the Internet: IC3 Prevention Tips
<https://www.capefearnetworks.com/wp-content/uploads/2017/05/Internet-Fraud-Prevention-Tips-IC3.pdf>
Prenez vos précautions sur Internet:
https://cyber.gouv.fr/bonnes-pratiques-protegez-vous
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-authzen/attachments/20241203/da676b83/attachment.htm>