[Openid-specs-authzen] Meeting minutes from the January 30th 2024 call

David Brossard david.brossard at gmail.com
Tue Feb 6 18:23:48 UTC 2024 

  Dear all,

Please find below the minutes from our call last week.

All meeting minutes can be found here:
https://github.com/openid/authzen/wiki/Meetings
Jan 30th 2024: https://hackmd.io/@oidf-wg-authzen/wg-meeting-20240130

Agenda

   - Past action items
      - Zuplo is interested in joining the interop effort
      - Zuplo will consider joining AuthZEN
      - SGNL is interested in joining the interop as is PlainID. Radiant
      Logic can bring the PIP to the party
      - Demo app call will take place during the weekly call on Feb 6th.
   - Discuss the API basics email David sent on the ML

<https://hackmd.io/@oidf-wg-authzen/wg-meeting-20240130#API-Principles>API
Principles

   - Atul's current spec already decouples transport from message. It's in
   line with the 'principles' email
   - Should the first draft support batch
      - We originally said no and we are not aiming to demo batch but the
      message format should be batch-compatible
   - The PEP-PDP API is side-effect-free by design
      - A call to the PDP cannot change any state

<https://hackmd.io/@oidf-wg-authzen/wg-meeting-20240130#Use-Cases-We-Want-to-Express>Use
Cases We Want to Express

   - Can Alice view document #1?
   - Can Alice paint document #1 with the color red?
   - Can Alice move $50 from account A to account B?

See interop use cases from the XACML 2008 interop
<https://hackmd.io/@oidf-wg-authzen/InteropScenarios>.
<https://hackmd.io/@oidf-wg-authzen/wg-meeting-20240130#Request-Structure>Request
Structure

   - Should we define specific identifiers e.g. jwt.user?
   - The spec can suggest using RFC 9493
   - All 'objects' should follow the same structure. Here are the 4 default
   objects
      - subject or principal
      - resource
      - action
      - context
   - An object is represented as a JSON object e.g.
      - {"username":"Alice"} (freeform)
      - { "format": "email", "email": "user at example.com" } (example from
      RFC 9493)

<https://hackmd.io/@oidf-wg-authzen/wg-meeting-20240130#Response>Response
<https://hackmd.io/@oidf-wg-authzen/wg-meeting-20240130#Next-week>Next week

   - Omri & team will drive the demo of the demo app
   - Eve will go over the interop doc she put together
   - All to think about use cases and whether the message format we're
   coming up with is good enough to address them
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-authzen/attachments/20240206/87175fe7/attachment.html>

More information about the Openid-specs-authzen mailing list