[Openid-specs-authzen] This week's updates

David Brossard david.brossard at gmail.com
Tue Jan 23 04:54:26 UTC 2024 

Dear all,

*PEP-PDP API*
Thanks to those of you who have presented thus far last week:

   - Darin on Cedar. Notes here
   <https://docs.google.com/document/d/1FAwPXX3dN1sOB8ICihP9rqC4TDtjsZs2cOuE0pYa29Q/edit>
   - David on ALFA. Slides here
   <https://www.slideshare.net/slideshows/openid-authzen-alfa-peppdp-prior-artpptx/265690760>
   .
   - David H on OAuth. Notes here
   <https://github.com/dphhyland/draft-dphhyland-authzen-prior-art/blob/main/draft-dphhyland-authzen-prior-art.md>
   .

This week we have the immense pleasure of having another *Da*vid present:
David Ferraiolo from NIST will talk about their approach and NGAC. There
are quite a few documents online that are worth checking out before his
presentation:

   - A comparison between NGAC and XACML: Extensible Access Control Markup
   Language (XACML) and Next Generation Access Control (NGAC)
   <https://csrc.nist.gov/pubs/conference/2016/03/11/xacml-and-next-generation-access-control-ngac/final>
   - NIST SP 800-162: Guide to Attribute Based Access Control (ABAC)
   Definition and Considerations
   <https://csrc.nist.gov/pubs/sp/800/162/upd2/final>
   - The Policy Machine <https://csrc.nist.gov/projects/policy-machine>,
   the basis for the NGAC work

This week also, we will have the pleasure of having Omri & team from
Aserto/Topaz present their approach to a PEP-PDP interface. Topaz
<https://www.topaz.sh/> combines OPA (policy-based) and Zanzibar (ACLs)
together so it'll be interesting to see how they've come up with a
streamlined interface. Now, for obvious consistency reasons, Omri, you'll
have to change your name to David or Damian or Darin or any other Da- names
to comply with our naming scheme.

*Design Patterns*
Furthermore, Alex is hosting a session on design patterns on Thursday. You
should all have received invitations. Note that we always use the same Zoom
link and that meeting times are noted in tomorrow's meeting minutes:
https://hackmd.io/@oidf-wg-authzen/wg-meeting-20240123.

*OIDF Workshop Tokyo 2024*
Last week, we also had the opportunity to present an update on AuthZEN at
OpenID Foundations' workshop in beautiful Tokyo. See the slides here
<https://docs.google.com/presentation/d/15t8TFaIezwxrUsqBW8UOZvVT0cNgUcF7/edit>
.

*A stark reminder we need AuthZ*
If you're wondering why we're doing this... I just received this email this
morning

[image: image.png]

It's a sign we need proper authorization to avoid further data breaches.

*Selfish plug*
Oh and another last thing: as a co-curator of the AuthZ Newsletter (
https://authz.substack.com/), if there's anything you want to have included
in the newsletter please send them my way or if you haven't subscribed,
shame on you!


See you tomorrow everyone,
David
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-authzen/attachments/20240122/e331f59f/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 241561 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-authzen/attachments/20240122/e331f59f/attachment-0001.png>

More information about the Openid-specs-authzen mailing list