[Openid-specs-authzen] This week's updates

Alex Babeanu alex at 3edges.com
Tue Jan 23 16:57:15 UTC 2024 

Hi DavidB,
Wow, that's a lot. I'm sure we'll unpack this soon :).

Meanwhile, about the Design Patterns doc, and the session Thursday: I'd
like to spend 10-15 minutes on a diagram I'm working on that puts it all
together, and then discuss.

Note that discussing PEP-PDP is fine if you use those components. But a lot
of organizations don't use the PEP-PDP pattern, and most (if not all) still
use RBAC as their main (and only?) methodology. I think that reconciling
the "AS" and "PDP" worlds is therefore critical to our endeavours.

Anyway, talk soon,

./\.

On Mon, Jan 22, 2024 at 8:54 PM David Brossard via Openid-specs-authzen <
openid-specs-authzen at lists.openid.net> wrote:

> Dear all,
>
> *PEP-PDP API*
> Thanks to those of you who have presented thus far last week:
>
>    - Darin on Cedar. Notes here
>    <https://docs.google.com/document/d/1FAwPXX3dN1sOB8ICihP9rqC4TDtjsZs2cOuE0pYa29Q/edit>
>    - David on ALFA. Slides here
>    <https://www.slideshare.net/slideshows/openid-authzen-alfa-peppdp-prior-artpptx/265690760>
>    .
>    - David H on OAuth. Notes here
>    <https://github.com/dphhyland/draft-dphhyland-authzen-prior-art/blob/main/draft-dphhyland-authzen-prior-art.md>
>    .
>
> This week we have the immense pleasure of having another *Da*vid present:
> David Ferraiolo from NIST will talk about their approach and NGAC. There
> are quite a few documents online that are worth checking out before his
> presentation:
>
>    - A comparison between NGAC and XACML: Extensible Access Control
>    Markup Language (XACML) and Next Generation Access Control (NGAC)
>    <https://csrc.nist.gov/pubs/conference/2016/03/11/xacml-and-next-generation-access-control-ngac/final>
>    - NIST SP 800-162: Guide to Attribute Based Access Control (ABAC)
>    Definition and Considerations
>    <https://csrc.nist.gov/pubs/sp/800/162/upd2/final>
>    - The Policy Machine <https://csrc.nist.gov/projects/policy-machine>,
>    the basis for the NGAC work
>
> This week also, we will have the pleasure of having Omri & team from
> Aserto/Topaz present their approach to a PEP-PDP interface. Topaz
> <https://www.topaz.sh/> combines OPA (policy-based) and Zanzibar (ACLs)
> together so it'll be interesting to see how they've come up with a
> streamlined interface. Now, for obvious consistency reasons, Omri, you'll
> have to change your name to David or Damian or Darin or any other Da- names
> to comply with our naming scheme.
>
> *Design Patterns*
> Furthermore, Alex is hosting a session on design patterns on Thursday. You
> should all have received invitations. Note that we always use the same Zoom
> link and that meeting times are noted in tomorrow's meeting minutes:
> https://hackmd.io/@oidf-wg-authzen/wg-meeting-20240123.
>
> *OIDF Workshop Tokyo 2024*
> Last week, we also had the opportunity to present an update on AuthZEN at
> OpenID Foundations' workshop in beautiful Tokyo. See the slides here
> <https://docs.google.com/presentation/d/15t8TFaIezwxrUsqBW8UOZvVT0cNgUcF7/edit>
> .
>
> *A stark reminder we need AuthZ*
> If you're wondering why we're doing this... I just received this email
> this morning
>
> [image: image.png]
>
> It's a sign we need proper authorization to avoid further data breaches.
>
> *Selfish plug*
> Oh and another last thing: as a co-curator of the AuthZ Newsletter (
> https://authz.substack.com/), if there's anything you want to have
> included in the newsletter please send them my way or if you haven't
> subscribed, shame on you!
>
>
> See you tomorrow everyone,
> David
> --
> Openid-specs-authzen mailing list
> Openid-specs-authzen at lists.openid.net
> https://lists.openid.net/mailman/listinfo/openid-specs-authzen
>


-- 
[image: This is Alexandre Babeanu's card. Their email is alex at 3edges.com.
Their phone number is +1 604 728 8130.]
<https://hihello.me/p/cda689b1-0378-4b9c-88cf-33a9bc8ef0c5>

-- 
CONFIDENTIALITY NOTICE: This e-mail message, including any attachments 
hereto, is for the sole use of the intended recipient(s) and may contain 
confidential and/or proprietary information.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-authzen/attachments/20240123/330b85db/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 241561 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-authzen/attachments/20240123/330b85db/attachment-0001.png>

More information about the Openid-specs-authzen mailing list