[Openid-specs-authzen] This week's updates

David Brossard david.brossard at gmail.com
Tue Jan 23 18:56:22 UTC 2024 

Hi Alex,

That is a really good point and I was wondering whether our spec was too
P*P-biased. Take a graph-based approach like 3Edges: does the interface
Cedar and ALFA have still make sense to you?

Let's talk soon!

On Tue, Jan 23, 2024 at 8:57 AM Alex Babeanu <alex at 3edges.com> wrote:

> Hi DavidB,
> Wow, that's a lot. I'm sure we'll unpack this soon :).
>
> Meanwhile, about the Design Patterns doc, and the session Thursday: I'd
> like to spend 10-15 minutes on a diagram I'm working on that puts it all
> together, and then discuss.
>
> Note that discussing PEP-PDP is fine if you use those components. But a
> lot of organizations don't use the PEP-PDP pattern, and most (if not all)
> still use RBAC as their main (and only?) methodology. I think that
> reconciling the "AS" and "PDP" worlds is therefore critical to our
> endeavours.
>
> Anyway, talk soon,
>
> ./\.
>
> On Mon, Jan 22, 2024 at 8:54 PM David Brossard via Openid-specs-authzen <
> openid-specs-authzen at lists.openid.net> wrote:
>
>> Dear all,
>>
>> *PEP-PDP API*
>> Thanks to those of you who have presented thus far last week:
>>
>>    - Darin on Cedar. Notes here
>>    <https://docs.google.com/document/d/1FAwPXX3dN1sOB8ICihP9rqC4TDtjsZs2cOuE0pYa29Q/edit>
>>    - David on ALFA. Slides here
>>    <https://www.slideshare.net/slideshows/openid-authzen-alfa-peppdp-prior-artpptx/265690760>
>>    .
>>    - David H on OAuth. Notes here
>>    <https://github.com/dphhyland/draft-dphhyland-authzen-prior-art/blob/main/draft-dphhyland-authzen-prior-art.md>
>>    .
>>
>> This week we have the immense pleasure of having another *Da*vid
>> present: David Ferraiolo from NIST will talk about their approach and NGAC.
>> There are quite a few documents online that are worth checking out before
>> his presentation:
>>
>>    - A comparison between NGAC and XACML: Extensible Access Control
>>    Markup Language (XACML) and Next Generation Access Control (NGAC)
>>    <https://csrc.nist.gov/pubs/conference/2016/03/11/xacml-and-next-generation-access-control-ngac/final>
>>    - NIST SP 800-162: Guide to Attribute Based Access Control (ABAC)
>>    Definition and Considerations
>>    <https://csrc.nist.gov/pubs/sp/800/162/upd2/final>
>>    - The Policy Machine <https://csrc.nist.gov/projects/policy-machine>,
>>    the basis for the NGAC work
>>
>> This week also, we will have the pleasure of having Omri & team from
>> Aserto/Topaz present their approach to a PEP-PDP interface. Topaz
>> <https://www.topaz.sh/> combines OPA (policy-based) and Zanzibar (ACLs)
>> together so it'll be interesting to see how they've come up with a
>> streamlined interface. Now, for obvious consistency reasons, Omri, you'll
>> have to change your name to David or Damian or Darin or any other Da- names
>> to comply with our naming scheme.
>>
>> *Design Patterns*
>> Furthermore, Alex is hosting a session on design patterns on Thursday.
>> You should all have received invitations. Note that we always use the same
>> Zoom link and that meeting times are noted in tomorrow's meeting minutes:
>> https://hackmd.io/@oidf-wg-authzen/wg-meeting-20240123.
>>
>> *OIDF Workshop Tokyo 2024*
>> Last week, we also had the opportunity to present an update on AuthZEN at
>> OpenID Foundations' workshop in beautiful Tokyo. See the slides here
>> <https://docs.google.com/presentation/d/15t8TFaIezwxrUsqBW8UOZvVT0cNgUcF7/edit>
>> .
>>
>> *A stark reminder we need AuthZ*
>> If you're wondering why we're doing this... I just received this email
>> this morning
>>
>> [image: image.png]
>>
>> It's a sign we need proper authorization to avoid further data breaches.
>>
>> *Selfish plug*
>> Oh and another last thing: as a co-curator of the AuthZ Newsletter (
>> https://authz.substack.com/), if there's anything you want to have
>> included in the newsletter please send them my way or if you haven't
>> subscribed, shame on you!
>>
>>
>> See you tomorrow everyone,
>> David
>> --
>> Openid-specs-authzen mailing list
>> Openid-specs-authzen at lists.openid.net
>> https://lists.openid.net/mailman/listinfo/openid-specs-authzen
>>
>
>
> --
> [image: This is Alexandre Babeanu's card. Their email is alex at 3edges.com.
> Their phone number is +1 604 728 8130.]
> <https://hihello.me/p/cda689b1-0378-4b9c-88cf-33a9bc8ef0c5>
>
> CONFIDENTIALITY NOTICE: This e-mail message, including any attachments
> hereto, is for the sole use of the intended recipient(s) and may contain
> confidential and/or proprietary information.
>


-- 
---
David Brossard
http://www.linkedin.com/in/davidbrossard
http://twitter.com/davidjbrossard
http://about.me/brossard
---
Stay safe on the Internet: IC3 Prevention Tips
<https://www.capefearnetworks.com/wp-content/uploads/2017/05/Internet-Fraud-Prevention-Tips-IC3.pdf>
Prenez vos précautions sur Internet:
http://www.securite-informatique.gouv.fr/gp_rubrique34.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-authzen/attachments/20240123/8f35adea/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 241561 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-authzen/attachments/20240123/8f35adea/attachment-0001.png>

More information about the Openid-specs-authzen mailing list