[Openid-specs-authzen] This week's updates

Omri Gazitt omri at aserto.com
Thu Jan 25 23:03:23 UTC 2024 

Hey folks, here's the deck I presented today.

Happy to answer any other questions about the design decisions behind Topaz.

-DaOmri ;)

On Mon, Jan 22, 2024 at 8:54 PM David Brossard via Openid-specs-authzen <
openid-specs-authzen at lists.openid.net> wrote:

> Dear all,
>
> *PEP-PDP API*
> Thanks to those of you who have presented thus far last week:
>
>    - Darin on Cedar. Notes here
>    <https://docs.google.com/document/d/1FAwPXX3dN1sOB8ICihP9rqC4TDtjsZs2cOuE0pYa29Q/edit>
>    - David on ALFA. Slides here
>    <https://www.slideshare.net/slideshows/openid-authzen-alfa-peppdp-prior-artpptx/265690760>
>    .
>    - David H on OAuth. Notes here
>    <https://github.com/dphhyland/draft-dphhyland-authzen-prior-art/blob/main/draft-dphhyland-authzen-prior-art.md>
>    .
>
> This week we have the immense pleasure of having another *Da*vid present:
> David Ferraiolo from NIST will talk about their approach and NGAC. There
> are quite a few documents online that are worth checking out before his
> presentation:
>
>    - A comparison between NGAC and XACML: Extensible Access Control
>    Markup Language (XACML) and Next Generation Access Control (NGAC)
>    <https://csrc.nist.gov/pubs/conference/2016/03/11/xacml-and-next-generation-access-control-ngac/final>
>    - NIST SP 800-162: Guide to Attribute Based Access Control (ABAC)
>    Definition and Considerations
>    <https://csrc.nist.gov/pubs/sp/800/162/upd2/final>
>    - The Policy Machine <https://csrc.nist.gov/projects/policy-machine>,
>    the basis for the NGAC work
>
> This week also, we will have the pleasure of having Omri & team from
> Aserto/Topaz present their approach to a PEP-PDP interface. Topaz
> <https://www.topaz.sh/> combines OPA (policy-based) and Zanzibar (ACLs)
> together so it'll be interesting to see how they've come up with a
> streamlined interface. Now, for obvious consistency reasons, Omri, you'll
> have to change your name to David or Damian or Darin or any other Da- names
> to comply with our naming scheme.
>
> *Design Patterns*
> Furthermore, Alex is hosting a session on design patterns on Thursday. You
> should all have received invitations. Note that we always use the same Zoom
> link and that meeting times are noted in tomorrow's meeting minutes:
> https://hackmd.io/@oidf-wg-authzen/wg-meeting-20240123.
>
> *OIDF Workshop Tokyo 2024*
> Last week, we also had the opportunity to present an update on AuthZEN at
> OpenID Foundations' workshop in beautiful Tokyo. See the slides here
> <https://docs.google.com/presentation/d/15t8TFaIezwxrUsqBW8UOZvVT0cNgUcF7/edit>
> .
>
> *A stark reminder we need AuthZ*
> If you're wondering why we're doing this... I just received this email
> this morning
>
> [image: image.png]
>
> It's a sign we need proper authorization to avoid further data breaches.
>
> *Selfish plug*
> Oh and another last thing: as a co-curator of the AuthZ Newsletter (
> https://authz.substack.com/), if there's anything you want to have
> included in the newsletter please send them my way or if you haven't
> subscribed, shame on you!
>
>
> See you tomorrow everyone,
> David
> --
> Openid-specs-authzen mailing list
> Openid-specs-authzen at lists.openid.net
> https://lists.openid.net/mailman/listinfo/openid-specs-authzen
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-authzen/attachments/20240125/95cc353c/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 241561 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-authzen/attachments/20240125/95cc353c/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Topaz APIs - AuthZEN WG.pptx
Type: application/vnd.openxmlformats-officedocument.presentationml.presentation
Size: 2310956 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-authzen/attachments/20240125/95cc353c/attachment-0001.pptx>

More information about the Openid-specs-authzen mailing list