[Openid-specs-authzen] Candidate spec for Implementer’s Draft (1.0), and draft of boxcarred requests (1.1)
Omri Gazitt
omri at aserto.com
Wed Jul 3 21:46:49 UTC 2024
Thanks for reviewing David!
I was intending on making them symmetric. I found this language in the
current published spec… did you have something else in mind?
Also, I think the best way to track feedback and make sure we’re not
missing any is through GitHub issues…
A Subject is a JSON ([RFC8259 <https://openid.github.io/authzen/#RFC8259>])
object that contains any number of key-value pair attributes. However,
there are a minimal number of fields that are required in order to properly
resolve a Subject.
type:
REQUIRED. A string value that specifies the type of the Subject.
id:
REQUIRED. The unique identifier of the Subject, scoped to the type.
<http://www.aserto.com/>
Omri Gazitt | CEO
Aserto <http://www.aserto.com/> Inc. | (425) 765-0079
On Wed, Jul 3, 2024 at 2:12 PM David Brossard <david.brossard at gmail.com>
wrote:
> Hi Omri,
>
> I just realized the spec could use a bit more symmetry/consistency. For
> instance, the resource category is described as
>
>> A Resource is the target of an access request. It is a JSON ([RFC8259
>> <https://openid.github.io/authzen/#RFC8259>]) object that is constructed
>> similar to a Subject entity.¶
>> <https://openid.github.io/authzen/#section-5.2-1>
>>
> The subject category does not allude to RFC8259 when in fact it
> could/should. Thoughts? At the end of the day, subject and resource are
> structurally equal/equivalent.
>
> Thoughts?
>
> On Tue, Jul 2, 2024 at 8:48 PM Omri Gazitt via Openid-specs-authzen <
> openid-specs-authzen at lists.openid.net> wrote:
>
>> Hi all!
>>
>> As discussed on the AuthZEN call today, I’ve updated the 1.0 spec and
>> created a new 1.1 spec that adds the Access Evaluations (plural) API.
>>
>> https://openid.github.io/authzen/
>>
>>
>> https://openid.github.io/authzen/authorization-api-1_1#name-access-evaluations-api
>>
>>
>> The first spec (1.0) is what we are working towards making our first
>> Implementer’s Draft. The second is meant to be a fast follower and adds
>> support for boxcarred requests.
>>
>> Please open issues in GitHub for any comments or questions on either.
>>
>> Thanks,
>> Omri.
>>
>>
>> <http://www.aserto.com/>
>>
>> Omri Gazitt | CEO
>>
>> Aserto <http://www.aserto.com/> Inc. | (425) 765-0079
>> --
>> Openid-specs-authzen mailing list
>> Openid-specs-authzen at lists.openid.net
>> https://lists.openid.net/mailman/listinfo/openid-specs-authzen
>>
>
>
> --
> ---
> David Brossard
> http://www.linkedin.com/in/davidbrossard
> http://twitter.com/davidjbrossard
> http://about.me/brossard
> ---
> Stay safe on the Internet: IC3 Prevention Tips
> <https://www.capefearnetworks.com/wp-content/uploads/2017/05/Internet-Fraud-Prevention-Tips-IC3.pdf>
> Prenez vos précautions sur Internet:
> http://www.securite-informatique.gouv.fr/gp_rubrique34.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-authzen/attachments/20240703/f4731688/attachment-0001.html>
More information about the Openid-specs-authzen
mailing list