[Openid-specs-authzen] Evolving the Todo interop scenario to be compliant with AuthZEN 1.0
eve at xmlgrrl.com
eve at xmlgrrl.com
Mon Jul 8 00:09:25 UTC 2024
Hey Omri, thanks for all this. I’ll be on the road — Beryl willing — and can’t attend this coming week’s call. No comments on the new Evaluations section at this time, but here are quick thoughts fwtw on your Todo evolution writeup.
Dynamic resources need to be catered for. A reliance on too-static resource URLs or IDs will not be sustainable for a lot of APIs needing protection. With SSF now in the picture, your idea to use it to help manage resource lifecycles is intriguing. We need a method that's lightweight and asynchronous from the tasks of policy decision making. Maybe such a solution could be an SSF profile that is optionally combinable with AuthZEN usage but on which the latter has no deep dependency.
Eve Maler | cell and Signal +1 (425) 345-6756 <tel:+1-425-345-6756>
Visit the Venn Factory <http://vennfactory.com/>
Request a 15-minute consultation <https://fantastical.app/eve/15>
> On Jul 7, 2024, at 4:51 PM, Omri Gazitt via Openid-specs-authzen <openid-specs-authzen at lists.openid.net> wrote:
>
> Hi folks! Hope everyone had a good weekend (and for US folks, a good holiday weekend).
>
> I took two action items in last week's call:
> Create an AuthZEN 1.1 spec with the /access/v1/evaluations section. This is now merged and published <https://openid.github.io/authzen/authorization-api-1_1>!
> Update the Todo backend and make it compliant with the new AuthZEN 1.0 spec, and specifically the resource ID field being mandatory.
> On #2, I ran into a significant design issue that I believe is worth discussing on Tuesday's call. Please read this background document <https://hackmd.io/rOm3BA4qSGmX477UXRNUuw?view> so that we can dedicate some time on the agenda to picking a way forward.
>
> Thanks,
> Omri.
>
> --
> <http://www.aserto.com/>
> Omri Gazitt | CEO
> Aserto <http://www.aserto.com/> Inc. | (425) 765-0079
> --
> Openid-specs-authzen mailing list
> Openid-specs-authzen at lists.openid.net
> https://lists.openid.net/mailman/listinfo/openid-specs-authzen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-authzen/attachments/20240707/370ff0ee/attachment.html>
More information about the Openid-specs-authzen
mailing list