[Openid-specs-authzen] Boxcarring proposal

Omri Gazitt omri at aserto.com
Thu Jun 6 04:27:32 UTC 2024


Thanks Andy, Alex & Granville!

I agree with the feedback to use a keyed object instead of an array. I made
those changes in the hackmd file
<https://hackmd.io/ri7odOQkQ6yztBQGlXnnKg?both>.  I also added a brief
section on errors.

Please feel free to add comments to the hackmd file, or send them on the
mailing list.

We can discuss the proposal at our next meeting on Tuesday.

Thanks,
Omri.


On Mon, Jun 3, 2024 at 5:48 AM Granville Schmidt via Openid-specs-authzen <
openid-specs-authzen at lists.openid.net> wrote:

> Thank you for writing this first proposal, Omri!
>
> I agree with Alex on having the batched response keyed off an identifier.
> I also have some additional thoughts to share and get feedback on.
>
> Is it the team's preference to have comments added directly to the HackMD
> document or continue via email?
>
> Cheers,
>
> *Granville Schmidt*
> CISSP, CCSP, CSSLP, HCISPP, CIPT, GCPCA
> https://www.linkedin.com/in/granvilleschmidt/
> +1-740-701-3514
>
>
> [image: Certified Information Privacy Technologist (CIPT) | Intellectual
> Point]
>
>
> On Mon, Jun 3, 2024 at 3:38 AM Alex Olivier via Openid-specs-authzen <
> openid-specs-authzen at lists.openid.net> wrote:
>
>> This is looking good to me.
>>
>> The one area I have run into with the type-array response approach is
>> around ordering. I am assuming that the response array is required to be
>> the same length and order as the input values. This is implicitly putting
>> the responsibility of the PDP to fit that contract and so would be called
>> out in the spec explicitly.
>>
>> From my own experience, having this batch response being keyed off
>> some identifier (resource ID/action?) passed in the input makes it
>> easier to handle on the client side as you can just 'pluck' the value from
>> the response rather than have to iterate through the array to find the
>> matching entity (though the SDK layer can do this).
>>
>>
>>
>> On Sat, 1 Jun 2024 at 02:21, Omri Gazitt via Openid-specs-authzen <
>> openid-specs-authzen at lists.openid.net> wrote:
>>
>>> Hi folks!
>>>
>>> I had a chance to write up the boxcarring proposal that we batted around
>>> during Identiverse. It's in HackMD
>>> <https://hackmd.io/ri7odOQkQ6yztBQGlXnnKg>. Comments welcome!
>>>
>>> The proposal is meant to be backwards-compatible with the current
>>> single-decision evaluation API, but could also be bound to the
>>> /access/v1/evaluations (note plural) endpoint.
>>>
>>> Thanks,
>>> Omri.
>>>
>>> --
>>>
>>> <http://www.aserto.com/>
>>>
>>> Omri Gazitt | CEO
>>>
>>> Aserto <http://www.aserto.com/> Inc. | (425) 765-0079
>>> --
>>> Openid-specs-authzen mailing list
>>> Openid-specs-authzen at lists.openid.net
>>> https://lists.openid.net/mailman/listinfo/openid-specs-authzen
>>>
>> --
>> Openid-specs-authzen mailing list
>> Openid-specs-authzen at lists.openid.net
>> https://lists.openid.net/mailman/listinfo/openid-specs-authzen
>>
> --
> Openid-specs-authzen mailing list
> Openid-specs-authzen at lists.openid.net
> https://lists.openid.net/mailman/listinfo/openid-specs-authzen
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-authzen/attachments/20240605/941e9fd4/attachment.html>


More information about the Openid-specs-authzen mailing list