[Openid-specs-authzen] Notes from today's call

David Brossard david.brossard at gmail.com
Tue Nov 19 23:59:13 UTC 2024


Dear all,

Thanks everyone for attending our regular call and welcome to our newest
member, Ashwin from Roblox. Here are the notes below as well as on HackMD
<https://hackmd.io/@oidf-wg-authzen/wg-meeting-20241119>.


# Meeting Notes 2024-11-19

## Attendees

- Victor Lu
- @alexbabeanu
- @davidbrossard
- @vladi
- Phillip M. (KC)


## Agenda
  - Vladi's presentation on Search/Partial evaluation
  - Outreach list

## Notes

### Search & Partial Evaluation

- We have 2 proposals now
    - The original one @zirotrust put together ([link](
https://hackmd.io/@oidf-wg-authzen/authzAPI))
    - Vladi's [proposal](https://hackmd.io/@oidf-wg-authzen/HkLiZVdb1l)
    - We have relative consensus on the request format
        - Derivative of the AuthZEN request format with omitted attributes
    - Agreeing on the response format is harder
        - We could choose an existing query language e.g. SCIM's
search/query language, SQL...
    - Can we agree on a broader format?
        - Challenge: existing solutions (PlainID, Axiomatics) have
responses that are similar to the underlying policy language (XACML...)
        - Proposal: use SCIM's format (see sample vendor [documentation](
https://bookstack.soffid.com/books/scim/page/scim-query-syntax) and
[RFC7644](https://datatracker.ietf.org/doc/html/rfc7644))

- Use Cases
    - Runtime data filtering
    - Access Reviews
    - Entitlements generation

- @alexbabeanu: let's try to align with existing search filters languages.

- Victor briefly brought up IPSIE, the new OpenID WG and how he has a need
to standardize authorization use cases across the enterprise.
- David reached out to Aaron Parecki to try and include AuthZEN/ABAC into
the IPSIE conversation. Next steps TBD

## Action Items

- @vladi will take his proposal and update his examples to be inline with
the AuthZEN `evaluate` proposal.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-authzen/attachments/20241119/9dd146d0/attachment.htm>


More information about the Openid-specs-authzen mailing list