[Openid-specs-authzen] Notes from today's call
David Brossard
david.brossard at gmail.com
Tue Nov 19 23:59:13 UTC 2024
Dear all,
Thanks everyone for attending our regular call and welcome to our newest
member, Ashwin from Roblox. Here are the notes below as well as on HackMD
<https://hackmd.io/@oidf-wg-authzen/wg-meeting-20241119>.
# Meeting Notes 2024-11-19
## Attendees
- Victor Lu
- @alexbabeanu
- @davidbrossard
- @vladi
- Phillip M. (KC)
## Agenda
- Vladi's presentation on Search/Partial evaluation
- Outreach list
## Notes
### Search & Partial Evaluation
- We have 2 proposals now
- The original one @zirotrust put together ([link](
https://hackmd.io/@oidf-wg-authzen/authzAPI))
- Vladi's [proposal](https://hackmd.io/@oidf-wg-authzen/HkLiZVdb1l)
- We have relative consensus on the request format
- Derivative of the AuthZEN request format with omitted attributes
- Agreeing on the response format is harder
- We could choose an existing query language e.g. SCIM's
search/query language, SQL...
- Can we agree on a broader format?
- Challenge: existing solutions (PlainID, Axiomatics) have
responses that are similar to the underlying policy language (XACML...)
- Proposal: use SCIM's format (see sample vendor [documentation](
https://bookstack.soffid.com/books/scim/page/scim-query-syntax) and
[RFC7644](https://datatracker.ietf.org/doc/html/rfc7644))
- Use Cases
- Runtime data filtering
- Access Reviews
- Entitlements generation
- @alexbabeanu: let's try to align with existing search filters languages.
- Victor briefly brought up IPSIE, the new OpenID WG and how he has a need
to standardize authorization use cases across the enterprise.
- David reached out to Aaron Parecki to try and include AuthZEN/ABAC into
the IPSIE conversation. Next steps TBD
## Action Items
- @vladi will take his proposal and update his examples to be inline with
the AuthZEN `evaluate` proposal.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-authzen/attachments/20241119/9dd146d0/attachment.htm>
More information about the Openid-specs-authzen
mailing list