[Openid-specs-authzen] Partial Evaluation meeting running as we speak
David Brossard
david.brossard at gmail.com
Thu Apr 10 17:10:58 UTC 2025
And here are the notes from the meeting:
https://hackmd.io/pSQDKYrPSnuVX4K7rjo8_w?view
Partial Evaluation Cedar Meeting <#Attendees>Attendees
- Darin McAdams
- Jeff Lombardo
- Alex Babeanu
- Vladi Berger
- David Brossard
- Michiel Trimpe
<#Partial-Evaluation-in-Cedar>Partial Evaluation in Cedar
- Experimental feature for the time being
- Some customers are playing with it
- By the time customers try it though, they find it too raw and give up
- Common use cases
- Search: how do you map residual fragments to the relevant query
language?
- Search: there is a risk you might hit a non-indexed field in the
underlying DB
-Hopelessness check: I don't have an entire request and I don't want
to incur the cost of retrieving all attributes if I don't have all the
information if I know I will get access denied.
- Impact analysis
- What if I change this policy, how will access be impacted?
- Access reviews
- What can Alice do? What can manager do?
- Cedar already produces a JSON version of its AST that represents a
partial evaluation response
- https://cedarland.blog/usage/partial-evaluation/content.html
- We can compare it with the draft spec
<#Differences-between-products>Differences between products
- The usefulness and scope of partial evaluation depends on the fact the
underlying implementation is stateful or stateless
<#Ucast>Ucast
- https://github.com/stalniy/ucast
- https://github.com/StyraInc/ucast-linq
- Integration with Prisma
- https://www.npmjs.com/package/@styra/ucast-prisma
- https://www.prisma.io/
- Challenge
- ucast is not a standard
- ucast doesn't define a serialization format in the OS project
- check with Styra
- the last commit is nearly 2 years old
<#Other-formats>Other formats
- https://json-e.js.org/
<#Reaching-out-to-the-new-product-bucket>Reaching out to the new 'product
bucket'
- If partial evaluation is about data filtering, then the target is data
platforms (in a broad sense) such as SQL DB vendors, data platforms (Trino,
Immuta, Snowflake), or DB SaaS (Athena, RDS…)
On Thu, Apr 10, 2025 at 9:10 AM Lombardo, Jeff via Openid-specs-authzen <
openid-specs-authzen at lists.openid.net> wrote:
> You can join the meeting for the next hour if possible for you. We will
> share the recording after the fact.
>
>
>
> Meeting title: AuthZEN Partial Evaluation discussion
>
> Personalized ID: 6455908420
>
> Meeting ID: 6455 90 8420
>
> Hosting Region: United States (Ohio)
>
> URL Link: https://chime.aws/6455908420
>
> US dial-in: +1 206-462-5569
>
> US toll-free dial-in: +1 855-552-4463
>
> International dial-in numbers: https://chime.aws/dialinnumbers/
>
>
>
> *Jean-François “Jeff” Lombardo* | Amazon Web Services
>
>
>
> Principal Solution Architect, Security Specialist - Montréal, Canada
>
> Mobile: 514.778.5565
>
>
>
> *Thoughts on our interaction? Provide feedback **here*
> <https://urldefense.com/v3/__https:/feedback.aws.amazon.com/?ea=jeffsec&fn=Jean*20Francois&ln=Lombardo__;JQ!!Pe07N362zA!0k9CkAV8Djpw_8EfIAKrbhP3TQrJr0oMnznlUgBJ3V3NoEk6hihx7dNHnQuejn6SSH2CP8Iow3G-tTzppHeg$>
> *.*
>
>
> --
> Openid-specs-authzen mailing list
> Openid-specs-authzen at lists.openid.net
> https://lists.openid.net/mailman/listinfo/openid-specs-authzen
>
--
---
David Brossard
http://www.linkedin.com/in/davidbrossard
http://twitter.com/davidjbrossard
http://about.me/brossard
---
Stay safe on the Internet: IC3 Prevention Tips
<https://www.capefearnetworks.com/wp-content/uploads/2017/05/Internet-Fraud-Prevention-Tips-IC3.pdf>
Prenez vos précautions sur Internet:
https://cyber.gouv.fr/bonnes-pratiques-protegez-vous
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-authzen/attachments/20250410/d5431bb4/attachment-0001.htm>
More information about the Openid-specs-authzen
mailing list