[Openid-specs-authzen] Notes from meeting on April 22
Gerry Gebel
gerry at strata.io
Tue Apr 22 23:15:49 UTC 2025
Meeting Notes 2025-04-22 <#Attendees>Attendees
- omrig
- Michiel Trimpe
- Alex Babeanu
- Jeff Lombardo
- Victor Lu
- David Brossard
- Gerry Gebel
- Vladi Berger
- George Fletcher
- Elie Azerad
- Dave Hyland
<#Agenda>Agenda
- Draft 03 published at
https://openid.net/specs/authorization-api-1_0-03.html and also at
https://openid.net/wg/authzen/specifications/
- Review latest on the Identiverse interop (David - 20 min)
- https://hackmd.io/RtM2PNfbTs-J8X_1CZeRsQ?view
- payload document
- test harness
- Remaining open issues needing resolution before Final (Omri - 10 min)
- context.reason in the response: this whole area is confusing in the
spec, and either overspecified or underspecified. We have 5 open issues
that relate to this. Owner: David.
- discuss JWT profile for subject identifiers (
https://github.com/openid/authzen/issues/248) - do we want to move
this work forward? Should it be a profile or in the main spec?
Owner: Omri.
- additions to search response -
https://github.com/openid/authzen/issues/229 and
https://github.com/openid/authzen/issues/230. Owner: Omri.
- evaluations semantics discussion:
https://github.com/openid/authzen/issues/250
- "policy routing" - e.g. https://github.com/openid/authzen/issues/164.
Owner: Omri.
- Update on Partial Evaluation draft, decision on whether it is a
must-have for Final or whether we can proceed on it in parallel / separate
document (David - 10 min)
- Metadata discovery - review Jeff's proposal (Jeff - 15 min)
<#Notes>Notes
Draft 03 is published
- Still requires some manual effort to produce
- Chairs used to be able to edit backend wordpress, so there is an extra
step to get it on the WG web page
Identiverse Interop
- Revising the draft document to follow more closely to the format used
at the Gartner interop
- Vladi, Alex O and David B got together to start building the demo app
- allows you to select the different search options
- builds a comformant request and sends to the selected PDP
- when ready, it will be hosted by AWS
- current version:
https://authzen-search-demo-894605444744.europe-west1.run.app/
- David to add inputs and outputs before sending the document out
- We need to make sure all participants have signed the IPR agreement
before Identiverse
Open Issues
- David will look at the context.reason in a response to clean this area
up
- Provide a way to flow existing JWTs within the AuthZEN request (Omri)
- How to send context back with a search result (Omri)
- Evaluations semantics (Omri)
- Policy routing (Omri)
Partial Evaluation
- Recommendation is to move PE to 1.1
- Michiel, Vladi and David got together recently to discuss the result
set
- Need to cover a subset of capabilities
- Currently have two serialization formats in review
- MT: What is a possible timeline for an implementer's draft of PE?
- This work can continue in parallel and produce a document that
interested parties can be pointed to
- Request format will be the same as the Search format
- Bulk of the remaining work is on the response structure
- David will send a note to the working group to seek other interested
parties that want to provide input
Metadata Discovery
- The idea is to have a metadata endpoint that is accessed via a
.well-known endpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-authzen/attachments/20250422/e69ce5c7/attachment.htm>
More information about the Openid-specs-authzen
mailing list