[Openid-specs-authzen] Notes from meeting on April 22

Gerry Gebel gerry at strata.io
Tue Apr 22 23:15:49 UTC 2025


Meeting Notes 2025-04-22 <#Attendees>Attendees

   - omrig
   - Michiel Trimpe
   - Alex Babeanu
   - Jeff Lombardo
   - Victor Lu
   - David Brossard
   - Gerry Gebel
   - Vladi Berger
   - George Fletcher
   - Elie Azerad
   - Dave Hyland

<#Agenda>Agenda

   - Draft 03 published at
   https://openid.net/specs/authorization-api-1_0-03.html and also at
   https://openid.net/wg/authzen/specifications/
   - Review latest on the Identiverse interop (David - 20 min)
      - https://hackmd.io/RtM2PNfbTs-J8X_1CZeRsQ?view
      - payload document
      - test harness
   - Remaining open issues needing resolution before Final (Omri - 10 min)
      - context.reason in the response: this whole area is confusing in the
      spec, and either overspecified or underspecified. We have 5 open issues
      that relate to this. Owner: David.
      - discuss JWT profile for subject identifiers (
      https://github.com/openid/authzen/issues/248) - do we want to move
      this work forward? Should it be a profile or in the main spec?
Owner: Omri.
      - additions to search response -
      https://github.com/openid/authzen/issues/229 and
      https://github.com/openid/authzen/issues/230. Owner: Omri.
      - evaluations semantics discussion:
      https://github.com/openid/authzen/issues/250
      - "policy routing" - e.g. https://github.com/openid/authzen/issues/164.
      Owner: Omri.
   - Update on Partial Evaluation draft, decision on whether it is a
   must-have for Final or whether we can proceed on it in parallel / separate
   document (David - 10 min)
   - Metadata discovery - review Jeff's proposal (Jeff - 15 min)

<#Notes>Notes

Draft 03 is published

   - Still requires some manual effort to produce
   - Chairs used to be able to edit backend wordpress, so there is an extra
   step to get it on the WG web page

Identiverse Interop

   - Revising the draft document to follow more closely to the format used
   at the Gartner interop
   - Vladi, Alex O and David B got together to start building the demo app
      - allows you to select the different search options
      - builds a comformant request and sends to the selected PDP
      - when ready, it will be hosted by AWS
      - current version:
      https://authzen-search-demo-894605444744.europe-west1.run.app/
   - David to add inputs and outputs before sending the document out
   - We need to make sure all participants have signed the IPR agreement
   before Identiverse

Open Issues

   - David will look at the context.reason in a response to clean this area
   up
   - Provide a way to flow existing JWTs within the AuthZEN request (Omri)
   - How to send context back with a search result (Omri)
   - Evaluations semantics (Omri)
   - Policy routing (Omri)

Partial Evaluation

   - Recommendation is to move PE to 1.1
   - Michiel, Vladi and David got together recently to discuss the result
   set
   - Need to cover a subset of capabilities
   - Currently have two serialization formats in review
   - MT: What is a possible timeline for an implementer's draft of PE?
      - This work can continue in parallel and produce a document that
      interested parties can be pointed to
   - Request format will be the same as the Search format
   - Bulk of the remaining work is on the response structure
   - David will send a note to the working group to seek other interested
   parties that want to provide input

Metadata Discovery

   - The idea is to have a metadata endpoint that is accessed via a
   .well-known endpoint
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-authzen/attachments/20250422/e69ce5c7/attachment.htm>


More information about the Openid-specs-authzen mailing list