[Openid-specs-authzen] Open issues and PRs

David Brossard david.brossard at gmail.com
Tue Aug 19 07:59:15 UTC 2025 

Dear all,

We still have 11 issues <https://github.com/openid/authzen/issues/> and 2 pull
requests <https://github.com/openid/authzen/pulls> open on the
specification draft. In order to move forward to final spec, we need to
close these out.


   - Issue 352 (Michiel) deals with normative HTTP binding paths. I
   remember early on Omri wanting to formalize the structure of the URLs
   (/access/v1/evaluation) but the current draft
   <https://openid.github.io/authzen/> doesn't make any mention of
   mandatory or normative URLs. In addition, the fact we introduced the
   metadata endpoint negates the need for normative URLs formats. The only
   necessary endpoint becomes the metadata endpoint. Given this, Michiel
   pointed out (and I agree) we probably need to make the metadata endpoint
   mandatory to be conformant. Today, it's optional.
      - If there are no objections, we will therefore close this issue i.e.
      not make any runtime paths normative
      - We will make the metadata API path normative
      - We will make the metadata API mandatory
   - Issue 339 is easy to fix: we write 4-tuple in cases when in fact it
   can be a 3-tuple or an n-tuple. We should just reword to avoid a specific
   number. I assigned Alex but he's on PTO. Any takers for the fix?
   - Issue 325 <https://github.com/openid/authzen/issues/325> is
   outstanding. It has to do with pagination methods. It needs to be wrapped
      - Also, pagination is defined in no less than 3 sections (8.3.1,
      9.3.1, and 10.3.1). They need to be abstracted away. We will use the same
      pagination method for all API endpoints so no need to rewrite 3 times and
      risk inconsistencies. Alex B., you were working on this. Do you have time
      to fix it?
   - Gerry will check the status of issue 300
   <https://github.com/openid/authzen/issues/300>. Jeff L., you were
   working on it.
   - Jeff, we need clarification on issue 268
   <https://github.com/openid/authzen/issues/268> re. authentication.
   - We need to agree to punt issue 250
   <https://github.com/openid/authzen/issues/250> to after the 1.0 spec. Or
   punt the entire Evaluations semantics to after 1.0
   -  Issues 230 <https://github.com/openid/authzen/issues/230>and 229 need
   work. Roland, this was your baby. We can choose to punt it to after 1.0 as
   well.
   - Issue 55 <https://github.com/openid/authzen/issues/55>: Elie, can you
   add a proposal?
   - Issue 47 <https://github.com/openid/authzen/issues/47> should be
   rejected given the extensive rewrites
   - The same applies to 46.


Thanks all for reading,
David

-- 
---
David Brossard
http://www.linkedin.com/in/davidbrossard
http://twitter.com/davidjbrossard
http://about.me/brossard
---
Stay safe on the Internet: IC3 Prevention Tips
<https://www.capefearnetworks.com/wp-content/uploads/2017/05/Internet-Fraud-Prevention-Tips-IC3.pdf>
Prenez vos précautions sur Internet:
https://cyber.gouv.fr/bonnes-pratiques-protegez-vous
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-authzen/attachments/20250819/00d42a27/attachment.htm>

More information about the Openid-specs-authzen mailing list