[Openid-specs-authzen] Meeting notes for 2025-01-07
Omri Gazitt
omri at aserto.com
Tue Jan 7 20:10:46 UTC 2025
Hi folks! Happy new year, and thanks for attending today!
# Meeting Notes 2025-01-07
## Attendees
- @omri
- Mike Schwartz
- Dinesh
- Vladi
- Michiel
- @alexbabeanu
- Julio
- @davidbrossard
- Amos
- @eaz
- David Hyland
## Agenda
- 2025 H1 Roadmap
- https://hackmd.io/FgnDl4iMTIa7xPQ18D7mfQ?view
- Access Evaluations semantic in the spec based on the proposal discussed
Dec 17
-
https://openid.github.io/authzen/authorization-api-1_0_02.html#name-evaluations-options
- https://hackmd.io/wnRZovyfS4GJVE3ozqkqmA?view
- JSON schema for access evaluation request/response merged
-
https://github.com/openid/authzen/blob/main/api/schemas/evaluation-request.schema.json
- OpenID vs separate org/repo for code artifacts?
- Docker image to build the AuthZEN spec - Julio Auto created one!
- https://github.com/openid/authzen/issues/150
- Issue is closed, but was there a PR to add these artifacts?
- Discuss Vladi's partial evaluation proposal
- HTTP extension proposal
- Kong integration!! (Vladi)
## Notes
- @omri provided an overview of the [roadmap](
https://hackmd.io/FgnDl4iMTIa7xPQ18D7mfQ?view)
- Interop update
- Learn from Shared Signals in terms of experience at Gartner
- Provide 3 use cases (IdP, API GW, apps) for Gartner London
- Reminder to check the [list of target integrations](
https://hackmd.io/@oidf-wg-authzen/target-integrations) and find one you
can reach out to.
- Mike S. points out that the AuthZEN spec alone is not enough to determine
what the payload should be
- This is where profiling comes in
- Vladi has the example for Kong
-
- Mike S. says that Jans server already supports calling out to a PDP via
AuthZEN through an interception script.
- We need a repo to store code artifacts separate from the OpenID AuthZEN
repo.
- David will create a Docker Hub user for the AuthZEN image
- This is the org we will use for code: https://github.com/authzen
## Partial Evaluations API Review
- [Proposal](https://hackmd.io/Jhm_sYKfTlOq7ZlUAIuRRA)
- David suggests we do a comparison of all 3 major approaches today
- PlainID
- Axiomatics
- Open Policy Agent's Partial Evaluation
**Reminder**: we've decided to separate `partial evaluation` from `search`
as they are radically different in their approach
- Atul's original spec (which contains subject and resource search):
https://openid.github.io/authzen/authorization-api-1_0-original.html#name-resource-search-api
## AOB
- [Jans documentation for AuthZEN](
https://docs.jans.io/head/janssen-server/auth-server/endpoints/access-evaluation/
)
- [Target Integrations](
https://hackmd.io/@oidf-wg-authzen/target-integrations)
--
<http://www.aserto.com/>
Omri Gazitt | CEO
Aserto <http://www.aserto.com/> Inc. | (425) 765-0079
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-authzen/attachments/20250107/2ae7650e/attachment.htm>
More information about the Openid-specs-authzen
mailing list