[Openid-specs-authzen] Notes from working group call on Jan 21, 2025

Gerry Gebel gerry at strata.io
Tue Jan 21 20:13:29 UTC 2025 

Meeting Notes 2025-01-21 <#Attendees>Attendees

   - Omri Gazitt
   - Michiel Trimpe
   - Alex Olivier
   - Nicola Gallo
   - Vladi Berger
   - Eve Maler (@xmlgrrl)
   - Alex Babeanu
   - Marc de Boer
   - Phillip Messerschmidt
   - David Hyland
   - Roland Baum
   - Mike Schwartz
   - Atul Tulshibagwale
   - Gerry Gebel

<#Agenda>Agenda

   - API gateway discussion
      - https://hackmd.io/MTJPf_vzSmubctNtHis99g
      - Go over comments in draft document
      - Potential API Gateway interop participants
         - Zuplo agreed to participate in interop
         - AWS API Gateway conversation being teed up by Dinesh
      - First draft of Search API - coming soon
   - Partial Evaluation feedback review

<#Notes>Notes

   -

   API gateway profile draft discussion
   - We will discuss any further comments on this draft next week before
      sharing it more broadly implementers to get feedback
      - The motivation is to stabilize this document sufficiently to hold
      the demo at Gartner London on March 24-25
   -

   Partial Evaluation feedback review
   - ODRL and UCAST should be considered
      - Partial evaluation should include the action
      - Are we certain that the PEP really understands the implementation?
   -

   Search draft not reviewed today, targeting next week for that
   conversation

<#Other-notes>Other notes

*Atul:*
FWIW, the Transaction Tokens draft in the IETF defines “rctx” as an object
to provide context to the Transaction Tokens Service (TTS) to mint a
Transaction Token. In at least one implementation that TTS is an AuthZEN
PEP. The requester is often an API Gateway, so it maps quite well to what
we are discussing:
https://datatracker.ietf.org/doc/draft-ietf-oauth-transaction-tokens/

*Michiel Trimpe:*
FYI; it might be good to make it clear in the spec that HTTP Route is
similar (identical?) to OpenAPI Specification “Patterned Path Fields”
https://swagger.io/specification/#paths-object

Especially for API Gateways many of them will define routes automatically
based on OAS specs.

When discussing it I’ve found that also to be the most universally
understood explanation of what a ‘route’ is.

https://arxiv.org/abs/2409.17602
https://hackmd.io/oHR8hzn6SfyPc6_onQg47A
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-authzen/attachments/20250121/7454f565/attachment.htm>

More information about the Openid-specs-authzen mailing list