[Openid-specs-authzen] Notes from today's call

David Brossard david.brossard at gmail.com
Wed Jan 29 00:04:11 UTC 2025 

https://hackmd.io/eJZj-h-XTCeE0QtB8eYS8w?viewMeeting Notes 2025-01-28
<#Attendees>Attendees

   - Alex Babeanu
   - Eve Maler
   - Roland Baum
   - Amos Alubala
   - Davyd Hyland
   - Omri Gazitt
   - David Brossard
   - Gerry Gebel
   - Vladi Berger

<#Agenda>Agenda

   - API 1.0 draft 02 published:
   https://openid.net/specs/authorization-api-1_0-02.html
   - 30 minutes: Review proposed interop profile for London Gartner IAM
      - https://hackmd.io/ecYxP6uxSCm5X0RexkAM2g?view
   - 30 minutes: Review latest Search API proposal
      - https://hackmd.io/SL-AKfCZR6CB-NNrLjSxyg

<#Notes>Notes <#Housekeeping>Housekeeping

   - Gail & the co-chairs had a call to discuss AuthZEN roadmap and OIDC
   processes. Gail suggested Joseph Heenan join one of our calls to talk about
   conformance tests. She also brought up security testing for our protocol

<#Interop-London-Gartner-IAM>Interop London Gartner IAM

   - Gartner IAM London: API Gateway Interop Scenario
   <https://hackmd.io/ecYxP6uxSCm5X0RexkAM2g?view>
   - It would be great if we could add another use case whereby an IdP
   calls out to AuthZEN via the Search API to enrich the access token
   - API gateways will focus on medium-grained (functional) access control
   - The backend app will focus on fine-grained (transactional) access
   control
   - Dave Hyland: not all gateways are equivalent. Some can be more
   fine-grained/coarse-grained.

<#Action-Items>Action Items

   - Omri is handling AWS API Gateway & Zuplo
   - Vladi commits to implementing AuthZEN for Kong
   - David to reach out to L7, Axway, and 42crunch

<#Confirmed-attendees>Confirmed attendees

   - Omri
   - David B.
   - Alex Olivier
   - Josh Twist, Zuplo
   - Vladi, Gerry TBD

<#Search-API-Proposal>Search API Proposal

   - Search API {#search-api} <https://hackmd.io/SL-AKfCZR6CB-NNrLjSxyg>
   - 2 searches:
      - subject search
      - resource search
   - Restricting to these 2 approaches makes the API easier to use and
   consume
   - We conclude we want 2 separate APIs
      - Resource search
      - Subject search
   - We are considering an action-centric search
      - What action can Alice do on record 123?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-authzen/attachments/20250128/f816bcae/attachment.htm>

More information about the Openid-specs-authzen mailing list