[Openid-specs-authzen] A question on resource identifiers for resources that do not exist yet
David Brossard
david.brossard at gmail.com
Thu May 8 10:34:40 UTC 2025
Hi all,
Interesting use case from EIC: I want to write a policy that determines how
a loan-to-be can be created.
Managers can create a loan for a customer in their region up to their max
allowed amount for the employee (and/or customer).
The request would then be:
- Can Alice the employee create loan with amount 1234?
In this type of request, because the loan hasn't been created we do not
have a loan ID or resource ID. But, because AuthZEN makes the resource ID
mandatory in the evaluation API, what approach do we want to recommend?
David
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-authzen/attachments/20250508/8352be8b/attachment.htm>
More information about the Openid-specs-authzen
mailing list