[Openid-specs-authzen] A question on resource identifiers for resources that do not exist yet
Allan
allan at macguru.com
Thu May 8 10:40:04 UTC 2025
hmmm
surely customer is part of the resource? and a create can simply use a resource ID of 0 or -1. or null
allan
--
Sent from Canary (https://canarymail.io)
> On Thursday, May 08, 2025 at 12:34, David Brossard via Openid-specs-authzen <openid-specs-authzen at lists.openid.net (mailto:openid-specs-authzen at lists.openid.net)> wrote:
> Hi all,
>
> Interesting use case from EIC: I want to write a policy that determines how a loan-to-be can be created.
>
> Managers can create a loan for a customer in their region up to their max allowed amount for the employee (and/or customer).
>
> The request would then be:
> Can Alice the employee create loan with amount 1234?
>
> In this type of request, because the loan hasn't been created we do not have a loan ID or resource ID. But, because AuthZEN makes the resource ID mandatory in the evaluation API, what approach do we want to recommend?
>
> David
>
>
> --
> Openid-specs-authzen mailing list
> Openid-specs-authzen at lists.openid.net
> https://lists.openid.net/mailman/listinfo/openid-specs-authzen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-authzen/attachments/20250508/c343a714/attachment.htm>
More information about the Openid-specs-authzen
mailing list