[Openid-specs-authzen] A question on resource identifiers for resources that do not exist yet
Andrew Clymer
andy at rocksolidknowledge.com
Thu May 8 10:45:46 UTC 2025
Sounds to me that resource Id shouldn't be mandatory, or that the resource Id is for the collection of loans. Passing a resource ID of 0 works, but that just feels like a magic value.
Andy
We are the first IdentityServer partner to become a Certified B Corporation™.
Head to our mission statement to read more about the ways we’re using business as a force for good.
Rock Solid Knowledge Ltd is a company registered in England and Wales under number 6811209.
Registered office: C2, Vantage Office Park, Old Gloucester Road, Bristol, BS16 1GW, United Kingdom
Vat registered: GB948 1966 72
________________________________
From: Openid-specs-authzen <openid-specs-authzen-bounces at lists.openid.net> on behalf of Allan via Openid-specs-authzen <openid-specs-authzen at lists.openid.net>
Sent: 08 May 2025 11:40
To: AuthZEN Working Group List <openid-specs-authzen at lists.openid.net>
Cc: Allan <allan at macguru.com>
Subject: Re: [Openid-specs-authzen] A question on resource identifiers for resources that do not exist yet
hmmm
surely customer is part of the resource? and a create can simply use a resource ID of 0 or -1. or null
allan
--
Sent from Canary<https://canarymail.io>
On Thursday, May 08, 2025 at 12:34, David Brossard via Openid-specs-authzen <openid-specs-authzen at lists.openid.net<mailto:openid-specs-authzen at lists.openid.net>> wrote:
Hi all,
Interesting use case from EIC: I want to write a policy that determines how a loan-to-be can be created.
Managers can create a loan for a customer in their region up to their max allowed amount for the employee (and/or customer).
The request would then be:
* Can Alice the employee create loan with amount 1234?
In this type of request, because the loan hasn't been created we do not have a loan ID or resource ID. But, because AuthZEN makes the resource ID mandatory in the evaluation API, what approach do we want to recommend?
David
--
Openid-specs-authzen mailing list
Openid-specs-authzen at lists.openid.net
https://lists.openid.net/mailman/listinfo/openid-specs-authzen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-authzen/attachments/20250508/32dd7196/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image622380.png
Type: image/png
Size: 67887 bytes
Desc: image622380.png
URL: <http://lists.openid.net/pipermail/openid-specs-authzen/attachments/20250508/32dd7196/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image608736.png
Type: image/png
Size: 31014 bytes
Desc: image608736.png
URL: <http://lists.openid.net/pipermail/openid-specs-authzen/attachments/20250508/32dd7196/attachment-0003.png>
More information about the Openid-specs-authzen
mailing list