[Openid-specs-authzen] A question on resource identifiers for resources that do not exist yet

Andres Aguiar andres.aguiar at okta.com
Thu May 8 10:57:38 UTC 2025 

Couldn't the resource be a higher level entity? e.g. the Region? the
customer? the bank branch? If it's B2B, the organization?


On Thu, May 8, 2025 at 7:46 AM Andrew Clymer via Openid-specs-authzen <
openid-specs-authzen at lists.openid.net> wrote:

> *This message originated outside your organization.*
>
> ------------------------------
>
>
> Sounds to me that resource Id shouldn't be mandatory, or that the resource
> Id is for the collection of loans. Passing a resource ID of 0 works, but
> that just feels like a magic value.
>
> Andy
>
> <https://urldefense.com/v3/__https://registry.blockmarktech.com/certificates/53f9a3ba-4ba6-4879-8b4d-5f5d3a413118/__;!!PwKahg!_oZpQyjahZpIjImVt2l6ty3_-UC8PNZSaGZmAWvERr278XS6PPKI2I3Gi8NZ16drBnWdfG3cu4SLh1nKc-3u8iaYU7jmzeCjzA$>
>
> ​We are the first IdentityServer partner to become a Certified B
> Corporation™.
> ​Head to our mission
> <https://urldefense.com/v3/__https://www.rocksolidknowledge.com/mission-statement__;!!PwKahg!_oZpQyjahZpIjImVt2l6ty3_-UC8PNZSaGZmAWvERr278XS6PPKI2I3Gi8NZ16drBnWdfG3cu4SLh1nKc-3u8iaYU7jhI1Aj0A$>
> sta
> <https://urldefense.com/v3/__https://www.rocksolidknowledge.com/mission-statement__;!!PwKahg!_oZpQyjahZpIjImVt2l6ty3_-UC8PNZSaGZmAWvERr278XS6PPKI2I3Gi8NZ16drBnWdfG3cu4SLh1nKc-3u8iaYU7jhI1Aj0A$>
> tement
> <https://urldefense.com/v3/__https://www.rocksolidknowledge.com/mission-statement__;!!PwKahg!_oZpQyjahZpIjImVt2l6ty3_-UC8PNZSaGZmAWvERr278XS6PPKI2I3Gi8NZ16drBnWdfG3cu4SLh1nKc-3u8iaYU7jhI1Aj0A$> to
> read more about the ways we’re using business as a force for good.
>> ​Rock Solid Knowledge Ltd is a company registered in England and Wales
> under number 6811209.
> Registered office: C2, Vantage Office Park, Old Gloucester Road, Bristol,
> BS16 1GW, United Kingdom
> ​Vat registered: GB948 1966 72
>
> ------------------------------
> *From:* Openid-specs-authzen <
> openid-specs-authzen-bounces at lists.openid.net> on behalf of Allan via
> Openid-specs-authzen <openid-specs-authzen at lists.openid.net>
> *Sent:* 08 May 2025 11:40
> *To:* AuthZEN Working Group List <openid-specs-authzen at lists.openid.net>
> *Cc:* Allan <allan at macguru.com>
> *Subject:* Re: [Openid-specs-authzen] A question on resource identifiers
> for resources that do not exist yet
>
> hmmm
>
> surely customer is part of the resource?  and a create can simply use a
> resource ID of 0 or -1. or null
>
> allan
>
> --
> Sent from Canary
> <https://urldefense.com/v3/__https://canarymail.io__;!!PwKahg!_oZpQyjahZpIjImVt2l6ty3_-UC8PNZSaGZmAWvERr278XS6PPKI2I3Gi8NZ16drBnWdfG3cu4SLh1nKc-3u8iaYU7iALaQ4yQ$>
>
> On Thursday, May 08, 2025 at 12:34, David Brossard via
> Openid-specs-authzen <openid-specs-authzen at lists.openid.net> wrote:
> Hi all,
>
> Interesting use case from EIC: I want to write a policy that determines
> how a loan-to-be can be created.
>
> Managers can create a loan for a customer in their region up to their max
> allowed amount for the employee (and/or customer).
>
> The request would then be:
>
>    - Can Alice the employee create loan with amount 1234?
>
> In this type of request, because the loan hasn't been created we do not
> have a  loan ID or resource ID. But, because AuthZEN makes the resource ID
> mandatory in the evaluation API, what approach do we want to recommend?
>
> David
> --
> Openid-specs-authzen mailing list
> Openid-specs-authzen at lists.openid.net
> https://lists.openid.net/mailman/listinfo/openid-specs-authzen
> <https://urldefense.com/v3/__https://lists.openid.net/mailman/listinfo/openid-specs-authzen__;!!PwKahg!_oZpQyjahZpIjImVt2l6ty3_-UC8PNZSaGZmAWvERr278XS6PPKI2I3Gi8NZ16drBnWdfG3cu4SLh1nKc-3u8iaYU7gKBSldXg$>
>
> --
> Openid-specs-authzen mailing list
> Openid-specs-authzen at lists.openid.net
> https://lists.openid.net/mailman/listinfo/openid-specs-authzen
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-authzen/attachments/20250508/82b09924/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image622380.png
Type: image/png
Size: 67887 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-authzen/attachments/20250508/82b09924/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image608736.png
Type: image/png
Size: 31014 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-authzen/attachments/20250508/82b09924/attachment-0003.png>

More information about the Openid-specs-authzen mailing list