[Openid-specs-authzen] A question on resource identifiers for resources that do not exist yet

Allan allan at macguru.com
Thu May 8 12:13:34 UTC 2025 

well it does bring up the rather interesting case of create

create doesn't have. resource ID

allan

--
Sent from Canary (https://canarymail.io)

> On Thursday, May 08, 2025 at 12:58, Andres Aguiar via Openid-specs-authzen <openid-specs-authzen at lists.openid.net (mailto:openid-specs-authzen at lists.openid.net)> wrote:
> Couldn't the resource be a higher level entity? e.g. the Region? the customer? the bank branch? If it's B2B, the organization?
>
>
> On Thu, May 8, 2025 at 7:46 AM Andrew Clymer via Openid-specs-authzen <openid-specs-authzen at lists.openid.net (mailto:openid-specs-authzen at lists.openid.net)> wrote:
> >
> > This message originated outside your organization.
> >
> >
> >
> >
> > Sounds to me that resource Id shouldn't be mandatory, or that the resource Id is for the collection of loans. Passing a resource ID of 0 works, but that just feels like a magic value.
> >
> > Andy
> >
> >
> >
> >
> >
> >
> >
> > ​We are the first IdentityServer partner to become a Certified B Corporation™.
> > ​Head to our mission (https://urldefense.com/v3/__https://www.rocksolidknowledge.com/mission-statement__;!!PwKahg!_oZpQyjahZpIjImVt2l6ty3_-UC8PNZSaGZmAWvERr278XS6PPKI2I3Gi8NZ16drBnWdfG3cu4SLh1nKc-3u8iaYU7jhI1Aj0A$) sta (https://urldefense.com/v3/__https://www.rocksolidknowledge.com/mission-statement__;!!PwKahg!_oZpQyjahZpIjImVt2l6ty3_-UC8PNZSaGZmAWvERr278XS6PPKI2I3Gi8NZ16drBnWdfG3cu4SLh1nKc-3u8iaYU7jhI1Aj0A$)tement (https://urldefense.com/v3/__https://www.rocksolidknowledge.com/mission-statement__;!!PwKahg!_oZpQyjahZpIjImVt2l6ty3_-UC8PNZSaGZmAWvERr278XS6PPKI2I3Gi8NZ16drBnWdfG3cu4SLh1nKc-3u8iaYU7jhI1Aj0A$) to read more about the ways we’re using business as a force for good.
> > ​
> > ​Rock Solid Knowledge Ltd is a company registered in England and Wales under number 6811209.
> > Registered office: C2, Vantage Office Park, Old Gloucester Road, Bristol, BS16 1GW, United Kingdom
> > ​Vat registered: GB948 1966 72
> > From: Openid-specs-authzen <openid-specs-authzen-bounces at lists.openid.net (mailto:openid-specs-authzen-bounces at lists.openid.net)> on behalf of Allan via Openid-specs-authzen <openid-specs-authzen at lists.openid.net (mailto:openid-specs-authzen at lists.openid.net)>
> > Sent: 08 May 2025 11:40
> > To: AuthZEN Working Group List <openid-specs-authzen at lists.openid.net (mailto:openid-specs-authzen at lists.openid.net)>
> > Cc: Allan <allan at macguru.com (mailto:allan at macguru.com)>
> > Subject: Re: [Openid-specs-authzen] A question on resource identifiers for resources that do not exist yet
> >
> >
> > hmmm
> >
> > surely customer is part of the resource? and a create can simply use a resource ID of 0 or -1. or null
> >
> > allan
> >
> > --
> > Sent from Canary (https://urldefense.com/v3/__https://canarymail.io__;!!PwKahg!_oZpQyjahZpIjImVt2l6ty3_-UC8PNZSaGZmAWvERr278XS6PPKI2I3Gi8NZ16drBnWdfG3cu4SLh1nKc-3u8iaYU7iALaQ4yQ$)
> >
> > > On Thursday, May 08, 2025 at 12:34, David Brossard via Openid-specs-authzen <openid-specs-authzen at lists.openid.net (mailto:openid-specs-authzen at lists.openid.net)> wrote:
> > > Hi all,
> > >
> > > Interesting use case from EIC: I want to write a policy that determines how a loan-to-be can be created.
> > >
> > > Managers can create a loan for a customer in their region up to their max allowed amount for the employee (and/or customer).
> > >
> > > The request would then be:
> > > Can Alice the employee create loan with amount 1234?
> > >
> > > In this type of request, because the loan hasn't been created we do not have a loan ID or resource ID. But, because AuthZEN makes the resource ID mandatory in the evaluation API, what approach do we want to recommend?
> > >
> > > David
> > >
> > >
> > > --
> > > Openid-specs-authzen mailing list
> > > Openid-specs-authzen at lists.openid.net (mailto:Openid-specs-authzen at lists.openid.net)
> > > https://lists.openid.net/mailman/listinfo/openid-specs-authzen (https://urldefense.com/v3/__https://lists.openid.net/mailman/listinfo/openid-specs-authzen__;!!PwKahg!_oZpQyjahZpIjImVt2l6ty3_-UC8PNZSaGZmAWvERr278XS6PPKI2I3Gi8NZ16drBnWdfG3cu4SLh1nKc-3u8iaYU7gKBSldXg$)
> > --
> > Openid-specs-authzen mailing list
> > Openid-specs-authzen at lists.openid.net (mailto:Openid-specs-authzen at lists.openid.net)
> > https://lists.openid.net/mailman/listinfo/openid-specs-authzen
> --
> Openid-specs-authzen mailing list
> Openid-specs-authzen at lists.openid.net
> https://lists.openid.net/mailman/listinfo/openid-specs-authzen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-authzen/attachments/20250508/8147f5ba/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image622380.png
Type: image/png
Size: 67887 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-authzen/attachments/20250508/8147f5ba/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image608736.png
Type: image/png
Size: 31014 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-authzen/attachments/20250508/8147f5ba/attachment-0003.png>

More information about the Openid-specs-authzen mailing list