[Openid-specs-authzen] Notes from today's call

David Brossard david.brossard at gmail.com
Tue May 27 21:19:04 UTC 2025 

Dear all,

Please find here <https://hackmd.io/@oidf-wg-authzen/wg-meeting-20250527>
and below the notes from today's call.

Thanks,
David


Meeting Notes 2025-05-27 <#Attendees>Attendees <#Agenda>Agenda

   - Search Interop status
   - 2H goals for AuthZEN WG
   - iShare Foundation objectives with respect to AuthZEN

<#Notes>Notes

The Identiverse session is on Tuesday
<https://identiverse.com/idv25/session/?idvid=2843747> at 1:30pm PT.
<#Search-Interop-Identiverse-2025>Search Interop Identiverse 2025

   - Ping (Dave H), EmpowerID (Patrick), and Axiomatics (David) are still
   aiming to deliver the interop in time for next week
   - Alex (Indykite) might be able to deliver
   - Jeff (AWS) is the person updating the app with new endpoints
   - Alex (Cerbos) added a field to display the endpoint of the service
   being called
   - Jeff (AWS) recommends all endpoints be secured

<#2H-Goals-for-the-WG-2025>2H Goals for the WG (2025)

   - Reminder: H1 roadmap <https://hackmd.io/@oidf-wg-authzen/roadmap>

<#Immediate-Next-Steps>Immediate Next Steps

   - The meeting after Identiverse should be focused on gathering feedback
   from the Search Interop
   - We can consider changes to update and produce draft 4 and take it to
   implementer's draft

<#Adoption-Work>Adoption Work

   - Integration waves
      - Wave zero: all the PDPs ✅
      - Wave one: API gateways ✅ (March 2025)
      - Wave two: IdPs ➡️ Authenticate 2025
      - Wave three: ➡️ Non-IAM products e.g. business apps (COTS and SaaS)
      such as Salesforce, Workday…
      - Wave four: ➡️ data platforms (Snowflake) as an application of partial
      evaluation and search.

<#Profile-work>Profile work

   - We can also consider AuthZEN profiles for different verticals or areas
   (healthcare, government…)
   - Flowing identities as JWT tokens
   - XACML Profile of AuthZEN or AuthZEN Profile of XACML
   - API Gateway Profile
   - What about an AI MCP AuthZEN or AI A2A AuthZEN profile?
   - Event Delivery using Shared Signals for AuthZEN
      - attribute refresh
      - decision notification
   - Tokenization of decisions –> Tokenetes and more
   - What about Obligations/Advice to enrich decisions?

<#SDK-Development>SDK Development

   - Add AuthZEN clients/SDKs in different languages that live in those
   languages' natural repositories (e.g. npm.js) to increase adoption

<#Guest-presenter>Guest presenter

Rajiv Rajani, CTO iShare Foundation

   - iShare is a trust framework aimed at organizations who want to
   share/exchange data with other organizations
   - In the platform authorization happens just in time when you access the
   data
   - At the moment of access the provider can check whether the end-user is
   allowed to access the data. Two options
      1. The user can present a signed token (pre-authz)
      2. Check via API call
   - See
   https://framework.ishare.eu/version-2.0.1/readme/detailed-descriptions/technical/structure-of-delegation-evidence
   - See https://github.com/eclipse-dataspace-drp/DataRightsProfile
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-authzen/attachments/20250527/7004a784/attachment.htm>

More information about the Openid-specs-authzen mailing list