<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body style="overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;">Good point about “all” vs. “any” semantics. That could open up a can of worms around organizing and ordering the individual items / their responses (all of these OR any of those, UNLESS this one over here returns foo...). It would be good to strongly motivate any options in this direction with real-life use cases.<div><div>
<meta charset="UTF-8"><div dir="auto" style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div><br>Eve Maler | cell and Signal <a href="tel:+1-425-345-6756">+1 (425) 345-6756</a><br>Visit the <a href="http://vennfactory.com/">Venn Factory</a><br>Request a <a href="https://fantastical.app/eve/15">15-minute consultation</a></div></div></div></div></div></div></div>
</div>
<div><br><blockquote type="cite"><div>On Jun 13, 2024, at 10:32 AM, Alex Babeanu via Openid-specs-authzen <openid-specs-authzen@lists.openid.net> wrote:</div><br class="Apple-interchange-newline"><div><div dir="ltr">Hello there,<br><div><br></div><div>just a couple of comments.</div><div>- As Steve suggest, should this boxcarring API be available at a different endpoint (<span style="font-size:12pt"> </span><span style="font-size:12pt;font-family:"Aptos Mono"">/access/v1/authorization<span style="color:red">s</span></span><span style="font-size:12pt"> )? The draft doesn't mention the endpoint...</span></div><div><span style="font-size:12pt">- Error processing would need a bit more detail I think. E.g.,</span></div><div><ul><li><span style="font-size:12pt"> Are we going to standardize on error messages ? I.e., do HTTP status codes make sense here? Or should these be left to be up to the implementations ?</span></li><li><span style="font-size:12pt">Could "boxcarred" evaluations be treated as a transaction (i.e., fail the whole on any failure or keep processing)? In which case 1 single response may be sufficient (grant/deny the whole thing).</span></li></ul><div><span style="font-size:16px">Still struggling with the necessity of this btw, others might too... It would be good to maybe illustrate this with a use case in the intro maybe?</span></div></div><div><span style="font-size:16px">Looks good otherwise. </span><span style="font-size:16px"><br></span></div><div><span style="font-size:16px"><br></span></div><div><span style="font-size:16px">Cheers,</span></div><div><span style="font-size:16px"><br></span></div><div><span style="font-size:16px">./\.</span></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Jun 11, 2024 at 12:12 PM Omri Gazitt via Openid-specs-authzen <<a href="mailto:openid-specs-authzen@lists.openid.net" target="_blank">openid-specs-authzen@lists.openid.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr">Hi Roland,<br></div><div dir="ltr"><br></div><div>The intent of the drafted proposal is to have the "evaluations" key, if present, supersede the main request. </div><div><br></div><div>Any keys in the main request that are specified are treated as default values for the requests in the "evaluations" key.</div><div><br></div><div>The values in each of the "evaluations" requests supersede any of these default values.</div><div><br></div><div>In the example you mentioned, the context for eval-1 would be </div><div><b> "context": {</b><br></div><div><pre><b> "time": "2024-06-01"
},</b></pre></div><div>If none of the other requests (eval-2, eval-3, etc) provided a context, then they would default to </div><div><pre><b>"context":{
"time": "2024-05-31"
}</b>,</pre><pre><br></pre></div>I hope this clarifies!<div>Omri.</div><div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Jun 11, 2024 at 11:59 AM Roland Baum via Openid-specs-authzen <<a href="mailto:openid-specs-authzen@lists.openid.net" target="_blank">openid-specs-authzen@lists.openid.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><u></u>
<div><p>Hey here,</p><p>thanks for creating an initial draft for discussion!</p><p>From how I understand the current scheme, the carried requests in
"evaluations" can be mixed with the main request.</p><p>so the following request could be legal, or ?<br>
</p>
<pre>{
"subject": {
...
},
<b> "context":{
"time": "2024-05-31"
}</b>,
"action": {
...
},
"evaluations": {
"eval-1": {
"resource": {
},
<b> "context": {
"time": "2024-06-01"
},</b>
},
....
}
]
}
</pre><p>The different context elements can contradict each other, which
should be avoided?</p><p>Similar case with other combinations, where parts of the tuple
are part of the main request an others are only present in
evaluations.</p><p>I've the guts feeling that this could make implementations rather
complex, since all the combinations need to be considered and
canonized into [subject+action+resource] tuples for processing.</p><p>how about just reusing the same scheme as in the current request
in the "evaluations" element?</p><p>So if a request should carry 1+n questions, the 1st goes into the
main tuple, the others into "evaluations" and contain a full
subject-action-resource(-context) tuple ? 🤷<br>
<br>
</p><p><br>
</p><p>hope this makes sense<br>
</p><p><br>
</p>
<pre cols="72">Roland Baum
umbrella.associates GmbH
Dipl.Kfm.(FH), Dipl.Wirt.-Inf.(FH), CISA, CISSP, CIDPRO</pre>
<div>Am 09.06.24 um 23:36 schrieb Omri
Gazitt via Openid-specs-authzen:<br>
</div>
<blockquote type="cite">
<div dir="auto">Steve, thanks for reviewing!</div>
<div dir="auto"><br>
</div>
<div dir="auto">I agree that new PEPs and old PDPs would not
interoperate without a capability negotiation mechanism (like
context, or a different endpoint as you said). </div>
<div dir="auto"><br>
</div>
<div dir="auto">And also that at this stage, we don’t need to
worry about that kind of back-compat, since we haven’t yet a
first implementers draft. <br clear="all">
<br clear="all">
<div dir="auto">
<div dir="ltr" class="gmail_signature">
<div dir="ltr">
<table style="font-family:tahoma,sans-serif;border:medium;border-collapse:collapse;color:rgb(34,34,34)">
<tbody style="font-family:tahoma,sans-serif">
<tr style="height:0pt;font-family:tahoma,sans-serif">
<td style="vertical-align:top;padding:5pt;overflow:hidden;font-family:tahoma,sans-serif"><div style="line-height: 1.2; margin-top: 0pt; margin-bottom: 0pt; font-family: tahoma, sans-serif;"><a href="http://www.aserto.com/" style="font-family:tahoma,sans-serif" target="_blank"><img src="https://raw.githubusercontent.com/aserto-dev/artwork/main/logo/horizontal/color/aserto-horizontal-color.png" style="font-family: tahoma, sans-serif;" width="96" height="35"></a></div>
</td>
<td style="vertical-align:middle;padding:5pt;overflow:hidden;font-family:tahoma,sans-serif"><div style="line-height: 1.2; margin-top: 0pt; margin-bottom: 0pt; font-family: tahoma, sans-serif;"><span style="font-family: Roboto, sans-serif; font-weight: 700; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;"><span style="font-size:10pt;font-family:Roboto,sans-serif">Omri Gazitt</span><span style="font-weight:normal;font-family:Roboto,sans-serif"><span style="font-family:Arial;vertical-align:baseline;background-color:transparent"><span style="white-space:pre-wrap;font-family:Arial"> </span></span></span><span style="font-size:10pt;font-family:Roboto,sans-serif">| </span></span><span style="font-family: Roboto, sans-serif; font-size: 10pt; white-space: pre-wrap; background-color: transparent;">CEO</span></div><div style="line-height: 1.2; margin-top: 0pt; margin-bottom: 0pt; font-family: tahoma, sans-serif;"><span style="font-size: 10pt; font-family: Roboto, sans-serif; vertical-align: baseline; white-space: pre-wrap; background-color: transparent;"><a href="http://www.aserto.com/" style="font-family:Roboto,sans-serif" target="_blank">Aserto</a> Inc.</span><span style="font-family:Arial;vertical-align:baseline;background-color:transparent"><span style="white-space:pre-wrap;font-family:Arial"> </span></span><span style="font-family: Roboto, sans-serif; font-weight: 700; white-space: pre-wrap; font-size: 10pt;">| </span><span style="font-family: Roboto, sans-serif; font-size: 10pt; white-space: pre-wrap; background-color: transparent;">(425) 765-0079</span></div>
</td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
</div>
<div><br>
</div>
<div><br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Sun, Jun 9, 2024 at
1:25 PM Steven Venema via Openid-specs-authzen <<a href="mailto:openid-specs-authzen@lists.openid.net" target="_blank">openid-specs-authzen@lists.openid.net</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div lang="EN-US">
<div><p class="MsoNormal"><span style="font-size:12pt">Hi
all,</span></p><div><span style="font-size:12pt"> </span><br class="webkit-block-placeholder"></div><p class="MsoNormal"><span style="font-size:12pt">The
proposal does claim backwards compatibility, but I
wonder if there is a case where that might not be
the case.</span></p><div><span style="font-size:12pt"> </span><br class="webkit-block-placeholder"></div><p class="MsoNormal"><span style="font-size:12pt">Here
is an example; please let me know if I’m getting
something wrong here:</span></p><div><span style="font-size:12pt"> </span><br class="webkit-block-placeholder"></div>
<ol style="margin-top:0in" type="1" start="1">
<li style="margin-left:0in"><span style="font-size:12pt">Assume
we have a PEP which implements boxcarring but a
(legacy?) PDP which does not.</span></li>
<li style="margin-left:0in"><span style="font-size:12pt">When
the PDP receives a boxcarred request with an
</span><span style="font-size:12pt;font-family:"Aptos Mono"">evaluations</span><span style="font-size:12pt"> object, I presume it would
ignore that object as an unrecognized key,
correct?</span></li>
<li style="margin-left:0in"><span style="font-size:12pt">The
PDP would then interpret any remaining elements (</span><span style="font-size:12pt;font-family:"Aptos Mono"">subject</span><span style="font-size:12pt">,
</span><span style="font-size:12pt;font-family:"Aptos Mono"">context</span><span style="font-size:12pt">, etc.), as an actual
single-valued evaluation request instead of
defaults for boxcarred request, possibly returning
a result which doesn’t make sense to the PEP? This
would seem to be a break in backward
compatibility.</span></li>
</ol><div><span style="font-size:12pt"> </span><br class="webkit-block-placeholder"></div><p class="MsoNormal"><span style="font-size:12pt">The
converse, where the PEP is legacy and the PDP
supports boxcarring should work just fine though.</span></p><div><span style="font-size:12pt"> </span><br class="webkit-block-placeholder"></div><p class="MsoNormal"><span style="font-size:12pt">Assuming
the above scenario is plausible, it does beg the
question of how important backward compatibility is
at this point in our spec development cycle. In the
past, we’ve assumed that we MUST maintain backward
compatibility. If so, then this would perhaps be an
argument for the alternate endpoint approach we’ve
discussed
</span><span style="font-size:12pt;font-family:"Aptos Mono"">/access/v1/authorization<span style="font-family:"Aptos Mono";color:red">s</span></span><span style="font-size:12pt"> vs.
</span><span style="font-size:12pt;font-family:"Aptos Mono"">/access/v1/authorization</span><span style="font-size:12pt">).</span></p><div><span style="font-size:12pt"> </span><br class="webkit-block-placeholder"></div><p class="MsoNormal"><span style="font-size:12pt">Thoughts?</span></p><p class="MsoNormal"><span style="font-size:12pt">-Steve</span></p>
<div id="m_5247919856321322936m_984085434974484457m_6648428770209818706m_-2774160369938554618mail-editor-reference-message-container">
<div>
<div style="border-width:1pt medium medium;border-style:solid none none;padding:3pt 0in 0in;border-color:rgb(181,196,223) currentcolor currentcolor"><p class="MsoNormal" style="margin-bottom:12pt"><b><span style="font-size: 12pt;">From:
</span></b><span style="font-size: 12pt;">Openid-specs-authzen
<<a href="mailto:openid-specs-authzen-bounces@lists.openid.net" target="_blank">openid-specs-authzen-bounces@lists.openid.net</a>>
on behalf of Omri Gazitt via
Openid-specs-authzen <<a href="mailto:openid-specs-authzen@lists.openid.net" target="_blank">openid-specs-authzen@lists.openid.net</a>><br>
<b>Date: </b>Wednesday, June 5, 2024 at 22:27<br>
<b>To: </b>AuthZEN Working Group List <<a href="mailto:openid-specs-authzen@lists.openid.net" target="_blank">openid-specs-authzen@lists.openid.net</a>><br>
<b>Cc: </b>Omri Gazitt <<a href="mailto:omri@aserto.com" target="_blank">omri@aserto.com</a>><br>
<b>Subject: </b>Re: [Openid-specs-authzen]
Boxcarring proposal</span></p>
</div>
<div><p class="MsoNormal"><span style="font-size:12pt">Thanks
Andy, Alex & Granville!</span></p>
<div><div><span style="font-size:12pt"> </span><br class="webkit-block-placeholder"></div>
</div>
<div><p class="MsoNormal"><span style="font-size:12pt">I agree with the
feedback to use a keyed object instead of an
array. I made those changes in the
<a href="https://hackmd.io/ri7odOQkQ6yztBQGlXnnKg?both" target="_blank">hackmd file</a>. I
also added a brief section on errors.</span></p>
</div>
<div><div><span style="font-size:12pt"> </span><br class="webkit-block-placeholder"></div>
</div>
<div><p class="MsoNormal"><span style="font-size:12pt">Please feel free to
add comments to the hackmd file, or send
them on the mailing list. </span></p>
</div>
<div><div><span style="font-size:12pt"> </span><br class="webkit-block-placeholder"></div>
</div>
<div><p class="MsoNormal"><span style="font-size:12pt">We can discuss the
proposal at our next meeting on Tuesday.</span></p>
</div>
<div><div><span style="font-size:12pt"> </span><br class="webkit-block-placeholder"></div>
</div>
<div><p class="MsoNormal"><span style="font-size:12pt">Thanks,</span></p>
</div>
<div><p class="MsoNormal"><span style="font-size:12pt">Omri.</span></p>
</div>
<div><div><span style="font-size:12pt"> </span><br class="webkit-block-placeholder"></div>
</div>
</div><div><span style="font-size:12pt"> </span><br class="webkit-block-placeholder"></div>
<div>
<div><p class="MsoNormal"><span style="font-size:12pt">On Mon, Jun 3, 2024
at 5:48</span><span style="font-size:12pt;font-family:Arial,sans-serif"> </span><span style="font-size:12pt">AM Granville Schmidt
via Openid-specs-authzen <<a href="mailto:openid-specs-authzen@lists.openid.net" target="_blank">openid-specs-authzen@lists.openid.net</a>>
wrote:</span></p>
</div>
<blockquote style="border-width:medium medium medium 1pt;border-style:none none none solid;padding:0in 0in 0in 6pt;margin-left:4.8pt;margin-right:0in;border-color:currentcolor currentcolor currentcolor rgb(204,204,204)">
<div>
<div><p class="MsoNormal"><span style="font-size:12pt">Thank you for
writing this first proposal, Omri!</span></p>
</div>
<div><div><span style="font-size:12pt"> </span><br class="webkit-block-placeholder"></div>
</div>
<div><p class="MsoNormal"><span style="font-size:12pt">I agree with Alex
on having the batched response keyed off
an identifier. I also have some
additional thoughts to share and get
feedback on.</span></p>
</div>
<div><div><span style="font-size:12pt"> </span><br class="webkit-block-placeholder"></div>
</div>
<div><p class="MsoNormal"><span style="font-size:12pt">Is it
the team's preference to have comments
added directly to the HackMD document or
continue via email?</span></p>
</div>
<div><div><span style="font-size:12pt"> </span><br class="webkit-block-placeholder"></div>
</div>
<div><p class="MsoNormal"><span style="font-size:12pt">Cheers,</span></p>
</div><p class="MsoNormal"><span style="font-size:12pt"><br clear="all">
</span></p>
<div>
<div>
<div>
<div>
<div><p class="MsoNormal"><b><span style="font-size: 12pt; font-family: Arial, sans-serif;">Granville
Schmidt</span></b><span style="font-size:12pt"></span></p>
</div>
<div><p class="MsoNormal"><span style="font-size: 12pt; font-family: Arial, sans-serif;">CISSP,
CCSP, CSSLP, HCISPP, CIPT, GCPCA</span><span style="font-size:12pt"></span></p>
</div>
<div><p class="MsoNormal"><span style="font-size: 12pt; font-family: Arial, sans-serif;"><a href="https://www.linkedin.com/in/granvilleschmidt/" style="font-family:Arial,sans-serif" target="_blank"><span style="font-family:Arial,sans-serif;color:rgb(17,85,204)">https://www.linkedin.com/in/granvilleschmidt/</span></a> <br>
+1-740-701-3514</span><span style="font-size:12pt"></span></p>
</div>
<div><div><span style="font-size:12pt"> </span><br class="webkit-block-placeholder"></div>
</div>
<div><p class="MsoNormal"><span style="font-size: 12pt; font-family: Arial, sans-serif; border: 1pt solid windowtext; padding: 0in;"><img style="width: 0.3333in; height: 0.3333in; font-family: Arial, sans-serif;" id="m_5247919856321322936m_984085434974484457m_6648428770209818706m_-2774160369938554618_x0000_i1030" alt="Image removed by sender." width="32" height="32" border="0"></span><span style="font-size: 12pt; font-family: Arial, sans-serif;"> <span style="border:1pt solid windowtext;padding:0in;font-family:Arial,sans-serif"><img style="width: 0.3333in; height: 0.3333in; font-family: Arial, sans-serif;" id="m_5247919856321322936m_984085434974484457m_6648428770209818706m_-2774160369938554618_x0000_i1029" alt="Image removed by sender." width="32" height="32" border="0"></span> <span style="border:1pt solid windowtext;padding:0in;font-family:Arial,sans-serif"><img style="width: 0.3333in; height: 0.3333in; font-family: Arial, sans-serif;" id="m_5247919856321322936m_984085434974484457m_6648428770209818706m_-2774160369938554618_x0000_i1028" alt="Image removed by sender." width="32" height="32" border="0"></span> <span style="border:1pt solid windowtext;padding:0in;font-family:Arial,sans-serif"><img style="width: 0.3333in; height: 0.3333in; font-family: Arial, sans-serif;" id="m_5247919856321322936m_984085434974484457m_6648428770209818706m_-2774160369938554618_x0000_i1027" alt="Image removed by sender." width="32" height="32" border="0"></span></span><span style="font-size:12pt"></span></p>
</div>
<div><p class="MsoNormal"><span style="font-size:12pt;border:1pt solid windowtext;padding:0in"><img style="width: 1in; height: 1in;" id="m_5247919856321322936m_984085434974484457m_6648428770209818706m_-2774160369938554618_x0000_i1026" alt="Image removed by sender. Certified Information Privacy Technologist (CIPT) | Intellectual Point" width="96" height="96" border="0"></span><span style="font-size:12pt"></span></p>
</div>
</div>
</div>
</div>
</div><div><span style="font-size:12pt"> </span><br class="webkit-block-placeholder"></div>
</div><div><span style="font-size:12pt"> </span><br class="webkit-block-placeholder"></div>
<div>
<div><p class="MsoNormal"><span style="font-size:12pt">On Mon, Jun 3,
2024 at 3:38</span><span style="font-size:12pt;font-family:Arial,sans-serif"> </span><span style="font-size:12pt">AM Alex Olivier
via Openid-specs-authzen <<a href="mailto:openid-specs-authzen@lists.openid.net" target="_blank">openid-specs-authzen@lists.openid.net</a>>
wrote:</span></p>
</div>
<blockquote style="border-width:medium medium medium 1pt;border-style:none none none solid;padding:0in 0in 0in 6pt;margin-left:4.8pt;margin-right:0in;border-color:currentcolor currentcolor currentcolor rgb(204,204,204)">
<div><p class="MsoNormal"><span style="font-size:12pt">This is
looking good to me.</span></p>
<div><div><span style="font-size:12pt"> </span><br class="webkit-block-placeholder"></div>
</div>
<div><p class="MsoNormal"><span style="font-size:12pt">The one area
I have run into with the type-array
response approach is around
ordering. I am assuming that the
response array is required to be the
same length and order as the input
values. This is implicitly putting
the responsibility of the PDP to fit
that contract and so would be called
out in the spec explicitly.</span></p>
</div>
<div><div><span style="font-size:12pt"> </span><br class="webkit-block-placeholder"></div>
</div>
<div><p class="MsoNormal"><span style="font-size:12pt">From my own
experience, having this batch
response being keyed off
some identifier (resource
ID/action?) passed in the input
makes it easier to handle on the
client side as you can just 'pluck'
the value from the response rather
than have to iterate through the
array to find the matching entity
(though the SDK layer can do this).</span></p>
</div>
<div><div><span style="font-size:12pt"> </span><br class="webkit-block-placeholder"></div>
</div>
<div><div><span style="font-size:12pt"> </span><br class="webkit-block-placeholder"></div>
</div>
</div><div><span style="font-size:12pt"> </span><br class="webkit-block-placeholder"></div>
<div>
<div><p class="MsoNormal"><span style="font-size:12pt">On Sat, 1 Jun
2024 at 02:21, Omri Gazitt via
Openid-specs-authzen <<a href="mailto:openid-specs-authzen@lists.openid.net" target="_blank">openid-specs-authzen@lists.openid.net</a>>
wrote:</span></p>
</div>
<blockquote style="border-width:medium medium medium 1pt;border-style:none none none solid;padding:0in 0in 0in 6pt;margin-left:4.8pt;margin-right:0in;border-color:currentcolor currentcolor currentcolor rgb(204,204,204)">
<div><p class="MsoNormal"><span style="font-size:12pt">Hi folks!</span></p>
<div><div><span style="font-size:12pt"> </span><br class="webkit-block-placeholder"></div>
</div>
<div><p class="MsoNormal"><span style="font-size:12pt">I had a
chance to write up the
boxcarring proposal that we
batted around during
Identiverse. It's in
<a href="https://hackmd.io/ri7odOQkQ6yztBQGlXnnKg" target="_blank">HackMD</a>.
Comments welcome!</span></p>
</div>
<div><div><span style="font-size:12pt"> </span><br class="webkit-block-placeholder"></div>
</div>
<div><p class="MsoNormal"><span style="font-size:12pt">The
proposal is meant to be
backwards-compatible with the
current single-decision
evaluation API, but could also
be bound to the
/access/v1/evaluations (note
plural) endpoint.</span></p>
</div>
<div><div><span style="font-size:12pt"> </span><br class="webkit-block-placeholder"></div>
</div>
<div><p class="MsoNormal"><span style="font-size:12pt">Thanks,</span></p>
</div>
<div><p class="MsoNormal"><span style="font-size:12pt">Omri.<br clear="all">
</span></p>
<div><div><span style="font-size:12pt"> </span><br class="webkit-block-placeholder"></div>
</div><p class="MsoNormal"><span><span style="font-size:12pt">--
</span></span><span style="font-size:12pt"></span></p>
<div>
<div>
<table style="border-collapse:collapse" cellspacing="0" cellpadding="0" border="0">
<tbody>
<tr>
<td style="padding:5pt;overflow:hidden" valign="top"><div style="margin: 0in;"><span style="font-family:Tahoma,sans-serif;color:rgb(34,34,34)"><a href="http://www.aserto.com/" style="font-family:Tahoma,sans-serif" target="_blank"><span style="text-decoration:none;font-family:Tahoma,sans-serif;color:rgb(34,34,34)"><span style="border:1pt solid windowtext;padding:0in;font-family:Tahoma,sans-serif;color:blue"><img style="width: 1in; height: 0.3645in; font-family: Tahoma, sans-serif;" id="m_5247919856321322936m_984085434974484457m_6648428770209818706m_-2774160369938554618_x0000_i1025" alt="Image removed by sender." width="96" height="35" border="0"></span></span></a></span></div>
</td>
<td style="padding:5pt;overflow:hidden"><div style="margin: 0in;"><b><span style="font-size: 10pt; font-family: Roboto;">Omri Gazitt</span></b><span style="font-family: Arial, sans-serif;">
</span><b><span style="font-size: 10pt; font-family: Roboto;">| </span>
</b><span style="font-size: 10pt; font-family: Roboto;">CEO</span><span style="font-family:Tahoma,sans-serif;color:rgb(34,34,34)"></span></div><div style="margin: 0in;"><span style="font-size: 10pt; font-family: Roboto;"><a href="http://www.aserto.com/" style="font-family:Roboto" target="_blank">Aserto</a> Inc.</span><span style="font-family:Arial,sans-serif;color:rgb(34,34,34)">
</span><b><span style="font-size: 10pt; font-family: Roboto;">| </span>
</b><span style="font-size: 10pt; font-family: Roboto;">(425) 765-0079</span><span style="font-family:Tahoma,sans-serif;color:rgb(34,34,34)"></span></div>
</td>
</tr>
</tbody>
</table>
</div>
</div>
</div>
</div>
</blockquote>
</div>
</blockquote>
</div>
</blockquote>
</div>
</div>
</div>
</div>
</div>
<div lang="EN-US">
<div>
<div id="m_5247919856321322936m_984085434974484457m_6648428770209818706m_-2774160369938554618mail-editor-reference-message-container">
<div>
<div>
<blockquote style="border-width:medium medium medium 1pt;border-style:none none none solid;padding:0in 0in 0in 6pt;margin-left:4.8pt;margin-right:0in;border-color:currentcolor currentcolor currentcolor rgb(204,204,204)">
<div>
<blockquote style="border-width:medium medium medium 1pt;border-style:none none none solid;padding:0in 0in 0in 6pt;margin-left:4.8pt;margin-right:0in;border-color:currentcolor currentcolor currentcolor rgb(204,204,204)">
<div>
<blockquote style="border-width:medium medium medium 1pt;border-style:none none none solid;padding:0in 0in 0in 6pt;margin-left:4.8pt;margin-right:0in;border-color:currentcolor currentcolor currentcolor rgb(204,204,204)">
<div>
<div>
<div>
<div>
<table style="border-collapse:collapse" cellspacing="0" cellpadding="0" border="0">
<tbody>
<tr>
</tr>
</tbody>
</table>
</div>
</div>
</div>
</div><p class="MsoNormal"><span style="font-size:12pt">-- <br>
Openid-specs-authzen mailing list<br>
<a href="mailto:Openid-specs-authzen@lists.openid.net" target="_blank">Openid-specs-authzen@lists.openid.net</a><br>
<a href="https://lists.openid.net/mailman/listinfo/openid-specs-authzen" target="_blank">https://lists.openid.net/mailman/listinfo/openid-specs-authzen</a></span></p>
</blockquote>
</div><p class="MsoNormal"><span style="font-size:12pt">-- <br>
Openid-specs-authzen mailing list<br>
<a href="mailto:Openid-specs-authzen@lists.openid.net" target="_blank">Openid-specs-authzen@lists.openid.net</a><br>
<a href="https://lists.openid.net/mailman/listinfo/openid-specs-authzen" target="_blank">https://lists.openid.net/mailman/listinfo/openid-specs-authzen</a></span></p>
</blockquote>
</div><p class="MsoNormal"><span style="font-size:12pt">-- <br>
Openid-specs-authzen mailing list<br>
<a href="mailto:Openid-specs-authzen@lists.openid.net" target="_blank">Openid-specs-authzen@lists.openid.net</a><br>
<a href="https://lists.openid.net/mailman/listinfo/openid-specs-authzen" target="_blank">https://lists.openid.net/mailman/listinfo/openid-specs-authzen</a></span></p>
</blockquote>
</div>
</div>
</div>
</div>
</div>
-- <br>
Openid-specs-authzen mailing list<br>
<a href="mailto:Openid-specs-authzen@lists.openid.net" target="_blank">Openid-specs-authzen@lists.openid.net</a><br>
<a href="https://lists.openid.net/mailman/listinfo/openid-specs-authzen" rel="noreferrer" target="_blank">https://lists.openid.net/mailman/listinfo/openid-specs-authzen</a><br>
</blockquote>
</div>
</div>
<br>
<fieldset></fieldset>
</blockquote>
</div>
-- <br>
Openid-specs-authzen mailing list<br>
<a href="mailto:Openid-specs-authzen@lists.openid.net" target="_blank">Openid-specs-authzen@lists.openid.net</a><br>
<a href="https://lists.openid.net/mailman/listinfo/openid-specs-authzen" rel="noreferrer" target="_blank">https://lists.openid.net/mailman/listinfo/openid-specs-authzen</a><br>
</blockquote></div></div></div>
-- <br>
Openid-specs-authzen mailing list<br>
<a href="mailto:Openid-specs-authzen@lists.openid.net" target="_blank">Openid-specs-authzen@lists.openid.net</a><br>
<a href="https://lists.openid.net/mailman/listinfo/openid-specs-authzen" rel="noreferrer" target="_blank">https://lists.openid.net/mailman/listinfo/openid-specs-authzen</a><br>
</blockquote></div><br clear="all"><div><br></div><span class="gmail_signature_prefix">-- </span><br><div dir="ltr" class="gmail_signature"><div dir="ltr"><a href="https://hihello.me/p/cda689b1-0378-4b9c-88cf-33a9bc8ef0c5" rel="noopener" style="display:inline-block" target="_blank"><img alt="This is Alexandre Babeanu's card. Their email is alex@3edges.com. Their phone number is +1 604 728 8130." src="https://cdn.hihello.me/cards/cda689b1-0378-4b9c-88cf-33a9bc8ef0c5/signature_logo.png?generated=1653502150176" width="360" style="display: inline-block; min-height: 100px;"></a><br></div></div>
<br>
CONFIDENTIALITY NOTICE: This e-mail message, including any attachments hereto, is for the sole use of the intended recipient(s) and may contain confidential and/or proprietary information.<br>-- <br>Openid-specs-authzen mailing list<br>Openid-specs-authzen@lists.openid.net<br>https://lists.openid.net/mailman/listinfo/openid-specs-authzen<br></div></blockquote></div><br></div></body></html>