<div dir="ltr">Somehow I missed this paragraph. Never mind, all's well.</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Jul 3, 2024 at 2:47 PM Omri Gazitt <<a href="mailto:omri@aserto.com">omri@aserto.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="auto">Thanks for reviewing David!</div><div dir="auto"><br></div><div dir="auto">I was intending on making them symmetric. I found this language in the current published spec… did you have something else in mind?</div><div dir="auto"><br></div><div dir="auto">Also, I think the best way to track feedback and make sure we’re not missing any is through GitHub issues… </div><div dir="auto"><br></div><div dir="auto"><br></div><div dir="auto"><div><p style="padding:0px;margin:0px 0px 1em;text-align:left;font-family:"noto sans",arial,helvetica,sans-serif;font-size:14px;font-style:normal;font-weight:400;letter-spacing:normal;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none;color:rgb(34,34,34)">A Subject is a JSON ([<a href="https://openid.github.io/authzen/#RFC8259" style="text-decoration:none;font-family:"noto sans",arial,helvetica,sans-serif;color:rgb(34,34,238)" target="_blank">RFC8259</a>]) object that contains any number of key-value pair attributes. However, there are a minimal number of fields that are required in order to properly resolve a Subject.</p><span style="margin-bottom:0px;min-height:0px;font-family:"noto sans",arial,helvetica,sans-serif;font-size:14px;font-style:normal;font-weight:400;letter-spacing:normal;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none;color:rgb(34,34,34)"></span><dl style="font-family:"noto sans",arial,helvetica,sans-serif;font-size:14px;font-style:normal;font-weight:400;letter-spacing:normal;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none;color:rgb(34,34,34)"><dt style="float:left;margin-right:1em;font-family:"noto sans",arial,helvetica,sans-serif"><code style="font-size:13.3px;font-family:monospace;background-color:transparent">type</code>:</dt><dd style="margin-bottom:0.8em;min-height:1.3em;margin-left:1.5em;font-family:"noto sans",arial,helvetica,sans-serif"><p style="padding:0px;margin:0px 0px 1em;text-align:left;font-family:"noto sans",arial,helvetica,sans-serif">REQUIRED. A <code style="font-size:13.3px;font-family:monospace;background-color:rgb(248,248,248)">string</code> value that specifies the type of the Subject.</p></dd><dd style="margin-bottom:0px;min-height:0px;font-family:"noto sans",arial,helvetica,sans-serif"></dd><dt style="float:left;margin-right:1em;font-family:"noto sans",arial,helvetica,sans-serif"><code style="font-size:13.3px;font-family:monospace;background-color:transparent">id</code>:</dt><dd style="margin-bottom:0.8em;min-height:1.3em;margin-left:1.5em;font-family:"noto sans",arial,helvetica,sans-serif"><p style="padding:0px;margin:0px 0px 1em;text-align:left;font-family:"noto sans",arial,helvetica,sans-serif">REQUIRED. The unique identifier of the Subject, scoped to the <code style="font-size:13.3px;font-family:monospace;background-color:rgb(248,248,248)">type</code>.</p></dd></dl></div><br clear="all"><br clear="all"><div dir="auto"><div dir="ltr" class="gmail_signature"><div dir="ltr"><table style="font-family:tahoma,sans-serif;border:medium;border-collapse:collapse;color:rgb(34,34,34)"><tbody style="font-family:tahoma,sans-serif"><tr style="height:0pt;font-family:tahoma,sans-serif"><td style="vertical-align:top;padding:5pt;overflow:hidden;font-family:tahoma,sans-serif"><p dir="ltr" style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;font-family:tahoma,sans-serif"><a href="http://www.aserto.com/" style="font-family:tahoma,sans-serif" target="_blank"><img src="https://raw.githubusercontent.com/aserto-dev/artwork/main/logo/horizontal/color/aserto-horizontal-color.png" width="96" height="35" style="font-family: tahoma, sans-serif;"></a></p></td><td style="vertical-align:middle;padding:5pt;overflow:hidden;font-family:tahoma,sans-serif"><p dir="ltr" style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;font-family:tahoma,sans-serif"><span style="font-family:Roboto,sans-serif;font-weight:700;vertical-align:baseline;white-space:pre-wrap;background-color:transparent;color:rgb(0,0,0)"><span style="font-size:10pt;font-family:Roboto,sans-serif">Omri Gazitt</span><span style="font-weight:normal;font-family:Roboto,sans-serif"><span style="font-family:Arial;vertical-align:baseline;background-color:transparent"><span style="white-space:pre-wrap;font-family:Arial">      </span></span></span><span style="font-size:10pt;font-family:Roboto,sans-serif">| </span></span><span style="font-family:Roboto,sans-serif;font-size:10pt;white-space:pre-wrap;background-color:transparent;color:rgb(0,0,0)">CEO</span></p><p dir="ltr" style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;font-family:tahoma,sans-serif"><span style="font-size:10pt;font-family:Roboto,sans-serif;vertical-align:baseline;white-space:pre-wrap;background-color:transparent;color:rgb(0,0,0)"><a href="http://www.aserto.com/" style="font-family:Roboto,sans-serif" target="_blank">Aserto</a> Inc.</span><span style="font-family:Arial;vertical-align:baseline;background-color:transparent"><span style="white-space:pre-wrap;font-family:Arial">       </span></span><span style="font-family:Roboto,sans-serif;font-weight:700;white-space:pre-wrap;font-size:10pt;color:rgb(0,0,0)">| </span><span style="font-family:Roboto,sans-serif;font-size:10pt;white-space:pre-wrap;background-color:transparent;color:rgb(0,0,0)">(425) 765-0079</span></p></td></tr></tbody></table></div></div></div></div><div><br></div><div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Jul 3, 2024 at 2:12 PM David Brossard <<a href="mailto:david.brossard@gmail.com" target="_blank">david.brossard@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hi Omri,<div><br></div><div>I just realized the spec could use a bit more symmetry/consistency. For instance, the resource category is described as</div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><p id="m_5001851485353592002m_6599161373843127829gmail-section-5.2-1" style="padding:0px;margin:0px 0px 1em;font-family:"Noto Sans",Arial,Helvetica,sans-serif;font-size:14px">A Resource is the target of an access request. It is a JSON (<span style="font-family:"Noto Sans",Arial,Helvetica,sans-serif">[<a href="https://openid.github.io/authzen/#RFC8259" style="text-decoration:none;font-family:"Noto Sans",Arial,Helvetica,sans-serif;color:rgb(34,34,238)" target="_blank">RFC8259</a>]</span>) object that is constructed similar to a Subject entity.<a href="https://openid.github.io/authzen/#section-5.2-1" style="text-decoration:none;font-family:"Noto Sans",Arial,Helvetica,sans-serif;color:rgb(102,102,102)" target="_blank">¶</a></p></blockquote><div>The subject category does not allude to RFC8259 when in fact it could/should. Thoughts? At the end of the day, subject and resource are structurally equal/equivalent. </div><div><br></div><div>Thoughts? </div></div><br><div class="gmail_quote"></div><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Jul 2, 2024 at 8:48 PM Omri Gazitt via Openid-specs-authzen <<a href="mailto:openid-specs-authzen@lists.openid.net" target="_blank">openid-specs-authzen@lists.openid.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="auto">Hi all!</div><div dir="auto"><br></div><div dir="auto"><div dir="auto">As discussed on the AuthZEN call today, I’ve updated the 1.0 spec and created a new 1.1 spec that adds the Access Evaluations (plural) API.</div><div dir="auto"><br></div><div dir="auto"><a href="https://openid.github.io/authzen/" target="_blank">https://openid.github.io/authzen/</a> </div><div dir="auto"><br></div><div dir="auto"><a href="https://openid.github.io/authzen/authorization-api-1_1#name-access-evaluations-api" target="_blank">https://openid.github.io/authzen/authorization-api-1_1#name-access-evaluations-api</a> </div><div dir="auto"><br></div><div dir="auto">The first spec (1.0) is what we are working towards making our first Implementer’s Draft. The second is meant to be a fast follower and adds support for boxcarred requests.</div><div dir="auto"><br></div><div dir="auto">Please open issues in GitHub for any comments or questions on either. </div><div dir="auto"><br></div><div dir="auto">Thanks,</div><div dir="auto">Omri. </div><br clear="all"><br clear="all"><div dir="auto"><div dir="ltr" class="gmail_signature"><div dir="ltr"><table style="font-family:tahoma,sans-serif;border:medium;border-collapse:collapse;color:rgb(34,34,34)"><tbody style="font-family:tahoma,sans-serif"><tr style="height:0pt;font-family:tahoma,sans-serif"><td style="vertical-align:top;padding:5pt;overflow:hidden;font-family:tahoma,sans-serif"><p dir="ltr" style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;font-family:tahoma,sans-serif"><a href="http://www.aserto.com/" style="font-family:tahoma,sans-serif" target="_blank"><img src="https://raw.githubusercontent.com/aserto-dev/artwork/main/logo/horizontal/color/aserto-horizontal-color.png" width="96" height="35" style="font-family: tahoma, sans-serif;"></a></p></td><td style="vertical-align:middle;padding:5pt;overflow:hidden;font-family:tahoma,sans-serif"><p dir="ltr" style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;font-family:tahoma,sans-serif"><span style="font-family:Roboto,sans-serif;font-weight:700;vertical-align:baseline;white-space:pre-wrap;background-color:transparent;color:rgb(0,0,0)"><span style="font-size:10pt;font-family:Roboto,sans-serif">Omri Gazitt</span><span style="font-weight:normal;font-family:Roboto,sans-serif"><span style="font-family:Arial;vertical-align:baseline;background-color:transparent"><span style="white-space:pre-wrap;font-family:Arial">    </span></span></span><span style="font-size:10pt;font-family:Roboto,sans-serif">| </span></span><span style="font-family:Roboto,sans-serif;font-size:10pt;white-space:pre-wrap;background-color:transparent;color:rgb(0,0,0)">CEO</span></p><p dir="ltr" style="line-height:1.2;margin-top:0pt;margin-bottom:0pt;font-family:tahoma,sans-serif"><span style="font-size:10pt;font-family:Roboto,sans-serif;vertical-align:baseline;white-space:pre-wrap;background-color:transparent;color:rgb(0,0,0)"><a href="http://www.aserto.com/" style="font-family:Roboto,sans-serif" target="_blank">Aserto</a> Inc.</span><span style="font-family:Arial;vertical-align:baseline;background-color:transparent"><span style="white-space:pre-wrap;font-family:Arial">       </span></span><span style="font-family:Roboto,sans-serif;font-weight:700;white-space:pre-wrap;font-size:10pt;color:rgb(0,0,0)">| </span><span style="font-family:Roboto,sans-serif;font-size:10pt;white-space:pre-wrap;background-color:transparent;color:rgb(0,0,0)">(425) 765-0079</span></p></td></tr></tbody></table></div></div></div></div>
-- <br>
Openid-specs-authzen mailing list<br>
<a href="mailto:Openid-specs-authzen@lists.openid.net" target="_blank">Openid-specs-authzen@lists.openid.net</a><br>
<a href="https://lists.openid.net/mailman/listinfo/openid-specs-authzen" rel="noreferrer" target="_blank">https://lists.openid.net/mailman/listinfo/openid-specs-authzen</a><br>
</blockquote></div><br clear="all"><div><br></div><span class="gmail_signature_prefix">-- </span><br><div dir="ltr" class="gmail_signature"><div dir="ltr">---<br>David Brossard<br><a href="http://www.linkedin.com/in/davidbrossard" target="_blank">http://www.linkedin.com/in/davidbrossard</a><br><a href="http://twitter.com/davidjbrossard" target="_blank">http://twitter.com/davidjbrossard</a><br><a href="http://about.me/brossard" target="_blank">http://about.me/brossard</a><br>---<br>Stay safe on the Internet: <a href="https://www.capefearnetworks.com/wp-content/uploads/2017/05/Internet-Fraud-Prevention-Tips-IC3.pdf" target="_blank">IC3 Prevention Tips</a><br>Prenez vos précautions sur Internet: <a href="http://www.securite-informatique.gouv.fr/gp_rubrique34.html" target="_blank">http://www.securite-informatique.gouv.fr/gp_rubrique34.html</a></div></div>
</blockquote></div></div>
</blockquote></div><br clear="all"><div><br></div><span class="gmail_signature_prefix">-- </span><br><div dir="ltr" class="gmail_signature"><div dir="ltr">---<br>David Brossard<br><a href="http://www.linkedin.com/in/davidbrossard" target="_blank">http://www.linkedin.com/in/davidbrossard</a><br><a href="http://twitter.com/davidjbrossard" target="_blank">http://twitter.com/davidjbrossard</a><br><a href="http://about.me/brossard" target="_blank">http://about.me/brossard</a><br>---<br>Stay safe on the Internet: <a href="https://www.capefearnetworks.com/wp-content/uploads/2017/05/Internet-Fraud-Prevention-Tips-IC3.pdf" target="_blank">IC3 Prevention Tips</a><br>Prenez vos précautions sur Internet: <a href="http://www.securite-informatique.gouv.fr/gp_rubrique34.html" target="_blank">http://www.securite-informatique.gouv.fr/gp_rubrique34.html</a></div></div>