
<html xmlns="http://www.w3.org/1999/xhtml">

<head>

<title></title>

</head>

<body>

<div name="messageBodySection">

<div dir="auto">Yup there was no formal definition of the ucast syntax but there was an implicit one. I spent a lot of time documenting it.<br />

<br />

The benefits we weighed when going down this route was very similar to the AuthZen one: standardizing on an “open source” response format that we can build out integrations to in the most common languages/frameworks/ORMs. </div>

</div>

<div name="messageSignatureSection"><br />

Thanks,<br />

Chris

<div dir="auto">Styra</div>

</div>

<div name="messageReplySection">On Apr 10, 2025 at 6:25 PM +0100, Michiel Trimpe via Openid-specs-authzen <openid-specs-authzen@lists.openid.net>, wrote:<br />

<blockquote type="cite" style="border-left-color: grey; border-left-width: thin; border-left-style: solid; margin: 5px 5px;padding-left: 10px;">

<div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">Hi all,</div>

<div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);"><br /></div>

<div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">The UCAST project doesn't have a serialization format; but I did some looking after the call and Styra does define the JSON format they use to serialize UCAST here: <a href="https://docs.styra.com/apps/data/reference/ucast-syntax">https://docs.styra.com/apps/data/reference/ucast-syntax</a></div>

<div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);"><br /></div>

<div class="elementToProof" style="font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">Cheers, Michiel</div>

<div id="appendonsend"></div>

<hr style="display:inline-block;width:98%" tabindex="-1" />

<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> Openid-specs-authzen <openid-specs-authzen-bounces@lists.openid.net> on behalf of David Brossard via Openid-specs-authzen <openid-specs-authzen@lists.openid.net><br />

<b>Sent:</b> 10 April 2025 19:10<br />

<b>To:</b> AuthZEN Working Group List <openid-specs-authzen@lists.openid.net><br />

<b>Cc:</b> David Brossard <david.brossard@gmail.com><br />

<b>Subject:</b> Re: [Openid-specs-authzen] Partial Evaluation meeting running as we speak</font>

<div> </div>

</div>

<div>

<div dir="ltr">And here are the notes from the meeting:

<div><br /></div>

<div><a href="https://hackmd.io/pSQDKYrPSnuVX4K7rjo8_w?view" originalsrc="https://hackmd.io/pSQDKYrPSnuVX4K7rjo8_w?view">https://hackmd.io/pSQDKYrPSnuVX4K7rjo8_w?view</a></div>

<div><br /></div>

<div><br /></div>

<div>

<h1 class="x_gmail-part" id="x_gmail-Partial-Evaluation-Cedar-Meeting">Partial Evaluation Cedar Meeting</h1>

<h2 class="x_gmail-part" id="x_gmail-Attendees"><a class="x_gmail-anchor x_gmail-hidden-xs" href="#x_Attendees" title="Attendees"><span class="x_gmail-octicon x_gmail-octicon-link x_gmail-ph x_gmail-ph-link-simple-horizontal"></span></a>Attendees</h2>

<ul class="x_gmail-part">

<li class="x_gmail-">Darin McAdams</li>

<li class="x_gmail-">Jeff Lombardo</li>

<li class="x_gmail-">Alex Babeanu</li>

<li class="x_gmail-">Vladi Berger</li>

<li class="x_gmail-">David Brossard</li>

<li class="x_gmail-">Michiel Trimpe</li>

</ul>

<h2 class="x_gmail-part" id="x_gmail-Partial-Evaluation-in-Cedar"><a class="x_gmail-anchor x_gmail-hidden-xs" href="#x_Partial-Evaluation-in-Cedar" title="Partial-Evaluation-in-Cedar"><span class="x_gmail-octicon x_gmail-octicon-link x_gmail-ph x_gmail-ph-link-simple-horizontal"></span></a>Partial Evaluation in Cedar</h2>

<ul class="x_gmail-part x_gmail-in-view">

<li class="x_gmail-">Experimental feature for the time being</li>

<li class="x_gmail-">Some customers are playing with it</li>

<li class="x_gmail-">By the time customers try it though, they find it too raw and give up</li>

<li class="x_gmail-">Common use cases

<ul>

<li class="x_gmail-">Search: how do you map residual fragments to the relevant query language?</li>

<li class="x_gmail-">Search: there is a risk you might hit a non-indexed field in the underlying DB<br />

-<code>Hopelessness</code> check: I don't have an entire request and I don't want to incur the cost of retrieving all attributes if I don't have all the information if I know I will get access denied.</li>

<li class="x_gmail-">Impact analysis

<ul>

<li class="x_gmail-">What if I change this policy, how will access be impacted?</li>

</ul>

</li>

<li class="x_gmail-">Access reviews

<ul>

<li class="x_gmail-">What can Alice do? What can manager do?</li>

</ul>

</li>

</ul>

</li>

<li class="x_gmail-">Cedar already produces a JSON version of its AST that represents a partial evaluation response

<ul>

<li class="x_gmail-"><a href="https://cedarland.blog/usage/partial-evaluation/content.html" originalsrc="https://cedarland.blog/usage/partial-evaluation/content.html" target="_blank" rel="noopener">https://cedarland.blog/usage/partial-evaluation/content.html</a></li>

</ul>

</li>

<li class="x_gmail-">We can compare it with the draft spec</li>

</ul>

<h2 class="x_gmail-part x_gmail-in-view" id="x_gmail-Differences-between-products"><a class="x_gmail-anchor x_gmail-hidden-xs" href="#x_Differences-between-products" title="Differences-between-products"><span class="x_gmail-octicon x_gmail-octicon-link x_gmail-ph x_gmail-ph-link-simple-horizontal"></span></a>Differences between products</h2>

<ul class="x_gmail-part x_gmail-in-view">

<li class="x_gmail-">The usefulness and scope of partial evaluation depends on the fact the underlying implementation is stateful or stateless</li>

</ul>

<h2 class="x_gmail-part x_gmail-in-view" id="x_gmail-Ucast"><a class="x_gmail-anchor x_gmail-hidden-xs" href="#x_Ucast" title="Ucast"><span class="x_gmail-octicon x_gmail-octicon-link x_gmail-ph x_gmail-ph-link-simple-horizontal"></span></a>Ucast</h2>

<ul class="x_gmail-part x_gmail-in-view">

<li class="x_gmail-"><a href="https://github.com/stalniy/ucast" originalsrc="https://github.com/stalniy/ucast" target="_blank" rel="noopener">https://github.com/stalniy/ucast</a></li>

<li class="x_gmail-"><a href="https://github.com/StyraInc/ucast-linq" originalsrc="https://github.com/StyraInc/ucast-linq" target="_blank" rel="noopener">https://github.com/StyraInc/ucast-linq</a></li>

<li class="x_gmail-">Integration with Prisma

<ul>

<li class="x_gmail-"><a href="https://www.npmjs.com/package/@styra/ucast-prisma" originalsrc="https://www.npmjs.com/package/@styra/ucast-prisma" target="_blank" rel="noopener">https://www.npmjs.com/package/@styra/ucast-prisma</a></li>

<li class="x_gmail-"><a href="https://www.prisma.io/" originalsrc="https://www.prisma.io/" target="_blank" rel="noopener">https://www.prisma.io/</a></li>

</ul>

</li>

<li class="x_gmail-">Challenge

<ul>

<li class="x_gmail-">ucast is not a standard</li>

<li class="x_gmail-">ucast doesn't define a serialization format in the OS project</li>

<li class="x_gmail-">check with Styra</li>

<li class="x_gmail-">the last commit is nearly 2 years old</li>

</ul>

</li>

</ul>

<h2 class="x_gmail-part x_gmail-in-view" id="x_gmail-Other-formats"><a class="x_gmail-anchor x_gmail-hidden-xs" href="#x_Other-formats" title="Other-formats"><span class="x_gmail-octicon x_gmail-octicon-link x_gmail-ph x_gmail-ph-link-simple-horizontal"></span></a>Other formats</h2>

<ul class="x_gmail-part x_gmail-in-view">

<li class="x_gmail-"><a href="https://json-e.js.org/" originalsrc="https://json-e.js.org/" target="_blank" rel="noopener">https://json-e.js.org/</a></li>

</ul>

<h2 class="x_gmail-part x_gmail-in-view" id="x_gmail-Reaching-out-to-the-new-product-bucket"><a class="x_gmail-anchor x_gmail-hidden-xs" href="#x_Reaching-out-to-the-new-product-bucket" title="Reaching-out-to-the-new-product-bucket"><span class="x_gmail-octicon x_gmail-octicon-link x_gmail-ph x_gmail-ph-link-simple-horizontal"></span></a>Reaching out to the new 'product bucket'</h2>

<ul class="x_gmail-part x_gmail-in-view">

<li class="x_gmail-">If partial evaluation is about data filtering, then the target is data platforms (in a broad sense) such as SQL DB vendors, data platforms (Trino, Immuta, Snowflake), or DB SaaS (Athena, RDS<span class="x_gmail-smartypants">…</span>)</li>

</ul>

</div>

<div><br /></div>

<div><br /></div>

</div>

<br />

<div class="x_gmail_quote x_gmail_quote_container">

<div dir="ltr" class="x_gmail_attr">On Thu, Apr 10, 2025 at 9:10 AM Lombardo, Jeff via Openid-specs-authzen <<a href="mailto:openid-specs-authzen@lists.openid.net">openid-specs-authzen@lists.openid.net</a>> wrote:<br /></div>

<blockquote class="x_gmail_quote" style="margin:0px 0px 0px 0.8ex; border-left:1px solid rgb(204,204,204); padding-left:1ex">

<div class="x_msg-4763591545377090451">

<div lang="FR-CA" style="" xml:lang="FR-CA">

<div class="x_m_2895230285645175561WordSection1">

<p class="x_MsoNormal"><span lang="EN-CA" xml:lang="EN-CA">You can join the meeting for the next hour if possible for you. We will share the recording after the fact.<u></u><u></u></span></p>

<p class="x_MsoNormal"><span lang="EN-CA" xml:lang="EN-CA"><u></u> <u></u></span></p>

<p class="x_MsoNormal"><span lang="EN-CA" xml:lang="EN-CA">Meeting title: AuthZEN Partial Evaluation discussion<u></u><u></u></span></p>

<p class="x_MsoNormal"><span lang="EN-CA" xml:lang="EN-CA">Personalized ID: 6455908420<u></u><u></u></span></p>

<p class="x_MsoNormal"><span lang="EN-CA" xml:lang="EN-CA">Meeting ID: 6455 90 8420<u></u><u></u></span></p>

<p class="x_MsoNormal"><span lang="EN-CA" xml:lang="EN-CA">Hosting Region: United States (Ohio)<u></u><u></u></span></p>

<p class="x_MsoNormal"><span lang="EN-CA" xml:lang="EN-CA">URL Link:</span> <a href="https://chime.aws/6455908420" originalsrc="https://chime.aws/6455908420" target="_blank"><span lang="EN-CA" xml:lang="EN-CA">https://chime.aws/6455908420</span></a><span lang="EN-CA" xml:lang="EN-CA"><u></u><u></u></span></p>

<p class="x_MsoNormal"><span lang="EN-CA" xml:lang="EN-CA">US dial-in: +1 206-462-5569<u></u><u></u></span></p>

<p class="x_MsoNormal"><span lang="EN-CA" xml:lang="EN-CA">US toll-free dial-in: +1 855-552-4463<u></u><u></u></span></p>

<p class="x_MsoNormal"><span lang="EN-CA" xml:lang="EN-CA">International dial-in numbers:</span> <a href="https://chime.aws/dialinnumbers/" originalsrc="https://chime.aws/dialinnumbers/" target="_blank"><span lang="EN-CA" xml:lang="EN-CA">https://chime.aws/dialinnumbers/</span></a><span lang="EN-CA" xml:lang="EN-CA"><u></u><u></u></span></p>

<p class="x_MsoNormal"><span lang="EN-CA" xml:lang="EN-CA"><u></u> <u></u></span></p>

<p class="x_MsoNormal"><b><span style="font-size:10pt; font-family:"Amazon Ember Heavy",sans-serif">Jean-François “<span style="color:rgb(233,113,50)">Jeff</span>” Lombardo</span></b><span> </span><span style="font-size:10pt; font-family:"Amazon Ember Light",sans-serif">| <span style="color:gray"></span><span style="color:rgb(233,113,50)">Amazon Web Services<u></u><u></u></span></span></p>

<p class="x_MsoNormal"><span style="font-size:4pt; font-family:"Amazon Ember Light",sans-serif; color:gray"><u></u> <u></u></span></p>

<p class="x_MsoNormal"><span lang="EN-US" style="font-size:10pt; font-family:"Amazon Ember Light",sans-serif; color:gray" xml:lang="EN-US">Principal Solution Architect, Security Specialist - Montréal, Canada<u></u><u></u></span></p>

<p class="x_MsoNormal"><span lang="EN-US" style="font-size:10pt; font-family:"Amazon Ember Light",sans-serif; color:gray" xml:lang="EN-US">Mobile: 514.778.5565<u></u><u></u></span></p>

<p class="x_MsoNormal"><span lang="EN-US" style="font-size:4pt; font-family:"Amazon Ember Light",sans-serif; color:gray" xml:lang="EN-US"><u></u> <u></u></span></p>

<p class="x_MsoNormal"><i><span lang="EN-US" style="font-size:10pt; font-family:"Amazon Ember Light",sans-serif; color:gray" xml:lang="EN-US">Thoughts on our interaction? Provide feedback</span></i> <span><a href="https://urldefense.com/v3/__https:/feedback.aws.amazon.com/?ea=jeffsec&fn=Jean*20Francois&ln=Lombardo__;JQ!!Pe07N362zA!0k9CkAV8Djpw_8EfIAKrbhP3TQrJr0oMnznlUgBJ3V3NoEk6hihx7dNHnQuejn6SSH2CP8Iow3G-tTzppHeg$" originalsrc="https://urldefense.com/v3/__https:/feedback.aws.amazon.com/?ea=jeffsec&fn=Jean*20Francois&ln=Lombardo__;JQ!!Pe07N362zA!0k9CkAV8Djpw_8EfIAKrbhP3TQrJr0oMnznlUgBJ3V3NoEk6hihx7dNHnQuejn6SSH2CP8Iow3G-tTzppHeg$" target="_blank"><i><span lang="EN-US" style="font-size:10pt; font-family:"Amazon Ember Light",sans-serif; color:rgb(70,120,134)" xml:lang="EN-US">here</span></i></a></span><i><span lang="EN-US" style="font-size:10pt; font-family:"Amazon Ember Light",sans-serif; color:gray" xml:lang="EN-US">.<u></u><u></u></span></i></p>

<p class="x_MsoNormal"><u></u> <u></u></p>

</div>

</div>

--<br />

Openid-specs-authzen mailing list<br />

<a href="mailto:Openid-specs-authzen@lists.openid.net" target="_blank">Openid-specs-authzen@lists.openid.net</a><br />

<a href="https://lists.openid.net/mailman/listinfo/openid-specs-authzen" originalsrc="https://lists.openid.net/mailman/listinfo/openid-specs-authzen" rel="noreferrer" target="_blank">https://lists.openid.net/mailman/listinfo/openid-specs-authzen</a><br /></div>

</blockquote>

</div>

<div><br clear="all" /></div>

<div><br /></div>

<span class="x_gmail_signature_prefix">--</span><br />

<div dir="ltr" class="x_gmail_signature">

<div dir="ltr">---<br />

David Brossard<br />

<a href="http://www.linkedin.com/in/davidbrossard" originalsrc="http://www.linkedin.com/in/davidbrossard" target="_blank">http://www.linkedin.com/in/davidbrossard</a><br />

<a href="http://twitter.com/davidjbrossard" originalsrc="http://twitter.com/davidjbrossard" target="_blank">http://twitter.com/davidjbrossard</a><br />

<a href="http://about.me/brossard" originalsrc="http://about.me/brossard" target="_blank">http://about.me/brossard</a><br />

---<br />

Stay safe on the Internet: <a href="https://www.capefearnetworks.com/wp-content/uploads/2017/05/Internet-Fraud-Prevention-Tips-IC3.pdf" originalsrc="https://www.capefearnetworks.com/wp-content/uploads/2017/05/Internet-Fraud-Prevention-Tips-IC3.pdf" target="_blank">IC3 Prevention Tips</a><br />

Prenez vos précautions sur Internet: <a href="https://cyber.gouv.fr/bonnes-pratiques-protegez-vous" originalsrc="https://cyber.gouv.fr/bonnes-pratiques-protegez-vous" target="_blank">https://cyber.gouv.fr/bonnes-pratiques-protegez-vous</a></div>

</div>

</div>

--<br />

Openid-specs-authzen mailing list<br />

Openid-specs-authzen@lists.openid.net<br />

https://lists.openid.net/mailman/listinfo/openid-specs-authzen<br /></blockquote>

</div>

</body>

</html>