<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body>
<div>
<div dir="ltr">You do have a resource ID - it’s the product id. The amount may be a condition of the product type - determined by the product id. But I really don’t think it this would actually be a real life check as there would be a pile of other criteria
 including the customer, term and other loan optionality that would be customer based.</div>
<div dir="ltr"><br>
</div>
<div dir="ltr">dh</div>
</div>
<div id="ms-outlook-mobile-body-separator-line" dir="auto"><br>
</div>
<div id="ms-outlook-mobile-signature">Get <a href="https://aka.ms/o0ukef">Outlook for iOS</a></div>
<hr style="display:inline-block;width:98%" tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> Openid-specs-authzen <openid-specs-authzen-bounces@lists.openid.net> on behalf of Allan via Openid-specs-authzen <openid-specs-authzen@lists.openid.net><br>
<b>Sent:</b> Thursday, May 8, 2025 2:13:34 PM<br>
<b>To:</b> AuthZEN Working Group List <openid-specs-authzen@lists.openid.net><br>
<b>Cc:</b> Allan <allan@macguru.com><br>
<b>Subject:</b> Re: [Openid-specs-authzen] A question on resource identifiers for resources that do not exist yet</font>
<div> </div>
</div>
<div dir="auto"><img id="x_9AC0E9560293D7A3C0A577D5BE44B398" alt="" width="0px" src="https://receipts.canarymail.io/track/AE980BFE3A76DE71B7ADC1325DB56676_9AC0E9560293D7A3C0A577D5BE44B398.png" height="0px">
<div id="x_CanaryBody">
<div>well it does bring up the rather interesting case of create </div>
<div><br>
</div>
<div> create doesn't have. resource ID</div>
<div><br>
</div>
<div>allan</div>
<div><br>
</div>
</div>
<div id="x_CanarySig">
<div>
<div style="font-family:Helvetica">--<br>
Sent from <a href="https://canarymail.io">Canary</a></div>
<div><br>
</div>
</div>
</div>
<div id="x_CanaryDropbox"></div>
<blockquote id="x_CanaryBlockquote">
<div>
<div>On Thursday, May 08, 2025 at 12:58, Andres Aguiar via Openid-specs-authzen <<a href="mailto:openid-specs-authzen@lists.openid.net">openid-specs-authzen@lists.openid.net</a>> wrote:<br>
</div>
<div>
<div dir="ltr">Couldn't the resource be a higher level entity? e.g. the Region? the customer? the bank branch? If it's B2B, the organization? 
<div><br>
</div>
</div>
<br>
<div class="x_gmail_quote x_gmail_quote_container">
<div dir="ltr" class="x_gmail_attr">On Thu, May 8, 2025 at 7:46 AM Andrew Clymer via Openid-specs-authzen <<a href="mailto:openid-specs-authzen@lists.openid.net">openid-specs-authzen@lists.openid.net</a>> wrote:<br>
</div>
<blockquote class="x_gmail_quote" style="margin:0px 0px 0px 0.8ex; border-left:1px solid rgb(204,204,204); padding-left:1ex">
<div class="x_msg7355996677732884344">
<div dir="ltr">
<div>
<p><strong>This message originated outside your organization.</strong></p>
<br>
<hr>
<br>
</div>
<div style="font-family:"Aptos Display","Aptos Display_EmbeddedFont","Aptos Display_MSFontService","Calibri Light","Helvetica Light",sans-serif; font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:"Aptos Display","Aptos Display_EmbeddedFont","Aptos Display_MSFontService","Calibri Light","Helvetica Light",sans-serif; font-size:12pt; color:rgb(0,0,0)">
Sounds to me that resource Id shouldn't be mandatory, or that the resource Id is for the collection of loans. Passing a resource ID of 0 works, but that just feels like a magic value.</div>
<div style="font-family:"Aptos Display","Aptos Display_EmbeddedFont","Aptos Display_MSFontService","Calibri Light","Helvetica Light",sans-serif; font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:"Aptos Display","Aptos Display_EmbeddedFont","Aptos Display_MSFontService","Calibri Light","Helvetica Light",sans-serif; font-size:12pt; color:rgb(0,0,0)">
Andy</div>
<div dir="ltr" style="font-size:1px; direction:ltr">
<table cellpadding="0" cellspacing="0" border="0" style="width:100%; border-collapse:collapse; font-size:1px">
<tbody>
<tr style="font-size:0px">
<td align="left">
<table dir="ltr" cellpadding="0" cellspacing="0" border="0" style="background-color:rgb(255,255,255); direction:ltr; border-collapse:collapse; font-size:0px">
<tbody>
<tr style="font-size:0px">
<td align="left" style="vertical-align:top">
<table cellpadding="0" cellspacing="0" border="0" style="width:100%; border-collapse:collapse; font-size:0px">
<tbody>
<tr style="font-size:0px">
<td align="left" style="vertical-align:top; line-height:normal"><a href="https://urldefense.com/v3/__https://registry.blockmarktech.com/certificates/53f9a3ba-4ba6-4879-8b4d-5f5d3a413118/__;!!PwKahg!_oZpQyjahZpIjImVt2l6ty3_-UC8PNZSaGZmAWvERr278XS6PPKI2I3Gi8NZ16drBnWdfG3cu4SLh1nKc-3u8iaYU7jmzeCjzA$" id="x_m_7355996677732884344LPlnk689713" target="_blank" style="text-decoration:none"><img src="cid:ii_196af89293fefc5760b1" width="100" height="100" border="0" alt="" style="width:100px; min-width:100px; max-width:100px; height:100px; min-height:100px; max-height:100px; font-size:0px"></a></td>
<td align="left" style="vertical-align:top">
<table cellpadding="0" cellspacing="0" border="0" style="border-collapse:collapse; font-size:0px; line-height:normal">
<tbody>
<tr style="font-size:0px">
<td align="left" style="padding:0px; border-top:none; border-right:4px solid rgb(0,0,1); border-bottom:none; border-left:none; vertical-align:top">
<img src="cid:ii_196af89293f1e8e4322" width="85" height="124.1" border="0" alt="" style="width:85px; min-width:85px; max-width:85px; height:124.1px; min-height:124.1px; max-height:124.1px; font-size:0px"></td>
</tr>
</tbody>
</table>
</td>
<td align="left" style="vertical-align:top">
<table cellpadding="0" cellspacing="0" border="0" style="width:100%; border-collapse:collapse; font-size:0px">
<tbody>
<tr style="font-size:0px">
<td align="left" style="padding:7px 0px 0px 7px; vertical-align:top">
<table cellpadding="0" cellspacing="0" border="0" style="white-space:normal; color:rgb(0,0,1); font-size:14.67px; font-family:Calibri,Arial,sans-serif; font-weight:400; font-style:normal; text-align:justify; line-height:14px; width:100%; border-collapse:collapse">
<tbody>
<tr style="font-size:10.67px">
<td style="font-family:Calibri,Arial,sans-serif"><span style="font-size:13px"><br>
​We are the first IdentityServer partner to become a Certified B Corporation™.<br>
​Head to our <span style="text-decoration:underline; color:rgb(58,19,205)"><a href="https://urldefense.com/v3/__https://www.rocksolidknowledge.com/mission-statement__;!!PwKahg!_oZpQyjahZpIjImVt2l6ty3_-UC8PNZSaGZmAWvERr278XS6PPKI2I3Gi8NZ16drBnWdfG3cu4SLh1nKc-3u8iaYU7jhI1Aj0A$" id="x_m_7355996677732884344LPlnk689713" title="https://www.rocksolidknowledge.com/mission-statement" target="_blank" style="text-decoration:none; color:rgb(58,19,205)">mission
</a><a href="https://urldefense.com/v3/__https://www.rocksolidknowledge.com/mission-statement__;!!PwKahg!_oZpQyjahZpIjImVt2l6ty3_-UC8PNZSaGZmAWvERr278XS6PPKI2I3Gi8NZ16drBnWdfG3cu4SLh1nKc-3u8iaYU7jhI1Aj0A$" id="x_m_7355996677732884344LPlnk689713" title="https://www.rocksolidknowledge.com/mission-statement" target="_blank" style="text-decoration:none; color:rgb(58,19,205)">sta</a><a href="https://urldefense.com/v3/__https://www.rocksolidknowledge.com/mission-statement__;!!PwKahg!_oZpQyjahZpIjImVt2l6ty3_-UC8PNZSaGZmAWvERr278XS6PPKI2I3Gi8NZ16drBnWdfG3cu4SLh1nKc-3u8iaYU7jhI1Aj0A$" id="x_m_7355996677732884344LPlnk689713" title="https://www.rocksolidknowledge.com/mission-statement" target="_blank" style="text-decoration:none; color:rgb(58,19,205)">tement</a></span> to
 read more about the ways we’re using business as a force for good.<br>
​<br>
​Rock Solid Knowledge Ltd is a company registered in England and Wales under number 6811209.<br>
Registered office: C2, Vantage Office Park, Old Gloucester Road, Bristol, BS16 1GW, United Kingdom<br>
​Vat registered: GB948 1966 72</span><br>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<span style="font-family:remialcxesans"> <span style="font-family:template-CbyZv7ONEe6-oGBFvdGUFw"> </span><span style="font-family:zone-1"> </span><span style="font-family:zones-AQ"> </span></span></div>
<div id="x_m_7355996677732884344appendonsend"></div>
<hr style="display:inline-block; width:98%">
<div id="x_m_7355996677732884344divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" color="#000000" style="font-size:11pt"><b>From:</b> Openid-specs-authzen <<a href="mailto:openid-specs-authzen-bounces@lists.openid.net" target="_blank">openid-specs-authzen-bounces@lists.openid.net</a>>
 on behalf of Allan via Openid-specs-authzen <<a href="mailto:openid-specs-authzen@lists.openid.net" target="_blank">openid-specs-authzen@lists.openid.net</a>><br>
<b>Sent:</b> 08 May 2025 11:40<br>
<b>To:</b> AuthZEN Working Group List <<a href="mailto:openid-specs-authzen@lists.openid.net" target="_blank">openid-specs-authzen@lists.openid.net</a>><br>
<b>Cc:</b> Allan <<a href="mailto:allan@macguru.com" target="_blank">allan@macguru.com</a>><br>
<b>Subject:</b> Re: [Openid-specs-authzen] A question on resource identifiers for resources that do not exist yet</font>
<div> </div>
</div>
<div dir="auto"><img id="x_m_7355996677732884344x_33E9E7E95914C65767B3BE393381C98E" alt="" width="0px" height="0px" src="">
<div id="x_m_7355996677732884344x_">
<div>hmmm</div>
<div><br>
</div>
<div>surely customer is part of the resource?  and a create can simply use a resource ID of 0 or -1. or null</div>
<div><br>
</div>
<div>allan</div>
<div><br>
</div>
</div>
<div id="x_m_7355996677732884344x_">
<div>
<div style="font-family:Helvetica">--<br>
Sent from <a href="https://urldefense.com/v3/__https://canarymail.io__;!!PwKahg!_oZpQyjahZpIjImVt2l6ty3_-UC8PNZSaGZmAWvERr278XS6PPKI2I3Gi8NZ16drBnWdfG3cu4SLh1nKc-3u8iaYU7iALaQ4yQ$" target="_blank">
Canary</a></div>
<div><br>
</div>
</div>
</div>
<div id="x_m_7355996677732884344x_CanaryDropbox"></div>
<blockquote id="x_m_7355996677732884344x_">
<div>
<div>On Thursday, May 08, 2025 at 12:34, David Brossard via Openid-specs-authzen <<a href="mailto:openid-specs-authzen@lists.openid.net" target="_blank">openid-specs-authzen@lists.openid.net</a>> wrote:<br>
</div>
<div>
<div dir="ltr">
<div>Hi all,<br>
</div>
<div><br>
</div>
<div>Interesting use case from EIC: I want to write a policy that determines how a loan-to-be can be created.</div>
<div><br>
</div>
<div>Managers can create a loan for a customer in their region up to their max allowed amount for the employee (and/or customer).</div>
<div><br>
</div>
<div>The request would then be:</div>
<div>
<ul>
<li>Can Alice the employee create loan with amount 1234?</li></ul>
In this type of request, because the loan hasn't been created we do not have a  loan ID or resource ID. But, because AuthZEN makes the resource ID mandatory in the evaluation API, what approach do we want to recommend?</div>
<div><br>
</div>
<div>David </div>
<div dir="ltr"></div>
</div>
-- <br>
Openid-specs-authzen mailing list <br>
<a href="mailto:Openid-specs-authzen@lists.openid.net" target="_blank">Openid-specs-authzen@lists.openid.net</a>
<br>
<a href="https://urldefense.com/v3/__https://lists.openid.net/mailman/listinfo/openid-specs-authzen__;!!PwKahg!_oZpQyjahZpIjImVt2l6ty3_-UC8PNZSaGZmAWvERr278XS6PPKI2I3Gi8NZ16drBnWdfG3cu4SLh1nKc-3u8iaYU7gKBSldXg$" target="_blank">https://lists.openid.net/mailman/listinfo/openid-specs-authzen</a>
<br>
</div>
</div>
</blockquote>
</div>
</div>
-- <br>
Openid-specs-authzen mailing list<br>
<a href="mailto:Openid-specs-authzen@lists.openid.net" target="_blank">Openid-specs-authzen@lists.openid.net</a><br>
<a href="https://lists.openid.net/mailman/listinfo/openid-specs-authzen" rel="noreferrer" target="_blank">https://lists.openid.net/mailman/listinfo/openid-specs-authzen</a><br>
</div>
</blockquote>
</div>
-- <br>
Openid-specs-authzen mailing list <br>
Openid-specs-authzen@lists.openid.net <br>
https://lists.openid.net/mailman/listinfo/openid-specs-authzen <br>
</div>
</div>
</blockquote>
</div>
</body>
</html>