<html xmlns="http://www.w3.org/1999/xhtml"><head> <title></title> <meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=no"> </head> <body dir="auto"><img id="9AC0E9560293D7A3C0A577D5BE44B398" alt="" width="0px" src="https://receipts.canarymail.io/track/AE980BFE3A76DE71B7ADC1325DB56676_9AC0E9560293D7A3C0A577D5BE44B398.png" height="0px"><div id="CanaryBody"> <div> well it does bring up the rather interesting case of create </div><div><br></div><div> create doesn't have. resource ID</div><div><br></div><div>allan</div> <div><br></div> </div> <div id="CanarySig"> <div> <div style="font-family:Helvetica;">--<br>Sent from <a href="https://canarymail.io">Canary</a></div> <div><br></div> </div> </div> <div id="CanaryDropbox"> </div> <blockquote id="CanaryBlockquote"> <div> <div>On Thursday, May 08, 2025 at 12:58, Andres Aguiar via Openid-specs-authzen <<a href="mailto:openid-specs-authzen@lists.openid.net">openid-specs-authzen@lists.openid.net</a>> wrote:<br></div> <div><div dir="ltr">Couldn't the resource be a higher level entity? e.g. the Region? the customer? the bank branch? If it's B2B, the organization? <div><br></div></div><br><div class="gmail_quote gmail_quote_container"><div dir="ltr" class="gmail_attr">On Thu, May 8, 2025 at 7:46 AM Andrew Clymer via Openid-specs-authzen <<a href="mailto:openid-specs-authzen@lists.openid.net">openid-specs-authzen@lists.openid.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div class="msg7355996677732884344"> <div dir="ltr"> <div> <p><strong>This message originated outside your organization.</strong></p><br> <hr><br> </div> <div style="font-family:"Aptos Display","Aptos Display_EmbeddedFont","Aptos Display_MSFontService","Calibri Light","Helvetica Light",sans-serif;font-size:12pt;color:rgb(0,0,0)"> <br> </div> <div style="font-family:"Aptos Display","Aptos Display_EmbeddedFont","Aptos Display_MSFontService","Calibri Light","Helvetica Light",sans-serif;font-size:12pt;color:rgb(0,0,0)"> Sounds to me that resource Id shouldn't be mandatory, or that the resource Id is for the collection of loans. Passing a resource ID of 0 works, but that just feels like a magic value.</div> <div style="font-family:"Aptos Display","Aptos Display_EmbeddedFont","Aptos Display_MSFontService","Calibri Light","Helvetica Light",sans-serif;font-size:12pt;color:rgb(0,0,0)"> <br> </div> <div style="font-family:"Aptos Display","Aptos Display_EmbeddedFont","Aptos Display_MSFontService","Calibri Light","Helvetica Light",sans-serif;font-size:12pt;color:rgb(0,0,0)"> Andy</div> <div dir="ltr" style="font-size:1px;direction:ltr"><table cellpadding="0" cellspacing="0" border="0" style="width:100%;border-collapse:collapse;font-size:1px"><tbody><tr style="font-size:0px"><td align="left"><table dir="ltr" cellpadding="0" cellspacing="0" border="0" style="background-color:rgb(255,255,255);direction:ltr;border-collapse:collapse;font-size:0px"><tbody><tr style="font-size:0px"><td align="left" style="vertical-align:top"><table cellpadding="0" cellspacing="0" border="0" style="width:100%;border-collapse:collapse;font-size:0px"><tbody><tr style="font-size:0px"><td align="left" style="vertical-align:top;line-height:normal"><a href="https://urldefense.com/v3/__https://registry.blockmarktech.com/certificates/53f9a3ba-4ba6-4879-8b4d-5f5d3a413118/__;!!PwKahg!_oZpQyjahZpIjImVt2l6ty3_-UC8PNZSaGZmAWvERr278XS6PPKI2I3Gi8NZ16drBnWdfG3cu4SLh1nKc-3u8iaYU7jmzeCjzA$" id="m_7355996677732884344LPlnk689713" style="text-decoration:none" target="_blank"><img src="cid:ii_196af89293fefc5760b1" width="100" height="100" border="0" alt="" style="width: 100px; min-width: 100px; max-width: 100px; height: 100px; min-height: 100px; max-height: 100px; font-size: 0px;"></a></td><td align="left" style="vertical-align:top"><table cellpadding="0" cellspacing="0" border="0" style="border-collapse:collapse;font-size:0px;line-height:normal"><tbody><tr style="font-size:0px"><td align="left" style="padding:0px;border-top:none;border-right:4px solid rgb(0,0,1);border-bottom:none;border-left:none;vertical-align:top"><img src="cid:ii_196af89293f1e8e4322" width="85" height="124.1" border="0" alt="" style="width: 85px; min-width: 85px; max-width: 85px; height: 124.1px; min-height: 124.1px; max-height: 124.1px; font-size: 0px;"></td></tr></tbody></table></td><td align="left" style="vertical-align:top"><table cellpadding="0" cellspacing="0" border="0" style="width:100%;border-collapse:collapse;font-size:0px"><tbody><tr style="font-size:0px"><td align="left" style="padding:7px 0px 0px 7px;vertical-align:top"><table cellpadding="0" cellspacing="0" border="0" style="white-space:normal;color:rgb(0,0,1);font-size:14.67px;font-family:Calibri,Arial,sans-serif;font-weight:400;font-style:normal;text-align:justify;line-height:14px;width:100%;border-collapse:collapse"><tbody><tr style="font-size:10.67px"><td style="font-family:Calibri,Arial,sans-serif"><span style="font-size:13px"><br>​We are the first IdentityServer partner to become a Certified B Corporation™.<br>​Head to our <span style="text-decoration:underline;color:rgb(58,19,205)"><a href="https://urldefense.com/v3/__https://www.rocksolidknowledge.com/mission-statement__;!!PwKahg!_oZpQyjahZpIjImVt2l6ty3_-UC8PNZSaGZmAWvERr278XS6PPKI2I3Gi8NZ16drBnWdfG3cu4SLh1nKc-3u8iaYU7jhI1Aj0A$" id="m_7355996677732884344LPlnk689713" title="https://www.rocksolidknowledge.com/mission-statement" style="text-decoration:none;color:rgb(58,19,205)" target="_blank">mission </a><a href="https://urldefense.com/v3/__https://www.rocksolidknowledge.com/mission-statement__;!!PwKahg!_oZpQyjahZpIjImVt2l6ty3_-UC8PNZSaGZmAWvERr278XS6PPKI2I3Gi8NZ16drBnWdfG3cu4SLh1nKc-3u8iaYU7jhI1Aj0A$" id="m_7355996677732884344LPlnk689713" title="https://www.rocksolidknowledge.com/mission-statement" style="text-decoration:none;color:rgb(58,19,205)" target="_blank">sta</a><a href="https://urldefense.com/v3/__https://www.rocksolidknowledge.com/mission-statement__;!!PwKahg!_oZpQyjahZpIjImVt2l6ty3_-UC8PNZSaGZmAWvERr278XS6PPKI2I3Gi8NZ16drBnWdfG3cu4SLh1nKc-3u8iaYU7jhI1Aj0A$" id="m_7355996677732884344LPlnk689713" title="https://www.rocksolidknowledge.com/mission-statement" style="text-decoration:none;color:rgb(58,19,205)" target="_blank">tement</a></span> to read more about the ways we’re using business as a force for good.<br>​<br>​Rock Solid Knowledge Ltd is a company registered in England and Wales under number 6811209.<br>Registered office: C2, Vantage Office Park, Old Gloucester Road, Bristol, BS16 1GW, United Kingdom<br>​Vat registered: GB948 1966 72</span><br></td></tr></tbody></table></td></tr></tbody></table></td></tr></tbody></table></td></tr></tbody></table></td></tr></tbody></table><span style="font-family:remialcxesans"> <span style="font-family:template-CbyZv7ONEe6-oGBFvdGUFw"> </span><span style="font-family:zone-1"> </span><span style="font-family:zones-AQ"> </span></span></div><div id="m_7355996677732884344appendonsend"></div> <hr style="display:inline-block;width:98%"> <div id="m_7355996677732884344divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> Openid-specs-authzen <<a href="mailto:openid-specs-authzen-bounces@lists.openid.net" target="_blank">openid-specs-authzen-bounces@lists.openid.net</a>> on behalf of Allan via Openid-specs-authzen <<a href="mailto:openid-specs-authzen@lists.openid.net" target="_blank">openid-specs-authzen@lists.openid.net</a>><br> <b>Sent:</b> 08 May 2025 11:40<br> <b>To:</b> AuthZEN Working Group List <<a href="mailto:openid-specs-authzen@lists.openid.net" target="_blank">openid-specs-authzen@lists.openid.net</a>><br> <b>Cc:</b> Allan <<a href="mailto:allan@macguru.com" target="_blank">allan@macguru.com</a>><br> <b>Subject:</b> Re: [Openid-specs-authzen] A question on resource identifiers for resources that do not exist yet</font> <div> </div> </div> <div dir="auto"><img id="m_7355996677732884344x_33E9E7E95914C65767B3BE393381C98E" alt="" width="0px" height="0px" src=""> <div id="m_7355996677732884344x_"> <div>hmmm</div> <div><br> </div> <div>surely customer is part of the resource?  and a create can simply use a resource ID of 0 or -1. or null</div> <div><br> </div> <div>allan</div> <div><br> </div> </div> <div id="m_7355996677732884344x_"> <div> <div style="font-family:Helvetica">--<br> Sent from <a href="https://urldefense.com/v3/__https://canarymail.io__;!!PwKahg!_oZpQyjahZpIjImVt2l6ty3_-UC8PNZSaGZmAWvERr278XS6PPKI2I3Gi8NZ16drBnWdfG3cu4SLh1nKc-3u8iaYU7iALaQ4yQ$" target="_blank">Canary</a></div> <div><br> </div> </div> </div> <div id="m_7355996677732884344x_CanaryDropbox"></div> <blockquote id="m_7355996677732884344x_"> <div> <div>On Thursday, May 08, 2025 at 12:34, David Brossard via Openid-specs-authzen <<a href="mailto:openid-specs-authzen@lists.openid.net" target="_blank">openid-specs-authzen@lists.openid.net</a>> wrote:<br> </div> <div> <div dir="ltr"> <div>Hi all,<br> </div> <div><br> </div> <div>Interesting use case from EIC: I want to write a policy that determines how a loan-to-be can be created.</div> <div><br> </div> <div>Managers can create a loan for a customer in their region up to their max allowed amount for the employee (and/or customer).</div> <div><br> </div> <div>The request would then be:</div> <div> <ul> <li>Can Alice the employee create loan with amount 1234?</li></ul> In this type of request, because the loan hasn't been created we do not have a  loan ID or resource ID. But, because AuthZEN makes the resource ID mandatory in the evaluation API, what approach do we want to recommend?</div> <div><br> </div> <div>David </div> <div dir="ltr"></div> </div> -- <br> Openid-specs-authzen mailing list <br> <a href="mailto:Openid-specs-authzen@lists.openid.net" target="_blank">Openid-specs-authzen@lists.openid.net</a> <br> <a href="https://urldefense.com/v3/__https://lists.openid.net/mailman/listinfo/openid-specs-authzen__;!!PwKahg!_oZpQyjahZpIjImVt2l6ty3_-UC8PNZSaGZmAWvERr278XS6PPKI2I3Gi8NZ16drBnWdfG3cu4SLh1nKc-3u8iaYU7gKBSldXg$" target="_blank">https://lists.openid.net/mailman/listinfo/openid-specs-authzen</a> <br> </div> </div> </blockquote> </div> </div> -- <br> Openid-specs-authzen mailing list<br> <a href="mailto:Openid-specs-authzen@lists.openid.net" target="_blank">Openid-specs-authzen@lists.openid.net</a><br> <a href="https://lists.openid.net/mailman/listinfo/openid-specs-authzen" rel="noreferrer" target="_blank">https://lists.openid.net/mailman/listinfo/openid-specs-authzen</a><br> </div></blockquote></div> -- <br>Openid-specs-authzen mailing list <br>Openid-specs-authzen@lists.openid.net <br>https://lists.openid.net/mailman/listinfo/openid-specs-authzen <br></div> </div> </blockquote> </body></html>