<div dir="ltr">Couldn't the resource be a higher level entity? e.g. the Region? the customer? the bank branch? If it's B2B, the organization? <div><br></div></div><br><div class="gmail_quote gmail_quote_container"><div dir="ltr" class="gmail_attr">On Thu, May 8, 2025 at 7:46 AM Andrew Clymer via Openid-specs-authzen <<a href="mailto:openid-specs-authzen@lists.openid.net">openid-specs-authzen@lists.openid.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div class="msg7355996677732884344">




<div dir="ltr">
<div>
<p><strong>This message originated outside your organization.</strong></p><br>
  <hr><br>
</div>
<div style="font-family:"Aptos Display","Aptos Display_EmbeddedFont","Aptos Display_MSFontService","Calibri Light","Helvetica Light",sans-serif;font-size:12pt;color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:"Aptos Display","Aptos Display_EmbeddedFont","Aptos Display_MSFontService","Calibri Light","Helvetica Light",sans-serif;font-size:12pt;color:rgb(0,0,0)">
Sounds to me that resource Id shouldn't be mandatory, or that the resource Id is for the collection of loans. Passing a resource ID of 0 works, but that just feels like a magic value.</div>
<div style="font-family:"Aptos Display","Aptos Display_EmbeddedFont","Aptos Display_MSFontService","Calibri Light","Helvetica Light",sans-serif;font-size:12pt;color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:"Aptos Display","Aptos Display_EmbeddedFont","Aptos Display_MSFontService","Calibri Light","Helvetica Light",sans-serif;font-size:12pt;color:rgb(0,0,0)">
Andy</div>
<div dir="ltr" style="font-size:1px;direction:ltr"><table cellpadding="0" cellspacing="0" border="0" style="width:100%;border-collapse:collapse;font-size:1px"><tbody><tr style="font-size:0px"><td align="left"><table dir="ltr" cellpadding="0" cellspacing="0" border="0" style="background-color:rgb(255,255,255);direction:ltr;border-collapse:collapse;font-size:0px"><tbody><tr style="font-size:0px"><td align="left" style="vertical-align:top"><table cellpadding="0" cellspacing="0" border="0" style="width:100%;border-collapse:collapse;font-size:0px"><tbody><tr style="font-size:0px"><td align="left" style="vertical-align:top;line-height:normal"><a href="https://urldefense.com/v3/__https://registry.blockmarktech.com/certificates/53f9a3ba-4ba6-4879-8b4d-5f5d3a413118/__;!!PwKahg!_oZpQyjahZpIjImVt2l6ty3_-UC8PNZSaGZmAWvERr278XS6PPKI2I3Gi8NZ16drBnWdfG3cu4SLh1nKc-3u8iaYU7jmzeCjzA$" id="m_7355996677732884344LPlnk689713" style="text-decoration:none" target="_blank"><img src="cid:ii_196af89293fefc5760b1" width="100" height="100" border="0" alt="" style="width: 100px; min-width: 100px; max-width: 100px; height: 100px; min-height: 100px; max-height: 100px; font-size: 0px;"></a></td><td align="left" style="vertical-align:top"><table cellpadding="0" cellspacing="0" border="0" style="border-collapse:collapse;font-size:0px;line-height:normal"><tbody><tr style="font-size:0px"><td align="left" style="padding:0px;border-top:none;border-right:4px solid rgb(0,0,1);border-bottom:none;border-left:none;vertical-align:top"><img src="cid:ii_196af89293f1e8e4322" width="85" height="124.1" border="0" alt="" style="width: 85px; min-width: 85px; max-width: 85px; height: 124.1px; min-height: 124.1px; max-height: 124.1px; font-size: 0px;"></td></tr></tbody></table></td><td align="left" style="vertical-align:top"><table cellpadding="0" cellspacing="0" border="0" style="width:100%;border-collapse:collapse;font-size:0px"><tbody><tr style="font-size:0px"><td align="left" style="padding:7px 0px 0px 7px;vertical-align:top"><table cellpadding="0" cellspacing="0" border="0" style="white-space:normal;color:rgb(0,0,1);font-size:14.67px;font-family:Calibri,Arial,sans-serif;font-weight:400;font-style:normal;text-align:justify;line-height:14px;width:100%;border-collapse:collapse"><tbody><tr style="font-size:10.67px"><td style="font-family:Calibri,Arial,sans-serif"><span style="font-size:13px"><br>​We are the first IdentityServer partner to become a Certified B Corporation™.<br>​Head to our <span style="text-decoration:underline;color:rgb(58,19,205)"><a href="https://urldefense.com/v3/__https://www.rocksolidknowledge.com/mission-statement__;!!PwKahg!_oZpQyjahZpIjImVt2l6ty3_-UC8PNZSaGZmAWvERr278XS6PPKI2I3Gi8NZ16drBnWdfG3cu4SLh1nKc-3u8iaYU7jhI1Aj0A$" id="m_7355996677732884344LPlnk689713" title="https://www.rocksolidknowledge.com/mission-statement" style="text-decoration:none;color:rgb(58,19,205)" target="_blank">mission </a><a href="https://urldefense.com/v3/__https://www.rocksolidknowledge.com/mission-statement__;!!PwKahg!_oZpQyjahZpIjImVt2l6ty3_-UC8PNZSaGZmAWvERr278XS6PPKI2I3Gi8NZ16drBnWdfG3cu4SLh1nKc-3u8iaYU7jhI1Aj0A$" id="m_7355996677732884344LPlnk689713" title="https://www.rocksolidknowledge.com/mission-statement" style="text-decoration:none;color:rgb(58,19,205)" target="_blank">sta</a><a href="https://urldefense.com/v3/__https://www.rocksolidknowledge.com/mission-statement__;!!PwKahg!_oZpQyjahZpIjImVt2l6ty3_-UC8PNZSaGZmAWvERr278XS6PPKI2I3Gi8NZ16drBnWdfG3cu4SLh1nKc-3u8iaYU7jhI1Aj0A$" id="m_7355996677732884344LPlnk689713" title="https://www.rocksolidknowledge.com/mission-statement" style="text-decoration:none;color:rgb(58,19,205)" target="_blank">tement</a></span> to read more about the ways we’re using business as a force for good.<br>​<br>​Rock Solid Knowledge Ltd is a company registered in England and Wales under number 6811209.<br>Registered office: C2, Vantage Office Park, Old Gloucester Road, Bristol, BS16 1GW, United Kingdom<br>​Vat registered: GB948 1966 72</span><br></td></tr></tbody></table></td></tr></tbody></table></td></tr></tbody></table></td></tr></tbody></table></td></tr></tbody></table><span style="font-family:remialcxesans"> <span style="font-family:template-CbyZv7ONEe6-oGBFvdGUFw"> </span><span style="font-family:zone-1"> </span><span style="font-family:zones-AQ"> </span></span></div><div id="m_7355996677732884344appendonsend"></div>
<hr style="display:inline-block;width:98%">
<div id="m_7355996677732884344divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> Openid-specs-authzen <<a href="mailto:openid-specs-authzen-bounces@lists.openid.net" target="_blank">openid-specs-authzen-bounces@lists.openid.net</a>> on behalf of Allan via Openid-specs-authzen <<a href="mailto:openid-specs-authzen@lists.openid.net" target="_blank">openid-specs-authzen@lists.openid.net</a>><br>
<b>Sent:</b> 08 May 2025 11:40<br>
<b>To:</b> AuthZEN Working Group List <<a href="mailto:openid-specs-authzen@lists.openid.net" target="_blank">openid-specs-authzen@lists.openid.net</a>><br>
<b>Cc:</b> Allan <<a href="mailto:allan@macguru.com" target="_blank">allan@macguru.com</a>><br>
<b>Subject:</b> Re: [Openid-specs-authzen] A question on resource identifiers for resources that do not exist yet</font>
<div> </div>
</div>
<div dir="auto"><img id="m_7355996677732884344x_33E9E7E95914C65767B3BE393381C98E" alt="" width="0px" height="0px" src="https://receipts.canarymail.io/track/AE980BFE3A76DE71B7ADC1325DB56676_33E9E7E95914C65767B3BE393381C98E.png">
<div id="m_7355996677732884344x_CanaryBody">
<div>hmmm</div>
<div><br>
</div>
<div>surely customer is part of the resource?  and a create can simply use a resource ID of 0 or -1. or null</div>
<div><br>
</div>
<div>allan</div>
<div><br>
</div>
</div>
<div id="m_7355996677732884344x_CanarySig">
<div>
<div style="font-family:Helvetica">--<br>
Sent from <a href="https://urldefense.com/v3/__https://canarymail.io__;!!PwKahg!_oZpQyjahZpIjImVt2l6ty3_-UC8PNZSaGZmAWvERr278XS6PPKI2I3Gi8NZ16drBnWdfG3cu4SLh1nKc-3u8iaYU7iALaQ4yQ$" target="_blank">Canary</a></div>
<div><br>
</div>
</div>
</div>
<div id="m_7355996677732884344x_CanaryDropbox"></div>
<blockquote id="m_7355996677732884344x_CanaryBlockquote">
<div>
<div>On Thursday, May 08, 2025 at 12:34, David Brossard via Openid-specs-authzen <<a href="mailto:openid-specs-authzen@lists.openid.net" target="_blank">openid-specs-authzen@lists.openid.net</a>> wrote:<br>
</div>
<div>
<div dir="ltr">
<div>Hi all,<br>
</div>
<div><br>
</div>
<div>Interesting use case from EIC: I want to write a policy that determines how a loan-to-be can be created.</div>
<div><br>
</div>
<div>Managers can create a loan for a customer in their region up to their max allowed amount for the employee (and/or customer).</div>
<div><br>
</div>
<div>The request would then be:</div>
<div>
<ul>
<li>Can Alice the employee create loan with amount 1234?</li></ul>
In this type of request, because the loan hasn't been created we do not have a  loan ID or resource ID. But, because AuthZEN makes the resource ID mandatory in the evaluation API, what approach do we want to recommend?</div>
<div><br>
</div>
<div>David </div>
<div dir="ltr"></div>
</div>
-- <br>
Openid-specs-authzen mailing list <br>
<a href="mailto:Openid-specs-authzen@lists.openid.net" target="_blank">Openid-specs-authzen@lists.openid.net</a> <br>
<a href="https://urldefense.com/v3/__https://lists.openid.net/mailman/listinfo/openid-specs-authzen__;!!PwKahg!_oZpQyjahZpIjImVt2l6ty3_-UC8PNZSaGZmAWvERr278XS6PPKI2I3Gi8NZ16drBnWdfG3cu4SLh1nKc-3u8iaYU7gKBSldXg$" target="_blank">https://lists.openid.net/mailman/listinfo/openid-specs-authzen</a> <br>
</div>
</div>
</blockquote>
</div>
</div>

-- <br>
Openid-specs-authzen mailing list<br>
<a href="mailto:Openid-specs-authzen@lists.openid.net" target="_blank">Openid-specs-authzen@lists.openid.net</a><br>
<a href="https://lists.openid.net/mailman/listinfo/openid-specs-authzen" rel="noreferrer" target="_blank">https://lists.openid.net/mailman/listinfo/openid-specs-authzen</a><br>
</div></blockquote></div>