<div dir="auto">Hi Eric, thanks for joining the mailing list and for your question!</div><div dir="auto"><br></div><div dir="auto">The header is meant to function as an (optional) correlation mechanism between requests and responses, that is triggered by the client. If the client wants to use this mechanism, it can do so using the header you mentioned. </div><div dir="auto"><br></div><div dir="auto">A PDP is free to add other headers to the response, which could be used for purposes such as logging as you mentioned, but specifying any additional mechanisms is out of scope for v1. </div><div dir="auto"><br></div><div dir="auto">We could consider adding other mechanisms in a future version. </div><div dir="auto"><br></div><div dir="auto">Thanks,</div><div dir="auto">Omri. </div><div><br><div class="gmail_quote gmail_quote_container"><div dir="ltr" class="gmail_attr">On Mon, Nov 17, 2025 at 2:14 AM Eric Leleu via Openid-specs-authzen <<a href="mailto:openid-specs-authzen@lists.openid.net">openid-specs-authzen@lists.openid.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;padding-left:1ex;border-left-color:rgb(204,204,204)"><div dir="ltr"><div><div><p style="font-family:"Google Sans Text",sans-serif;line-height:1.15;margin-top:0px">Hello everyone,<br><br>I recently joined this mailing list after signing the Contribution Agreement.<br><br>First and foremost, thank you all for the tremendous work you have put into this specification.<br><br>During the Public Review Period, I would like to ask a question regarding the X-Request-ID header. Please excuse me if this is not the appropriate forum for this inquiry.<br><br>The specification states that the generation of the identifier is the responsibility of the PEP (Policy Enforcement Point) and that it must be returned in the response (section-10.1.3).<br><br>However, in cases where the PEP does not transmit this header, shouldn't the PDP (Policy Decision Point) be required to generate one and provide it in the response headers?<br><br>I believe this behavior could be valuable for auditing and debugging purposes regardless of client behavior. What is your opinion on this point ?</p></div><div>Best regards,</div><div>Eric LELEU</div></div><div><br></div><span class="gmail_signature_prefix">-- </span><br><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><span><div dir="ltr" style="margin-left:0pt" align="left"><table style="border:medium;border-collapse:collapse"><colgroup><col width="118"><col width="305"></colgroup><tbody><tr style="height:124.818926pt"><td style="border-width:0.990765pt;border-style:solid;vertical-align:top;padding:5pt;overflow:hidden;border-color:rgb(255,255,255) rgb(217,217,217) rgb(255,255,255) rgb(255,255,255)"><br><span style="border:medium;display:inline-block;overflow:hidden;width:84px;height:80px"><img src="https://lh7-qw.googleusercontent.com/docsz/AD_4nXeTtsh5_4js2bF4xwLkbvfkWdnIscD4xAKfnNSsi2QQoLriRONykM18g_1VXwfPhLORdvpJrY0QzEe-2byI6GvDO_85u6zr9OjdE1Ni_6p1wtY3-qgQ_73zMwu5UainbPY8J8pq?key=kMQ5K8D4nlMb9fiw8P9jDP8s" width="84" height="80" style="margin-left: 0px; margin-top: 0px;"></span><br><p dir="ltr" style="line-height:1.38;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Roboto,sans-serif;font-weight:700;vertical-align:baseline;background-color:transparent;color:rgb(0,0,0)"> </span></p></td><td style="border-width:0.990765pt;border-style:solid;vertical-align:top;padding:5pt;overflow:hidden;border-color:rgb(255,255,255) rgb(255,255,255) rgb(255,255,255) rgb(217,217,217)"><br><p dir="ltr" style="line-height:1.2;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Kanit,sans-serif;font-weight:700;vertical-align:baseline;background-color:transparent;color:rgb(0,0,0)">Eric LELEU </span></p><p dir="ltr" style="line-height:1.2;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Kanit,sans-serif;vertical-align:baseline;background-color:transparent;color:rgb(0,0,0)">Staff Software Engineer / AM Teach Lead</span></p><p dir="ltr" style="line-height:1.2;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Kanit,sans-serif;vertical-align:baseline;background-color:transparent;color:rgb(0,0,0)">E </span><a href="mailto:your.name@graviteesource.com" target="_blank"><span style="font-size:11pt;font-family:Kanit,sans-serif;vertical-align:baseline;background-color:transparent;color:rgb(17,85,204)">eric.leleu@graviteesource.com</span></a><span style="font-size:11pt;font-family:Kanit,sans-serif;vertical-align:baseline;background-color:transparent;color:rgb(0,0,0)"> </span></p><br><p dir="ltr" style="line-height:1.2;margin-top:0pt;margin-bottom:0pt"><span style="font-size:11pt;font-family:Kanit,sans-serif;vertical-align:baseline;background-color:transparent;color:rgb(0,0,0)">Hold Nothing Back</span></p></td></tr></tbody></table></div><span style="font-size:11pt;font-family:Arial,sans-serif;font-weight:700;vertical-align:baseline;background-color:transparent;color:rgb(34,34,34)"> </span><a href="http://youtube.com/c/Graviteesource?sub_confirmation=1" target="_blank"><span style="font-size:11pt;font-family:Arial,sans-serif;font-weight:700;vertical-align:baseline;background-color:transparent;color:rgb(17,85,204)"><span style="border:medium;display:inline-block;overflow:hidden;width:48px;height:48px;font-family:Arial,sans-serif"><img src="https://lh7-qw.googleusercontent.com/docsz/AD_4nXfm2HQdKupLwmOCISbirkl9St-opEPRa0VL4EscOnigRp0gmVtQvkvUtuQh86j8B3r2EbGJZias47w5nCoXHhiuiKumiMmvxqevYIkQs-Zq_KCwn4tmWNBl3xgFPpGKWg?key=kMQ5K8D4nlMb9fiw8P9jDP8s" width="48" height="56.3649095411792" style="margin-left: 0px; margin-top: 0px; font-family: Arial, sans-serif;"></span></span></a><span style="font-size:11pt;font-family:Arial,sans-serif;font-weight:700;vertical-align:baseline;background-color:transparent;color:rgb(34,34,34)"> </span><a href="https://www.linkedin.com/company/gravitee-io" target="_blank"><span style="font-size:11pt;font-family:Arial,sans-serif;font-weight:700;vertical-align:baseline;background-color:transparent;color:rgb(17,85,204)"><span style="border:medium;display:inline-block;overflow:hidden;width:36px;height:40px;font-family:Arial,sans-serif"><img src="https://lh7-qw.googleusercontent.com/docsz/AD_4nXdanddCBT27CO9wUP7QJMIYz6h4ee2gMwGH3Apc7JnSMhhPuqvE_Q2gK1WXdcPNLcTD5-BInLTyfPYOQoDkJWGolu5A8P0wZ8ZHtkxl68bHTlVGHUW2vOvDbqciAxUNnPyXlmh_Fg?key=kMQ5K8D4nlMb9fiw8P9jDP8s" width="36" height="39.99999999999998" style="margin-left: 0px; margin-top: 0px; font-family: Arial, sans-serif;"></span></span></a></span></div></div></div>
-- <br>
Openid-specs-authzen mailing list<br>
<a href="mailto:Openid-specs-authzen@lists.openid.net" target="_blank">Openid-specs-authzen@lists.openid.net</a><br>
<a href="https://lists.openid.net/mailman/listinfo/openid-specs-authzen" rel="noreferrer" target="_blank">https://lists.openid.net/mailman/listinfo/openid-specs-authzen</a><br>
</blockquote></div></div>