[Openid-specs-risc] [External Sender] Authorization Events
Alex Babeanu
alex at 3edges.com
Tue Jun 20 16:07:16 UTC 2023
Hi George, Exactly! it would be great to have authorization
request/response events, indeed for continuous authZ, and also to decouple
PEP/PDP/PAP/PIP. I think a streaming architecture would enable better
performance overall for AuthZ systems (I'm currently researching this
part)... creating an "Authorization Mesh".
The request/response could convey not only changes in relevant data
(involved in policies), but also requests/responses like:
- is subject authorized to access resource?
- what is subject authorized to access?
- what subject(s) can access resource?
Any thoughts?
Thanks and regards,
./\.
On Tue, Jun 20, 2023 at 6:16 AM George Fletcher <
george.fletcher at capitalone.com> wrote:
> Hi Alex,
>
> What would the Authorization Event "trigger"? Are you thinking of an event
> that captures an Authorization result (policy passed/failed)? I do think
> there is a need for "continuous authorization" like we have for "continuous
> authentication".
>
> Thanks,
> George
>
> On Tue, Jun 20, 2023 at 1:44 AM Alex Babeanu via Openid-specs-risc <
> openid-specs-risc at lists.openid.net> wrote:
>
>> Hello,
>>
>> I just joined the list, as I have a question, and sorry but not sure if
>> there is a protocol in place for such things...
>>
>> In any case, I can see tremendous opportunity in defining an Event
>> specific to Authorization. This event could be an authorization request or
>> response. Note: authorization happens after authentication. I realise we
>> could use a CAEP Claim change event to derive authorization, but I think we
>> would need more...
>>
>> Anyway, is this the right group to discuss this topic?
>>
>> Many thanks and regards,
>>
>> ./\lex.
>> --
>> [image: This is Alexandre Babeanu's card. Their email is alex at 3edges.com.
>> Their phone number is +1 604 728 8130.]
>> <https://urldefense.com/v3/__https://hihello.me/p/cda689b1-0378-4b9c-88cf-33a9bc8ef0c5__;!!FrPt2g6CO4Wadw!OvD-xdCR0jETK4oZeXCVTaQZy0mED6vVDhO3qdkHsrSsTX1dzriI-uxG1JpRVmoZp3CVekPEejbjV833sVdizCIjxVFJH1LWjYCtUyV8$>
>>
>> CONFIDENTIALITY NOTICE: This e-mail message, including any attachments
>> hereto, is for the sole use of the intended recipient(s) and may contain
>> confidential and/or proprietary information.
>> _______________________________________________
>> Openid-specs-risc mailing list
>> Openid-specs-risc at lists.openid.net
>>
>> https://urldefense.com/v3/__https://lists.openid.net/mailman/listinfo/openid-specs-risc__;!!FrPt2g6CO4Wadw!OvD-xdCR0jETK4oZeXCVTaQZy0mED6vVDhO3qdkHsrSsTX1dzriI-uxG1JpRVmoZp3CVekPEejbjV833sVdizCIjxVFJH1LWjWfit2Kd$
>>
> ------------------------------
>
> The information contained in this e-mail is confidential and/or
> proprietary to Capital One and/or its affiliates and may only be used
> solely in performance of work or services for Capital One. The information
> transmitted herewith is intended only for use by the individual or entity
> to which it is addressed. If the reader of this message is not the intended
> recipient, you are hereby notified that any review, retransmission,
> dissemination, distribution, copying or other use of, or taking of any
> action in reliance upon this information is strictly prohibited. If you
> have received this communication in error, please contact the sender and
> delete the material from your computer.
>
>
>
>
>
--
[image: This is Alexandre Babeanu's card. Their email is alex at 3edges.com.
Their phone number is +1 604 728 8130.]
<https://hihello.me/p/cda689b1-0378-4b9c-88cf-33a9bc8ef0c5>
--
CONFIDENTIALITY NOTICE: This e-mail message, including any attachments
hereto, is for the sole use of the intended recipient(s) and may contain
confidential and/or proprietary information.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-risc/attachments/20230620/a2d0b799/attachment.html>
More information about the Openid-specs-risc
mailing list