[policy-charter] Identiverse 2023 policy discussion meeting notes

Gerry Gebel gerry at strata.io
Thu Jun 1 00:18:36 UTC 2023 

Hi all -

Here is my attempt at capturing the essence of our meeting today to discuss
policy standardization possibilities. Feel free to correct or expand on any
point.

Attendees: MUFG (Hutch), AWS (Julian, Darren, Dean), 3Edges (Alex), Nulli
(Derek), Strata (Topher, Granville, Gerry), Microsoft (Pam, Pieter, Danny),
Spiffe (Evan), ForgeRock (Steve), Sgnl (Atul), PlainId (Gal), OpenId
(Scott), Independent (Allan)

Summary
It was agreed that two possible work streams are worthy of further
discussion and would be valuable to the industry:
1. The PEP - PDP communication is very similar across multiple
implementations, such as in XACML, Open Policy Agent, Amazon Verified
Permissions and other implementations.

2. Admin Policy Push: Can access policies be written in a generic format
and translated/pushed to various runtime evaluation/enforcement systems?

**Note: Both of the above items would naturally include the gathering and
documentation of relevant use cases.

A sampling of the discussion:
Allan started the session by recounting that we held a similar meeting at
Identiverse 2022 but the mailing list quickly fizzled out. However, a lot
has happened in the past year around authorization with a renewed interest
and focus evidenced by track topics and presentations at recent Gartner
IAM, EIC and Identiverse conferences. In fact, Andre Durand and Alex
Simmons spoke directly about authorization in their respective keynotes
this week. Therefore, it seems that there must be something that this group
of people could work together on.

The open discussion pretty quickly centered around the two work streams
summarized above, since they were a couple of obvious candidates that could
result in tangible outcomes.

Next steps:
We are posting these notes to the OIDF policy charter list to see if there
are more comments to include from the meeting or if anyone has had
additional thoughts to share.

>From there, we will have to organize around the two streams to see who
wants to actively work on each or both moving forward. I am happy to help
organize the Admin Policy Push group - are there any volunteers for the
PEP-PDP group?

Best regards,
Gerry
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/policy-charter/attachments/20230531/cf442f9a/attachment.html>

More information about the policy-charter mailing list