[policy-charter] Link to PDP-PEP Interop WG Charter draft document

David Brossard david.brossard at gmail.com
Tue Jun 27 15:09:26 UTC 2023 

I added notes and comments in the Google Doc
<https://docs.google.com/document/d/1ijAaymAapYyeV_3qMVjuLtNzoskKsh7R/edit?pli=1>.
I think it is worth highlighting we're not after yet another standard
<https://xkcd.com/927/>. We want to:

   1. increase interoperability between existing standards. In my mind, the
   four horsemen of the ap-authz-calypse are ALFA, Cedar, OPA, and IDQL.
      1. interop from a policy management perspective
      2. interop from a runtime request/response perspective
   2. increase awareness of externalized authz so that software
   developers/owners/SaaS never rebuild their own
      1. Be the OAuth/SAML of authZ
      2. Define and propose standard authZ patterns
         1. use cases
         2. integration patterns


On Mon, Jun 26, 2023 at 8:42 AM Alex Babeanu via policy-charter <
policy-charter at lists.openid.net> wrote:

> Sounds good to me too.
> Thanks,
>
> ./\.
>
> On Fri, Jun 23, 2023 at 10:00 AM Andrew Hughes via policy-charter <
> policy-charter at lists.openid.net> wrote:
>
>> Anyone else want to weigh in on this?
>>
>> I'm onboard with Pieter's suggestion that the attached document describes
>> a deliverable of a larger work group - if so, I'd like to get closure on
>> the description quickly
>>
>> I hope it's a simple and non-controversial deliverable...
>>
>> Andrew Hughes
>> Director - Identity Standards
>> andrewhughes at pingidentity.com
>> Mobile/Signal: +1 250 888 9474
>>
>>
>>
>> On Mon, Jun 19, 2023 at 4:30 AM Pieter Kasselman via policy-charter <
>> policy-charter at lists.openid.net> wrote:
>>
>>> My perspective is that we should have one Work Group focused on
>>> authorization with multiple deliverables (e.g. OpenID Connect and SSF for
>>> example has multiple deliverables) to start with. This way everyone
>>> interested in the authorization topic has visibility into the different
>>> work items and we get the benefit of wider participation and review.
>>>
>>>
>>>
>>> Agreed that something with Authorization in the name would make sense,
>>> something like AuthZEN Framework (AuthoriZation ExchaNge Framework) or
>>> AuthIT/AuthZIT Framework (Authorization Interoperability Technology
>>> Framework)….
>>>
>>>
>>>
>>> *From:* policy-charter <policy-charter-bounces at lists.openid.net> *On
>>> Behalf Of *Allan Foster via policy-charter
>>> *Sent:* Friday, June 16, 2023 10:46 PM
>>> *To:* Policy Charter Mail List <policy-charter at lists.openid.net>
>>> *Cc:* Allan Foster <allan at macguru.com>
>>> *Subject:* Re: [policy-charter] Link to PDP-PEP Interop WG Charter
>>> draft document
>>>
>>>
>>>
>>> So,  I wonder if we should do two different WGs,  or one WG with two
>>> different standards…. (At least,  for now?)
>>>
>>>
>>>
>>> I am inclined to think the WG should be AuthZ something…….   and have
>>> two separate streams…. (or standards?)
>>>
>>>
>>>
>>> Thoughts
>>>
>>>
>>>
>>> Allan
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> On Friday, Jun 16, 2023 at 14:02, Alex Babeanu via policy-charter <
>>> policy-charter at lists.openid.net> wrote:
>>>
>>> Thanks Andrew!
>>>
>>> Added a first comment in there... The season's open!
>>>
>>>
>>>
>>> ./\.
>>>
>>>
>>>
>>> On Fri, Jun 16, 2023 at 11:50 AM Andrew Hughes via policy-charter <
>>> policy-charter at lists.openid.net> wrote:
>>>
>>> Here is the document I have started - the link puts you into "suggest"
>>> mode. Please add text with self-attribution. Be respectful of others'
>>> contributions.
>>>
>>>
>>>
>>>
>>>
>>>
>>> https://docs.google.com/document/d/1ijAaymAapYyeV_3qMVjuLtNzoskKsh7R/edit?usp=sharing&ouid=110252403279221684258&rtpof=true&sd=true
>>>
>>>
>>>
>>>
>>> [image: Ping Identity] <https://www.pingidentity.com/>
>>>
>>> *Andrew Hughes*
>>> Director - Identity Standards
>>> andrewhughes at pingidentity.com
>>>
>>> *Connect with us: *
>>>
>>> [image: Glassdoor logo]
>>> <https://www.glassdoor.com/Overview/Working-at-Ping-Identity-EI_IE380907.11,24.htm>[image:
>>> LinkedIn logo] <https://www.linkedin.com/company/21870>[image: twitter
>>> logo] <https://twitter.com/pingidentity>[image: facebook logo]
>>> <https://www.facebook.com/pingidentitypage>[image: youtube logo]
>>> <https://www.youtube.com/user/PingIdentityTV>[image: Blog logo]
>>> <https://www.pingidentity.com/en/blog.html>
>>>
>>>
>>> <https://www.pingidentity.com/en/company/championing-every-identity/dei.html?utm_source=direct%20to%20website&utm_medium=emailsig>
>>>
>>>
>>>
>>>
>>> *CONFIDENTIALITY NOTICE: This email may contain confidential and
>>> privileged material for the sole use of the intended recipient(s). Any
>>> review, use, distribution or disclosure by others is strictly prohibited.
>>> If you have received this communication in error, please notify the sender
>>> immediately by e-mail and delete the message and any file attachments from
>>> your computer. Thank you.*--
>>> policy-charter mailing list
>>> policy-charter at lists.openid.net
>>> https://lists.openid.net/mailman/listinfo/policy-charter
>>>
>>>
>>>
>>>
>>> --
>>>
>>> [image: This is Alexandre Babeanu's card. Their email is
>>> alex at 3edges.com. Their phone number is +1 604 728 8130.]
>>> <https://hihello.me/p/cda689b1-0378-4b9c-88cf-33a9bc8ef0c5>
>>>
>>>
>>> CONFIDENTIALITY NOTICE: This e-mail message, including any attachments
>>> hereto, is for the sole use of the intended recipient(s) and may contain
>>> confidential and/or proprietary information.
>>> --
>>> policy-charter mailing list
>>> policy-charter at lists.openid.net
>>> https://lists.openid.net/mailman/listinfo/policy-charter
>>>
>>> --
>>> policy-charter mailing list
>>> policy-charter at lists.openid.net
>>> https://lists.openid.net/mailman/listinfo/policy-charter
>>>
>>
>> *CONFIDENTIALITY NOTICE: This email may contain confidential and
>> privileged material for the sole use of the intended recipient(s). Any
>> review, use, distribution or disclosure by others is strictly prohibited.
>> If you have received this communication in error, please notify the sender
>> immediately by e-mail and delete the message and any file attachments from
>> your computer. Thank you.*--
>> policy-charter mailing list
>> policy-charter at lists.openid.net
>> https://lists.openid.net/mailman/listinfo/policy-charter
>>
>
>
> --
> [image: This is Alexandre Babeanu's card. Their email is alex at 3edges.com.
> Their phone number is +1 604 728 8130.]
> <https://hihello.me/p/cda689b1-0378-4b9c-88cf-33a9bc8ef0c5>
>
> CONFIDENTIALITY NOTICE: This e-mail message, including any attachments
> hereto, is for the sole use of the intended recipient(s) and may contain
> confidential and/or proprietary information.
> --
> policy-charter mailing list
> policy-charter at lists.openid.net
> https://lists.openid.net/mailman/listinfo/policy-charter
>


-- 
---
David Brossard
http://www.linkedin.com/in/davidbrossard
http://twitter.com/davidjbrossard
http://about.me/brossard
---
Stay safe on the Internet: http://www.ic3.gov/preventiontips.aspx
Prenez vos précautions sur Internet:
http://www.securite-informatique.gouv.fr/gp_rubrique34.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/policy-charter/attachments/20230627/78784bd1/attachment-0001.html>

More information about the policy-charter mailing list