From michael_b_jones at hotmail.com Mon Oct 9 21:29:11 2023 From: michael_b_jones at hotmail.com (Michael Jones) Date: Mon, 9 Oct 2023 21:29:11 +0000 Subject: [policy-charter] [OIDFSC] Updated charter for Authorization Exchange (AuthZEN) working group In-Reply-To: References: Message-ID: I approve. This version addresses my previous comments. -- Mike From: specs-council On Behalf Of Gerry Gebel via specs-council Sent: Friday, September 29, 2023 11:09 AM To: openid-specs-council at lists.openid.net; Policy Charter Mail List Cc: Gerry Gebel Subject: [OIDFSC] Updated charter for Authorization Exchange (AuthZEN) working group Hello Specifications Council, The charter for this proposed working group (AuthZEN) has been updated based on comments and feedback received. Please see attached for the new versions. Regards, Gerry -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: Charter Proposal for Authorization Exchange (AuthZEN) working group V2.pdf Type: application/pdf Size: 74502 bytes Desc: Charter Proposal for Authorization Exchange (AuthZEN) working group V2.pdf URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: Charter Proposal for Authorization Exchange (AuthZEN) working group V2.docx Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document Size: 325506 bytes Desc: Charter Proposal for Authorization Exchange (AuthZEN) working group V2.docx URL: From atul at sgnl.ai Mon Oct 9 21:56:41 2023 From: atul at sgnl.ai (Atul Tulshibagwale) Date: Mon, 9 Oct 2023 14:56:41 -0700 Subject: [policy-charter] Fwd: Advanced Syntax for Claims In-Reply-To: References: Message-ID: Hi all, Omri and I had the opportunity to present the AuthZEN proposed WG to the OpenID Foundation Workshop today. It was received quite well, I think. There is this one question that I received from Mark over email, which I am sharing here. Thanks, Atul ---------- Forwarded message --------- From: Mark Haine Date: Mon, Oct 9, 2023 at 2:29?PM Subject: Advanced Syntax for Claims To: allan at macguru.com , omri at aserto.com , atul at sgnl.ai Hi Guys, I think there?s a bit of cross over between AuthZen and some work of the eKYC & IDA Working Group? https://openid.bitbucket.io/ekyc/openid-connect-advanced-syntax-for-claims.html This is not finished but we are hoping to get to Implementer?s draft 1 fairly soon. Mark +44 (0) 777 555 0344 | mark at considrd.consulting | considrd.consulting | 30 The Grange, Irvine. KA11 2EU [image: considrd.consulting logo] [image: signature_3026856128] [image: OpenID Logo] -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.png Type: image/png Size: 22131 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image002.png Type: image/png Size: 5567 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image003.png Type: image/png Size: 6114 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.png Type: image/png Size: 22131 bytes Desc: not available URL: From omri at aserto.com Mon Oct 9 22:00:19 2023 From: omri at aserto.com (Omri Gazitt) Date: Mon, 9 Oct 2023 15:00:19 -0700 Subject: [policy-charter] OpenID Foundation Workshop presentation Message-ID: Hey folks, Just a quick update from the OIDF workshop this afternoon. Atul and I presented slides that summarized the motivation, goals, deliverables, and submitters of the AuthZEN WG charter. Here are the slides (thanks Atul for putting these together on short notice!) According to Mike Jones, the OIDF board is working on charter approval by this Saturday. For those who are coming to IIW in person, looking forward to seeing you this week! And connecting with everyone during our meeting on Thursday 12pm-2pm pacific time. -- Omri Gazitt | CEO Aserto Inc. | (425) 765-0079 -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: AuthZEN WG Update.pptx Type: application/vnd.openxmlformats-officedocument.presentationml.presentation Size: 166394 bytes Desc: not available URL: From alex at 3edges.com Mon Oct 9 22:17:11 2023 From: alex at 3edges.com (Alex Babeanu) Date: Mon, 9 Oct 2023 15:17:11 -0700 Subject: [policy-charter] OpenID Foundation Workshop presentation In-Reply-To: References: Message-ID: Thanks Omri, that's great. Was planning to be there, but the plane was super late, so I just joined online... Looking forward to connecting this week ! ./\. On Mon, Oct 9, 2023 at 3:00?PM Omri Gazitt via policy-charter < policy-charter at lists.openid.net> wrote: > Hey folks, > > Just a quick update from the OIDF workshop this afternoon. Atul and I > presented slides that summarized the motivation, goals, deliverables, and > submitters of the AuthZEN WG charter. Here are the slides (thanks Atul for > putting these together on short notice!) > > According to Mike Jones, the OIDF board is working on charter approval by > this Saturday. > > For those who are coming to IIW in person, looking forward to seeing you > this week! And connecting with everyone during our meeting on Thursday > 12pm-2pm pacific time. > > > -- > > > > Omri Gazitt | CEO > > Aserto Inc. | (425) 765-0079 > -- > policy-charter mailing list > policy-charter at lists.openid.net > https://lists.openid.net/mailman/listinfo/policy-charter > -- [image: This is Alexandre Babeanu's card. Their email is alex at 3edges.com. Their phone number is +1 604 728 8130.] -- CONFIDENTIALITY NOTICE: This e-mail message, including any attachments hereto, is for the sole use of the intended recipient(s) and may contain confidential and/or proprietary information. -------------- next part -------------- An HTML attachment was scrubbed... URL: From gerry at strata.io Fri Oct 13 23:01:07 2023 From: gerry at strata.io (Gerry Gebel) Date: Fri, 13 Oct 2023 16:01:07 -0700 Subject: [policy-charter] IIW session notes for AuthZEN Message-ID: Here is a summary of the discussion points from the IIW in-person session on Oct 12: Attendees (from the sign up sheet, we may have missed a few): Atul T David B Mark B Alex B Omri G Roland B Andrew H Phil H Darin M Eve M Allan F Jacob I Mark H Bjorn H Matt M Nancy C-W Xingiun C Judith F Daniel L Ashkan S Gerry G Since we had some new folks in the room, Atul and Omri reviewed the presentation that was shown at the OIDF workshop on Monday of this week. Allan also recounted the two Identiverse meetings that led to the formation of AuthZEN. We also talked about the initial work that has been scoped out so far, namely the PEP to PDP flow and transport of policies from admin service to decision engine. Other aspects such as management of data used by decision engines was also mentioned. In addition, there was agreement that we need to document use cases, deployment patterns, best practices, and guidance. How will the output of AuthZEN relate to OAuth 2.0? There was quite a bit of discussion on this topic since OAuth is used in so many access control scenarios, whether this group approves of that approach or not. Ultimately, the use case and recommended patterns that AuthZEN produces must clearly articulate situations where and how fine grained or externalized authZ systems work with OAuth based models. Who is the audience, stakeholder, buyer that we should be thinking about? Are they developers, product owners, CISO, auditors, other? Eve suggested that we think like a startup and what is the product market fit for any new standard. Community outreach and evangelism will be important. Enterprises like Netflix, Airbnb and Workday were mentioned as possible collaborators that can help get the word out into the industry. Typical drivers are to make money, save money or reduce risk - we need to map to these motivations. *Logistics and next steps:* - Weekly zoom meetings will start on Oct 17 - We will attempt to record meetings - Once OIDF formally approves AuthZEN, there will be a new email list and all participants must sign an agreement regarding IP - There is an OIDF Slack channel, but is not ready for us to use yet - More details to follow as we learn them. Feel free to add or comment on anything that I missed Gerry -------------- next part -------------- An HTML attachment was scrubbed... URL: