# Face-to-Face Search API Brainstorm ## Attendees - @alexbabeanu - @davidbrossard ## Documents - [Resource Search API](https://openid.github.io/authzen/#name-resource-search-api) - [Subject Search API](https://openid.github.io/authzen/#name-subject-search-api) ## Notes - Use Cases - Access review - what can happen? What can a user do? Managers can view medical records. - In this example, the actual list of things doesn't matter. - Data filtering - Data listing - Data masking - 2 kinds of search results - Predicate results e.g. search filters - Instantiated results e.g. the actual list of things a user has access to - A Search Request should be structured exactly like a "normal" Yes/No request with "missing" information - Normal request: Can Alice view record 1? - Search request: Which record can Alice view? { "subject" : "alice", "action" : "view", "object" : "medical record", "objId" : "1" } { "Permit" } { "subject" : "alice", "action" : "view", "object" : "medical record", } ["1", "2", "3"] { "subject" : "alice", "object" : "medical record", } [ {"1", ["view", "delete"]}, ]