# Identiverse AuthZEN Interop Demo See https://hackmd.io/@oidf-wg-authzen/identiverse-2025-interop for updated details and instructions. ## Scenario The next interoperability demonstration will focus on the Search API (Draft 03). https://openid.github.io/authzen/ ### Description We have a basic web app that allows users to get access to `records`. Records have metadata associated with them: - owner - department - status (draft, published, archived) Users have metadata associated with them: - username - role - department We have the following basic rules: - a user can view a record they own - a user can view any record in their department - a manager can view a record - any user can edit a record they own - a manager can edit a record in their department - a user can delete a record they own ### Users Define sample users here #### Sample User Data ``` [ { "name": "alice", "role": "manager", "department": "Sales" }, { "name": "bob", "role": "employee", "department": "Legal" }, { "name": "carol", "role": "contractor", "department": "Legal" }, { "name": "dan", "role": "manager", "department": "Finance" }, { "name": "erin", "role": "employee", "department": "Finance" }, { "name": "felix", "role": "contractor", "department": "Accounting" } ] ``` See also github (interop\authzen-search-demo\data\users.json) ### Data (Items) Sample records are defined in interop\authzen-search-demo\data\records.json #### Sample Records ``` ``` ## Demo App The Demo App is a simple UX that has 3 options: 1. User search (who can view record X?) 2. Resource search (which records can Alice view?) 3. Action search (what action can Alice do on record X?) The Demo App lets the end-user choose the record identifier and action. The Demo App lets the end-user choose the PDP endpoint. The Demo has a button called "Search" which, when clicked, sends the AuthZEN search request to the backend and gets a response back and visualizes it on-screen. ## Conformance Tests Once the sample data is defined, we can write the conformance tests. ### Conformance Payloads ## App Hosting - Investigate either Axiomatics, Hexa, or David B's personal GCP - Each PDP needs to handle their own data store given the search response contains the data - The 'Demo App' is just a glorified, stateless, PEP ## Participants & Schedule - Confirmed: Axiomatics (David), Cerbos (Alex O), Ping (via David H), SGNL (Atul), PlainID (Vladi), Permit.io (Gabriel), Thales (Cyril), AWS (Jeff), IndyKite (Alex B), EmpowerID (Patrick), Apache KIE (Elie), WSO2 (Hasintha), Topaz (Omri) ### Schedule - April 16th - Use case defined - Sample data defined - Conformance tests defined - May 2nd - Demo app is up and running - May 19th - Participants have run through the conformance tests ## On-site logistics - TBD ## Assignments - Demo app & sample data: @davidbrossard - Host the demo app - Jeff will see if AWS can host the demo app - Vladi will help with the backend development - Create conformance test - Manage the config file with compliant implementations - Alex O also offered to work on this - Participant outreach: @gerryatstrata - On-site logistics: *TBD* - Liaison with OpenID (Marketing, etc): - Clone datasheet and produce new one - Remove todo app and add search use case: *TBD* - Vladi, David H, and Atul also asked what they could do to help