Meeting notes 2023-12-12

## Agenda 👉 _Add items that you would like to cover on the call_ 👈 - Reminder: Upcoming holiday schedule - No meetings on 12/26 and 1/2/24 - Define the first use case (update from @xmlgrrl) - Why other frameworks and prior art (update from @davidbrossard) - Design patterns document - Review comments from @alexbabeanu, @xmlgrrl, and others on [Authorization Design Patterns](/H2a8WW2vTjOc5xy4Tm85oQ) - PEP-PDP Patterns Document: https://hackmd.io/@oidf-wg-authzen/BJ0kLlnB6 - Review comments ## Attendees 👉 _Write your name down if you plan to attend_. 👈 - @gerryatstrata - @alexbabeanu - @davidbrossard - @omrig Omri Gazitt (30 min late) - Roland Baum - Dani Katzman - Rifaat Shekh-Yusef - Jeff Broberg - @xmlgrrl - Dave Hyland - Elie Azerad - Victor Lu - Ash Narkar - Jamie Lin - Atul Tulshibagwale (SGNL) ## Notes ### How to join OpenID slack - Contact Mike for an invite: mike.leszcz@oidf.org ### Use Case Work (Eve) - Eve will present during next week's call ### PEP-PDP Patterns Document - We need to finalize the PDP API design first before we can talk about the PEP-PDP patterns - Alternatively we need to make sure the 2 docs are cleanly separate. There is overlap currently - Alex suggests we should start from use cases (Eve's doc) - Then define Roland's doc: technical use cases - Then go to the spec (Atul's doc) ### Article - Gerry wrote an article for Forbes Technology on AuthZEN... it will publish shortly ### Identiverse - CfP deadline is 1/5/24 - @gerryatstrata and @davidbrossard to submit - a panel proposal - an update from the WG (similar to RSA) - @gerryatstrata and @davidbrossard will follow up with Andi Hindle re. floor space for AuthZEN (or OpenID?) ### Interop - Define expectations - List of participating vendors/stacks - Define the "client": Postman collection? Glitch site? - Define deadlines - Interop at RSA '24 or Identiverse → Implementer's draft - T - 2 months: spec is ready ~ early March - T - 3 months: agree on all the issues that will be part of the first draft of the spec ~ early Feb - T - 4 months: work through / define issues & requirements. ### Prior Art See this document for PEP-PDP standards prior art: [Prior Art](https://hackmd.io/@oidf-wg-authzen/prior-art-pep-pdp) ### Design patterns document - Review comments from @alexbabeanu, @xmlgrrl, and others on [Authorization Design Patterns] - Conversation around authorization stemming from the OAuth world vs. authorization stemming from the "dynamic" world (XACML/OPA). - Omri mentions both approaches are valid and we need to provide guidance which model is useful when. - Let's define the canonical use cases for both styles ### Splitting into sub-calls - David to set up a call for the PDP API spec - @davidbrossard - Atul - @omri - Rifaat - Elie - Sean O'Dell - Alex to set up a call for the design patterns - @alexbabeanu - @gerryatstrata - Dani Katzman - Dave Hyland - Roland Baum - Omri - Rifaat - Elie - Jeff Broberg - Sean O'Dell