# Meeting Notes 2024-08-13 ## Attendees 👉 Add your names here omri gerry @alexbabeanu Roland Baum Vladi Elie Bjorn David H David B ## Agenda - Reminder to vote for Shared Signals drafts - https://openid.net/foundation/members/polls/334 - https://oidf.slack.com/archives/CBB3XM402/p1723507340270129 - Implementer's Draft - We need to update a few format issues in order to proceed - ToDo app updated to comply with 1.0 of the spec - https://hackmd.io/XWt55azWRYu-frHoREUPtw?view - proposal for payloads - Purely additive, simply adds id fields for subjects and resources without them - Tested with all implementations - they all pass! - Have not yet deployed the backend that generates the new payloads (still want to do some testing tomorrow before doing it) - KubeCon NA: Omri's talk on AuthZEN was accepted - https://events.linuxfoundation.org/kubecon-cloudnativecon-north-america/ - Nov 12-15, Salt Lake City, UT - Authenticate 2024, October 14-16, Carlsbad, CA - Interop on Tuesday October 15, followed by a report-out - Alex O - I've taken a stab at adding boxcarring to the todo app using to authorize a batch delete operation. Got everything running on a branch with a version of Cerbos supporting the current 1.1 API. I need to tidy it up a fair bit still but wanted to give an update as I'm fast asleep during the alternate-week call time. - IIW 39 - October 29-31 - Who is going? - OIDF Workshop is October 28, Omri is attending, can present our progress - Gartner IAM - December 9-11, Grapevine, TX - Breakout session on AuthZEN? ## Notes - Omri shared a payload doc that has proposed changes (marked before and after) to make it compliant with the 1.0 spec - every subject and resource has an id field - tried to make it backward compatible - https://hackmd.io/XWt55azWRYu-frHoREUPtw?both - all test suites previously run were successful - David will update the PostMan collections - Shared Signals voting - Omri mentions that we may want to create an AuthZEN profile to share authorization specific events between components or implementations. This would be especially useful for stateful PDPs - Alex B: We should consider adding something to the design patterns document - Implementer's Draft update - Feedback on submission where some items were missing/misconfigured - Still need - send xml version - address file naming to comply with reqs - Events update - Omri and one other panel at KubeCon - Authenticate: still trying to get 1.0 API approved by then and introp of 1.1 API - IIW: who is attending? - Omri - Gartner IAM: do we have a session on AuthZEN? - Homan offered a breakout session - Omri, David B and Gerry will be there - Boxcarring - Trying to keep backend the same for both versions of the API - Thanks to Alex O for the work he's done on the updates - David B: How do we go about reaching out to non authZ vendors to participate? - companies that have nothing to do with identity (like WorkDay, Salesforce) - identity providers (OAuth, OIDC implementers) - API gateways