# Meeting Notes 2024-10-22 ## Attendees Eve Maler Phil Hunt Omri Gazitt Gerry Gebel Christopher Hendrix Elie Azerad David Hyland ## Agenda - AuthZEN is one year old! - Yay for us :-) - Recap of Authenticate - Omri shares some thoughts on the event as well as the interop itself - Five implementers were on site - There are a total of 11 implementations - We have heard of three others that are being worked on - On Wednesday there was a recap session with focus on lessons learned - Review comments/feedback on 1.1 - Phil: can we include an application identifier in the request. Explained here: https://github.com/openid/authzen/issues/164 - Andres of OpenFGA had a similar question - We do need to decide whether to add hostname URL, URL path components, custom HTTP headers or a particular property within a context for routing purposes - Phil: If a PDP system is default deny unless permitted, then most responses can have no reason because no permission was matched. - Reasons are optional - Phil: Ordering in multi decision requests. App can ask a series of questions where if the first one fails, they all fail. Another case is bulk processing: SCIM has some experience with this approach. Even if there are errors on some of the individual requests, I still want all the responses. - There is the fast fail scenario and the case where the PEP wants answers to all queries. We didn't add the semantics in the current spec.