# Meeting Notes 2025-01-28 ## Attendees * Alex Babeanu * Eve Maler * Roland Baum * Amos Alubala * Davyd Hyland * Omri Gazitt * David Brossard * Gerry Gebel * Vladi Berger ## Agenda - API 1.0 draft 02 published: https://openid.net/specs/authorization-api-1_0-02.html - 30 minutes: Review proposed interop profile for London Gartner IAM - https://hackmd.io/ecYxP6uxSCm5X0RexkAM2g?view - 30 minutes: Review latest Search API proposal - https://hackmd.io/SL-AKfCZR6CB-NNrLjSxyg ## Notes ### Housekeeping - Gail & the co-chairs had a call to discuss AuthZEN roadmap and OIDC processes. Gail suggested Joseph Heenan join one of our calls to talk about conformance tests. She also brought up security testing for our protocol ### Interop London Gartner IAM - [Gartner IAM London: API Gateway Interop Scenario](https://hackmd.io/ecYxP6uxSCm5X0RexkAM2g?view) - It would be great if we could add another use case whereby an IdP calls out to AuthZEN via the Search API to enrich the access token - API gateways will focus on medium-grained (functional) access control - The backend app will focus on fine-grained (transactional) access control - Dave Hyland: not all gateways are equivalent. Some can be more fine-grained/coarse-grained. #### Action Items - Omri is handling AWS API Gateway & Zuplo - Vladi commits to implementing AuthZEN for Kong - David to reach out to L7, Axway, and 42crunch #### Confirmed attendees - Omri - David B. - Alex Olivier - Josh Twist, Zuplo - Vladi, Gerry TBD ### Search API Proposal - [Search API {#search-api}](https://hackmd.io/SL-AKfCZR6CB-NNrLjSxyg) - 2 searches: - subject search - resource search - Restricting to these 2 approaches makes the API easier to use and consume - We conclude we want 2 separate APIs - Resource search - Subject search - We are considering an action-centric search - What action can Alice do on record 123?