# Meeting Notes 2025-02-11 ## Attendees - omri Gazitt - David Brossard - Michiel Trimpe - Vladi Berger - Amos Alubala - Gerry Gebel - Eve Maler - Alex Babeanu - Roland Baum - Mark Berg - Victor Lu ## Agenda - Open API spec: we are asking for a volunteer to write this up - Interop demo - what we have so far - Confirming participation at Gartner IAM in London - Aserto - Axiomatics - Cerbos - PlainID (not able to attend in person) - Okta FGA (may not be able to send someone) - Zuplo - SGNL - Curity (potential) - Layer7 (potential) - 42Crunch (potential) - Partial evaluation feedback - Action Search draft - https://hackmd.io/DQcL9fXfSW6EsxEp_DefRg?view - AlexB: - Should we sign authzen requests and/or responses? Tokenize authzen? - conveying from Dave H. : GTWY integration granularity - should conform to standards (e.g., FAPI) ## Notes - Open API spec: Michiel offered to create a draft - JSON schema is here: https://github.com/openid/authzen/tree/main/api/schemas - Interop - two additional selects plus the original are normalized (1_0-00, 1_0-01 and 1_0-02) - API gateway selector and Gateway PDP selector - Repo includes code for AWS and Envoy gateways - Test harness review - Results table for PDPs that have passed compliance - Create a pull request to add a gateway or PDP for the API gateway scenarios - Partial evaluation feedback - David, Vladi, and Michiel will schedule a break out session - Should AuthZEN requests and responses be signed? - Agreement on the call that this should not be in the spec, but security suggestions could be part of an implementation guide - Some discussion around fine grained vs coarse grained authZ at the gateway - Proxied from David H via Alex B - shouldn't the interop follow conventions like FAPI. - There is no blocker in the spec, it's that there are some limitations in the demo set up. Specifically the gateway does not have enough context to make fine grained requests.