Meeting Notes 2025-05-27

# Meeting Notes 2025-05-27 ## Attendees ## Agenda - Search Interop status - 2H goals for AuthZEN WG - iShare Foundation objectives with respect to AuthZEN ## Notes The Identiverse [session is on Tuesday](https://identiverse.com/idv25/session/?idvid=2843747) at 1:30pm PT. ### Search Interop Identiverse 2025 - Ping (Dave H), EmpowerID (Patrick), and Axiomatics (David) are still aiming to deliver the interop in time for next week - Alex (Indykite) might be able to deliver - Jeff (AWS) is the person updating the app with new endpoints - Alex (Cerbos) added a field to display the endpoint of the service being called - Jeff (AWS) recommends all endpoints be secured ### 2H Goals for the WG (2025) - Reminder: [H1 roadmap](https://hackmd.io/@oidf-wg-authzen/roadmap) #### Immediate Next Steps - The meeting after Identiverse should be focused on gathering feedback from the Search Interop - We can consider changes to update and produce draft 4 and take it to implementer's draft #### Adoption Work - Integration waves - Wave zero: all the PDPs ✅ - Wave one: API gateways ✅ (March 2025) - Wave two: IdPs ➡️ Authenticate 2025 - Wave three: ➡️ Non-IAM products e.g. business apps (COTS and SaaS) such as Salesforce, Workday... - Wave four: ➡️ data platforms (Snowflake) as an application of `partial evaluation` and `search`. #### Profile work - We can also consider AuthZEN profiles for different verticals or areas (healthcare, government...) - Flowing identities as JWT tokens - XACML Profile of AuthZEN or AuthZEN Profile of XACML - API Gateway Profile - What about an AI MCP AuthZEN or AI A2A AuthZEN profile? - Event Delivery using Shared Signals for AuthZEN - attribute refresh - decision notification - Tokenization of decisions --> Tokenetes and more - What about `Obligations`/`Advice` to enrich decisions? #### SDK Development - Add AuthZEN clients/SDKs in different languages that live in those languages' natural repositories (e.g. npm.js) to increase adoption ### Guest presenter Rajiv Rajani, CTO iShare Foundation - iShare is a trust framework aimed at organizations who want to share/exchange data with other organizations - In the platform authorization happens just in time when you access the data - At the moment of access the provider can check whether the end-user is allowed to access the data. Two options 1. The user can present a signed token (pre-authz) 2. Check via API call - See https://framework.ishare.eu/version-2.0.1/readme/detailed-descriptions/technical/structure-of-delegation-evidence - See https://github.com/eclipse-dataspace-drp/DataRightsProfile ![image](https://hackmd.io/_uploads/SJeq5FXGgl.png)