Meeting Notes 2025-07-08

# Meeting Notes 2025-07-08 ## Attendees * David Brossard * Jeff Lombardo * Alex Olivier * Julio Auto De Medeiros * Michiel Trimpe * Rajiv Rajani * Travis Farrell * Vatsal Gupta * George Fletcher * Gerry Gebel * Victor Lu * Alex Babeanu ## Agenda - Schedule for this call going forward - resource_id conclusions - Pagination pull request #341 - More open issues to discuss - 278 Inconsistent use of reason... - 268 Security section needs details on Client AuthN failure - 250 Deny_on_first_deny... examples are cumbersome - 230 Search API statistics needed - 55 Sign access decision? - 46 and 47 Device ID and IP address - AuthZEN briefings for Forrester and KuppingerCole ## Notes ### Agenda Suggestion - Keep the 11am PT as is and switch the 3pm PT to a time more amenable to Europe. We need to check with APAC folks (Dave H.) whether that's ok and what times would work for them. - On the current call 4 of 9 individuals are in the European time zones (CET and BST) ### Resource ID Conclusion - See https://github.com/openid/authzen/issues/329 - We want to keep resource ID mandatory for the time being - All interops assumed mandatory resource IDs - Graph implementations require resource ID - Could we make the resource ID a SHOULD rather than a MUST? - Could we make 2 sets of interops? One that requires the identifier and one that 'SHOULD's the interop? - Jeff suggests we're here to create a standard that facilitates integrations and that as a result, we should make resource ID a SHOULD. - We need to ask graph implementers why a mandatory resource ID is necessary. - Do we need to invite Alex B, Omri, and Michael Krotscheck to present their views? - We need ReBAC examples - Possible wording: if a resource identifier is present, it MUST be passed into the AuthZEN request as the resource `id`. - Alex Babeanu explained that we need a resource ID in graph-based systems - George and David both pointed out that using resource ID to represent the parent is overloading semantics - Ideally we'd use a `parent` or `next-of-kin` identifier in the creation cases. - Jeff/Michiel suggest using the properties object - We need to call a dedicated meeting to solve the issue and move forward with the standardization of 1.0 (Fall '25') ### Pagination pull request 341 - All to review https://github.com/openid/authzen/pull/341 - Michiel and Omri added comments. Michiel agrees with Omri that adding obligations is confusing - The work should be split across 2 PRs - Pagination work - Context work ### Analyst Briefings #### Forrester Briefing (Gerry & Andras Cser) - Forrester is interested in writing more on new standards and possibly hosting interops - Gerry will let the group know when Forrester is ready to move forward #### Kuppinger Cole - Gerry has another briefing with Nitish from KC - David will post the [slides](https://www.slideshare.net/slideshow/openid-authzen-analyst-briefing-july-2025/281411886) for the briefing to Slideshare for all to get access to