The OpenID Foundation is pleased to announce the new Authorization Exchange (AuthZEN) Working Group. AuthZEN will focus on specific areas of interoperability by documenting common authorization patterns, define standard mechanisms, protocols and formats for communication between authorization components, and recommend best practices for developing secure applications https://lnkd.in/eD6h_U-Z
It’s not very clear from the link what use cases are the focus for this WG. An elephant in the room is OAuth adoption in scenarios where RO is not really the resource owner, but is subject to entitlements to the resource, which could be fine grained and/or coarse grained. I feel that user not being a true resource owner needs to be recognized as a first class citizen.
Omri Gazitt
2y
Excited to get going on this! #authorati FTW :)
Colin Powell
2y
In most of the SDLC I’ve seen where the company created their own authZ implementation, this WG’s charter is very much needed. In other scenarios, I don’t really see the need - using the cloud vendors’ libraries to auth and/or have singleton instances of your authorization handlers is simple enough.
Advisor - Builder | IAM & AI Trust and Security
2yFantastic OpenID Foundation! I'm looking forward to being an active participant.