Comments (8)
👍 from me to broadening the scope of this panel to general Authorization (not just app-specific).
from authorization-panel.
Just to mention one more reason which I consider in favor of broadening the scope. While discussing @bblfish proposal of HTTP Signatures solid/authentication-panel#18 we also touched WebID Access Delegation. I see potential in unifying delegation and app authorizations into one feature that provides more granularity, user could delegate to app (authorize it) to have a subset of access modes that user has. Even if this direction turns out as dead end, it just makes sense to me to address all the authorization related aspects together.
from authorization-panel.
That there are overlapping issues between closely related panels is a point I made in issue 22: Thinking Authorization and Authentication together.
from authorization-panel.
It is true that there is overlap between Authentication and Authorization, especially along the axis of WebID (and possibly DID). However, it is worth noting the the technical infrastructure and protocols used by authN and authZ tend to be quite different; authZ is typically (though not necessarily) tied to a resource server while authN is often handled by an independent component using a variety of potential protocols (OAuth, OIDC, SAML, WebID-OIDC, TLS-OIDC, etc). But perhaps more importantly, the specification document produced by an authZ panel will be independent from the document(s) produced by an authN panel, which suggests a stronger level of separation. That said, I imagine that there will be considerable overlap in the participants of these two panels.
from authorization-panel.
To my understanding @RubenVerborgh suggests that we need to make progress on more broad AuthZ, to my understanding clarfy current state of WAC #33 and how we plan to use for App Authorization which currently acl:origin
attempts to address in very limited way. As I understood we don't need to wait for AuthN panel to make progress.
Personally I think we should broaden the scope to general AuthZ, which includes:
- User Authorizations
- App Authorizations
I hope we can include it in agenda for our next meeting.
Where in practice User who may not have acl:Control
access to the resource(s) can stll grant subset of one's own access to specific applications. Preferably WAC will provide vocabulary to handle both cases.
The overlap with AuthN seem to relate to identifying the User (WebID) and identifying the Application #30 where currently for both RS relies on information in token issued by OP.
from authorization-panel.
Today only 3 people could join the meeting and we didn't want to make that decision, let's try to prioritize it for next week or even try to agree earlier directly here in the issue.
from authorization-panel.
I think we can close this one since we resolved it last week
from authorization-panel.
Sounds good. Panel's been renamed, closing.
from authorization-panel.
Related Issues (20)
- Required Credentials Discovery HOT 6
- support Trig serialization of Access Control Resources
- define a 2nd relation for ACRs to go with "acl" HOT 1
- Ideas for access modes and corresponding operations in the Protocol HOT 53
- acp:CreatorAgent logic HOT 5
- place meeting minutes on "draft-minutes" branch HOT 3
- Process Point of Order in meeting 2021-09-29 HOT 15
- ACP Draft design flaw HOT 18
- Distinction between policies which can be enforced by technology and by law HOT 5
- Enforce a secure default for client restrictions HOT 5
- Consider ACP matcher for conditional by relationship
- Update authorization-ucr's editors HOT 5
- Specify that the modes available are calculated using the resolution algorithm.
- Remove acp:mode from Context properties HOT 2
- Cannot match a context that contains a client/issuer HOT 4
- ACP vocabulary base URI problems HOT 1
- Serve ACP vocabulary from its base URI
- Authorization focused meetings HOT 13
- Clarify and/or mitigate risks related to negation (acp:deny) HOT 2
- ACP acronym also used for: Authoritative Claims Provider (OIDC + VC)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from authorization-panel.