- From: elf Pavlik <elf-pavlik@hackers4peace.net>
- Date: Tue, 01 Jul 2025 09:37:44 -0600
- To: public-lws-wg@w3.org
Hello, On 2025-07-01 02:07, Jesse Wright wrote: > Authorization - what has been attempted (including WAC, ACP, SAI), > what industry solutions are there (e.g. what does AWS, GDrive) use for > their permissioning system. > * > Authentication [...] > If you are not a member of LWS please still reach out if you would > like to lead on a particular topic. Similarly, if you think of someone > who would be good to invite as an expert on the topic - do let us > know. I would be happy to lead or even better co-lead, given the breadth and depth of this topic. I think AuthZ and AuthN should be worked on together. First of all plain AuthN seems mostly relevant for user authenticating with a client. When it comes to storage/resource server, AuthN seems to always be a dependency of AuthZ, where access policies rely on agents identities. In some approaches to access delegation, AuthN and AuthZ are also very closely integrated. When it comes to discovery over protected datasets, I also see need to closely coordinate it with authorization to ensure desired privacy properties. Since this topic is very broad, I've been mostly focusing on * Authorizing clients, with emphasis on cases where Resource Owner and End user are different * More general access delegation * Discovery of protected data in privacy preserving manner * Access policies using relations in protected data (including some exploration of ReBAC and Google's Zanzibar) Best regards, elf Pavlik
Received on Tuesday, 1 July 2025 15:37:52 UTC