From bb4685d89765914a8c4ddd8095b2f6abe9402c1f Mon Sep 17 00:00:00 2001 From: Omri Gazitt Date: Wed, 28 Jun 2023 14:50:21 -0700 Subject: [PATCH 1/3] Policy Distribution Point -> Policy Decision Pont --- authorization-api-1_0.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/authorization-api-1_0.md b/authorization-api-1_0.md index 5e95825..91a3aef 100644 --- a/authorization-api-1_0.md +++ b/authorization-api-1_0.md @@ -54,7 +54,7 @@ normative: --- abstract -The Authorization API enables Policy Distribution Points (PDPs) and Policy Enforcement Points (PEPs) to communicate authorization requests and decisions to each other without requiring knowledge of each other's inner workings. The Authorization API is served by the PDP and is called by the PEP. The Authorization API includes an Evaluations endpoint, which provides specific access decisions and a Search endpoint, which provides generalized access capabilities. +The Authorization API enables Policy Decision Points (PDPs) and Policy Enforcement Points (PEPs) to communicate authorization requests and decisions to each other without requiring knowledge of each other's inner workings. The Authorization API is served by the PDP and is called by the PEP. The Authorization API includes an Evaluations endpoint, which provides specific access decisions and a Search endpoint, which provides generalized access capabilities. --- middle From c43f2e28616bf1dda94961e22810d22c8938a877 Mon Sep 17 00:00:00 2001 From: Omri Gazitt Date: Wed, 28 Jun 2023 15:00:02 -0700 Subject: [PATCH 2/3] remove OAuth 2.0 as requirement --- authorization-api-1_0.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/authorization-api-1_0.md b/authorization-api-1_0.md index 91a3aef..c18b31d 100644 --- a/authorization-api-1_0.md +++ b/authorization-api-1_0.md @@ -32,6 +32,9 @@ contributor: # Same structure as author list, but goes into contributors - name: Erik Gustavson org: SGNL email: erik@sgnl.ai +-name: Omri Gazitt + org: Aserto + email: omri@aserto.com normative: RFC4001: # text representation of IP addresses @@ -63,7 +66,9 @@ The Authorization API enables Policy Decision Points (PDPs) and Policy Enforceme Computational services often implement access control within their components by separating Policy Decision Points (PDPs) from Policy Enforcement Points (PEPs). PDPs and PEPs are defined in XACML ({{XACML}}). Communication between PDPs and PEPs follows similar patterns across different software and services that require or provide authorization information. The Authorization API described in this document enables different providers to offer PDP and PEP capabilities without having to bind themselves to one particular implementation of a PDP or PEP. ## Model -The Authorization API is a REST API published by the PDP, to which the PEP acts as a client. The Authorization API is itself authorized using OAuth 2.0 ({{RFC6749}}) +The Authorization API is a REST API published by the PDP, to which the PEP acts as a client. + +Authorization for the Authorization API itself is out of scope for this document, since authorization for REST APIs is well-documented elsewhere. For example, the Authorization API MAY support authorization using an `Authorization` header, using a `basic` or `bearer` token. Support for OAuth 2.0 ({{RFC6749}}) is RECOMMENDED. ## Features The Authorization API has two main features: From 7ec64892a641e0af8385ecdd40bcda5dcee844bb Mon Sep 17 00:00:00 2001 From: Omri Gazitt Date: Wed, 28 Jun 2023 15:03:08 -0700 Subject: [PATCH 3/3] fixed yaml in markdown --- authorization-api-1_0.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/authorization-api-1_0.md b/authorization-api-1_0.md index c18b31d..36b7952 100644 --- a/authorization-api-1_0.md +++ b/authorization-api-1_0.md @@ -32,7 +32,7 @@ contributor: # Same structure as author list, but goes into contributors - name: Erik Gustavson org: SGNL email: erik@sgnl.ai --name: Omri Gazitt +- name: Omri Gazitt org: Aserto email: omri@aserto.com