tr33
tr33
"Common Actions" currently defines 4 CRUD and one generice "access" action. are those normative and mandatory for PDP/PEP spec compliance? How should a PDP response, in cases a common action...
A PDP may involve third party components into policy evaluation as a sub-query, i.e. a Policy Information Point (PIP) which holds additional information about the resource/subjects relationships or other metadata...
Ref "Subjects" contains definition for subject entity with a mandatory "id" attribute. There is no definition of a **subject** **type** - contrary to "resource", which has a mandatory **type**. In...
IP addresses belong to the network layer and may not be available to the PEP or may not affect many AuthZ decision requests. If the subject is identified through its...
The "subject" has a definition for "deviceId": > deviceId: : OPTIONAL. A field, whose value is of type string, which uniquely identifies the device of the Subject What exactly is...
**Describe the feature** There is an extension to the OIDC flow called _OpenID Connect Client-Initiated Backchannel Authentication Flow_ (CIBA). CIBA introduces new authentication flow in which RPs, that can obtain...