Announcing AuthZEN – the next iteration in authorization standards

Many of you will be familiar with Randall Munroe’s fantastic xkcd cartoon site. He’s even got a strip for what I’m going to talk about… Standards.

Fortunately, the charging one has been solved now that we've all standardized on mini-USB. Or is it micro-USB? Shit.
Permanent link to this comic:
Randall Munroe’s take on standards – see original here.

I’d been a member and editor of the XACML Technical Committee for about a decade until I decided to move on to the world of Consumer Identity (CIAM) before returning a few months ago to my first love. In the time I was away, new standards emerged (Rego, Oso, Cedar, Zanzibar) and so it felt about time I hopped onto the standardization bandwagon again to promote and streamline authorization. Lo and Behold AuthZEN.

My peers Atul Tulshibagwale (SGNL) and Omri Gazitt (Aserto) gave this excellent presentation on the goals of the AuthZEN WG at the Internet Identity Workshop 37 in Sunnyvale.

We hope to see many of you join in our efforts to standardize authorization and progress its adoption. As per the charter, we have 3 main goals:

  1. Increase interoperability between existing standards and approaches to authorization
  2. Define and formalize interoperable communication patterns between major authZ components
  3. Establish and promote the use of externalized authZ as the preferred pattern.