Skip to content
On-demand recording | SAP IdM End of Life: Migration Without Disruption | With Deloitte · 60 min Watch recording
STANDARD

OpenID AuthZEN-draft04 — Primer

OpenID AuthZEN Draft‑04 consolidates models and endpoints: evaluation (single/batch) and query (search) with obligations/advice.

Visual representation of OpenID AuthZEN-draft04 standard
← All standards

Why it matters

Standards reduce risk and vendor lock‑in. We implement this spec across our Studios and runtime so policy is portable.

Where it’s enforced

  • Gateway: pre‑execution gating (plan/schema pins, params/egress)
  • Shield: inline budgets/stream caps/content checks
  • PDP: decisions with constraints/obligations/TTL
  • IdP: passports, token exchange, consent/DPoP

How it works (high level)

Draft‑04 consolidates endpoints and models: /access/v1/evaluation (single), /access/v1/evaluations (batch), /access/v1/query (search). Requests use AuthorizationRequest; responses carry decision, obligations, advice, and optional status.

sequenceDiagram autonumber participant Client participant PDP participant RS as Resource Server Client->>PDP: POST /access/v1/evaluation (AuthorizationRequest) PDP-->>Client: AuthorizationResponse { decision, obligations } Client->>RS: Enforce constraints/obligations

References

← OpenID AuthZEN
All standards
OpenID AuthZEN-search →