Closed tr33 closed 9 months ago
It's all there already, the Subject is an object. Please re-read this section: https://github.com/openid/authzen/blob/main/authorization-api-1_0.md#resource-search-request
Closing this issue based on Alex's comment. Please re-open if you think this has not been addressed.
The operation in section "Resource Query" is currently defined as
Using action and resource parameters as input, but there is no reference to the subject in the input and the supposed output is undefined. The generic use case sounds like "give me all the resources (of some type) a specific user has access to".
Proposal: Define this query as "Resource Lookup Query" to query for all resources a given subject type can perform a given action. The resource-parameter should require either require no or certain criteria for the PDP to limit the space of resources (like "resource type" or additional attributes that describe a number of resources).
Proposed wording: