A Deranged Greeting Card from Authenticate - Unauthorized Edition

Greetings from a busy week at FIDO’s Authenticate 2024!
As I write this newsletter, the AuthZen Interop live session is underway. While attendees heard from the working group chairs (Omri, Alex, David, and Atul) on Monday, this will enable them to see firsthand what an interop looks like, ask questions, and engage participants in deeper conversations about the work of AuthZen.
Here’s Omri describing what’s going on this week.
Standards Updates
GNAP is now RFC9635 - Congrats to Justin Richer and all who worked on this project!
From the RFC Abstract: “The Grant Negotiation and Authorization Protocol (GNAP) defines a mechanism for delegating authorization to a piece of software and conveying the results and artifacts of that delegation to the software.”
And here’s a throwback from Justin in 2017 musing on Vectors of Trust, which found some expression in NIST’s 800-63.
Industry News
“IndyKite today announced it has joined open source project CAMARA, a Linux Foundation open source community addressing telco industry API interoperability, and partnered with Deutsche Telekom to provide richer services to customers.
. . . Further, through a new partnership with Deutsche Telekom, IndyKite will enable access to Telekom’s Magenta Business APIs to enhance decision power and design intelligent services like consent management, dynamic authorization, trusted data sharing, AI and more.”
Pangea published a writeup on RBAC vs ReBAC vs ABAC for your next
argumentauthZ discussion.
Randomness
The world is full of wonders. I highly suggest that you read the warnings and caveats section. Here’s a taste (pun intended) of what you’ll find:
“3) This is not a joke provider. Or, it kind of is a joke, but even though it's a joke it will still order you a pizza. You are going to get a pizza. You should be careful with this provider, if you don't want a pizza.”
Scale AI and CAIS are excited to announce the launch of Humanity's Last Exam, a project aimed at measuring how close we are to achieving expert-level AI systems. Top 50 questions earn $5K apiece . . .
What would the authorization-related question be? (Maybe we can crowd source and split the profits.)
Moment of Zen
Finally…. your moment of zen, so to speak:
Random find from the Trustworthy archives @ Stanford. Tell me that photo above doesn’t look like a creation of GenAI. (It just needs more poodles.)