Authentication has had open standards for years. SAML, OAuth, OpenID Connect, the whole stack is mature and interoperable. Authorization did not get the same treatment. Every vendor built its own model, its own API, its own way of asking "can this user do this thing?", and none of them talked to each other.
That's the gap OpenID AuthZEN set out to close, and our CPO Alex Olivier has been co-chairing the working group since early on. Last month he and co-chair David Brossard accepted the Outstanding Project Recognition award for AuthZEN at the European Identity and Cloud Conference in Berlin. The award was presented by KuppingerCole and judged against a field of submissions from across the identity industry.
David put the problem plainly. Authentication has been well served by open standards for years, but authorization has always lagged behind. Gail Hodges, the OpenID Foundation's Executive Director, called the win a highly deserved acknowledgment of work that has put interoperable authorization on the map.
The timing matters more than it might seem. AI agents are starting to act on behalf of users across systems they don't own, and every one of those actions needs an authorization decision. Without a common protocol, every integration becomes bespoke, every enforcement point speaks a different dialect, and every mistake becomes harder to audit.
A shared standard fixes that. A policy decision point from one vendor can answer a question from an enforcement point built by another, the same way OIDC let identity providers and applications interoperate without custom glue between every pair. That interoperability is what turns authorization from a per-application problem into infrastructure you can reason about across a whole system.
The AuthZEN specification was formally ratified in January 2026, and we've backed the work from the start because we think this is where authorization is heading. Standards are how a category grows up. If you want to see what an AuthZEN-compliant decision looks like in practice, here's how Cerbos implements it.
Tagged in
