OpenID Foundation AuthZEN Working Group Announces Interop Results

Published by Cerbos on May 28, 2024
OpenID Foundation AuthZEN Working Group Announces Interop Results

Conformance with the AuthZEN request/response protocol marks significant milestone in simplifying and standardizing authorization approaches

LAS VEGAS, NV, USA, May 28, 2024 / -- The OpenID Foundation AuthZEN Working Group announced today that select leading authorization vendors successfully achieved conformance with the AuthZEN request/response protocol, marking a significant step in bringing interoperability and standardization to the authorization market. The industry leaders include 3Edges, Aserto, Axiomatics, Cerbos,, Rock Solid Knowledge,, Strata Identity and Thales, demonstrating their commitment to documenting common authorization patterns, defining standard mechanisms for communication between authorization components, and recommending best practices for developing secure applications.

Established through the OpenID Foundation, the AuthZEN Working Group’s focus is to tackle the complexities of authorization, to promote decoupling and externalizing authorization logic from applications, and to simplify the implementation of a robust authorization layer that can be edited and audited with ease within diverse application environments. With members from leading authorization vendors, the group aims to unify and standardize the way authorization decisions are enforced across varying platforms, with an initial focus on a specification that ensures interoperability and integration between policy enforcement points and decision points. This initiative draws on the expertise of leading companies in the security and authorization space, fostering a collaborative approach to enhancing the scalability and security of access control systems.

The AuthZEN Working Group is currently focused on three key areas to improve interoperability:

1. Defining a standard for the communication flow between policy enforcement points and policy decision engines.

2. Creating a standard for communicating access policies to policy decision points.

3. Identifying and documenting common usage patterns and recommended best practices.

The working group recently completed successful interoperability testing, which included a defined interop scenario in the form of a Todo application. Participating companies including 3Edges, Aserto, Axiomatics, Cerbos,, Rock Solid Knowledge,, Strata Identity and Thales achieved success in this testing.

The AuthZEN Working Group is open to all organizations committed to the goal of improving interoperability and standardization in authorization. For more information, visit and


Gail Hodges, executive director for OpenID Foundation

"As more and more players offer externalized authorization, it is critical that we ensure safe and secure patterns across implementations. The OpenID Foundation led the standardization of authentication protocols with OpenID Connect and now, ten years later, we are proud to host the AuthZEN Working Group as they seek to do the same for authorization."

Derek Small, co-founder and president for 3Edges

"The OpenID AuthZEN Working Group is tackling authorization challenges faced by organizations of every nature and size. Dynamic authorization is cataloging the rich authorization patterns that support authorization decisions between organizations and varying platforms. As this Working Group continues its mission to address interoperability and standards in support of authorization policies of today and those of the future, 3Edges remains committed to supporting the critical workings of the AuthZEN Working Group and to supporting this interop at Identiverse 2024.”

Omri Gazitt, co-founder and CEO for Aserto

"Interoperable authentication is mostly a solved problem, thanks to standards such as SAML and OpenID Connect. But we haven’t yet had our “OIDC moment” in the authorization space. The OpenID AuthZEN Working Group is the definitive effort to get us there, and Aserto is proud to be among the first vendors to adopt it. "

David Brossard, chief technology officer (CTO) for Axiomatics

"Put simply, the goal here is to become the OAuth of authorization. We’ve taken the lessons learned from the past 15 years working to implement authorization for our customers along with the standardization efforts within OASIS XACML to produce an even simpler, more lightweight PEP-PDP protocol. Axiomatics is proud to support the work to facilitate integration between applications and externalized authorization services, raising the quality and security of authorization."

Alex Olivier, co-founder and chief product officer (CPO) for Cerbos

"Cerbos is a proud contributor and early adopter of the OpenID AuthZEN specification enabling external authorization portability. This standardization effort provides software builders with the confidence to adopt a more secure and scalable access control layer in their applications. "

Or Weis, CEO for

“Enterprises spend months and sometimes years struggling to apply authorization to their applications. Reinventing wheels due to the lack of standards in the space. At, we’re excited to be early backers of the AuthZEN standard and its promise to unify simplicity across the landscape.”

Andrew Clymer, co-founder for Rock Solid Knowledge

"With many years of experience building single sign-on (SSO) solutions based on open standards, we are proud to support the AuthZEN Working Group in delivering open standards for authorization. As an early adopter of the draft standard, we are excited to make our .NET authorization engine, Enforcer, accessible to heterogeneous environments."

Atul Tulshibagwale, chief technology officer (CTO) for

“The AuthZEN standard will be critical to achieving externalized management of authorization. SGNL is proud to have initiated standardization activity by contributing the first draft spec and is happy to participate in the interoperability event.”

Gerry Gebel, vice president of product and standards for Strata Identity

"Interoperability is a core capability needed for enterprises to securely deploy authorization services in complex environments comprised of systems from multiple vendors. Strata is honored to support the demo with the Hexa Policy Orchestration’s integration with Open Policy Agent (OPA). Identiverse is the logical place for this first interoperability demonstration to occur since the AuthZEN working group was founded based on meetings held at this event."

Bertrand Tavernier, vice president/chief technical officer for Thales (secure communication and information systems)

“Thanks to the support of the OpenID AuthZEN Working Group and leveraging our long-standing experience with the OASIS XACML standard, we were glad to demonstrate the capability of our AuthzForce solution to combine XACML policy expressiveness and versatility with the new, ultra-lightweight AuthZEN authorization API for the great benefit of customers, especially in edge computing environments.”

Book a free Policy Workshop to discuss your requirements and get your first policy written by the Cerbos team