RFC034: Define standard policy creation endpoint for AR
Background and rationale
Currently iSHARE certified Authorization Registries (see functional requirements or general information): Can hold information on delegations to other entities by Entitled Parties; Has a process in place allowing for the registration, update and revocation of delegations; Can check, on the basis of this information, whether a legal entity is authorized to take delivery of a service; Can confirm whether this is the case to the Service Provider.
There is no prescribed API endpoint to request creating, updating and deleting delegations. An Authorization Registry provider is free to design the process for registration, update and revocation of delegations.
Proposed change: purpose
This RFC aims to stimulate the registration of fine grained authorizations by creating the possibility to machine-to-machine request delegations and automatically approve them based on a ruleset provided by an entitled party.