On top of that, since the RAR structure is fundamentally an array, existing
open banking stuff could still use their types alongside the cedar type, if
they wanted. Combining them would be an interesting exercise for each
ecosystem, but you’ll run into that regardless of the vertical.
— Justin
Yeah, communication of intent was not supposed to be the purpose of the
type parameter value. Although I do (now) see how many of the examples in
RAR/RFC9396 kinda read that way. The
https://www.rfc-editor.org/rfc/rfc9396.html#section-2-2.2 definition of
type tries to convey what it is intended to
Interesting. We considered using the type parameter, but decided against it. In
the examples in the spec, the spirit of type seems to be an indication of the
intent of the request (for example "customer_information" or
"payment_initiation.") We were concerned about breaking existing open
I'm inferring some intent (apologies if I've got it wrong!) but I think
it'd make the most sense for this work to start with defining a RAR type
value (something like "https://cedarpolicy.com;) and define that type as
having the "policySet" parameter. An updated example figure 1 from the
draft
Hi Sarah,
Thanks for putting that draft together. As one of the authors of RAR, I wanted
to chime in.
First, I do think that this is a great use of RAR. The whole idea behind RAR
was to give people structures that they could use beyond what scopes allow, and
tying this to a computable policy