Authorization Request

The Authorization Request is a fundamental element of the ZTAuth* protocol. It represents the interaction between the Policy Enforcement Point (PEP) and the Policy Decision Point (PDP), through which the PDP evaluates authorization decisions based on defined authorization models (auth* models) and contextual information.

The payload structure is based on the format defined in the OpenID AuthZEN specification, allowing compatibility with existing authorization flows and interfaces.

To support Zero Trust–oriented evaluation, the ZTAuth* protocol extends the request format with an additional field named authorization_model. This object carries contextual information necessary for advanced policy evaluation and may include the following fields:

zone_id: An identifier representing the ztzone associated with the request.
ledger_id: A reference to the specific ledger or model repository where the relevant authorization policies are stored.
tx_token: A transaction token generated by the Transaction Token Service, encapsulating context such as identity, delegation, and scope.

These fields are intended as an illustrative example of how the authorization_model structure can be extended to carry ZTAuth*-specific data. Implementations may vary in structure or naming, depending on system requirements and deployment context.

Decision Points Trust Elevation