AuthZEN 1.0 · Policy Decision Point

Authorization Decisions With a Provable Receipt

Most Policy Decision Points return a bare allow/deny. This one maps the AuthZEN 1.0 Authorization API request shape ({subject, action, resource, context}) to a mandate gate, and returns the standard {decision, context} response with an OCG execution receipt carried in context. Any relying party can take that receipt and independently replay the decision.

AuthZEN 1.0 Mapped Draft-Pinned Profile Receipt in Context Zero PII
๐Ÿ”’ All inputs are processed locally in your browser. No data is transmitted. Do not enter real personal data โ€” use synthetic or anonymised inputs only.
pdps.json listing status: submission to the authzen-interop.net public interop registry is prepared but not yet filed. It is held pending an internal sign-off step. This page describes the PDP's capability today; the live interop-registry listing link will be added once that submission clears.
Draft-pinned, not ratified: the MCP profile this PDP implements references a specific draft revision of the AuthZEN specification. It is not a claim of conformance to a ratified final standard; treat it as an implementation against a pinned draft.
Request Mapping

AuthZEN request → mandate gate → AuthZEN response

The PDP accepts the standard AuthZEN Authorization API evaluation request and returns the standard response shape. Nothing about the wire contract changes; the receipt rides inside the response's existing context field.

AuthZEN fieldMaps toNotes
subjectmandate principalThe identity or agent requesting authorization.
actionmandate scope/verbThe action the subject wants to perform.
resourcemandate targetThe resource the action would apply to.
context (request)mandate parametersAdditional evaluation context, passed through to the gate.
decision (response)allow/denyStandard AuthZEN boolean decision, unchanged.
context (response)OCG execution receiptThe differentiator: an execution_hash-referenced receipt a relying party can replay independently of this PDP.
POST /authzen/evaluation
{
  subject: { type: "agent", id: "agent-example-001" },
  action: { name: "can_execute_payment" },
  resource: { type: "mandate", id: "mandate-example-001" }
}

// response
{
  decision: true,
  context: { ocg_receipt: { execution_hash: "sha256:โ€ฆ", node: "compile_work_mandate" } }
}
Related

Explore adjacent tooling