Re: [OAUTH-WG] OAuth 2.0 and Access Control Lists (ACL)
Eve Maler <eve@xmlgrrl.com> Mon, 19 December 2011 23:53 UTC
Return-Path: <eve@xmlgrrl.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7664E21F84BC for <oauth@ietfa.amsl.com>; Mon, 19 Dec 2011 15:53:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.293
X-Spam-Level:
X-Spam-Status: No, score=-1.293 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FROM_DOMAIN_NOVOWEL=0.5, SARE_URI_CONS7=0.306, URI_NOVOWEL=0.5]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OLiXbAUPJEY8 for <oauth@ietfa.amsl.com>; Mon, 19 Dec 2011 15:53:11 -0800 (PST)
Received: from promanage-inc.com (eliasisrael.com [50.47.36.5]) by ietfa.amsl.com (Postfix) with ESMTP id C0EDE21F84C2 for <oauth@ietf.org>; Mon, 19 Dec 2011 15:53:11 -0800 (PST)
Received: from [192.168.168.185] ([192.168.168.185]) (authenticated bits=0) by promanage-inc.com (8.14.4/8.14.4) with ESMTP id pBJNr5q0027633 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Mon, 19 Dec 2011 15:53:06 -0800
Mime-Version: 1.0 (Apple Message framework v1251.1)
Content-Type: text/plain; charset="us-ascii"
From: Eve Maler <eve@xmlgrrl.com>
In-Reply-To: <4EEF7C4B.2070405@aol.com>
Date: Mon, 19 Dec 2011 15:53:01 -0800
Content-Transfer-Encoding: quoted-printable
Message-Id: <8709095D-EBF1-4E9A-99C3-765E29DDB946@xmlgrrl.com>
References: <CAKaEYh+WRAnq9VXVn_FWUrHGNNSUS=aUompeXefVWGsQ-yiTLQ@mail.gmail.com> <4EEF7C4B.2070405@aol.com>
To: Melvin Carvalho <melvincarvalho@gmail.com>
X-Mailer: Apple Mail (2.1251.1)
Cc: OAuth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] OAuth 2.0 and Access Control Lists (ACL)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Dec 2011 23:53:12 -0000
If you check out the recording of the UMA webinar from last week, you'll see a demo (starting at about the 33:00 mark) that shows individual user data being accessed according to ACL-type authorization policy settings, with the resource owner able to set these policies and then not have to be online when the requester shows up: http://kantarainitiative.org/confluence/display/uma/Home (As an aside, the UMA spec also provides an extended example that illustrates how scopes can be made interoperable enough to protect photos individually. See http://tools.ietf.org/html/draft-hardjono-oauth-umacore-02, especially Sections 1.4 and 10.) Eve On 19 Dec 2011, at 10:02 AM, George Fletcher wrote: > I would also recommend looking at User-Managed-Access which provides this kind of layer on top of OAuth2. > > http://kantarainitiative.org/confluence/display/uma/UMA+Explained > > Thanks, > George > > On 12/18/11 12:05 PM, Melvin Carvalho wrote: >> Quick question. I was wondering if OAuth 2.0 can work with access >> control lists. >> >> For example there is a protected resource (e.g. a photo), and I want >> to set it up so that a two or more users (for example a group of >> friends) U1, U2 ... Un will be able to access it after authenticating. >> >> Is this kind of flow possibly with OAuth 2.0, and if so whose >> responsibility is it to maintain the list of agents than can access >> the resource? >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth >> > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth Eve Maler http://www.xmlgrrl.com/blog +1 425 345 6756 http://www.twitter.com/xmlgrrl
- Re: [OAUTH-WG] OAuth 2.0 and Access Control Lists… William Mills
- Re: [OAUTH-WG] OAuth 2.0 and Access Control Lists… George Fletcher
- [OAUTH-WG] OAuth 2.0 and Access Control Lists (AC… Melvin Carvalho
- Re: [OAUTH-WG] OAuth 2.0 and Access Control Lists… Doug Tangren
- Re: [OAUTH-WG] OAuth 2.0 and Access Control Lists… Blaine Cook
- Re: [OAUTH-WG] OAuth 2.0 and Access Control Lists… Zeltsan, Zachary (Zachary)
- Re: [OAUTH-WG] OAuth 2.0 and Access Control Lists… Eve Maler