Re: [OAUTH-WG] OAuth 2.0 and Access Control Lists (ACL)

George Fletcher <gffletch@aol.com> Mon, 19 December 2011 18:03 UTC

Return-Path: <gffletch@aol.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A6DAC21F85A7 for <oauth@ietfa.amsl.com>; Mon, 19 Dec 2011 10:03:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.001
X-Spam-Level:
X-Spam-Status: No, score=0.001 tagged_above=-999 required=5 tests=[BAYES_50=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CmUHJUBxRgJL for <oauth@ietfa.amsl.com>; Mon, 19 Dec 2011 10:03:03 -0800 (PST)
Received: from imr-db02.mx.aol.com (imr-db02.mx.aol.com [205.188.91.96]) by ietfa.amsl.com (Postfix) with ESMTP id 2B59421F858C for <oauth@ietf.org>; Mon, 19 Dec 2011 10:03:02 -0800 (PST)
Received: from mtaout-db01.r1000.mx.aol.com (mtaout-db01.r1000.mx.aol.com [172.29.51.193]) by imr-db02.mx.aol.com (8.14.1/8.14.1) with ESMTP id pBJI2o3u000536; Mon, 19 Dec 2011 13:02:50 -0500
Received: from palantir.office.aol.com (palantir.office.aol.com [10.181.186.254]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mtaout-db01.r1000.mx.aol.com (MUA/Third Party Client Interface) with ESMTPSA id 46CC6E000606; Mon, 19 Dec 2011 13:02:50 -0500 (EST)
Message-ID: <4EEF7C4B.2070405@aol.com>
Date: Mon, 19 Dec 2011 13:02:51 -0500
From: George Fletcher <gffletch@aol.com>
Organization: AOL LLC
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:8.0) Gecko/20111105 Thunderbird/8.0
MIME-Version: 1.0
To: Melvin Carvalho <melvincarvalho@gmail.com>
References: <CAKaEYh+WRAnq9VXVn_FWUrHGNNSUS=aUompeXefVWGsQ-yiTLQ@mail.gmail.com>
In-Reply-To: <CAKaEYh+WRAnq9VXVn_FWUrHGNNSUS=aUompeXefVWGsQ-yiTLQ@mail.gmail.com>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
x-aol-global-disposition: G
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mx.aol.com; s=20110426; t=1324317770; bh=oMRTaEo9dYKe0n50uT/k9M3DZEePDb74OH6Wh6Btgaw=; h=From:To:Subject:Message-ID:Date:MIME-Version:Content-Type; b=LElCrjYFbr1AhZmkxPwFt+MWU7iVQ9DW1/sg1ytznpKa+yKGxSCNjvcMF/tdjI/Y8 S3AI27Ww/Li5L88pvn9ei8E8gHzLP7HD671DVuK0L5Rfk471PNEXSLaSO3w36sqhQx q2y+hV919zkglxEs0QVwIpLjGdHbe66EVLStDyBQ=
X-AOL-SCOLL-SCORE: 0:2:483121952:93952408
X-AOL-SCOLL-URL_COUNT: 0
x-aol-sid: 3039ac1d33c14eef7c4a4b0e
X-AOL-IP: 10.181.186.254
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] OAuth 2.0 and Access Control Lists (ACL)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Dec 2011 18:03:03 -0000

I would also recommend looking at User-Managed-Access which provides 
this kind of layer on top of OAuth2.

http://kantarainitiative.org/confluence/display/uma/UMA+Explained

Thanks,
George

On 12/18/11 12:05 PM, Melvin Carvalho wrote:
> Quick question.  I was wondering if OAuth 2.0 can work with access
> control lists.
>
> For example there is a protected resource (e.g. a photo), and I want
> to set it up so that a two or more users (for example a group of
> friends) U1, U2 ... Un will be able to access it after authenticating.
>
> Is this kind of flow possibly with OAuth 2.0, and if so whose
> responsibility is it to maintain the list of agents than can access
> the resource?
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>