Re: [OAUTH-WG] OAuth 2.0 and Access Control Lists (ACL)
Doug Tangren <d.tangren@gmail.com> Sun, 18 December 2011 17:22 UTC
Return-Path: <d.tangren@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D17D21F84B8 for <oauth@ietfa.amsl.com>; Sun, 18 Dec 2011 09:22:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.598
X-Spam-Level:
X-Spam-Status: No, score=-3.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vdRIRHzZNpzQ for <oauth@ietfa.amsl.com>; Sun, 18 Dec 2011 09:22:39 -0800 (PST)
Received: from mail-gx0-f172.google.com (mail-gx0-f172.google.com [209.85.161.172]) by ietfa.amsl.com (Postfix) with ESMTP id 95E7921F8485 for <oauth@ietf.org>; Sun, 18 Dec 2011 09:22:39 -0800 (PST)
Received: by ggnk5 with SMTP id k5so4086699ggn.31 for <oauth@ietf.org>; Sun, 18 Dec 2011 09:22:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=n3uU+ERZvZWpwRkTarhGOlQJYic0vIyco8Zc44pm2mI=; b=DLrpNKbgNlADyzDeFBr0Py+61fB7E/oBnpa0DkwOx7yeNCb4Mg3exSfmsoGVDTzJR9 d1cLP/kWLhtlXAMOkAXPUIqzHPfQQEYhKK97uCVNahkO7kb0Rz9Cycw3o5Atn7RMQEiH 3+KVX6S3stX70vAq2WrLlPt2z1Xzr6TSUZc7k=
Received: by 10.101.129.39 with SMTP id g39mr7139371ann.25.1324228959187; Sun, 18 Dec 2011 09:22:39 -0800 (PST)
MIME-Version: 1.0
Received: by 10.100.96.16 with HTTP; Sun, 18 Dec 2011 09:22:18 -0800 (PST)
In-Reply-To: <CAKaEYh+WRAnq9VXVn_FWUrHGNNSUS=aUompeXefVWGsQ-yiTLQ@mail.gmail.com>
References: <CAKaEYh+WRAnq9VXVn_FWUrHGNNSUS=aUompeXefVWGsQ-yiTLQ@mail.gmail.com>
From: Doug Tangren <d.tangren@gmail.com>
Date: Sun, 18 Dec 2011 12:22:18 -0500
Message-ID: <CAJ2WPXgB0MudnuYjT8AUi-puSPSQS5kQ3T4h8=VJiOku2cx2Lg@mail.gmail.com>
To: Melvin Carvalho <melvincarvalho@gmail.com>
Content-Type: multipart/alternative; boundary="001636c927a1b6b38b04b46114b9"
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] OAuth 2.0 and Access Control Lists (ACL)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Dec 2011 17:22:40 -0000
On Sun, Dec 18, 2011 at 12:05 PM, Melvin Carvalho <melvincarvalho@gmail.com>wrote: > Quick question. I was wondering if OAuth 2.0 can work with access > control lists. > > For example there is a protected resource (e.g. a photo), and I want > to set it up so that a two or more users (for example a group of > friends) U1, U2 ... Un will be able to access it after authenticating. > > Is this kind of flow possibly with OAuth 2.0, and if so whose > responsibility is it to maintain the list of agents than can access > the resource? > The scope parameter fulfills this role. It would be up to the service to document the scope for clients, the auth server to ask the user if they wished allow the client this extra scope of access, and the resource server to interpret the scope for the particular request.
- Re: [OAUTH-WG] OAuth 2.0 and Access Control Lists… William Mills
- Re: [OAUTH-WG] OAuth 2.0 and Access Control Lists… George Fletcher
- [OAUTH-WG] OAuth 2.0 and Access Control Lists (AC… Melvin Carvalho
- Re: [OAUTH-WG] OAuth 2.0 and Access Control Lists… Doug Tangren
- Re: [OAUTH-WG] OAuth 2.0 and Access Control Lists… Blaine Cook
- Re: [OAUTH-WG] OAuth 2.0 and Access Control Lists… Zeltsan, Zachary (Zachary)
- Re: [OAUTH-WG] OAuth 2.0 and Access Control Lists… Eve Maler