Re: [OAUTH-WG] OAuth 2.0 and Access Control Lists (ACL)
"Zeltsan, Zachary (Zachary)" <zachary.zeltsan@alcatel-lucent.com> Mon, 19 December 2011 16:53 UTC
Return-Path: <zachary.zeltsan@alcatel-lucent.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D4DE521F8B57 for <oauth@ietfa.amsl.com>; Mon, 19 Dec 2011 08:53:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6+ac4oTZpRPR for <oauth@ietfa.amsl.com>; Mon, 19 Dec 2011 08:53:50 -0800 (PST)
Received: from ihemail1.lucent.com (ihemail1.lucent.com [135.245.0.33]) by ietfa.amsl.com (Postfix) with ESMTP id 550E121F8A58 for <oauth@ietf.org>; Mon, 19 Dec 2011 08:53:50 -0800 (PST)
Received: from usnavsmail3.ndc.alcatel-lucent.com (usnavsmail3.ndc.alcatel-lucent.com [135.3.39.11]) by ihemail1.lucent.com (8.13.8/IER-o) with ESMTP id pBJGrmZg012046 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Mon, 19 Dec 2011 10:53:49 -0600 (CST)
Received: from USNAVSXCHHUB03.ndc.alcatel-lucent.com (usnavsxchhub03.ndc.alcatel-lucent.com [135.3.39.112]) by usnavsmail3.ndc.alcatel-lucent.com (8.14.3/8.14.3/GMO) with ESMTP id pBJGrmks001971 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT); Mon, 19 Dec 2011 10:53:48 -0600
Received: from USNAVSXCHMBSA3.ndc.alcatel-lucent.com ([135.3.39.127]) by USNAVSXCHHUB03.ndc.alcatel-lucent.com ([135.3.39.112]) with mapi; Mon, 19 Dec 2011 10:53:48 -0600
From: "Zeltsan, Zachary (Zachary)" <zachary.zeltsan@alcatel-lucent.com>
To: 'Melvin Carvalho' <melvincarvalho@gmail.com>, "'oauth@ietf.org'" <oauth@ietf.org>
Date: Mon, 19 Dec 2011 10:53:45 -0600
Thread-Topic: [OAUTH-WG] OAuth 2.0 and Access Control Lists (ACL)
Thread-Index: Acy9p8pDqKGg01MWTNu5g63yTwKVawAw6PkQ
Message-ID: <5710F82C0E73B04FA559560098BF95B1250CCD8DCC@USNAVSXCHMBSA3.ndc.alcatel-lucent.com>
References: <CAKaEYh+WRAnq9VXVn_FWUrHGNNSUS=aUompeXefVWGsQ-yiTLQ@mail.gmail.com>
In-Reply-To: <CAKaEYh+WRAnq9VXVn_FWUrHGNNSUS=aUompeXefVWGsQ-yiTLQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.57 on 135.245.2.33
X-Scanned-By: MIMEDefang 2.64 on 135.3.39.11
Subject: Re: [OAUTH-WG] OAuth 2.0 and Access Control Lists (ACL)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Dec 2011 16:53:50 -0000
The user authentication and access control to the resources is out of the OAuth scope. The question is how to make a resource (e.g., a photo) accessible by the authorized clients C1,...,Cn. If each client has obtained a user's authorization for the scopes that include the photo, then all clients' access tokens should enable them to access the photo. If for a client Ci the authorized scope does not include the photo, the client would need get a new user authorization. The resource server would be a logical place for maintaining ACL. Zachary -----Original Message----- From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On Behalf Of Melvin Carvalho Sent: Sunday, December 18, 2011 12:06 PM To: oauth@ietf.org Subject: [OAUTH-WG] OAuth 2.0 and Access Control Lists (ACL) Quick question. I was wondering if OAuth 2.0 can work with access control lists. For example there is a protected resource (e.g. a photo), and I want to set it up so that a two or more users (for example a group of friends) U1, U2 ... Un will be able to access it after authenticating. Is this kind of flow possibly with OAuth 2.0, and if so whose responsibility is it to maintain the list of agents than can access the resource? _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
- Re: [OAUTH-WG] OAuth 2.0 and Access Control Lists… William Mills
- Re: [OAUTH-WG] OAuth 2.0 and Access Control Lists… George Fletcher
- [OAUTH-WG] OAuth 2.0 and Access Control Lists (AC… Melvin Carvalho
- Re: [OAUTH-WG] OAuth 2.0 and Access Control Lists… Doug Tangren
- Re: [OAUTH-WG] OAuth 2.0 and Access Control Lists… Blaine Cook
- Re: [OAUTH-WG] OAuth 2.0 and Access Control Lists… Zeltsan, Zachary (Zachary)
- Re: [OAUTH-WG] OAuth 2.0 and Access Control Lists… Eve Maler