Re: [OAUTH-WG] OAuth 2.0 and Access Control Lists (ACL)

William Mills <wmills@yahoo-inc.com> Mon, 19 December 2011 17:58 UTC

Return-Path: <wmills@yahoo-inc.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0A25D21F8BB0 for <oauth@ietfa.amsl.com>; Mon, 19 Dec 2011 09:58:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.091
X-Spam-Level:
X-Spam-Status: No, score=-15.091 tagged_above=-999 required=5 tests=[AWL=0.093, BAYES_40=-0.185, HTML_MESSAGE=0.001, USER_IN_DEF_WHITELIST=-15]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oUApRR0dYssD for <oauth@ietfa.amsl.com>; Mon, 19 Dec 2011 09:58:04 -0800 (PST)
Received: from nm8-vm0.bullet.mail.bf1.yahoo.com (nm8-vm0.bullet.mail.bf1.yahoo.com [98.139.213.95]) by ietfa.amsl.com (Postfix) with SMTP id 33E6721F8BAE for <oauth@ietf.org>; Mon, 19 Dec 2011 09:58:04 -0800 (PST)
Received: from [98.139.212.153] by nm8.bullet.mail.bf1.yahoo.com with NNFMP; 19 Dec 2011 17:58:03 -0000
Received: from [98.139.212.248] by tm10.bullet.mail.bf1.yahoo.com with NNFMP; 19 Dec 2011 17:58:03 -0000
Received: from [127.0.0.1] by omp1057.mail.bf1.yahoo.com with NNFMP; 19 Dec 2011 17:58:03 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 609200.2758.bm@omp1057.mail.bf1.yahoo.com
Received: (qmail 51172 invoked by uid 60001); 19 Dec 2011 17:58:03 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo-inc.com; s=ginc1024; t=1324317482; bh=FYx2W/AVidEoGRcVlogq8Ljo5Djxp+f8NnKfY59ZAjQ=; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=Wv+LnNGcS65LM4FMIq5YkskrHq2Dzi+AGbJHFxuk8mdIAcm2DNbww1G+7IBdxtXBBOLZ/IMksR/B3dgIbqx5eobQGUdS5Uz8B9ehKX4Xzvipgtn1CWshCd+9J4wAb+TiRO9rzdkgvrryti4vF1fbsrHVMU1XL1PvGZfLaq8vbd4=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=ginc1024; d=yahoo-inc.com; h=X-YMail-OSG:Received:X-RocketYMMF:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:In-Reply-To:MIME-Version:Content-Type; b=LdezZ1u5UdPz1a0IPiCn0h1SxVbboNWAcIXN9yuDtYAh6TpbSS7c73g4KGRwM+sYoDACuBL1OcALhnuuLW07CUbmEhZlm4iSQrM5g1uCgTjQnbWAteuK0BSceMg1ntv1Zv6cIGE50ISJYx8IaUBvQhHFV7voHyL4JteeABNlvpA=;
X-YMail-OSG: aPvT568VM1k_eAE9ZAizWEJFe6ksjlkU2xN28tR7_77rAoZ OtBZ6hEWswJ.WGwIkfRSoZUmY9pnn4u.xjNxGtkbQzyTPzqbaKFuPjHJCp3S N9sTsBefIiEgQ9ezgoa0EJWpVgjKcr2V.q_zw79j2eMEmK4W.YXBWg0iib2l _0FojznAkf6mTgwsQW01TAu5386yOU3QPZVHpNeZJCVT0xuy8J3W.2VWaXL_ 0COE8sV4AxeVEZ0pzoupFSAGU0muhAX4QOUKcHhwlteplBRY4MzT89bqRT5i n3s.wNBQm3MA66U2Hf2q5Fbmb1V08L.lFRFtnwCq69R8ZUN11WaVULoSFWBw 8etyRPFL8N2lOmdwqGk1k8wDZNqJyvSMKZfdrXfTy6_wwc0xu9wzKmZNAXcM 7xNwFLNxGOt9_coANXga_JyrktRsrvC3kf8RfKw--
Received: from [209.131.62.115] by web31802.mail.mud.yahoo.com via HTTP; Mon, 19 Dec 2011 09:58:02 PST
X-RocketYMMF: william_john_mills
X-Mailer: YahooMailWebService/0.8.116.331537
References: <CAKaEYh+WRAnq9VXVn_FWUrHGNNSUS=aUompeXefVWGsQ-yiTLQ@mail.gmail.com>
Message-ID: <1324317482.46636.YahooMailNeo@web31802.mail.mud.yahoo.com>
Date: Mon, 19 Dec 2011 09:58:02 -0800
From: William Mills <wmills@yahoo-inc.com>
To: Melvin Carvalho <melvincarvalho@gmail.com>, "oauth@ietf.org" <oauth@ietf.org>
In-Reply-To: <CAKaEYh+WRAnq9VXVn_FWUrHGNNSUS=aUompeXefVWGsQ-yiTLQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="-1036955950-2011670418-1324317482=:46636"
Subject: Re: [OAUTH-WG] OAuth 2.0 and Access Control Lists (ACL)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: William Mills <wmills@yahoo-inc.com>
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Dec 2011 17:58:05 -0000

Why do you need OAuth for that?  You can apply the ACL after authentication, OR you can also specifically issue credentials for access to the specific resource, but this is a limited credential rather than applying a per user ACL.



________________________________
 From: Melvin Carvalho <melvincarvalho@gmail.com>
To: oauth@ietf.org 
Sent: Sunday, December 18, 2011 9:05 AM
Subject: [OAUTH-WG] OAuth 2.0 and Access Control Lists (ACL)
 
Quick question.  I was wondering if OAuth 2.0 can work with access
control lists.

For example there is a protected resource (e.g. a photo), and I want
to set it up so that a two or more users (for example a group of
friends) U1, U2 ... Un will be able to access it after authenticating.

Is this kind of flow possibly with OAuth 2.0, and if so whose
responsibility is it to maintain the list of agents than can access
the resource?
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth