On Sun, Dec 18, 2011 at 12:05 PM, Melvin Carvalho <melvincarva...@gmail.com>wrote:
> Quick question. I was wondering if OAuth 2.0 can work with access > control lists. > > For example there is a protected resource (e.g. a photo), and I want > to set it up so that a two or more users (for example a group of > friends) U1, U2 ... Un will be able to access it after authenticating. > > Is this kind of flow possibly with OAuth 2.0, and if so whose > responsibility is it to maintain the list of agents than can access > the resource? > The scope parameter fulfills this role. It would be up to the service to document the scope for clients, the auth server to ask the user if they wished allow the client this extra scope of access, and the resource server to interpret the scope for the particular request.
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
