Why do you need OAuth for that? You can apply the ACL after authentication, OR
you can also specifically issue credentials for access to the specific
resource, but this is a limited credential rather than applying a per user ACL.
________________________________
From: Melvin Carvalho <melvincarva...@gmail.com>
To: oauth@ietf.org
Sent: Sunday, December 18, 2011 9:05 AM
Subject: [OAUTH-WG] OAuth 2.0 and Access Control Lists (ACL)
Quick question. I was wondering if OAuth 2.0 can work with access
control lists.
For example there is a protected resource (e.g. a photo), and I want
to set it up so that a two or more users (for example a group of
friends) U1, U2 ... Un will be able to access it after authenticating.
Is this kind of flow possibly with OAuth 2.0, and if so whose
responsibility is it to maintain the list of agents than can access
the resource?
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
