I would also recommend looking at User-Managed-Access which provides
this kind of layer on top of OAuth2.
http://kantarainitiative.org/confluence/display/uma/UMA+Explained
Thanks,
George
On 12/18/11 12:05 PM, Melvin Carvalho wrote:
Quick question. I was wondering if OAuth 2.0 can work with access
control lists.
For example there is a protected resource (e.g. a photo), and I want
to set it up so that a two or more users (for example a group of
friends) U1, U2 ... Un will be able to access it after authenticating.
Is this kind of flow possibly with OAuth 2.0, and if so whose
responsibility is it to maintain the list of agents than can access
the resource?
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
