On Fri, Apr 24, 2009 at 9:53 PM, Tommi Laukkanen < tommi.s.e.laukka...@gmail.com> wrote:
> > I am studying OAuth to be able to suggest and champion it to OpenSim > community. > Welcome Tommi! Would be great if you could advocate for OAuth in the OpenSim community! > > I am looking for a way to combine user identities to user groups and > using groups as a principals in access lists of resources. In other > words the normal user group pattern in distributed identity provider > context. > > One of the requirements is that the use groups should be stored to > identity providers storage and that the group should be able to have > user identities from different identity providers as members. > > The resource provider should be able to somehow acquire information > whether user is member of any of the groups in the resource access > list if direct access rights of the user are not enough to access the > resource. This certainly seems feasible with OAuth, but to my knowledge, few people have done this yet. Another way to do it would simply be to authorize multiple parties to get the same access token, or to have a list of access tokens assigned to a certain group that all have the same level of priveleges. As for identity, that's really where OpenID and OAuth can become a compelling solution set. > > Is this already somehow possible with OAuth or on the OAuth roadmap. > Are there alternative or additional standards to accomplish this? If > not, is this a good feature candidate or could these requirements be > solved with different design pattern entirely? > Well, we don't really have a roadmap, except moving OAuth to the IETF, but I would encourage you to look at Eve Maler's work called ProtectServe: http://www.xmlgrrl.com/blog/archives/2009/03/23/to-protect-and-to-serve/ http://www.xmlgrrl.com/blog/archives/2009/03/29/protectserve-getting-down-to-use-cases/ http://www.xmlgrrl.com/blog/archives/2009/04/02/protectserve-draft-protocol-flows/ http://www.xmlgrrl.com/blog/archives/2009/04/05/relationship-authorization-make-up-your-mind/ Chris -- Chris Messina Citizen-Participant & Open Web Advocate factoryjoe.com // diso-project.org // openid.net // vidoop.com This email is: [ ] bloggable [X] ask first [ ] private --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to oauth@googlegroups.com To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
