Hi, all
I have been following OAuth work for some time. Also I have
developed some apps using OAuth. One problem I encountered often is
granularity of access. In current spec, after a user accepts the
access request from a third-party app, the app can access all of
user's data in arbitrary way. It is helpful to allow users control 1)
which portion of his/her data will be exposed to third-party apps 2)
what operations are allowed (read? write? update? etc).
I believe OAuth community must have considered this problem before.
But it's not included in the spec. I wonder whether there has been
serious discussions on this problem.
Anyone can point me to some related resources/pages/threads?
Thanks
Gerald
--
You received this message because you are subscribed to the Google Groups
"OAuth" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/oauth?hl=en.
