The question is how your APIs are structure. Do you have APIs that require multiple "scopes" in a single call?
EHL On 4/6/10 8:29 AM, "Luke Shepard" <[email protected]> wrote: For Facebook at least, we are currently planning to use scope as a comma-separated list of permissions from this set: http://wiki.developers.facebook.com/index.php/Extended_permissions For instance: oauth_scope=read_stream,email,photo_upload I'm not sure if that maps to realm exactly. On Apr 6, 2010, at 8:03 AM, Dick Hardt wrote: > > On 2010-04-06, at 12:16 AM, Eran Hammer-Lahav wrote: > >> >> >> >> On 4/2/10 3:27 PM, "Dick Hardt" <[email protected]> wrote: >> >>> There are times when a resource may have different scope for different kinds >>> of access. realm != scope >> >> No. Realm is a subset. It is what people define as the protected segment >> name. > > Different Protected Resources could require the same scope, so I see realm > and scope as being orthogonal. > >> For any other scope attribute we need to first define it. > > Why? Scope will often be application specific. > > _______________________________________________ > OAuth mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
