Jan 22nd, 2011, 04:48 AM
Granularity of permissions
My understanding is that with OAuth, the permission model has a fine granularity. When the user is asked to authorize a Consumer to interact with a Service Provider on his behalf, then the user can specify/restrict how.
For instance, if the user has photos on a photo management service, then the user can give/refuse the permission to access existing photos, to add new ones, maybe to specify which photos can be accessed. The user can also specify for how long the permission is given.
I am wondering if this type of functionality is provided by Spring Security OAuth / Spring Social? If so, where should I start my investigation of the framework, where are the key classes?