This is an abstract specification for the use of structured scopes in permission granting utilities.
The goal of this endeavor is to standardize and define the meaning, and usage of "scopes" for implementation in an authorization utility. It is licensed under the CC0 1.0 Universal (CC0 1.0) Public Domain Dedication All other copyrights and other rights, if any, are hereby reserved.
The purpose of "scoping" is to provide a pass/fail response to a request for permission on a defined resource to authorized clients having the requisite permission level. A common application would be for permissioning on protected resources, for example, on web requests.
Examples in brief:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
Base: user Inbound: foobar Result: fail Base: user Inbound: user Result: pass Base: user:write Inbound: user Result: pass Base: user:write Inbound: user:read Result: fail
See more examples