Skip to content

Structured Scopes

Abstract

This is an abstract specification for the use of structured scopes in permission granting utilities.

Introduction

The goal of this endeavor is to standardize and define the meaning, and usage of "scopes" for implementation in an authorization utility. It is licensed under the CC0 1.0 Universal (CC0 1.0) Public Domain Dedication All other copyrights and other rights, if any, are hereby reserved.

Purpose

The purpose of "scoping" is to provide a pass/fail response to a request for permission on a defined resource to authorized clients having the requisite permission level. A common application would be for permissioning on protected resources, for example, on web requests.

Brief

Examples in brief:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
Base:       user
Inbound:    foobar
Result:     fail


Base:       user
Inbound:    user
Result:     pass


Base:       user:write
Inbound:    user
Result:     pass


Base:       user:write
Inbound:    user:read
Result:     fail

See more examples

Implementations