PingAuthorize

Use case: Using consent to determine access to a resource

PingAuthorize can provide attribute-based access control to a specific protected resource based on the resource owner’s consent to share.

Examples of resources include:

  • Health care records shared with a spouse (an individual)

  • Banking records shared with a known third party, such as an asset-monitoring tool

  • Purchase history shared with an anonymous third party, possibly for improved promotional offers

In this scenario, we continue using the meme game API used in Getting started with PingAuthorize (tutorials). Assume my friend has crafted several funny memes that she wants to share with me. When my browser or app requests her memes, PingAuthorize enforces access based on her consent to share.

We first set up some Trust Framework attributes and services and then create a policy that uses those items to check consent and then permit or deny access. The following topics cover these tasks.

  1. Getting a path component from the request URL

  2. Getting the requestor identifier from the access token

  3. Searching for consent granted by resource owner to requestor

  4. Getting consent status from the consent record

  5. Creating a policy to check consent and then permit or deny access