Examples of resources include:
  • Health care records shared with a spouse (an individual)
  • Banking records shared with a known third party, such as an asset-monitoring tool
  • Purchase history shared with an anonymous third party, possibly for improved promotional offers

In this scenario, we continue using the meme games API used in Getting started with PingAuthorize (tutorials). Assume my friend has crafted several funny memes that she wants to share with me. When my browser or app requests her memes, PingAuthorize enforces access based on her consent to share.

We first set up some Trust Framework attributes and services and then create a policy that uses those items to check consent and then permit or deny access. The following topics cover these tasks.
  1. Getting a path component from the request URL
  2. Getting the requestor identifier from the access token
  3. Searching for consent granted by resource owner to requestor
  4. Getting consent status from the consent record
  5. Creating a policy to check consent and then permit or deny access