Open Authorization Protocol (OAuth) is an open standard for authorization. OAuth allows users to, for example, share their private resources (e.g. photos, videos, contact lists) stored on one site with another site without having to hand out their credentials, typically supplying username and password tokens instead. Each token grants access to a specific site (e.g., a video editing site) for specific resources (e.g., just videos from a specific album) and for a defined duration (e.g., the next 2 hours). This allows a user to grant a third party site access to their information stored with another service provider, without sharing their access permissions or the full extent of their data. However, the OAuth protocol is insufficient for secure sharing of communication services in a telecommunications network.
Communication services Application Programming Interfaces (APIs) expose subscriber information such as charging capability, location, and profile to third party applications. For telecommunication network operators, this creates legal and security issues. Currently, no solution enables secure sharing of resources with subscriber consent. Moreover, according to the standard OAuth message flow, one access token can be issued by a designated resource owner. That leads to a limitation, when a resource access requires authorization from several resource owners. For example, obtaining location of multiple subscribers through a single resource (API) access is not possible using OAuth message flow because one subscriber cannot issue a token for another subscriber that could be included as part of the request. This problem is applicable to any resource(s) that contains multiple subscribers.