Auth systems/OAuth/Design/Grants

Grants
These are bundles of permissions that a user can give to a Consumer, to use on their behalf. The goal is to prevent a user from being overwhelmed by an app asking for lots of individual permission, however they should be fine-grained enough that the user isn't handing out unnecessary permissions to a potentially hostile Consumer.
 * A typical Consumer will have one or more of these "Grants" authorized by the user.
 * These only limit the user's existing permissions to what they will allow the Consumer to also use, so if the user doesn't have the right themselves, then the Consumer will not have the right either.
 * The titles and descriptions will be MediaWiki messages, translated into the user's language.

Potential Grants
(Very rough draft, please edit!)
 * Edit Pages - read, edit, minoredit, editsemiprotected?
 * Edit Protected Pages - [Edit Pages], editprotected
 * Edit My JS/CSS Pages - [Edit Pages], editmyusercss, editmyuserjs
 * Edit JS/CSS Pages - [Edit Pages], editinterface, editusercss?, edituserjs?
 * Move Pages - read, move
 * is edit needed?
 * Create Pages - [Edit Pages], createpage, createtalk
 * Delete Pages - read, edit, delete, bigdelete, deletelogentry, deleterevision, undelete
 * Upload - upload, reupload-own
 * Upload (All Rights) - upload, reupload, reupload-own, reupload-shared, upload_by_url
 * Manage Pages - delete, bigdelete, protect, rollback, patrol
 * I can see people wanting to allow a tool rollback and/or patrol without also delete and protect -BJ
 * Manage User - block, blockemail, hideuser
 * Poor name, IMO -BJ
 * View deleted - browsearchive, deletedhistory, deletedtext

Other rights (from enwiki) not included above: 
 * abusefilter-hidden-log
 * abusefilter-hide-log
 * abusefilter-log
 * abusefilter-log-detail
 * abusefilter-modify
 * abusefilter-revert
 * abusefilter-view
 * abusefilter-view-private
 * aft-administrator
 * aft-editor
 * aft-member
 * aft-monitor
 * aft-oversighter
 * aft-reader
 * apihighlimits
 * autoconfirmed
 * autopatrol
 * autoreview
 * bot
 * centralauth-lock
 * centralauth-merge
 * centralauth-oversight
 * centralauth-unmerge
 * centralnotice-admin
 * checkuser
 * checkuser-log
 * collectionsaveascommunitypage
 * collectionsaveasuserpage
 * createaccount
 * editmyoptions
 * editmyprivateinfo
 * ep-addstudent
 * ep-becampus
 * ep-beinstructor
 * ep-beonline
 * ep-bereviewer
 * ep-bulkdelcourses
 * ep-bulkdelorgs
 * ep-campus
 * ep-course
 * ep-enroll
 * ep-instructor
 * ep-online
 * ep-org
 * ep-remarticle
 * ep-remreviewer
 * ep-remstudent
 * ep-token
 * globalblock
 * globalblock-whitelist
 * globalunblock
 * import
 * importupload
 * ipblock-exempt
 * markashelpful-admin
 * markbotedits
 * movefile
 * move-rootuserpages
 * movestable
 * move-subpages
 * nominornewtalk
 * noratelimit
 * nuke
 * override-antispoof
 * oversight
 * proxyunbannable
 * purge
 * renameuser
 * review
 * sendemail
 * skipcaptcha
 * stablesettings
 * suppressionlog
 * suppressredirect
 * suppressrevision
 * tboverride
 * torunblocked
 * transcode-reset
 * transcode-status
 * unblockself
 * unwatchedpages
 * userrights
 * validate
 * viewmyprivateinfo
 * writeapi