Many Internet users today use an electronic social network service (SNS) to share data with their friends. Most SNSs let users restrict access to their shared data, e.g., to particular groups of friends, or to users satisfying other criteria based on their attributes or relationships. Usually, however, such access control restrictions can only be applied to resources hosted on the SNS itself. In this paper, we present protocols to enable SNS users to protect access to resources that are hosted on external service providers (SPs). Our mechanisms preserve the users' privacy in the sense that (1) the SP does not learn the SNS-identities of users that share or access the resource, nor does it learn anything about the access policy that protects it, (2) the SNS does not obtain any information about the resource, and in particular, does not obtain a link to it, and (3) the SP cannot change the policy set by the owner of the resource, or test the policy on users who never requested access to the resource. We give formal definitions of these security requirements and present a cryptographic protocol based on group signatures that provably fulfills them. We also discuss to what extent our requirements can be fulfilled using the standard OAuth authorization protocol while making only minor changes to the SNS infrastructure. © 2013 ACM.