In OAuth protocol, "access scope" is pretty much important for protecting
personal info from unnecessary leaking.
(You remember the twitter's DM case)
Major OAuth providers have already provided that:
OAuth in the Google Data Protocol Client Libraries - Google Data Protocol - Google Code
Scopes (Permissions) - YDN
So why not with Zimbra?
I have just filed the enhancement request for that;
Bug 62393 – OAuth provider sample enhacenment for access scoping
Please vote for that!