In OAuth protocol, "access scope" is pretty much important for protecting
personal info from unnecessary leaking.
(You remember the twitter's DM case)

Major OAuth providers have already provided that:
OAuth in the Google Data Protocol Client Libraries - Google Data Protocol - Google Code
Scopes (Permissions) - YDN

So why not with Zimbra?

I have just filed the enhancement request for that;
Bug 62393 – OAuth provider sample enhacenment for access scoping

Please vote for that!