A method and system for providing a first network resource with secure but limited access to a second network resource. A method embodying the invention includes receiving from the first resource, digitally signed instructions to access the second resource. Data used to digitally sign the instructions is obtained, and, using the obtained data, it is verified that the instructions originated from an authorized source other than the first resource. Access to the second resource is granted only upon verifying that the instructions originated from an authorized source other than the first resource. Beneficially, the first resource cannot access the second without the user's knowledge or, at least, implicit consent.