Social networks are online platforms where users form relationships with others by sharing resources. Access control for these social networks is different from other systems as it fulfills the social requirements of community as well as the technical requirements of the system. This paper presents a classification of access control models for social networks based on lattice taxonomy where axes represent the properties of the models. The proposed taxonomy has eight axes representing: requestor identity, mapping authority, resource control, relationship management, credential distribution, access control decisions, rights delegation and transparency. Analysis of existing models using this taxonomy highlights the tradeoffs between user control, state distribution and social needs. The taxonomy reveals that various interesting features of social networks have not been implemented yet and there is a gap between the social requirements and access control features of social networks.