The IESG has received a request from the Authentication and Authorization for Constrained Environments WG (ace) to consider the following document: - 'Notification of Revoked Access Tokens in the Authentication and Authorization for Constrained Environments (ACE) Framework' <draft-ietf-ace-revoked-token-notification-06.txt> as Proposed Standard
The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the last-c...@ietf.org mailing lists by 2024-04-05. Exceptionally, comments may be sent to i...@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract This document specifies a method of the Authentication and Authorization for Constrained Environments (ACE) framework, which allows an Authorization Server to notify Clients and Resource Servers (i.e., registered devices) about revoked access tokens. As specified in this document, the method allows Clients and Resource Servers to access a Token Revocation List on the Authorization Server by using the Constrained Application Protocol (CoAP), with the possible additional use of resource observation. Resulting (unsolicited) notifications of revoked access tokens complement alternative approaches such as token introspection, while not requiring additional endpoints on Clients and Resource Servers. The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-ace-revoked-token-notification/ No IPR declarations have been submitted directly on this I-D. _______________________________________________ Ace mailing list Ace@ietf.org https://www.ietf.org/mailman/listinfo/ace
