The IESG has received a request from the Web Authorization Protocol WG (oauth) to consider the following document: - 'Token Revocation' <draft-ietf-oauth-revocation-07.txt> as Proposed Standard
The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the i...@ietf.org mailing lists by 2013-04-30. Exceptionally, comments may be sent to i...@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract This document proposes an additional endpoint for OAuth authorization servers, which allows clients to notify the authorization server that a previously obtained refresh or access token is no longer needed. This allows the authorization server to cleanup security credentials. A revocation request will invalidate the actual token and, if applicable, other tokens based on the same authorization grant. The file can be obtained via http://datatracker.ietf.org/doc/draft-ietf-oauth-revocation/ IESG discussion can be tracked via http://datatracker.ietf.org/doc/draft-ietf-oauth-revocation/ballot/ No IPR declarations have been submitted directly on this I-D. The draft has a normative reference to RFC2246 (as well as 5346) as it follows the same approach to TLS as the base oauth spec. (RFC6749, section 1.2).
