I don't quite understand the need for "token_type" in the request. The token being presented is going to have a type associated with it on the server -- that is, that text blob is going to have been issued by the server as an access token or a refresh token, no matter what the client claims in this request. Seems like this is at best an optional sanity check.
Unless of course you want to revoke all "related" tokens at once, in which case I think you need a different mechanism to do so. -- Justin ________________________________________ From: oauth-boun...@ietf.org [oauth-boun...@ietf.org] On Behalf Of Torsten Lodderstedt [tors...@lodderstedt.net] Sent: Tuesday, January 11, 2011 5:22 PM To: Hannes Tschofenig Cc: oauth@ietf.org Subject: Re: [OAUTH-WG] Re-Chartering: What Items to work on? I just posted a new revision of http://datatracker.ietf.org/doc/draft-lodderstedt-oauth-revocation/. Please consider it for the re-chartering process. Additionally, Mark and me are still working on the security document. It takes longer time than expected because of the topic's inherent complexity. We plan to have a new revision ready for IETF-80. regards, Torsten. Am 10.01.2011 10:55, schrieb Hannes Tschofenig: > Hi all, > > In preparing the charter text we need your feedback. > > First, the new charter needs to include the two new items we had already > accepted, namely > * SAML 2.0 Bearer Assertion Grant Type Profile for OAuth 2.0 > http://datatracker.ietf.org/doc/draft-ietf-oauth-saml2-bearer/ > * The OAuth 2.0 Protocol: Bearer Tokens > http://datatracker.ietf.org/doc/draft-ietf-oauth-v2-bearer/ > > In the past (around September / October 2010 timeframe) we had also discussed > other proposals. See attachment below. > > We cannot just add everything to the charter because we will never be able to > finish it. > To make it more complicated there were other proposals floating around but no > drafts are available (e.g. security, discovery). > > It would be great to have a complete list of documents that should be > considered. > We would suggest to wait till the end of the month for new document > submissions to show up. > > Then, we will start a Doodle poll to see your preference. > > Ciao > Hannes& Blaine > > PS: Here are some of the other documents that people wanted to spend time on. > There are more on the OAuth WG page. > > * Messaging Signing > Examples: > http://datatracker.ietf.org/doc/draft-hammer-oauth-v2-mac-token/ > http://www.ietf.org/mail-archive/web/oauth/current/msg04250.html > > * User Experience Extensions > Example: > http://datatracker.ietf.org/doc/draft-recordon-oauth-v2-ux/ > > * Artifact Binding > Example: > http://datatracker.ietf.org/doc/draft-sakimura-oauth-requrl/ > > * Dynamic Client Registration > Example: > http://www.ietf.org/id/draft-oauth-dyn-reg-v1-00.txt > > * Token Revocation: > http://datatracker.ietf.org/doc/draft-lodderstedt-oauth-revocation/ > > * Use Cases > http://datatracker.ietf.org/doc/draft-zeltsan-oauth-use-cases/ > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
