Re: [OAUTH-WG] Fwd: New Version Notification for draft-lodderstedt-oauth-revocation-03.txt

Wed, 26 Oct 2011 23:10:42 -0700 

As a substantive comment on the draft (I'm in favor of it being a working
group item), it is not clear whether "Basic" is a required value on the
"Authorization" header included in a revocation request.  In some scenarios
(particularly three legged), the client app will not possess the username
and password of they end user -- it might only possess a currently valid
access token.  It would seem that including such a token should be a viable
authentication mechanism.

Craig McClanahan

On Fri, Sep 16, 2011 at 12:32 PM, Torsten Lodderstedt <
tors...@lodderstedt.net> wrote:

>  Hi all,
>
> I just published a new revision of the token revocation draft. We added
> JSONP support (thanks to Marius) and aligned the text with draft 21 of the
> core spec.
>
> We would like to bring this draft forward as working group item (once the
> WG is ready). We think its relevance is illustrated by the fact that this
> draft (or its predecessor) has already been implemented by Google,
> Salesforce, and Deutsche Telekom.
>
> regards,
> Torsten.
>
> -------- Original-Nachricht --------  Betreff: New Version Notification
> for draft-lodderstedt-oauth-revocation-03.txt  Datum: Fri, 16 Sep 2011
> 12:20:14 -0700  Von: internet-dra...@ietf.org  An: tors...@lodderstedt.net  
> CC:
> sdro...@gmx.de, tors...@lodderstedt.net, mscurte...@google.com
>
> A new version of I-D, draft-lodderstedt-oauth-revocation-03.txt has been 
> successfully submitted by Torsten Lodderstedt and posted to the IETF 
> repository.
>
> Filename:      draft-lodderstedt-oauth-revocation
> Revision:      03
> Title:                 Token Revocation
> Creation date:         2011-09-16
> WG ID:                 Individual Submission
> Number of pages: 6
>
> Abstract:
>    This draft proposes an additional endpoint for OAuth authorization
>    servers for revoking tokens.
>
>
>
>
> The IETF Secretariat
>
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
>

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to