On Wed, Feb 6, 2013 at 7:51 PM, Todd W Lainhart <lainh...@us.ibm.com> wrote:
> > There can be cases where resource owner needs to revoke an authorized > access token from a given client. > > Why wouldn't the RO go through the client to revoke the token? > RO needs not to go through the client to revoke. Resource owner should have the capability to revoke an acces token by client. Thanks & regards, -Prabath > > * > > > Todd Lainhart > Rational software > IBM Corporation > 550 King Street, Littleton, MA 01460-1250** > 1-978-899-4705 > 2-276-4705 (T/L) > lainh...@us.ibm.com* > > > > > From: Prabath Siriwardena <prab...@wso2.com> > To: "oauth@ietf.org WG" <oauth@ietf.org>, > Date: 02/06/2013 04:36 AM > Subject: [OAUTH-WG] A question on token revocation. > Sent by: oauth-boun...@ietf.org > ------------------------------ > > > > I am sorry if this was already discussed in this list.. > > Looking at [1] it only talks about revoking the access token from the > client. > > How about the resource owner..? > > There can be cases where resource owner needs to revoke an authorized > access token from a given client. Or revoke an scope.. > > How are we going to address these requirements..? Thoughts appreciated... > > [1] > *http://tools.ietf.org/html/draft-ietf-oauth-revocation-04*<http://tools.ietf.org/html/draft-ietf-oauth-revocation-04> > > -- > Thanks & Regards, > Prabath > > Mobile : +94 71 809 6732 > * > **http://blog.facilelogin.com* <http://blog.facilelogin.com/>* > * > *http://RampartFAQ.com* <http://rampartfaq.com/> > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > > -- Thanks & Regards, Prabath Mobile : +94 71 809 6732 http://blog.facilelogin.com http://RampartFAQ.com
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
