Re: [OAUTH-WG] Fwd: New Version Notification for draft-lodderstedt-oauth-revocation-03.txt
As a substantive comment on the draft (I'm in favor of it being a working group item), it is not clear whether Basic is a required value on the Authorization header included in a revocation request. In some scenarios (particularly three legged), the client app will not possess the username and password of they end user -- it might only possess a currently valid access token. It would seem that including such a token should be a viable authentication mechanism. Craig McClanahan On Fri, Sep 16, 2011 at 12:32 PM, Torsten Lodderstedt tors...@lodderstedt.net wrote: Hi all, I just published a new revision of the token revocation draft. We added JSONP support (thanks to Marius) and aligned the text with draft 21 of the core spec. We would like to bring this draft forward as working group item (once the WG is ready). We think its relevance is illustrated by the fact that this draft (or its predecessor) has already been implemented by Google, Salesforce, and Deutsche Telekom. regards, Torsten. Original-Nachricht Betreff: New Version Notification for draft-lodderstedt-oauth-revocation-03.txt Datum: Fri, 16 Sep 2011 12:20:14 -0700 Von: internet-dra...@ietf.org An: tors...@lodderstedt.net CC: sdro...@gmx.de, tors...@lodderstedt.net, mscurte...@google.com A new version of I-D, draft-lodderstedt-oauth-revocation-03.txt has been successfully submitted by Torsten Lodderstedt and posted to the IETF repository. Filename: draft-lodderstedt-oauth-revocation Revision: 03 Title: Token Revocation Creation date: 2011-09-16 WG ID: Individual Submission Number of pages: 6 Abstract: This draft proposes an additional endpoint for OAuth authorization servers for revoking tokens. The IETF Secretariat ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
Re: [OAUTH-WG] Fwd: New Version Notification for draft-lodderstedt-oauth-revocation-03.txt
Hi Craig, thanks for your comment. The revocation endpoint uses the same authentication policy as the core spec. Confidential client must authenticate using their client secret (or any other credential). The end-user's credentials are not involved at all. regards, Torsten. Am 27.10.2011 08:10, schrieb Craig McClanahan: As a substantive comment on the draft (I'm in favor of it being a working group item), it is not clear whether Basic is a required value on the Authorization header included in a revocation request. In some scenarios (particularly three legged), the client app will not possess the username and password of they end user -- it might only possess a currently valid access token. It would seem that including such a token should be a viable authentication mechanism. Craig McClanahan On Fri, Sep 16, 2011 at 12:32 PM, Torsten Lodderstedt wrote: Hi all, I just published a new revision of the token revocation draft. We added JSONP support (thanks to Marius) and aligned the text with draft 21 of the core spec. We would like to bring this draft forward as working group item (once the WG is ready). We think its relevance is illustrated by the fact that this draft (or its predecessor) has already been implemented by Google, Salesforce, and Deutsche Telekom. regards, Torsten. Original-Nachricht BETREFF: New Version Notification for draft-lodderstedt-oauth-revocation-03.txt DATUM: Fri, 16 Sep 2011 12:20:14 -0700 VON: internet-dra...@ietf.org [1] AN: tors...@lodderstedt.net [2] CC: sdro...@gmx.de [3], tors...@lodderstedt.net [4], mscurte...@google.com [5] A new version of I-D, draft-lodderstedt-oauth-revocation-03.txt has been successfully submitted by Torsten Lodderstedt and posted to the IETF repository. Filename: draft-lodderstedt-oauth-revocation Revision: 03 Title: Token Revocation Creation date: 2011-09-16 WG ID: Individual Submission Number of pages: 6 Abstract: This draft proposes an additional endpoint for OAuth authorization servers for revoking tokens. The IETF Secretariat ___ OAuth mailing list OAuth@ietf.org [6] https://www.ietf.org/mailman/listinfo/oauth [7] Links: -- [1] mailto:internet-dra...@ietf.org [2] mailto:tors...@lodderstedt.net [3] mailto:sdro...@gmx.de [4] mailto:tors...@lodderstedt.net [5] mailto:mscurte...@google.com [6] mailto:OAuth@ietf.org [7] https://www.ietf.org/mailman/listinfo/oauth [8] mailto:tors...@lodderstedt.net ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
Re: [OAUTH-WG] Fwd: New Version Notification for draft-lodderstedt-oauth-revocation-03.txt
+1 Huilan Lu From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of Marius Scurtescu Sent: Monday, September 19, 2011 2:48 PM To: Chuck Mortimore Cc: OAuth WG Subject: Re: [OAUTH-WG] Fwd: New Version Notification for draft-lodderstedt-oauth-revocation-03.txt +1 On Fri, Sep 16, 2011 at 1:06 PM, Chuck Mortimore cmortim...@salesforce.commailto:cmortim...@salesforce.com wrote: If it's not already implicit by our implementation, I'm voicing our support for this becoming a working group item. - cmort On Sep 16, 2011, at 12:31 PM, Torsten Lodderstedt tors...@lodderstedt.netmailto:tors...@lodderstedt.net wrote: Hi all, I just published a new revision of the token revocation draft. We added JSONP support (thanks to Marius) and aligned the text with draft 21 of the core spec. We would like to bring this draft forward as working group item (once the WG is ready). We think its relevance is illustrated by the fact that this draft (or its predecessor) has already been implemented by Google, Salesforce, and Deutsche Telekom. regards, Torsten. Original-Nachricht Betreff: New Version Notification for draft-lodderstedt-oauth-revocation-03.txt Datum: Fri, 16 Sep 2011 12:20:14 -0700 Von: internet-dra...@ietf.orgmailto:internet-dra...@ietf.org An: tors...@lodderstedt.netmailto:tors...@lodderstedt.net CC: sdro...@gmx.demailto:sdro...@gmx.de, tors...@lodderstedt.netmailto:tors...@lodderstedt.net, mscurte...@google.commailto:mscurte...@google.com A new version of I-D, draft-lodderstedt-oauth-revocation-03.txt has been successfully submitted by Torsten Lodderstedt and posted to the IETF repository. Filename:draft-lodderstedt-oauth-revocation Revision:03 Title: Token Revocation Creation date: 2011-09-16 WG ID: Individual Submission Number of pages: 6 Abstract: This draft proposes an additional endpoint for OAuth authorization servers for revoking tokens. The IETF Secretariat ___ OAuth mailing list OAuth@ietf.orgmailto:OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
Re: [OAUTH-WG] Fwd: New Version Notification for draft-lodderstedt-oauth-revocation-03.txt
Yes, this is high time to have this a WG item! Igor On 9/16/2011 3:32 PM, Torsten Lodderstedt wrote: Hi all, I just published a new revision of the token revocation draft. We added JSONP support (thanks to Marius) and aligned the text with draft 21 of the core spec. We would like to bring this draft forward as working group item (once the WG is ready). We think its relevance is illustrated by the fact that this draft (or its predecessor) has already been implemented by Google, Salesforce, and Deutsche Telekom. regards, Torsten. Original-Nachricht Betreff: New Version Notification for draft-lodderstedt-oauth-revocation-03.txt Datum: Fri, 16 Sep 2011 12:20:14 -0700 Von:internet-dra...@ietf.org An: tors...@lodderstedt.net CC: sdro...@gmx.de, tors...@lodderstedt.net, mscurte...@google.com A new version of I-D, draft-lodderstedt-oauth-revocation-03.txt has been successfully submitted by Torsten Lodderstedt and posted to the IETF repository. Filename:draft-lodderstedt-oauth-revocation Revision:03 Title: Token Revocation Creation date: 2011-09-16 WG ID: Individual Submission Number of pages: 6 Abstract: This draft proposes an additional endpoint for OAuth authorization servers for revoking tokens. The IETF Secretariat ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
Re: [OAUTH-WG] Fwd: New Version Notification for draft-lodderstedt-oauth-revocation-03.txt
+1 On Fri, Sep 16, 2011 at 1:06 PM, Chuck Mortimore cmortim...@salesforce.comwrote: If it's not already implicit by our implementation, I'm voicing our support for this becoming a working group item. - cmort On Sep 16, 2011, at 12:31 PM, Torsten Lodderstedt tors...@lodderstedt.net wrote: Hi all, I just published a new revision of the token revocation draft. We added JSONP support (thanks to Marius) and aligned the text with draft 21 of the core spec. We would like to bring this draft forward as working group item (once the WG is ready). We think its relevance is illustrated by the fact that this draft (or its predecessor) has already been implemented by Google, Salesforce, and Deutsche Telekom. regards, Torsten. Original-Nachricht Betreff: New Version Notification for draft-lodderstedt-oauth-revocation-03.txt Datum: Fri, 16 Sep 2011 12:20:14 -0700 Von: internet-dra...@ietf.orginternet-dra...@ietf.org An: tors...@lodderstedt.nettors...@lodderstedt.net CC: sdro...@gmx.de sdro...@gmx.de, tors...@lodderstedt.nettors...@lodderstedt.net, mscurte...@google.commscurte...@google.com A new version of I-D, draft-lodderstedt-oauth-revocation-03.txt has been successfully submitted by Torsten Lodderstedt and posted to the IETF repository. Filename: draft-lodderstedt-oauth-revocation Revision: 03 Title: Token Revocation Creation date: 2011-09-16 WG ID: Individual Submission Number of pages: 6 Abstract: This draft proposes an additional endpoint for OAuth authorization servers for revoking tokens. The IETF Secretariat ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
Re: [OAUTH-WG] Fwd: New Version Notification for draft-lodderstedt-oauth-revocation-03.txt
Just a general note: you don't need every spec to become a working group item. If you get an area director to sponsor your draft, you can push it through sooner as an individual submission. Sometimes you don't even need sponsorship. I'm not saying this out of any objection to the WG taking on this work, just that I don't see a reason to wait. If you feel this simple document is ready and has consensus, you should find a sponsor and move to IETF LC. EHL From: oauth-boun...@ietf.org [mailto:oauth-boun...@ietf.org] On Behalf Of Marius Scurtescu Sent: Monday, September 19, 2011 11:48 AM To: Chuck Mortimore Cc: OAuth WG Subject: Re: [OAUTH-WG] Fwd: New Version Notification for draft-lodderstedt-oauth-revocation-03.txt +1 On Fri, Sep 16, 2011 at 1:06 PM, Chuck Mortimore cmortim...@salesforce.commailto:cmortim...@salesforce.com wrote: If it's not already implicit by our implementation, I'm voicing our support for this becoming a working group item. - cmort On Sep 16, 2011, at 12:31 PM, Torsten Lodderstedt tors...@lodderstedt.netmailto:tors...@lodderstedt.net wrote: Hi all, I just published a new revision of the token revocation draft. We added JSONP support (thanks to Marius) and aligned the text with draft 21 of the core spec. We would like to bring this draft forward as working group item (once the WG is ready). We think its relevance is illustrated by the fact that this draft (or its predecessor) has already been implemented by Google, Salesforce, and Deutsche Telekom. regards, Torsten. Original-Nachricht Betreff: New Version Notification for draft-lodderstedt-oauth-revocation-03.txt Datum: Fri, 16 Sep 2011 12:20:14 -0700 Von: internet-dra...@ietf.orgmailto:internet-dra...@ietf.org An: tors...@lodderstedt.netmailto:tors...@lodderstedt.net CC: sdro...@gmx.demailto:sdro...@gmx.de, tors...@lodderstedt.netmailto:tors...@lodderstedt.net, mscurte...@google.commailto:mscurte...@google.com A new version of I-D, draft-lodderstedt-oauth-revocation-03.txt has been successfully submitted by Torsten Lodderstedt and posted to the IETF repository. Filename:draft-lodderstedt-oauth-revocation Revision:03 Title: Token Revocation Creation date: 2011-09-16 WG ID: Individual Submission Number of pages: 6 Abstract: This draft proposes an additional endpoint for OAuth authorization servers for revoking tokens. The IETF Secretariat ___ OAuth mailing list OAuth@ietf.orgmailto:OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
[OAUTH-WG] Fwd: New Version Notification for draft-lodderstedt-oauth-revocation-03.txt
Hi all, I just published a new revision of the token revocation draft. We added JSONP support (thanks to Marius) and aligned the text with draft 21 of the core spec. We would like to bring this draft forward as working group item (once the WG is ready). We think its relevance is illustrated by the fact that this draft (or its predecessor) has already been implemented by Google, Salesforce, and Deutsche Telekom. regards, Torsten. Original-Nachricht Betreff: New Version Notification for draft-lodderstedt-oauth-revocation-03.txt Datum: Fri, 16 Sep 2011 12:20:14 -0700 Von:internet-dra...@ietf.org An: tors...@lodderstedt.net CC: sdro...@gmx.de, tors...@lodderstedt.net, mscurte...@google.com A new version of I-D, draft-lodderstedt-oauth-revocation-03.txt has been successfully submitted by Torsten Lodderstedt and posted to the IETF repository. Filename:draft-lodderstedt-oauth-revocation Revision:03 Title: Token Revocation Creation date: 2011-09-16 WG ID: Individual Submission Number of pages: 6 Abstract: This draft proposes an additional endpoint for OAuth authorization servers for revoking tokens. The IETF Secretariat ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
Re: [OAUTH-WG] Fwd: New Version Notification for draft-lodderstedt-oauth-revocation-03.txt
If it's not already implicit by our implementation, I'm voicing our support for this becoming a working group item. - cmort On Sep 16, 2011, at 12:31 PM, Torsten Lodderstedt tors...@lodderstedt.netmailto:tors...@lodderstedt.net wrote: Hi all, I just published a new revision of the token revocation draft. We added JSONP support (thanks to Marius) and aligned the text with draft 21 of the core spec. We would like to bring this draft forward as working group item (once the WG is ready). We think its relevance is illustrated by the fact that this draft (or its predecessor) has already been implemented by Google, Salesforce, and Deutsche Telekom. regards, Torsten. Original-Nachricht Betreff:New Version Notification for draft-lodderstedt-oauth-revocation-03.txt Datum: Fri, 16 Sep 2011 12:20:14 -0700 Von:mailto:internet-dra...@ietf.org internet-dra...@ietf.orgmailto:internet-dra...@ietf.org An: mailto:tors...@lodderstedt.net tors...@lodderstedt.netmailto:tors...@lodderstedt.net CC: mailto:sdro...@gmx.de sdro...@gmx.demailto:sdro...@gmx.de, mailto:tors...@lodderstedt.net tors...@lodderstedt.netmailto:tors...@lodderstedt.net, mailto:mscurte...@google.com mscurte...@google.commailto:mscurte...@google.com A new version of I-D, draft-lodderstedt-oauth-revocation-03.txt has been successfully submitted by Torsten Lodderstedt and posted to the IETF repository. Filename:draft-lodderstedt-oauth-revocation Revision:03 Title: Token Revocation Creation date: 2011-09-16 WG ID: Individual Submission Number of pages: 6 Abstract: This draft proposes an additional endpoint for OAuth authorization servers for revoking tokens. The IETF Secretariat ___ OAuth mailing list OAuth@ietf.orgmailto:OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth ___ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth