Re: [OAUTH-WG] A question on token revocation.

s on the end > > > point is the problem? > > > > > > In fact what I meant was - when RO authorizes the an access token > > > for client for particular scope. Those information are kept at the AS. > > > > > > Now - if the RO want to revoke

Re: [OAUTH-WG] A question on token revocation.

ticate him self to the AS and pass the consumer key and the > > scope. So AS can revoke access. > > > > Thanks & regards, > > -Prabath > > > > > > > > > > > > Todd Lainhart > > Rational software > > IBM Corporation > >

Re: [OAUTH-WG] A question on token revocation.

icate him self to the AS and pass the consumer key and the > > scope. So AS can revoke access. > > > > Thanks & regards, > > -Prabath > > > > > > > > > > > > Todd Lainhart > > Rational software > > IBM Corporation >

Re: [OAUTH-WG] A question on token revocation.

he AS and pass the consumer key and the > > scope. So AS can revoke access. > > > > Thanks & regards, > > -Prabath > > > > > > > > > > > > Todd Lainhart > > Rational software > > IBM Corporation > > 550 King Street, Litt

Re: [OAUTH-WG] A question on token revocation.

t; > > > > Todd Lainhart > Rational software > IBM Corporation > 550 King Street, Littleton, MA 01460-1250 > 1-978-899-4705 > 2-276-4705 (T/L) > lainh...@us.ibm.com > > > > > > From:Prabath Siriwardena > To:Justin Richer , >

Re: [OAUTH-WG] A question on token revocation.

pass the consumer key and the scope. So > AS can revoke access. > > Thanks & regards, > -Prabath > > >> >> * >> >> >> Todd Lainhart >> Rational software >> IBM Corporation >> 550 King Street, Littleton, MA 01460-1250** >> 1-

Re: [OAUTH-WG] A question on token revocation.

99-4705 >> 2-276-4705 (T/L) >> lainh...@us.ibm.com >> >> >> >> >> >> From:Prabath Siriwardena >> To:Justin Richer , >> Cc:"oauth@ietf.org WG" >> Date:02/06/2013 10:31 AM >>

Re: [OAUTH-WG] A question on token revocation.

From:Prabath Siriwardena > To:Justin Richer , > Cc: "oauth@ietf.org WG" > Date:02/06/2013 10:31 AM > Subject:Re: [OAUTH-WG] A question on token revocation. > Sent by:oauth-boun...@ietf.org > -- &g

Re: [OAUTH-WG] A question on token revocation.

MA 01460-1250** > 1-978-899-4705 > 2-276-4705 (T/L) > lainh...@us.ibm.com* > > > > > From:Justin Richer > To:Prabath Siriwardena , > Cc: "oauth@ietf.org WG" > Date:02/06/2013 10:21 AM > Subjec

Re: [OAUTH-WG] A question on token revocation.

King Street, Littleton, MA 01460-1250 1-978-899-4705 2-276-4705 (T/L) lainh...@us.ibm.com From: Prabath Siriwardena To: Justin Richer , Cc: "oauth@ietf.org WG" Date: 02/06/2013 10:31 AM Subject: Re: [OAUTH-WG] A question on token revocation. Sent by:

Re: [OAUTH-WG] A question on token revocation.

On Wed, Feb 6, 2013 at 8:49 PM, Justin Richer wrote: > > On 02/06/2013 10:13 AM, Prabath Siriwardena wrote: > > > > On Wed, Feb 6, 2013 at 8:19 PM, Justin Richer wrote: > >> These are generally handled through a user interface where the RO is >> authenticated directly to the AS, and there's not

Re: [OAUTH-WG] A question on token revocation.

ittleton, MA 01460-1250 1-978-899-4705 2-276-4705 (T/L) lainh...@us.ibm.com From: Justin Richer To: Prabath Siriwardena , Cc: "oauth@ietf.org WG" Date: 02/06/2013 10:21 AM Subject: Re: [OAUTH-WG] A question on token revocation. Sent by:oauth-boun...@ietf.org

Re: [OAUTH-WG] A question on token revocation.

On 02/06/2013 10:13 AM, Prabath Siriwardena wrote: On Wed, Feb 6, 2013 at 8:19 PM, Justin Richer > wrote: These are generally handled through a user interface where the RO is authenticated directly to the AS, and there's not much need for a "protocol" he

Re: [OAUTH-WG] A question on token revocation.

+1 From: Prabath Siriwardena To: Todd W Lainhart Cc: "oauth@ietf.org WG" ; oauth-boun...@ietf.org Sent: Wednesday, February 6, 2013 7:04 AM Subject: Re: [OAUTH-WG] A question on token revocation. On Wed, Feb 6, 2013 at 7:51 PM, Todd W Lainh

Re: [OAUTH-WG] A question on token revocation.

On Wed, Feb 6, 2013 at 8:19 PM, Justin Richer wrote: > These are generally handled through a user interface where the RO is > authenticated directly to the AS, and there's not much need for a > "protocol" here, in practice. > Why do you think leaving access token revocation by RO to a proprieta

Re: [OAUTH-WG] A question on token revocation.

/L) > lainh...@us.ibm.com* > > > > > From:Prabath Siriwardena > To: "oauth@ietf.org WG" , > Date:02/06/2013 04:36 AM > Subject:[OAUTH-WG] A question on token revocation. > Sent by:oauth-boun...@ietf.org >

Re: [OAUTH-WG] A question on token revocation.

These are generally handled through a user interface where the RO is authenticated directly to the AS, and there's not much need for a "protocol" here, in practice. There are larger applications, like UMA, that have client and PR provisioning that would allow for this to be managed somewhat pro

Re: [OAUTH-WG] A question on token revocation.

705 (T/L) lainh...@us.ibm.com From: Prabath Siriwardena To: "oauth@ietf.org WG" , Date: 02/06/2013 04:36 AM Subject: [OAUTH-WG] A question on token revocation. Sent by:oauth-boun...@ietf.org I am sorry if this was already discussed in this list.. Looking at

[OAUTH-WG] A question on token revocation.

I am sorry if this was already discussed in this list.. Looking at [1] it only talks about revoking the access token from the client. How about the resource owner..? There can be cases where resource owner needs to revoke an authorized access token from a given client. Or revoke an scope.. How