Protocol Action: 'OAuth 2.0 Token Revocation' to Proposed Standard (draft-ietf-oauth-revocation-11.txt)
The IESG <iesg-secretary@ietf.org> Sat, 20 July 2013 02:43 UTC
Return-Path: <iesg-secretary@ietf.org>
X-Original-To: ietf-announce@ietfa.amsl.com
Delivered-To: ietf-announce@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5897021E80D2; Fri, 19 Jul 2013 19:43:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.477
X-Spam-Level:
X-Spam-Status: No, score=-102.477 tagged_above=-999 required=5 tests=[AWL=0.123, BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5WhozThR5N9A; Fri, 19 Jul 2013 19:43:27 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id BAC1321E80D8; Fri, 19 Jul 2013 19:43:22 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Subject: Protocol Action: 'OAuth 2.0 Token Revocation' to Proposed Standard (draft-ietf-oauth-revocation-11.txt)
X-Test-IDTracker: no
X-IETF-IDTracker: 4.53
Message-ID: <20130720024322.16346.87648.idtracker@ietfa.amsl.com>
Date: Fri, 19 Jul 2013 19:43:22 -0700
Cc: oauth chair <oauth-chairs@tools.ietf.org>, oauth mailing list <oauth@ietf.org>, RFC Editor <rfc-editor@rfc-editor.org>
X-BeenThere: ietf-announce@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: ietf@ietf.org
List-Id: "IETF announcement list. No discussions." <ietf-announce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf-announce>
List-Post: <mailto:ietf-announce@ietf.org>
List-Help: <mailto:ietf-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 20 Jul 2013 02:43:28 -0000
The IESG has approved the following document: - 'OAuth 2.0 Token Revocation' (draft-ietf-oauth-revocation-11.txt) as Proposed Standard This document is the product of the Web Authorization Protocol Working Group. The IESG contact persons are Stephen Farrell and Sean Turner. A URL of this Internet Draft is: http://datatracker.ietf.org/doc/draft-ietf-oauth-revocation/ Technical Summary The OAuth Token Revocation specification proposes an additional endpoint for OAuth authorization servers, which allows clients to notify the authorization server that a previously obtained refresh or access token is no longer needed. This allows the authorization server to cleanup security credentials. A revocation request will invalidate the actual token and, if applicable, other tokens based on the same authorization grant. Working Group Summary The document experienced no particular problems in the working group. Document Quality The document has been deployed by four companies, namely by Salesforce, Google, Deutsche Telekom, and MITRE. The working group reviewed and discussed the document extensively. There was a comment from the appsdir review that was not accepted. The reviewer (mnot) suggested a discovery mechanism was needed, but the wg are working on generic oauth discovery and not just for revocation and so decided not to make that change. Personnel Hannes Tschofenig is the document shepherd. The responsible area director is Stephen Farrell.