Re: [OAUTH-WG] Protocol Action: 'OAuth 2.0 Token Revocation' to Proposed Standard (draft-ietf-oauth-revocation-11.txt)
Derek Atkins <derek@ihtfp.com> Thu, 22 August 2013 21:57 UTC
Return-Path: <derek@ihtfp.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9187F21F9BB6 for <oauth@ietfa.amsl.com>; Thu, 22 Aug 2013 14:57:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id f-IraI9NEbg2 for <oauth@ietfa.amsl.com>; Thu, 22 Aug 2013 14:57:56 -0700 (PDT)
Received: from mail2.ihtfp.org (mail2.ihtfp.org [IPv6:2001:4830:143:1::3a11]) by ietfa.amsl.com (Postfix) with ESMTP id BC99B21F9A44 for <oauth@ietf.org>; Thu, 22 Aug 2013 14:57:56 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail2.ihtfp.org (Postfix) with ESMTP id 957B12602B2; Thu, 22 Aug 2013 17:57:55 -0400 (EDT)
Received: from mail2.ihtfp.org ([127.0.0.1]) by localhost (mail2.ihtfp.org [127.0.0.1]) (amavisd-maia, port 10024) with ESMTP id 07077-03; Thu, 22 Aug 2013 17:57:54 -0400 (EDT)
Received: from mocana.ihtfp.org (unknown [IPv6:fe80::224:d7ff:fee7:8924]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "cliodev.ihtfp.com", Issuer "IHTFP Consulting Certification Authority" (not verified)) by mail2.ihtfp.org (Postfix) with ESMTPS id 2961F260237; Thu, 22 Aug 2013 17:57:54 -0400 (EDT)
Received: (from warlord@localhost) by mocana.ihtfp.org (8.14.7/8.14.5/Submit) id r7MLvq9c009036; Thu, 22 Aug 2013 17:57:52 -0400
From: Derek Atkins <derek@ihtfp.com>
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
References: <20130720024322.16346.87648.idtracker@ietfa.amsl.com> <0695B0C0-3D95-4CBE-836C-2BCF4E560439@gmx.net>
Date: Thu, 22 Aug 2013 17:57:51 -0400
In-Reply-To: <0695B0C0-3D95-4CBE-836C-2BCF4E560439@gmx.net> (Hannes Tschofenig's message of "Mon, 22 Jul 2013 11:03:20 +0200")
Message-ID: <sjmk3jdpew0.fsf@mocana.ihtfp.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Virus-Scanned: Maia Mailguard 1.0.2a
Cc: oauth mailing list <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Protocol Action: 'OAuth 2.0 Token Revocation' to Proposed Standard (draft-ietf-oauth-revocation-11.txt)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Aug 2013 21:57:57 -0000
... Which was just published as RFC 7009. Great work, everyone! -derek Hannes Tschofenig <hannes.tschofenig@gmx.net> writes: > A big "Thank you" goes to Torsten for working hard to get the document > through the IETF process. > > On Jul 20, 2013, at 4:43 AM, The IESG wrote: > >> The IESG has approved the following document: >> - 'OAuth 2.0 Token Revocation' >> (draft-ietf-oauth-revocation-11.txt) as Proposed Standard >> >> This document is the product of the Web Authorization Protocol Working >> Group. >> >> The IESG contact persons are Stephen Farrell and Sean Turner. >> >> A URL of this Internet Draft is: >> http://datatracker.ietf.org/doc/draft-ietf-oauth-revocation/ >> >> >> >> >> Technical Summary >> >> The OAuth Token Revocation specification proposes an additional >> endpoint for OAuth authorization servers, which allows clients to >> notify the authorization server that a previously obtained refresh >> or access token is no longer needed. This allows the authorization >> server to cleanup security credentials. A revocation request will >> invalidate the actual token and, if applicable, other tokens based >> on the same authorization grant. >> >> Working Group Summary >> >> The document experienced no particular problems in the working >> group. >> >> Document Quality >> >> The document has been deployed by four companies, namely >> by Salesforce, Google, Deutsche Telekom, and MITRE. The >> working group reviewed and discussed the document extensively. >> >> There was a comment from the appsdir review that was not >> accepted. The reviewer (mnot) suggested a discovery >> mechanism was needed, but the wg are working on >> generic oauth discovery and not just for revocation and >> so decided not to make that change. >> >> Personnel >> >> Hannes Tschofenig is the document shepherd. >> The responsible area director is Stephen Farrell. >> >> _______________________________________________ >> OAuth mailing list >> OAuth@ietf.org >> https://www.ietf.org/mailman/listinfo/oauth > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > > -- Derek Atkins 617-623-3745 derek@ihtfp.com www.ihtfp.com Computer and Internet Security Consultant
- [OAUTH-WG] Protocol Action: 'OAuth 2.0 Token Revo… The IESG
- Re: [OAUTH-WG] Protocol Action: 'OAuth 2.0 Token … Hannes Tschofenig
- Re: [OAUTH-WG] Protocol Action: 'OAuth 2.0 Token … Derek Atkins