Re: [OAUTH-WG] A question on token revocation.
William Mills <wmills_92105@yahoo.com> Wed, 06 February 2013 15:19 UTC
Return-Path: <wmills_92105@yahoo.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D80BB21F875F for <oauth@ietfa.amsl.com>; Wed, 6 Feb 2013 07:19:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.078
X-Spam-Level:
X-Spam-Status: No, score=-2.078 tagged_above=-999 required=5 tests=[AWL=0.520, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Prx9KA5VSw-O for <oauth@ietfa.amsl.com>; Wed, 6 Feb 2013 07:19:32 -0800 (PST)
Received: from nm39-vm2.bullet.mail.ne1.yahoo.com (nm39-vm2.bullet.mail.ne1.yahoo.com [98.138.229.162]) by ietfa.amsl.com (Postfix) with ESMTP id 8DAE521F8585 for <oauth@ietf.org>; Wed, 6 Feb 2013 07:19:31 -0800 (PST)
Received: from [98.138.226.178] by nm39.bullet.mail.ne1.yahoo.com with NNFMP; 06 Feb 2013 15:19:31 -0000
Received: from [98.138.89.246] by tm13.bullet.mail.ne1.yahoo.com with NNFMP; 06 Feb 2013 15:19:31 -0000
Received: from [127.0.0.1] by omp1060.mail.ne1.yahoo.com with NNFMP; 06 Feb 2013 15:19:31 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 48141.39758.bm@omp1060.mail.ne1.yahoo.com
Received: (qmail 86362 invoked by uid 60001); 6 Feb 2013 15:19:30 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1360163970; bh=S7/B7pZS6HZhl65cD9klIa98VsKh/3Lv1o8F3NTAYOs=; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=PQ0JlwSsmO6LCgr/1VJ8F/OS24Z8IwVvx1dqCMEtZfZJA0Gdeuxju6KqbcjInCUszVJmqm5LMLM5ZqHR8hP23Kr3jrSGmVtlA1uhNhBg0njZG5AygmBvj4JH45NKvCXUuz8t76SN9rVn3mZctlxfCUT21k4K1iB369bkAaWMXgg=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type; b=RFbdu3P0aCWDcodiL53JFP5ZJo+nwJs3Q7ILICnQqlcCdOktsjHpbdpnQ7qWRWz/vyyTwvukNxW3Yx69NhZDmNoLOullrPemK4Irlec+Pde4wdF77x++mRB9wKbI3J9tqtIfa54LswzrLE9rvF0m5S6+wxQXqB+0xObVaIPK4H0=;
X-YMail-OSG: YF5MwJYVM1ln0m41G2jZvHbiA5dtuLuEsL0VdMuUWjlRmHh uNelSYoqsoie8GplAnw4K8vP.n7dw2GaVVhWISc8AINZiWMhwYOJJ6bel_Ye Ym9.WLAOWch7diOp1n47LjIJYAswN_l98pVyxN.HL158i4NFG_r8_oP1ZRzL hcx9HXUJYd3g_ZB0afgco7gLyPUHPpaabNvKqXo_TSe5tdQaGkw418Uh9j.I Rr93Yz0tp2EfzFQEAugobGLU.6x.iAvb8X1lmzSsxdiX5ESQD_Zoh0FjZgbE J2rjECqHLjasWrMZwmhjY2_J0en2HvaDGPNhM_HGzudg.AYCsrGWbCiNInwG jmJ0M05VWB4kGqobYxLmcY6lRri71wyTGpAifWs3EtrotqL_UePY_IBPVvM2 b4kcuKOlEBWFsg5NMOqW_EAstq2nysYdPzAldGq0SSZ.SA.O4P5sFNKLo6iC .YZa4Z3EoEiGWJdNvhZr7PTwbRgcVT.v3328fpD3bnRSZgtj84slVirCN92C ys7o2Z4cU7O0e4i4hHv2MK9DXjfxex3AmsX64UHAUCSzliYQ1XbQ34ODdpvi AZoFMmkm6zbMdKf2qeqaKof1aEWDAjItZFTyLshggCCMteLcZIx5l5m7iWnj xUImz0kw6oAUy6YXiIfJmtWRwxIUDodaun01EI0MUjNU-
Received: from [209.131.62.115] by web31811.mail.mud.yahoo.com via HTTP; Wed, 06 Feb 2013 07:19:30 PST
X-Rocket-MIMEInfo: 001.001, KzEKCgpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXwogRnJvbTogUHJhYmF0aCBTaXJpd2FyZGVuYSA8cHJhYmF0aEB3c28yLmNvbT4KVG86IFRvZGQgVyBMYWluaGFydCA8bGFpbmhhcnRAdXMuaWJtLmNvbT4gCkNjOiAib2F1dGhAaWV0Zi5vcmcgV0ciIDxvYXV0aEBpZXRmLm9yZz47IG9hdXRoLWJvdW5jZXNAaWV0Zi5vcmcgClNlbnQ6IFdlZG5lc2RheSwgRmVicnVhcnkgNiwgMjAxMyA3OjA0IEFNClN1YmplY3Q6IFJlOiBbT0FVVEgtV0ddIEEgcXVlc3Rpb24gb24gdG9rZW4gcmV2b2NhdGlvbi4BMAEBAQE-
X-Mailer: YahooMailWebService/0.8.133.504
References: <CAJV9qO8UgLV6SdegZSk4KT3Qyb-M2KmPFPV9xDht_WjibeUWrg@mail.gmail.com> <OF2F22026A.D81D17E1-ON85257B0A.004EC66E-85257B0A.004EE884@us.ibm.com> <CAJV9qO9B-2eWK7Vss4XGspUhTU0S716Nh4acii5f9puJvmT7mQ@mail.gmail.com>
Message-ID: <1360163970.12201.YahooMailNeo@web31811.mail.mud.yahoo.com>
Date: Wed, 06 Feb 2013 07:19:30 -0800
From: William Mills <wmills_92105@yahoo.com>
To: Prabath Siriwardena <prabath@wso2.com>, Todd W Lainhart <lainhart@us.ibm.com>
In-Reply-To: <CAJV9qO9B-2eWK7Vss4XGspUhTU0S716Nh4acii5f9puJvmT7mQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="764183289-1769135125-1360163970=:12201"
Cc: "oauth@ietf.org WG" <oauth@ietf.org>, "oauth-bounces@ietf.org" <oauth-bounces@ietf.org>
Subject: Re: [OAUTH-WG] A question on token revocation.
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: William Mills <wmills_92105@yahoo.com>
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Feb 2013 15:19:33 -0000
+1 ________________________________ From: Prabath Siriwardena <prabath@wso2.com> To: Todd W Lainhart <lainhart@us.ibm.com> Cc: "oauth@ietf.org WG" <oauth@ietf.org>; oauth-bounces@ietf.org Sent: Wednesday, February 6, 2013 7:04 AM Subject: Re: [OAUTH-WG] A question on token revocation. On Wed, Feb 6, 2013 at 7:51 PM, Todd W Lainhart <lainhart@us.ibm.com> wrote: > There can be cases where resource owner needs to revoke an authorized access token from a given client. > >Why wouldn't the RO go through the client to revoke the token? > RO needs not to go through the client to revoke. Resource owner should have the capability to revoke an acces token by client. Thanks & regards, -Prabath > > > > >Todd Lainhart >Rational software >IBM Corporation >550 King Street, Littleton, MA 01460-1250 >1-978-899-4705 >2-276-4705 (T/L) >lainhart@us.ibm.com > > > > >From: Prabath Siriwardena <prabath@wso2.com> >To: "oauth@ietf.org WG" <oauth@ietf.org>, >Date: 02/06/2013 04:36 AM >Subject: [OAUTH-WG] A question on token revocation. >Sent by: oauth-bounces@ietf.org >>________________________________ > > > > >I am sorry if this was already discussed in this list.. > >Looking at [1] it only talks about revoking the access token from the client. > >How about the resource owner..? > >There can be cases where resource owner needs to revoke an authorized access token from a given client. Or revoke an scope.. > >How are we going to address these requirements..? Thoughts appreciated... > >[1] http://tools.ietf.org/html/draft-ietf-oauth-revocation-04 > >-- >Thanks & Regards, >Prabath > >Mobile : +94 71 809 6732 > >http://blog.facilelogin.com >http://RampartFAQ.com_______________________________________________ >OAuth mailing list >OAuth@ietf.org >https://www.ietf.org/mailman/listinfo/oauth > > -- Thanks & Regards, Prabath Mobile : +94 71 809 6732 http://blog.facilelogin.com http://RampartFAQ.com _______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] A question on token revocation. Prabath Siriwardena
- Re: [OAUTH-WG] A question on token revocation. Todd W Lainhart
- Re: [OAUTH-WG] A question on token revocation. Justin Richer
- Re: [OAUTH-WG] A question on token revocation. Prabath Siriwardena
- Re: [OAUTH-WG] A question on token revocation. Prabath Siriwardena
- Re: [OAUTH-WG] A question on token revocation. William Mills
- Re: [OAUTH-WG] A question on token revocation. Justin Richer
- Re: [OAUTH-WG] A question on token revocation. Todd W Lainhart
- Re: [OAUTH-WG] A question on token revocation. Prabath Siriwardena
- Re: [OAUTH-WG] A question on token revocation. Todd W Lainhart
- Re: [OAUTH-WG] A question on token revocation. Prabath Siriwardena
- Re: [OAUTH-WG] A question on token revocation. Prabath Siriwardena
- Re: [OAUTH-WG] A question on token revocation. Torsten Lodderstedt
- Re: [OAUTH-WG] A question on token revocation. Prabath Siriwardena
- Re: [OAUTH-WG] A question on token revocation. zhou.sujing
- Re: [OAUTH-WG] A question on token revocation. Prabath Siriwardena
- Re: [OAUTH-WG] A question on token revocation. zhou.sujing
- Re: [OAUTH-WG] A question on token revocation. Justin Richer
- Re: [OAUTH-WG] A question on token revocation. zhou.sujing