Re: [OAUTH-WG] Fwd: New Version Notification for draft-lodderstedt-oauth-revocation-03.txt
Craig McClanahan <craigmcc@gmail.com> Thu, 27 October 2011 06:10 UTC
Return-Path: <craigmcc@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7CDA021F88B6 for <oauth@ietfa.amsl.com>; Wed, 26 Oct 2011 23:10:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.598
X-Spam-Level:
X-Spam-Status: No, score=-3.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Lvajz+-64drq for <oauth@ietfa.amsl.com>; Wed, 26 Oct 2011 23:10:10 -0700 (PDT)
Received: from mail-wy0-f172.google.com (mail-wy0-f172.google.com [74.125.82.172]) by ietfa.amsl.com (Postfix) with ESMTP id 6175E21F8997 for <oauth@ietf.org>; Wed, 26 Oct 2011 23:10:10 -0700 (PDT)
Received: by wyh22 with SMTP id 22so2857148wyh.31 for <oauth@ietf.org>; Wed, 26 Oct 2011 23:10:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:reply-to:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=qOXcKh4BiwMnMjMfyMIM7V75LbaJKNFSsab1X2HHiW4=; b=g4nyuSouX++AFjDTFn3JQZSgPZ/lmPeGwpLIC5/ztl4//F3Cg5385U5GIe3dFbDKTR ugdGE8f1AQbcO7oLulRbef3kgze8pjM53QUT6k5nc1EqenZDBIi+mJgAk6tx/yN7/Hyw pFoiCu35wemMl++asrwsMyt22Xe5cNrSdO62Q=
MIME-Version: 1.0
Received: by 10.227.208.71 with SMTP id gb7mr13853633wbb.7.1319695805429; Wed, 26 Oct 2011 23:10:05 -0700 (PDT)
Received: by 10.180.107.134 with HTTP; Wed, 26 Oct 2011 23:10:05 -0700 (PDT)
In-Reply-To: <4E73A431.2020205@lodderstedt.net>
References: <20110916192014.6501.87499.idtracker@ietfa.amsl.com> <4E73A431.2020205@lodderstedt.net>
Date: Wed, 26 Oct 2011 23:10:05 -0700
Message-ID: <CANgkmLCua3UGiKxv6o7tM394oPsP0zq01RBC7N2a6ib8h15pgQ@mail.gmail.com>
From: Craig McClanahan <craigmcc@gmail.com>
To: Torsten Lodderstedt <torsten@lodderstedt.net>
Content-Type: multipart/alternative; boundary="001517448430b1b87b04b0419f91"
Cc: OAuth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Fwd: New Version Notification for draft-lodderstedt-oauth-revocation-03.txt
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: craigmcc@gmail.com
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Oct 2011 06:10:12 -0000
As a substantive comment on the draft (I'm in favor of it being a working group item), it is not clear whether "Basic" is a required value on the "Authorization" header included in a revocation request. In some scenarios (particularly three legged), the client app will not possess the username and password of they end user -- it might only possess a currently valid access token. It would seem that including such a token should be a viable authentication mechanism. Craig McClanahan On Fri, Sep 16, 2011 at 12:32 PM, Torsten Lodderstedt < torsten@lodderstedt.net> wrote: > Hi all, > > I just published a new revision of the token revocation draft. We added > JSONP support (thanks to Marius) and aligned the text with draft 21 of the > core spec. > > We would like to bring this draft forward as working group item (once the > WG is ready). We think its relevance is illustrated by the fact that this > draft (or its predecessor) has already been implemented by Google, > Salesforce, and Deutsche Telekom. > > regards, > Torsten. > > -------- Original-Nachricht -------- Betreff: New Version Notification > for draft-lodderstedt-oauth-revocation-03.txt Datum: Fri, 16 Sep 2011 > 12:20:14 -0700 Von: internet-drafts@ietf.org An: torsten@lodderstedt.net CC: > sdronia@gmx.de, torsten@lodderstedt.net, mscurtescu@google.com > > A new version of I-D, draft-lodderstedt-oauth-revocation-03.txt has been successfully submitted by Torsten Lodderstedt and posted to the IETF repository. > > Filename: draft-lodderstedt-oauth-revocation > Revision: 03 > Title: Token Revocation > Creation date: 2011-09-16 > WG ID: Individual Submission > Number of pages: 6 > > Abstract: > This draft proposes an additional endpoint for OAuth authorization > servers for revoking tokens. > > > > > The IETF Secretariat > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > >
- [OAUTH-WG] Fwd: New Version Notification for draf… Torsten Lodderstedt
- Re: [OAUTH-WG] Fwd: New Version Notification for … Chuck Mortimore
- Re: [OAUTH-WG] Fwd: New Version Notification for … Justin Richer
- Re: [OAUTH-WG] Fwd: New Version Notification for … Marius Scurtescu
- Re: [OAUTH-WG] Fwd: New Version Notification for … Eran Hammer-Lahav
- Re: [OAUTH-WG] Fwd: New Version Notification for … Lu, Hui-Lan (Huilan)
- Re: [OAUTH-WG] Fwd: New Version Notification for … Igor Faynberg
- Re: [OAUTH-WG] Fwd: New Version Notification for … Craig McClanahan
- Re: [OAUTH-WG] Fwd: New Version Notification for … Torsten Lodderstedt