IETF Logo Mail Archive

Re: [OAUTH-WG] Token expiration

Hubert Le Van Gong <hubertlvg@gmail.com> Mon, 21 September 2009 21:40 UTC

Return-Path: <hubertlvg@gmail.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E52B83A68FB for <oauth@core3.amsl.com>; Mon, 21 Sep 2009 14:40:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[AWL=0.600, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5HK-ztNPMr22 for <oauth@core3.amsl.com>; Mon, 21 Sep 2009 14:40:12 -0700 (PDT)
Received: from mail-bw0-f210.google.com (mail-bw0-f210.google.com [209.85.218.210]) by core3.amsl.com (Postfix) with ESMTP id D25543A683F for <oauth@ietf.org>; Mon, 21 Sep 2009 14:40:09 -0700 (PDT)
Received: by bwz6 with SMTP id 6so2244803bwz.37 for <oauth@ietf.org>; Mon, 21 Sep 2009 14:41:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=7oyFhH79KrBt/GUTOzsqwMiZH+QjKD/IsDGoxYl94PQ=; b=ocHYybYoDHArANuQDyswk/CJdvxRQD+Mc0ke/DzM/NKpAYchcYzjosQLqmZKZDhcqg GrZZBj7b94cvcP8b67spnlRBXCyQW7dLupivPadxQFiT6tvRA/L/ZcYXpib92cMGq3Ji uionHxCH2rK+SdYNYDC8wrDv+p1fZyAJxeCog=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=kxmGNUDgVPDaGb2aAoMlCbDjjub2Yfu4NLzHValuwwjuuNSV9PZlk9f0r1dDgcQ+fV I2go4EnictL7XHpvVQS2oSuv1VfU0m3mx5O9rkrUBrlzsftQuhNljfgYzD93hICFUmkg c514bl3knDeI2HiJPVhdEIR2Gu6ADACFgh2xo=
MIME-Version: 1.0
Received: by 10.204.19.132 with SMTP id a4mr123740bkb.21.1253569268558; Mon, 21 Sep 2009 14:41:08 -0700 (PDT)
In-Reply-To: <90C41DD21FB7C64BB94121FBBC2E72343784D584A3@P3PW5EX1MB01.EX1.SECURESERVER.NET>
References: <90C41DD21FB7C64BB94121FBBC2E72343784D584A3@P3PW5EX1MB01.EX1.SECURESERVER.NET>
Date: Mon, 21 Sep 2009 23:41:08 +0200
Message-ID: <6c0fd2bc0909211441o3eacc564t2917cf5b94f99800@mail.gmail.com>
From: Hubert Le Van Gong <hubertlvg@gmail.com>
To: oauth@ietf.org
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: Re: [OAUTH-WG] Token expiration
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Sep 2009 21:40:15 -0000

It is obviously useful to have. In fact it's so useful I'll bet most
token format
used do include one. Having it outside the token becomes redundant then but
maybe it's not that bad.

BTW why not using dateTime (http://www.w3.org/TR/xmlschema-2/#dateTime)?

Cheers,
Hubert


On Mon, Sep 21, 2009 at 11:25 PM, Eran Hammer-Lahav <eran@hueniverse.com> wrote:
> Should the core spec support the ability to indicate the duration of token credentials? This would be an addition to the web delegation draft [1] in section 6 (Token Credentials) in the form of a new response parameter, something like:
>
> oauth_token_duration
>    The token duration specified in second from the time of the HTTP response timestamp.
>
> This has been consistently at the top of missing core funcationality.
>
>
> EHL
>
> [1] http://tools.ietf.org/html/draft-ietf-oauth-web-delegation-01
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>

v2.23.0 | Report a Bug | By Email