[OAUTH-WG] I-D on token revocation submitted
Torsten Lodderstedt <torsten@lodderstedt.net> Tue, 07 September 2010 22:21 UTC
Return-Path: <torsten@lodderstedt.net>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 479E93A698B for <oauth@core3.amsl.com>; Tue, 7 Sep 2010 15:21:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[AWL=0.154, BAYES_00=-2.599, HELO_EQ_DE=0.35]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o2Opnn5lnE9r for <oauth@core3.amsl.com>; Tue, 7 Sep 2010 15:21:22 -0700 (PDT)
Received: from smtprelay03.ispgateway.de (smtprelay03.ispgateway.de [80.67.31.37]) by core3.amsl.com (Postfix) with ESMTP id 4E12B3A6966 for <oauth@ietf.org>; Tue, 7 Sep 2010 15:21:22 -0700 (PDT)
Received: from p4ffd1e68.dip.t-dialin.net ([79.253.30.104] helo=[127.0.0.1]) by smtprelay03.ispgateway.de with esmtpa (Exim 4.68) (envelope-from <torsten@lodderstedt.net>) id 1Ot6Y1-0005hC-23 for oauth@ietf.org; Wed, 08 Sep 2010 00:21:49 +0200
Message-ID: <4C86BAF4.3060906@lodderstedt.net>
Date: Wed, 08 Sep 2010 00:21:40 +0200
From: Torsten Lodderstedt <torsten@lodderstedt.net>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2.8) Gecko/20100802 Thunderbird/3.1.2
MIME-Version: 1.0
To: "OAuth WG (oauth@ietf.org)" <oauth@ietf.org>
Content-Type: text/plain; charset="ISO-8859-15"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Df-Sender: 141509
Subject: [OAUTH-WG] I-D on token revocation submitted
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Sep 2010 22:21:23 -0000
I just submited the first version of my I-D for token revocation. Link: https://datatracker.ietf.org/doc/draft-lodderstedt-oauth-revocation/ The I-D proposes an additional endpoint, which can be used to revoke both refresh and access tokens. The objective is to enhance OAuth security by giving clients and users explicite control of the finalization of the token life cycle, e.g. to implement application logout or access authorization removal. Please take the time to review the document (2 pages, essentially) and give me feedback. My goal is that this draft becomes a working group document. regards, Torsten.
- [OAUTH-WG] I-D on token revocation submitted Torsten Lodderstedt
- Re: [OAUTH-WG] I-D on token revocation submitted Stefanie Dronia
- Re: [OAUTH-WG] I-D on token revocation submitted Brian Campbell
- Re: [OAUTH-WG] I-D on token revocation submitted Stefanie Dronia
- Re: [OAUTH-WG] I-D on token revocation submitted Torsten Lodderstedt
- Re: [OAUTH-WG] I-D on token revocation submitted Torsten Lodderstedt
- Re: [OAUTH-WG] I-D on token revocation submitted Brian Campbell
- Re: [OAUTH-WG] I-D on token revocation submitted Torsten Lodderstedt