Re: [OAUTH-WG] A question on token revocation.
Todd W Lainhart <lainhart@us.ibm.com> Wed, 06 February 2013 14:21 UTC
Return-Path: <lainhart@us.ibm.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3CC1221F8A74 for <oauth@ietfa.amsl.com>; Wed, 6 Feb 2013 06:21:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.524
X-Spam-Level:
X-Spam-Status: No, score=-10.524 tagged_above=-999 required=5 tests=[AWL=0.074, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bOq68HOziU88 for <oauth@ietfa.amsl.com>; Wed, 6 Feb 2013 06:21:58 -0800 (PST)
Received: from e9.ny.us.ibm.com (e9.ny.us.ibm.com [32.97.182.139]) by ietfa.amsl.com (Postfix) with ESMTP id 273B321F84DA for <oauth@ietf.org>; Wed, 6 Feb 2013 06:21:58 -0800 (PST)
Received: from /spool/local by e9.ny.us.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for <oauth@ietf.org> from <lainhart@us.ibm.com>; Wed, 6 Feb 2013 09:21:57 -0500
Received: from d01dlp02.pok.ibm.com (9.56.250.167) by e9.ny.us.ibm.com (192.168.1.109) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Wed, 6 Feb 2013 09:21:55 -0500
Received: from d01relay05.pok.ibm.com (d01relay05.pok.ibm.com [9.56.227.237]) by d01dlp02.pok.ibm.com (Postfix) with ESMTP id 57F956E801F; Wed, 6 Feb 2013 09:21:53 -0500 (EST)
Received: from d01av05.pok.ibm.com (d01av05.pok.ibm.com [9.56.224.195]) by d01relay05.pok.ibm.com (8.13.8/8.13.8/NCO v10.0) with ESMTP id r16ELs7w235278; Wed, 6 Feb 2013 09:21:54 -0500
Received: from d01av05.pok.ibm.com (loopback [127.0.0.1]) by d01av05.pok.ibm.com (8.14.4/8.13.1/NCO v10.0 AVout) with ESMTP id r16ELsS4001702; Wed, 6 Feb 2013 09:21:54 -0500
Received: from d01ml255.pok.ibm.com (d01ml255.pok.ibm.com [9.63.10.54]) by d01av05.pok.ibm.com (8.14.4/8.13.1/NCO v10.0 AVin) with ESMTP id r16ELsb2001699; Wed, 6 Feb 2013 09:21:54 -0500
In-Reply-To: <CAJV9qO8UgLV6SdegZSk4KT3Qyb-M2KmPFPV9xDht_WjibeUWrg@mail.gmail.com>
References: <CAJV9qO8UgLV6SdegZSk4KT3Qyb-M2KmPFPV9xDht_WjibeUWrg@mail.gmail.com>
To: Prabath Siriwardena <prabath@wso2.com>
MIME-Version: 1.0
X-KeepSent: 2F22026A:D81D17E1-85257B0A:004EC66E; type=4; name=$KeepSent
X-Mailer: Lotus Notes Release 8.5.3FP2 SHF22 July 19, 2012
Message-ID: <OF2F22026A.D81D17E1-ON85257B0A.004EC66E-85257B0A.004EE884@us.ibm.com>
From: Todd W Lainhart <lainhart@us.ibm.com>
Date: Wed, 06 Feb 2013 09:21:53 -0500
X-MIMETrack: Serialize by Router on D01ML255/01/M/IBM(Release 8.5.3FP2 ZX853FP2HF4|December 14, 2012) at 02/06/2013 09:21:53, Serialize complete at 02/06/2013 09:21:53
Content-Type: multipart/alternative; boundary="=_alternative 004EE88285257B0A_="
X-Content-Scanned: Fidelis XPS MAILER
x-cbid: 13020614-7182-0000-0000-0000050572B3
Cc: "oauth@ietf.org WG" <oauth@ietf.org>, oauth-bounces@ietf.org
Subject: Re: [OAUTH-WG] A question on token revocation.
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Feb 2013 14:21:59 -0000
> There can be cases where resource owner needs to revoke an authorized access token from a given client. Why wouldn't the RO go through the client to revoke the token? Todd Lainhart Rational software IBM Corporation 550 King Street, Littleton, MA 01460-1250 1-978-899-4705 2-276-4705 (T/L) lainhart@us.ibm.com From: Prabath Siriwardena <prabath@wso2.com> To: "oauth@ietf.org WG" <oauth@ietf.org>, Date: 02/06/2013 04:36 AM Subject: [OAUTH-WG] A question on token revocation. Sent by: oauth-bounces@ietf.org I am sorry if this was already discussed in this list.. Looking at [1] it only talks about revoking the access token from the client. How about the resource owner..? There can be cases where resource owner needs to revoke an authorized access token from a given client. Or revoke an scope.. How are we going to address these requirements..? Thoughts appreciated... [1] http://tools.ietf.org/html/draft-ietf-oauth-revocation-04 -- Thanks & Regards, Prabath Mobile : +94 71 809 6732 http://blog.facilelogin.com http://RampartFAQ.com_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
- [OAUTH-WG] A question on token revocation. Prabath Siriwardena
- Re: [OAUTH-WG] A question on token revocation. Todd W Lainhart
- Re: [OAUTH-WG] A question on token revocation. Justin Richer
- Re: [OAUTH-WG] A question on token revocation. Prabath Siriwardena
- Re: [OAUTH-WG] A question on token revocation. Prabath Siriwardena
- Re: [OAUTH-WG] A question on token revocation. William Mills
- Re: [OAUTH-WG] A question on token revocation. Justin Richer
- Re: [OAUTH-WG] A question on token revocation. Todd W Lainhart
- Re: [OAUTH-WG] A question on token revocation. Prabath Siriwardena
- Re: [OAUTH-WG] A question on token revocation. Todd W Lainhart
- Re: [OAUTH-WG] A question on token revocation. Prabath Siriwardena
- Re: [OAUTH-WG] A question on token revocation. Prabath Siriwardena
- Re: [OAUTH-WG] A question on token revocation. Torsten Lodderstedt
- Re: [OAUTH-WG] A question on token revocation. Prabath Siriwardena
- Re: [OAUTH-WG] A question on token revocation. zhou.sujing
- Re: [OAUTH-WG] A question on token revocation. Prabath Siriwardena
- Re: [OAUTH-WG] A question on token revocation. zhou.sujing
- Re: [OAUTH-WG] A question on token revocation. Justin Richer
- Re: [OAUTH-WG] A question on token revocation. zhou.sujing