IETF Logo Mail Archive

[OAUTH-WG] A question on token revocation.

Prabath Siriwardena <prabath@wso2.com> Wed, 06 February 2013 09:35 UTC

Return-Path: <prabath@wso2.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BDB3021F8808 for <oauth@ietfa.amsl.com>; Wed, 6 Feb 2013 01:35:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.212
X-Spam-Level:
X-Spam-Status: No, score=-2.212 tagged_above=-999 required=5 tests=[AWL=0.764, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id O3sQ8oP5YGoU for <oauth@ietfa.amsl.com>; Wed, 6 Feb 2013 01:35:50 -0800 (PST)
Received: from mail-ea0-f174.google.com (mail-ea0-f174.google.com [209.85.215.174]) by ietfa.amsl.com (Postfix) with ESMTP id D2DB621F8793 for <oauth@ietf.org>; Wed, 6 Feb 2013 01:35:43 -0800 (PST)
Received: by mail-ea0-f174.google.com with SMTP id 1so495802eaa.5 for <oauth@ietf.org>; Wed, 06 Feb 2013 01:35:42 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-received:date:message-id:subject:from:to :content-type:x-gm-message-state; bh=ktCkw28LtzPSF8fZFtRA7OhIwjk1XSs2QxtYQo/LJUc=; b=QztbhOUw6/n02HVnPJRn9s20HADzingNPYddtJuKavCQAsIAeYEbkWRX53trGA3QG0 pzLITldOE1/dtMlNWt9CLRjeyX9+Jbq+l6fhuGvCRAIajuRN+GztJuNKeWBor7Z/bcP8 /Xs1BuzLyiVWzYPEGUcBZBLGIOS4BFGavTDdWMooSvcy8PAy8XlogskuHgCOMcb2Z+3o fQsda9u38vPAFfI/q72EV+B1xvD6TcRcdqusZAGJEKHA8UxVEEc8jE8I5MosnYmuR6ha Ar0VOS3QDMhPcB6AgDmH+NXGEkvCWl8w6Zgs8d07RnhS2aVBcH2gv9/HAzCto2F7jwP9 yF5g==
MIME-Version: 1.0
X-Received: by 10.14.176.133 with SMTP id b5mr80637584eem.37.1360143342405; Wed, 06 Feb 2013 01:35:42 -0800 (PST)
Received: by 10.223.175.134 with HTTP; Wed, 6 Feb 2013 01:35:42 -0800 (PST)
Date: Wed, 06 Feb 2013 15:05:42 +0530
Message-ID: <CAJV9qO8UgLV6SdegZSk4KT3Qyb-M2KmPFPV9xDht_WjibeUWrg@mail.gmail.com>
From: Prabath Siriwardena <prabath@wso2.com>
To: "oauth@ietf.org WG" <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="047d7b603c02c486fe04d50b0cc7"
X-Gm-Message-State: ALoCoQkxHe5CLd4qTERdfPtzbZVctpz188gR3gnQBhjZUGp13qnMXlZi1GYR38tdI7sdeXF7Kyg3
Subject: [OAUTH-WG] A question on token revocation.
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Feb 2013 09:35:50 -0000

I am sorry if this was already discussed in this list..

Looking at [1] it only talks about revoking the access token from the
client.

How about the resource owner..?

There can be cases where resource owner needs to revoke an authorized
access token from a given client. Or revoke an scope..

How are we going to address these requirements..? Thoughts appreciated...

[1] http://tools.ietf.org/html/draft-ietf-oauth-revocation-04

-- 
Thanks & Regards,
Prabath

Mobile : +94 71 809 6732

http://blog.facilelogin.com
http://RampartFAQ.com

v2.23.0 | Report a Bug | By Email