Re: [OAUTH-WG] Draft -09
Torsten Lodderstedt <torsten@lodderstedt.net> Thu, 01 July 2010 21:59 UTC
Return-Path: <torsten@lodderstedt.net>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4CB873A68BB for <oauth@core3.amsl.com>; Thu, 1 Jul 2010 14:59:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.436
X-Spam-Level:
X-Spam-Status: No, score=-1.436 tagged_above=-999 required=5 tests=[AWL=0.812, BAYES_00=-2.599, HELO_EQ_DE=0.35, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id svXzUC51QBFx for <oauth@core3.amsl.com>; Thu, 1 Jul 2010 14:59:04 -0700 (PDT)
Received: from smtprelay01.ispgateway.de (smtprelay01.ispgateway.de [80.67.29.23]) by core3.amsl.com (Postfix) with ESMTP id 802503A694E for <oauth@ietf.org>; Thu, 1 Jul 2010 14:59:03 -0700 (PDT)
Received: from p4fff04a2.dip.t-dialin.net ([79.255.4.162] helo=[127.0.0.1]) by smtprelay01.ispgateway.de with esmtpa (Exim 4.68) (envelope-from <torsten@lodderstedt.net>) id 1OURms-0008DM-GV; Thu, 01 Jul 2010 23:59:14 +0200
Message-ID: <4C2D0FB1.8060608@lodderstedt.net>
Date: Thu, 01 Jul 2010 23:59:13 +0200
From: Torsten Lodderstedt <torsten@lodderstedt.net>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.1.10) Gecko/20100512 Thunderbird/3.0.5
MIME-Version: 1.0
To: Eran Hammer-Lahav <eran@hueniverse.com>
References: <90C41DD21FB7C64BB94121FBBC2E72343B3ED4BCCC@P3PW5EX1MB01.EX1.SECURESERVER.NET> <4C2AD5F4.2010306@lodderstedt.net> <90C41DD21FB7C64BB94121FBBC2E72343B3ED4C095@P3PW5EX1MB01.EX1.SECURESERVER.NET>
In-Reply-To: <90C41DD21FB7C64BB94121FBBC2E72343B3ED4C095@P3PW5EX1MB01.EX1.SECURESERVER.NET>
Content-Type: multipart/alternative; boundary="------------000509020207090102040900"
X-Df-Sender: 141509
Cc: "OAuth WG (oauth@ietf.org)" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Draft -09
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Jul 2010 21:59:10 -0000
since the rewrite of the draft the token endpoint has become a token issuing endpoint, so revocation does not really fit into the picture. We could add another endpoint for the purpose. This endpoint should support both token types. Authorization server should be given the option to decide for which type they support revocation. BTW: Will the upoming OAuth discovery support discovery of additional capabilities/endpoints? regards, Torsten. Am 30.06.2010 17:48, schrieb Eran Hammer-Lahav: > > I didn't see consensus around it. Specifically, what should be revoked > (refresh token, access token, both, etc.). If you build consensus, > I'll gladly include it. Also, it is not clear to me how to add it to > the current token endpoint (unless we use a DELETE method). > > EHL > > *From:* Torsten Lodderstedt [mailto:torsten@lodderstedt.net] > *Sent:* Tuesday, June 29, 2010 10:28 PM > *To:* Eran Hammer-Lahav > *Cc:* OAuth WG (oauth@ietf.org) > *Subject:* Re: [OAUTH-WG] Draft -09 > > Hi Eran, > > what about token revocation? Will you include it? > > regards, > Torsten. > > Am 29.06.2010 08:56, schrieb Eran Hammer-Lahav: > > Draft -09 is now posted. Main changes include: > > o Fixed typos, editorial changes. Thanks to Dick for his useful feedback. > > o Added token expiration example. > > o Added scope parameter to end-user authorization endpoint response > and WWW-Authenticate header. > > o Added note about parameters with empty values (same as omitted). > > o Changed parameter values to use '-' instead of '_'. Parameter > names still use '_'. > > o Changed authorization endpoint client type to response type with > values: code, token, or both. > > o Complete cleanup of error codes. Added support for error > description and URI. > > o Add initial extensibility support. > > Draft -09 represents what I consider to be the first feature complete > proposal. While it still needs much work, it has notes for open issues > and missing parts. I plan to give people 2 weeks to review and provide > extensive feedback, and will post one more draft before the 7/12 > cutoff date for the meeting. > > My goal is to collect enough feedback to declare the next draft (-10) > stable for wider implementation. If you were waiting for a stable > draft to study and provide extensive feedback, this is the draft! When > giving feedback pretend this is your last chance to making a > significant contribution or changes to the core specification. > > Please submit feedback by 7/9. > > When submitting feedback please start a new thread for each item. > Editorial commentary can be collected in one post (and please send to > the list, even if it is minor, because I tend to get the same typo > correction many times). > > Thanks, > > EHL > > > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org <mailto:OAuth@ietf.org> > https://www.ietf.org/mailman/listinfo/oauth >
- [OAUTH-WG] Draft -09 Eran Hammer-Lahav
- Re: [OAUTH-WG] Draft -09 Eran Hammer-Lahav
- Re: [OAUTH-WG] Draft -09 Pelle Braendgaard
- Re: [OAUTH-WG] Draft -09 Eran Hammer-Lahav
- Re: [OAUTH-WG] Draft -09 Torsten Lodderstedt
- Re: [OAUTH-WG] Draft -09 Eran Hammer-Lahav
- Re: [OAUTH-WG] Draft -09 Eran Hammer-Lahav
- Re: [OAUTH-WG] Draft -09 Torsten Lodderstedt
- Re: [OAUTH-WG] Draft -09 Eran Hammer-Lahav
- Re: [OAUTH-WG] Draft -09 Eran Hammer-Lahav