[OAUTH-WG] Last Call: <draft-ietf-oauth-revocation-07.txt> (Token Revocation) to Proposed Standard
The IESG <iesg-secretary@ietf.org> Tue, 16 April 2013 17:21 UTC
Return-Path: <iesg-secretary@ietf.org>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CCC6521F971E; Tue, 16 Apr 2013 10:21:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.47
X-Spam-Level:
X-Spam-Status: No, score=-102.47 tagged_above=-999 required=5 tests=[AWL=0.130, BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4CbhZCyWslCY; Tue, 16 Apr 2013 10:21:56 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id CE62721F95D7; Tue, 16 Apr 2013 10:21:54 -0700 (PDT)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 4.43.p4
Message-ID: <20130416172154.18206.53803.idtracker@ietfa.amsl.com>
Date: Tue, 16 Apr 2013 10:21:54 -0700
Cc: oauth@ietf.org
Subject: [OAUTH-WG] Last Call: <draft-ietf-oauth-revocation-07.txt> (Token Revocation) to Proposed Standard
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: ietf@ietf.org
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Apr 2013 17:21:57 -0000
The IESG has received a request from the Web Authorization Protocol WG (oauth) to consider the following document: - 'Token Revocation' <draft-ietf-oauth-revocation-07.txt> as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2013-04-30. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract This document proposes an additional endpoint for OAuth authorization servers, which allows clients to notify the authorization server that a previously obtained refresh or access token is no longer needed. This allows the authorization server to cleanup security credentials. A revocation request will invalidate the actual token and, if applicable, other tokens based on the same authorization grant. The file can be obtained via http://datatracker.ietf.org/doc/draft-ietf-oauth-revocation/ IESG discussion can be tracked via http://datatracker.ietf.org/doc/draft-ietf-oauth-revocation/ballot/ No IPR declarations have been submitted directly on this I-D. The draft has a normative reference to RFC2246 (as well as 5346) as it follows the same approach to TLS as the base oauth spec. (RFC6749, section 1.2).