Re: [OAUTH-WG] Draft -09

Thu, 01 Jul 2010 14:59:26 -0700

since the rewrite of the draft the token endpoint has become a token issuing endpoint, so revocation does not really fit into the picture. We could add another endpoint for the purpose. This endpoint should support both token types. Authorization server should be given the option to decide for which type they support revocation.
BTW: Will the upoming OAuth discovery support discovery of additional capabilities/endpoints? 

regards,
Torsten.

Am 30.06.2010 17:48, schrieb Eran Hammer-Lahav:



I didn't see consensus around it. Specifically, what should be revoked 
(refresh token, access token, both, etc.). If you build consensus, 
I'll gladly include it. Also, it is not clear to me how to add it to 
the current token endpoint (unless we use a DELETE method).


EHL

*From:* Torsten Lodderstedt [mailto:tors...@lodderstedt.net]
*Sent:* Tuesday, June 29, 2010 10:28 PM
*To:* Eran Hammer-Lahav
*Cc:* OAuth WG (oauth@ietf.org)
*Subject:* Re: [OAUTH-WG] Draft -09

Hi Eran,

what about token revocation? Will you include it?

regards,
Torsten.

Am 29.06.2010 08:56, schrieb Eran Hammer-Lahav:

Draft -09 is now posted. Main changes include:

o  Fixed typos, editorial changes. Thanks to Dick for his useful feedback.

o  Added token expiration example.


o  Added scope parameter to end-user authorization endpoint response 
and WWW-Authenticate header.


o  Added note about parameters with empty values (same as omitted).


o  Changed parameter values to use '-' instead of '_'.  Parameter 
names still use '_'.



o  Changed authorization endpoint client type to response type with 
values: code, token, or both.



o  Complete cleanup of error codes.  Added support for error 
description and URI.


o  Add initial extensibility support.


Draft -09 represents what I consider to be the first feature complete 
proposal. While it still needs much work, it has notes for open issues 
and missing parts. I plan to give people 2 weeks to review and provide 
extensive feedback, and will post one more draft before the 7/12 
cutoff date for the meeting.



My goal is to collect enough feedback to declare the next draft (-10) 
stable for wider implementation. If you were waiting for a stable 
draft to study and provide extensive feedback, this is the draft! When 
giving feedback pretend this is your last chance to making a 
significant contribution or changes to the core specification.


Please submit feedback by 7/9.


When submitting feedback please start a new thread for each item. 
Editorial commentary can be collected in one post (and please send to 
the list, even if it is minor, because I tend to get the same typo 
correction many times).


Thanks,

EHL


  
  
_______________________________________________

OAuth mailing list
OAuth@ietf.org  <mailto:OAuth@ietf.org>
https://www.ietf.org/mailman/listinfo/oauth

   

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth






















					Reply via email to