Sounds good. Please submit a draft and we can discuss incorporating it into core later.
As for discovery, I plan to support both super-light header discovery and a richer host-meta/XRD based discovery. As we discuss it, we will decide if we need the heavier one. EHL From: Torsten Lodderstedt [mailto:tors...@lodderstedt.net] Sent: Thursday, July 01, 2010 2:59 PM To: Eran Hammer-Lahav Cc: OAuth WG (oauth@ietf.org) Subject: Re: [OAUTH-WG] Draft -09 since the rewrite of the draft the token endpoint has become a token issuing endpoint, so revocation does not really fit into the picture. We could add another endpoint for the purpose. This endpoint should support both token types. Authorization server should be given the option to decide for which type they support revocation. BTW: Will the upoming OAuth discovery support discovery of additional capabilities/endpoints? regards, Torsten. Am 30.06.2010 17:48, schrieb Eran Hammer-Lahav: I didn't see consensus around it. Specifically, what should be revoked (refresh token, access token, both, etc.). If you build consensus, I'll gladly include it. Also, it is not clear to me how to add it to the current token endpoint (unless we use a DELETE method). EHL From: Torsten Lodderstedt [mailto:tors...@lodderstedt.net] Sent: Tuesday, June 29, 2010 10:28 PM To: Eran Hammer-Lahav Cc: OAuth WG (oauth@ietf.org<mailto:oauth@ietf.org>) Subject: Re: [OAUTH-WG] Draft -09 Hi Eran, what about token revocation? Will you include it? regards, Torsten. Am 29.06.2010 08:56, schrieb Eran Hammer-Lahav: Draft -09 is now posted. Main changes include: o Fixed typos, editorial changes. Thanks to Dick for his useful feedback. o Added token expiration example. o Added scope parameter to end-user authorization endpoint response and WWW-Authenticate header. o Added note about parameters with empty values (same as omitted). o Changed parameter values to use '-' instead of '_'. Parameter names still use '_'. o Changed authorization endpoint client type to response type with values: code, token, or both. o Complete cleanup of error codes. Added support for error description and URI. o Add initial extensibility support. Draft -09 represents what I consider to be the first feature complete proposal. While it still needs much work, it has notes for open issues and missing parts. I plan to give people 2 weeks to review and provide extensive feedback, and will post one more draft before the 7/12 cutoff date for the meeting. My goal is to collect enough feedback to declare the next draft (-10) stable for wider implementation. If you were waiting for a stable draft to study and provide extensive feedback, this is the draft! When giving feedback pretend this is your last chance to making a significant contribution or changes to the core specification. Please submit feedback by 7/9. When submitting feedback please start a new thread for each item. Editorial commentary can be collected in one post (and please send to the list, even if it is minor, because I tend to get the same typo correction many times). Thanks, EHL _______________________________________________ OAuth mailing list OAuth@ietf.org<mailto:OAuth@ietf.org> https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
