Hi Chuck, would be cool if you implement it :-)
Wrt you proposal: during the discussions on the list, Marius and Justin suggested to drop the parameter. I checked back with our engineers and they gave me thumbs up as well. I probably should have issued a WG vote for that feature before changing the I-D? The point is the server has to check the token type anyway. The only difference I see is that the server knows what it has to look for. Is this a show stopper for you? Shall we iterate this topic on the list again? Regards, Torsten. Gesendet mit BlackBerry® Webmail von Telekom Deutschland -----Original Message----- From: Chuck Mortimore <cmortim...@salesforce.com> Date: Mon, 14 Mar 2011 20:49:35 To: Torsten Lodderstedt<tors...@lodderstedt.net>; OAuth WG<oauth@ietf.org> Subject: Re: [OAUTH-WG] Fwd: New Version Notification for draft-lodderstedt-oauth-revocation-02 Hey Torsten - glad to see this spec out there, and we plan to implement in the future. Only 1 quick comment: "the authorization server is supposed to detect the token type automatically." I think it would be better to have the client explicitly state the token type. The client will know, so we might as well remove the burden from the server trying to do this heuristically. -cmort On 3/14/11 3:15 AM, "Torsten Lodderstedt" <tors...@lodderstedt.net> wrote: Hi all, I just uploaded a new revision of the revocation I-D (http://tools.ietf.org/html/draft-lodderstedt-oauth-revocation-02). Changes: - dropped token_type parameter - made client authentication optional (as on the token endpoint) - changed success status code to 200 Thank's to all reviewers. regards, Torsten. -------- Original-Nachricht -------- Betreff: New Version Notification for draft-lodderstedt-oauth-revocation-02 Datum: Mon, 14 Mar 2011 04:11:50 -0700 (PDT) Von: IETF I-D Submission Tool <idsubmiss...@ietf.org> <mailto:idsubmiss...@ietf.org> An: tors...@lodderstedt.net CC: sdro...@gmx.de A new version of I-D, draft-lodderstedt-oauth-revocation-02.txt has been successfully submitted by Torsten Lodderstedt and posted to the IETF repository. Filename: draft-lodderstedt-oauth-revocation Revision: 02 Title: Token Revocation Creation_date: 2011-03-14 WG ID: Independent Submission Number_of_pages: 6 Abstract: This draft proposes an additional endpoint for OAuth authorization servers for revoking tokens. The IETF Secretariat.
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
