Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-introspection-01.txt

Mon, 01 Dec 2014 02:56:54 -0800 

Hi Justin

Nicely written text, as usual.
Few comments:
- I haven't found a reference to a data format of POST requests.
I'm presuming it is going to be a form payload (would mean the server code can write more or less the same code dealing with POST & GET queries) ? 
- consider directly specifying an optional 'client_ip' property
- consider adding an optional request_method (or request_verb) hint, a given scope can be restricted to say GET only, can be useful when a protected resource is written to support GET and POST over the same resource_id URI; 


The text that the endpoint may support other parameters (such a client 
ip address) covers the last 2 parameters, but I guess it would be more 
inter-operable to 'promote' the parameters that may be of general use.


Thanks, Sergey




On 01/12/14 02:41, internet-dra...@ietf.org wrote:


A New Internet-Draft is available from the on-line Internet-Drafts directories.
  This draft is a work item of the Web Authorization Protocol Working Group of 
the IETF.

         Title           : OAuth 2.0 Token Introspection
         Author          : Justin Richer
        Filename        : draft-ietf-oauth-introspection-01.txt
        Pages           : 10
        Date            : 2014-11-30

Abstract:
    This specification defines a method for a protected resource to query
    an OAuth 2.0 authorization server to determine the active state of an
    OAuth 2.0 token and to determine meta-information about this token.
    OAuth 2.0 deployments can use this method to convey information about
    the authorization context of the token from the authorization server
    to the protected resource.



The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-oauth-introspection/

There's also a htmlized version available at:
http://tools.ietf.org/html/draft-ietf-oauth-introspection-01

A diff from the previous version is available at:
http://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-introspection-01


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth



_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth






















					Reply via email to