Re: [OAUTH-WG] I-D Action: draft-ietf-oauth-introspection-01.txt

Mon, 01 Dec 2014 02:59:00 -0800 

On 01/12/14 10:56, Sergey Beryozkin wrote:

Hi Justin

Nicely written text, as usual.
Few comments:
- I haven't found a reference to a data format of POST requests.
I'm presuming it is going to be a form payload (would mean the server
code can write more or less the same code dealing with POST & GET
queries) ?

Oops :-), sorry, did not scroll down to the example in the text

Thanks, Sergey

- consider directly specifying an optional 'client_ip' property
- consider adding an optional request_method (or request_verb) hint, a
given scope can be restricted to say GET only, can be useful when a
protected resource is written to support GET and POST over the same
resource_id URI;

The text that the endpoint may support other parameters (such a client
ip address) covers the last 2 parameters, but I guess it would be more
inter-operable to 'promote' the parameters that may be of general use.

Thanks, Sergey




On 01/12/14 02:41, internet-dra...@ietf.org wrote:


A New Internet-Draft is available from the on-line Internet-Drafts
directories.
  This draft is a work item of the Web Authorization Protocol Working
Group of the IETF.

         Title           : OAuth 2.0 Token Introspection
         Author          : Justin Richer
    Filename        : draft-ietf-oauth-introspection-01.txt
    Pages           : 10
    Date            : 2014-11-30

Abstract:
    This specification defines a method for a protected resource to query
    an OAuth 2.0 authorization server to determine the active state of an
    OAuth 2.0 token and to determine meta-information about this token.
    OAuth 2.0 deployments can use this method to convey information about
    the authorization context of the token from the authorization server
    to the protected resource.



The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-oauth-introspection/

There's also a htmlized version available at:
http://tools.ietf.org/html/draft-ietf-oauth-introspection-01

A diff from the previous version is available at:
http://www.ietf.org/rfcdiff?url2=draft-ietf-oauth-introspection-01


Please note that it may take a couple of minutes from the time of
submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth





_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to