Following up on the Token Revocation extension proposed at:
http://datatracker.ietf.org/doc/draft-lodderstedt-oauth-revocation/
I am suggesting three changes to this extension:
1. Either drop client authentication or make it optional. If clients
want to revoke tokens, more power to them. If it is
The changes in -02 are listed here for easy viewing:
draft-ietf-oauth-saml2-bearer-02
- Added scope parameter with text copied from draft-ietf-oauth-v2-12
(the reorg of draft-ietf-oauth-v2-12 made it so scope wasn't
really inherited by this spec anymore)
- Change definitio
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Open Authentication Protocol Working Group of
the IETF.
Title : SAML 2.0 Bearer Assertion Grant Type Profile for
OAuth 2.0
Author(s) : B. Campbell, C.
