Hi,
I've got a few comments on your draft.
I’m wondering why neither acr nor auth_time (which are used in OIDC)
made their way into this spec?
What is the difference between prn and the user_id claim OIDC uses?
regards,
Torsten.
___
OAuth mailing
Hi Justin,
I think your draft is a significant step forward. Thanks for putting it
together.
Here are my detailed comments/questions:
Whats the advantage of having two secrets for the same client_id, namely
request_access_token and client_secret? Why not always issuing a secret
and use it f
Hi,
both options are viable. It depends on the purpose the token is used for
in a particular deployment, esp. whether it carries the data about the
resource and it owner or whether it merely represents the authorization
of the particular client.
regards,
Torsten.
Am 15.11.2012 21:03, schrie
Hi all,
this is a working group last call for draft-ietf-oauth-revocation-03 on "Token
Revocation". The draft is available here:
http://tools.ietf.org/html/draft-ietf-oauth-revocation-03
Please send you comments to the OAuth mailing list by December 10, 2012.
Thanks,
Hannes & Derek
__
Hi Justin,
thanks for your review. I incorporated your comments/proposals into a
new revision -03, which I just published
(http://tools.ietf.org/html/draft-ietf-oauth-revocation-03).
best regards,
Torsten.
Am 20.11.2012 16:58, schrieb Justin Richer:
Comments on the latest draft. Overall, it
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Web Authorization Protocol Working Group of
the IETF.
Title : Token Revocation
Author(s) : Torsten Lodderstedt
Stefanie Dron
