dt'; 'John Adkins'; 'Marty Burns'; 'Scott Crowder';
'Dave Robin'; 'John Teeter'; pmad...@pingidentity.com; 'Edward Denson'; 'Jay
Mitra'; 'Uday Verma'; 'Ray Perlner'; 'Anne Hendry'; 'Lynne Rodon
Robin'; 'John Teeter'; pmad...@pingidentity.com;
'Edward Denson'; 'Jay Mitra'; 'Uday Verma'; 'Ray Perlner'; 'Anne
Hendry'; 'Lynne Rodoni'; oauth@ietf.org
*Subject:* Re: [OAUTH-WG] draft-ietf-oauth-revocation-05 Questions
OAu
x27;John Teeter'; pmad...@pingidentity.com; 'Edward Denson'; 'Jay
Mitra'; 'Uday Verma'; 'Ray Perlner'; 'Anne Hendry'; 'Lynne Rodoni';
oauth@ietf.org
Subject: Re: [OAUTH-WG] draft-ietf-oauth-revocation-05 Questions
OAuth doesn'
OAuth doesn't get into the business of what the UI for managing grants
is like. Having the user, admin, or resource owner revoke, downscope, or
otherwise alter a grant needs to happen with user interactions that are
going to be different depending on the provider and use case.
-- Justin
On 0
Torsten,
Thanks for the response. What is the “respective portal belonging to the AS”?
I haven’t seen anything in the OAuth 2.0 Authorization Framework that describes
a “portal” on the AS a Resource Owner can log into to view a valid list of
authorization grants. Is this an out-of-band im
Hi Donald,
thank you for sharing your thoughts with us. I've never seen revocation as
change of scope of the authorization, but it sounds reasonable. The current
design handles the issues you raised differently.
The AS is involved in the revocation process as it exposes the revocation
endpoint
Torsten,
A colleague of mine and I were discussing what should occur when a Retail
Customer desires to change the existing authorized access of a Third Party.
During our discussion they asked "How does the Retail Customer know the
Third Party actually issued a Token revocation request? Isn't t
