%% You should probably cite draft-ietf-ace-revoked-token-notification-06 instead of this revision. @techreport{ietf-ace-revoked-token-notification-03, number = {draft-ietf-ace-revoked-token-notification-03}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-ietf-ace-revoked-token-notification/03/}, author = {Marco Tiloca and Ludwig Seitz and Francesca Palombini and Sebastian Echeverria and Grace Lewis}, title = {{Notification of Revoked Access Tokens in the Authentication and Authorization for Constrained Environments (ACE) Framework}}, pagetotal = 46, year = 2022, month = oct, day = 24, abstract = {This document specifies a method of the Authentication and Authorization for Constrained Environments (ACE) framework, which allows an Authorization Server to notify Clients and Resource Servers (i.e., registered devices) about revoked Access Tokens. The method allows Clients and Resource Servers to access a Token Revocation List on the Authorization Server, with the possible additional use of resource observation for the Constrained Application Protocol (CoAP). Resulting (unsolicited) notifications of revoked Access Tokens complement alternative approaches such as token introspection, while not requiring additional endpoints on Clients and Resource Servers.}, }