@techreport{ietf-ace-revoked-token-notification-09, number = {draft-ietf-ace-revoked-token-notification-09}, type = {Internet-Draft}, institution = {Internet Engineering Task Force}, publisher = {Internet Engineering Task Force}, note = {Work in Progress}, url = {https://datatracker.ietf.org/doc/draft-ietf-ace-revoked-token-notification/09/}, author = {Marco Tiloca and Francesca Palombini and Sebastian Echeverria and Grace Lewis}, title = {{Notification of Revoked Access Tokens in the Authentication and Authorization for Constrained Environments (ACE) Framework}}, pagetotal = 82, year = 2024, month = sep, day = 22, abstract = {This document specifies a method of the Authentication and Authorization for Constrained Environments (ACE) framework, which allows an authorization server to notify clients and resource servers (i.e., registered devices) about revoked access tokens. As specified in this document, the method allows clients and resource servers to access a Token Revocation List on the authorization server by using the Constrained Application Protocol (CoAP), with the possible additional use of resource observation. Resulting (unsolicited) notifications of revoked access tokens complement alternative approaches such as token introspection, while not requiring additional endpoints on clients and resource servers.}, }