Notification of Revoked Access Tokens in the Authentication and Authorization for Constrained Environments (ACE) Framework
draft-ietf-ace-revoked-token-notification-09
Technical Summary
This document specifies a method of the Authentication and
Authorization for Constrained Environments (ACE) framework, which
allows an Authorization Server to notify Clients and Resource Servers
(i.e., registered devices) about revoked access tokens. As specified
in this document, the method allows Clients and Resource Servers to
access a Token Revocation List on the Authorization Server by using
the Constrained Application Protocol (CoAP), with the possible
additional use of resource observation. Resulting (unsolicited)
notifications of revoked access tokens complement alternative
approaches such as token introspection, while not requiring
additional endpoints on Clients and Resource Servers.
Working Group Summary
The working group consensus represents a strong concurrence of 7+
individuals with others being silent.
Document Quality
There is an existing implementation by Marco Rasori, CNR:
https://bitbucket.org/marco-rasori-iit/ace-java/src/ucs/
Personnel
The Document Shepherd for this document is Göran Selander. The
Responsible Area Director is Paul Wouters.