Javascript disabled? Like other modern websites, the IETF Datatracker relies on Javascript. Please enable Javascript for full functionality.

Notification of Revoked Access Tokens in the Authentication and Authorization for Constrained Environments (ACE) Framework
RFC 9770

Revision differences

From revision

To revision

Diff format

Document history

Date	By	Action
2026-05-20	(System)	Changed metadata: changed keywords to '['Security', 'Access control', 'Access rights', 'Revocation', 'CoAP', 'IoT', 'Constrained environments']' from '[]'
2026-05-20	(System)	Metadata update from RFC Editor
2026-05-20	(System)	Changed author "G. Lewis": changed name from "Grace Lewis" to "G. Lewis", cleared country (was "United States of America")
2026-05-20	(System)	Changed author "S. Echeverria": changed name from "Sebastian Echeverria" to "S. Echeverria", cleared country (was "United States of America")
2026-05-20	(System)	Changed author "F. Palombini": changed name from "Francesca Palombini" to "F. Palombini", cleared country (was "Sweden")
2026-05-20	(System)	Changed author "M. Tiloca": changed name from "Marco Tiloca" to "M. Tiloca", cleared country (was "Sweden")
2026-05-20	(System)	Metadata update from RFC Editor
2025-06-17	(System)	IANA registries were updated to include RFC9770
2025-06-13	(System)	Received changes through RFC Editor sync (created document RFC 9770, created became rfc relationship between draft-ietf-ace-revoked-token-notification and RFC 9770, set abstract to 'This … Received changes through RFC Editor sync (created document RFC 9770, created became rfc relationship between draft-ietf-ace-revoked-token-notification and RFC 9770, set abstract to 'This document specifies a method of the Authentication and Authorization for Constrained Environments (ACE) framework, which allows an authorization server to notify clients and resource servers (i.e., registered devices) about revoked access tokens. As specified in this document, the method allows clients and resource servers (RSs) to access a Token Revocation List (TRL) on the authorization server by using the Constrained Application Protocol (CoAP), with the possible additional use of resource observation. Resulting (unsolicited) notifications of revoked access tokens complement alternative approaches such as token introspection, while not requiring additional endpoints on clients and RSs.', set pages to 64, set standardization level to Proposed Standard, added RFC published event at 2025-06-13)
2025-06-13	(System)	RFC published