Re: [OAUTH-WG] [Technical Errata Reported] RFC7662 (7607)

Fri, 18 Aug 2023 05:54:55 -0700 

The resource owner can revoke the token out of band, this errata should be 
rejected.

- Justin
________________________________
From: OAuth <oauth-boun...@ietf.org> on behalf of RFC Errata System 
<rfc-edi...@rfc-editor.org>
Sent: Thursday, August 17, 2023 2:42 PM
To: i...@justin.richer.org <i...@justin.richer.org>; r...@cert.org 
<r...@cert.org>; paul.wout...@aiven.io <paul.wout...@aiven.io>; 
hannes.tschofe...@arm.com <hannes.tschofe...@arm.com>; rifaat.s.i...@gmail.com 
<rifaat.s.i...@gmail.com>
Cc: sunful...@neusoft.edu.cn <sunful...@neusoft.edu.cn>; oauth@ietf.org 
<oauth@ietf.org>; rfc-edi...@rfc-editor.org <rfc-edi...@rfc-editor.org>
Subject: [OAUTH-WG] [Technical Errata Reported] RFC7662 (7607)

The following errata report has been submitted for RFC7662,
"OAuth 2.0 Token Introspection".

--------------------------------------
You may review the report below and at:
https://www.rfc-editor.org/errata/eid7607

--------------------------------------
Type: Technical
Reported by: Fulong Sun <sunful...@neusoft.edu.cn>

Section: 2.2

Original Text
-------------
a given token has been issued by this authorization server, has not been 
revoked by the resource owner, and is within its given time window of validity

Corrected Text
--------------
a given token has been issued by this authorization server, has not been 
revoked by the resource owner or client, and is within its given time window of 
validity

Notes
-----
RFC 7009 defined a given token can be revoke by client, so should write client 
here.

Instructions:
-------------
This erratum is currently posted as "Reported". If necessary, please
use "Reply All" to discuss whether it should be verified or
rejected. When a decision is reached, the verifying party
can log in to change the status and edit the report, if necessary.

--------------------------------------
RFC7662 (draft-ietf-oauth-introspection-11)
--------------------------------------
Title               : OAuth 2.0 Token Introspection
Publication Date    : October 2015
Author(s)           : J. Richer, Ed.
Category            : PROPOSED STANDARD
Source              : Web Authorization Protocol
Area                : Security
Stream              : IETF
Verifying Party     : IESG

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth

Reply via email to