OAuth 2.0 Token Revocation
RFC 7009

Approval announcement
Draft of message to be sent after approval:

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: RFC Editor <rfc-editor@rfc-editor.org>,
    oauth mailing list <oauth@ietf.org>,
    oauth chair <oauth-chairs@tools.ietf.org>
Subject: Protocol Action: 'OAuth 2.0 Token Revocation' to Proposed Standard (draft-ietf-oauth-revocation-11.txt)

The IESG has approved the following document:
- 'OAuth 2.0 Token Revocation'
  (draft-ietf-oauth-revocation-11.txt) as Proposed Standard

This document is the product of the Web Authorization Protocol Working

The IESG contact persons are Stephen Farrell and Sean Turner.

A URL of this Internet Draft is:

Technical Summary

   The OAuth Token Revocation specification proposes an additional 
   endpoint for OAuth authorization servers, which allows clients to 
   notify the authorization server that a previously obtained refresh 
   or access token is no longer needed. This allows the authorization 
   server to cleanup security credentials. A revocation request will 
   invalidate the actual token and, if applicable, other tokens based 
   on the same authorization grant.

Working Group Summary

   The document experienced no particular problems in the working 

Document Quality

   The document has been deployed by four companies, namely 
   by Salesforce, Google, Deutsche Telekom, and MITRE. The 
   working group reviewed and discussed the document extensively. 

   There was a comment from the appsdir review that was not
   accepted. The reviewer (mnot) suggested a discovery 
   mechanism was needed, but the wg are working on 
   generic oauth discovery and not just for revocation and
   so decided not to make that change.


   Hannes Tschofenig is the document shepherd. 
   The responsible area director is Stephen Farrell.