OAuth 2.0 Token Introspection
Draft of message to be sent after approval:
From: The IESG <firstname.lastname@example.org> To: IETF-Announce <email@example.com> Cc: RFC Editor <firstname.lastname@example.org>, oauth mailing list <email@example.com>, oauth chair <firstname.lastname@example.org> Subject: Protocol Action: 'OAuth 2.0 Token Introspection' to Proposed Standard (draft-ietf-oauth-introspection-11.txt) The IESG has approved the following document: - 'OAuth 2.0 Token Introspection' (draft-ietf-oauth-introspection-11.txt) as Proposed Standard This document is the product of the Web Authorization Protocol Working Group. The IESG contact persons are Stephen Farrell and Kathleen Moriarty. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-oauth-introspection/
Technical Summary The "OAuth 2.0 Token Introspection" specification defines a method for a protected resource to query an OAuth 2.0 authorization server to determine the active state of an OAuth 2.0 token and to determine meta-information about this token. OAuth 2.0 deployments can use this method to convey information about the authorization context of the token from the authorization server to the protected resource. Working Group Summary There was no controversy. When the specification was brought to the working group the concept was already well established and in use. Document Quality There are multiple implementations of this specification, with links included in the shepherd writeup. Personnel Hannes Tschofenig is the document shepherd and Kathleen Moriarty is the responsible area director. IANA Note The IANA consideration section defines a new registry, called "OAuth Token Introspection Response Registry", and populates this registry with 12 values. Additional entries may be added with a Specification Required ([RFC5226]) and Designated Expert review on the email@example.com mailing list.