File formats:

Also available: XML file for editing

 

Status:

PROPOSED STANDARD

Authors:

M. Tiloca
F. Palombini
S. Echeverria
G. Lewis

Stream:

IETF

Source:

ace (sec)

Cite this RFC: TXT  |  XML  |   BibTeX

DOI:  https://doi.org/10.17487/RFC9770

Discuss this RFC: Send questions or comments to the mailing list ace@ietf.org

Other actions: Submit Errata  |  Find IPR Disclosures from the IETF  |  View History of RFC 9770

Abstract

This document specifies a method of the Authentication and Authorization for Constrained Environments (ACE) framework, which allows an authorization server to notify clients and resource servers (i.e., registered devices) about revoked access tokens. As specified in this document, the method allows clients and resource servers (RSs) to access a Token Revocation List (TRL) on the authorization server by using the Constrained Application Protocol (CoAP), with the possible additional use of resource observation. Resulting (unsolicited) notifications of revoked access tokens complement alternative approaches such as token introspection, while not requiring additional endpoints on clients and RSs.

For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 8729.