Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Caching token introspection results #261

Closed
xmlgrrl opened this issue Jan 4, 2017 · 2 comments
Labels

Comments

@xmlgrrl
Copy link

@xmlgrrl xmlgrrl commented Jan 4, 2017

We don't say anything yet. Recommend to inherit IETF RFC 7662 (Token Introspection) Section 4 (Security Considerations) by normative reference, from our "Resource Server Determines RPT Status" section and probably also from our Security Considerations section as appropriate:

https://tools.ietf.org/html/rfc7662#section-4

@xmlgrrl

This comment has been minimized.

Copy link
Author

@xmlgrrl xmlgrrl commented Jan 8, 2017

For reference/completeness, there's some discussion on the list here (nothing that changes the recommendation as far as I can see, though).

@xmlgrrl

This comment has been minimized.

Copy link
Author

@xmlgrrl xmlgrrl commented Jan 12, 2017

Referenced in what will be rev 11 of Core. No need to mention in Security Considerations because we say "As well, implementers should take into account the security considerations in all other normatively referenced specifications."

xmlgrrl added a commit that referenced this issue Jan 12, 2017
Includes all of #262, #261, and #268.
@xmlgrrl xmlgrrl closed this Jan 12, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
1 participant
You can’t perform that action at this time.