{"draft":"draft-ietf-ace-revoked-token-notification-09","doc_id":"RFC9770","title":"Notification of Revoked Access Tokens in the Authentication and Authorization for Constrained Environments (ACE) Framework","authors":["M. Tiloca","F. Palombini","S. Echeverria","G. Lewis"],"format":["HTML","TEXT","PDF","XML"],"page_count":"64","pub_status":"PROPOSED STANDARD","status":"PROPOSED STANDARD","source":"Authentication and Authorization for Constrained Environments","abstract":"This document specifies a method of the Authentication and\r\nAuthorization for Constrained  Environments (ACE) framework, which\r\nallows an authorization server to notify clients and resource servers\r\n(i.e., registered devices) about revoked access tokens. As specified\r\nin this document, the method allows clients and resource servers\r\n(RSs) to access a Token Revocation List (TRL) on the authorization\r\nserver by using the Constrained Application Protocol (CoAP), with the\r\npossible additional use of resource observation. Resulting\r\n(unsolicited) notifications of revoked access tokens complement\r\nalternative approaches such as token introspection, while not\r\nrequiring additional endpoints on clients and RSs.","pub_date":"June 2025","keywords":["Security","Access control","Access rights","Revocation","CoAP","IoT","Constrained environments"],"obsoletes":[],"obsoleted_by":[],"updates":[],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC9770","errata_url":null}