An authorizing party determines an authorization record set that needs to be revoked, where an authorization record included in the authorization record set corresponds to a token that is issued to an authorized party after the authorizing party grants access to the authorized party, and where each authorization record includes an authorization validation moment for a corresponding token. A time validity attribute of the authorization record set is configured. For a specific point-in-time, a value associated with the time validity attribute is set. A determination is performed as to whether the authorization record is revoked based on the authorization validation moment and the value associated with the time validity attribute.
展开▼