diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/service/ResourceSetService.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/service/ResourceSetService.java
index d6500bb16..6fe09dab8 100644
--- a/openid-connect-common/src/main/java/org/mitre/openid/connect/service/ResourceSetService.java
+++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/service/ResourceSetService.java
@@ -33,4 +33,6 @@ public interface ResourceSetService {
 
 	public ResourceSet update(ResourceSet oldRs, ResourceSet newRs);
 
+	public void remove(ResourceSet rs);
+
 }
diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/ResourceSetRepository.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/ResourceSetRepository.java
index f008532ba..668f950a5 100644
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/ResourceSetRepository.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/ResourceSetRepository.java
@@ -29,4 +29,6 @@ public interface ResourceSetRepository {
 
 	public ResourceSet getById(Long id);
 
+	public void remove(ResourceSet rs);
+
 }
diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaResourceSetRepository.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaResourceSetRepository.java
index 8cf2073f5..49430c034 100644
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaResourceSetRepository.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaResourceSetRepository.java
@@ -23,6 +23,8 @@ import javax.persistence.PersistenceContext;
 import org.mitre.openid.connect.model.ResourceSet;
 import org.mitre.openid.connect.repository.ResourceSetRepository;
 import org.mitre.util.jpa.JpaUtil;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.stereotype.Repository;
 import org.springframework.transaction.annotation.Transactional;
 
@@ -35,6 +37,7 @@ public class JpaResourceSetRepository implements ResourceSetRepository {
 
 	@PersistenceContext
 	private EntityManager em;
+	private static Logger logger = LoggerFactory.getLogger(JpaResourceSetRepository.class);
 	
 	@Override
 	@Transactional
@@ -47,4 +50,15 @@ public class JpaResourceSetRepository implements ResourceSetRepository {
 		return em.find(ResourceSet.class, id);
 	}
 
+	@Override
+	@Transactional
+	public void remove(ResourceSet rs) {
+		ResourceSet found = getById(rs.getId());
+		if (found != null) {
+			em.remove(found);
+		} else {
+			logger.info("Tried to remove unknown resource set: " + rs.getId());
+		}
+	}
+
 }
diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultResourceSetService.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultResourceSetService.java
index 6c3589d84..267eebca2 100644
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultResourceSetService.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultResourceSetService.java
@@ -20,6 +20,8 @@ package org.mitre.openid.connect.service.impl;
 import org.mitre.openid.connect.model.ResourceSet;
 import org.mitre.openid.connect.repository.ResourceSetRepository;
 import org.mitre.openid.connect.service.ResourceSetService;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
@@ -30,6 +32,8 @@ import org.springframework.stereotype.Service;
 @Service
 public class DefaultResourceSetService implements ResourceSetService {
 
+	private static Logger logger = LoggerFactory.getLogger(DefaultResourceSetService.class);
+	
 	@Autowired
 	private ResourceSetRepository repository;
 
@@ -61,13 +65,18 @@ public class DefaultResourceSetService implements ResourceSetService {
 			
 		}
 		
-		newRs.setOwner(oldRs.getOwner());
+		newRs.setOwner(oldRs.getOwner()); // preserve the owner tag across updates
 		
 		ResourceSet saved = repository.save(newRs);
 		
 		return saved;
 		
 	}
+
+	@Override
+	public void remove(ResourceSet rs) {
+		repository.remove(rs);
+	}
 	
 	
 	
diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ResourceSetRegistrationEndpoint.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ResourceSetRegistrationEndpoint.java
index 00977ec1b..c414e4424 100644
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ResourceSetRegistrationEndpoint.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ResourceSetRegistrationEndpoint.java
@@ -24,6 +24,7 @@ import org.mitre.oauth2.service.SystemScopeService;
 import org.mitre.openid.connect.config.ConfigurationPropertiesBean;
 import org.mitre.openid.connect.model.ResourceSet;
 import org.mitre.openid.connect.service.ResourceSetService;
+import org.mitre.openid.connect.view.HttpCodeView;
 import org.mitre.openid.connect.view.JsonErrorView;
 import org.mitre.openid.connect.view.ResourceSetEntityAbbreviatedView;
 import org.mitre.openid.connect.view.ResourceSetEntityView;
@@ -69,14 +70,7 @@ public class ResourceSetRegistrationEndpoint {
 	
 	@RequestMapping(method = RequestMethod.POST, produces = MimeTypeUtils.APPLICATION_JSON_VALUE, consumes = MimeTypeUtils.APPLICATION_JSON_VALUE)
 	public String createResourceSet(@RequestBody String jsonString, Model m, Authentication auth) {
-		// if auth is OAuth, make sure we've got the right scope
-		if (auth instanceof OAuth2Authentication) {
-			OAuth2Authentication oAuth2Authentication = (OAuth2Authentication) auth;
-			if (oAuth2Authentication.getOAuth2Request().getScope() == null
-					|| oAuth2Authentication.getOAuth2Request().getScope().contains(SystemScopeService.RESOURCE_SET_REGISTRATION_SCOPE)) {
-				throw new InsufficientScopeException("Insufficient scope", ImmutableSet.of(SystemScopeService.RESOURCE_SET_REGISTRATION_SCOPE));
-			}
-		}
+		ensureOAuthScope(auth);
 		
 		ResourceSet rs = parseResourceSet(jsonString);
 		
@@ -106,14 +100,7 @@ public class ResourceSetRegistrationEndpoint {
 
 	@RequestMapping(value = "/{id}", method = RequestMethod.GET, produces = MimeTypeUtils.APPLICATION_JSON_VALUE)
 	public String readResourceSet(@PathVariable ("id") Long id, Model m, Authentication auth) {
-		// if auth is OAuth, make sure we've got the right scope
-		if (auth instanceof OAuth2Authentication) {
-			OAuth2Authentication oAuth2Authentication = (OAuth2Authentication) auth;
-			if (oAuth2Authentication.getOAuth2Request().getScope() == null
-					|| oAuth2Authentication.getOAuth2Request().getScope().contains(SystemScopeService.RESOURCE_SET_REGISTRATION_SCOPE)) {
-				throw new InsufficientScopeException("Insufficient scope", ImmutableSet.of(SystemScopeService.RESOURCE_SET_REGISTRATION_SCOPE));
-			}
-		}
+		ensureOAuthScope(auth);
 		
 		ResourceSet rs = resourceSetService.getById(id);
 		
@@ -141,14 +128,7 @@ public class ResourceSetRegistrationEndpoint {
 
 	@RequestMapping(value = "/{id}", method = RequestMethod.PUT, consumes = MimeTypeUtils.APPLICATION_JSON_VALUE, produces = MimeTypeUtils.APPLICATION_JSON_VALUE)
 	public String updateResourceSet(@PathVariable ("id") Long id, @RequestBody String jsonString, Model m, Authentication auth) {
-		// if auth is OAuth, make sure we've got the right scope
-		if (auth instanceof OAuth2Authentication) {
-			OAuth2Authentication oAuth2Authentication = (OAuth2Authentication) auth;
-			if (oAuth2Authentication.getOAuth2Request().getScope() == null
-					|| oAuth2Authentication.getOAuth2Request().getScope().contains(SystemScopeService.RESOURCE_SET_REGISTRATION_SCOPE)) {
-				throw new InsufficientScopeException("Insufficient scope", ImmutableSet.of(SystemScopeService.RESOURCE_SET_REGISTRATION_SCOPE));
-			}
-		}
+		ensureOAuthScope(auth);
 
 		ResourceSet newRs = parseResourceSet(jsonString);
 
@@ -189,9 +169,46 @@ public class ResourceSetRegistrationEndpoint {
 			}
 			
 		}
+	}
+	
+	@RequestMapping(value = "/{id}", method = RequestMethod.DELETE, produces = MimeTypeUtils.APPLICATION_JSON_VALUE)
+	public String deleteResourceSet(@PathVariable ("id") Long id, Model m, Authentication auth) {
+		ensureOAuthScope(auth);
+
+		ResourceSet rs = resourceSetService.getById(id);
 		
-		
-		
+		if (rs == null) {
+			m.addAttribute("code", HttpStatus.NOT_FOUND);
+			m.addAttribute("error", "not_found");
+			return JsonErrorView.VIEWNAME;
+		} else {
+			if (!auth.getName().equals(rs.getOwner())) {
+				
+				logger.warn("Unauthorized resource set request from bad user; expected " + rs.getOwner() + " got " + auth.getName());
+				
+				// it wasn't issued to this user
+				m.addAttribute("code", HttpStatus.FORBIDDEN);
+				return JsonErrorView.VIEWNAME;
+			} else {
+				
+				resourceSetService.remove(rs);
+				
+				m.addAttribute("code", HttpStatus.NO_CONTENT);
+				return HttpCodeView.VIEWNAME;
+			}
+			
+		}
+	}
+
+	private void ensureOAuthScope(Authentication auth) {
+		// if auth is OAuth, make sure we've got the right scope
+		if (auth instanceof OAuth2Authentication) {
+			OAuth2Authentication oAuth2Authentication = (OAuth2Authentication) auth;
+			if (oAuth2Authentication.getOAuth2Request().getScope() == null
+					|| oAuth2Authentication.getOAuth2Request().getScope().contains(SystemScopeService.RESOURCE_SET_REGISTRATION_SCOPE)) {
+				throw new InsufficientScopeException("Insufficient scope", ImmutableSet.of(SystemScopeService.RESOURCE_SET_REGISTRATION_SCOPE));
+			}
+		}
 	}
 	
 	private ResourceSet parseResourceSet(String jsonString) {