[OAUTH-WG] Weekly github digest (OAuth Activity Summary)

Repository Activity Summary Bot <do_not_reply@mnot.net> Sun, 29 September 2024 08:31 UTC

Return-Path: <do_not_reply@mnot.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6FE9CC14F5F1 for <oauth@ietfa.amsl.com>; Sun, 29 Sep 2024 01:31:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.706
X-Spam-Level:
X-Spam-Status: No, score=-1.706 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (2048-bit key) reason="fail (message has been altered)" header.d=mnot.net header.b="Zlfk65ZG"; dkim=fail (2048-bit key) reason="fail (message has been altered)" header.d=messagingengine.com header.b="mxs/79ut"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZI2UPjFPFCPq for <oauth@ietfa.amsl.com>; Sun, 29 Sep 2024 01:31:12 -0700 (PDT)
Received: from fout-a3-smtp.messagingengine.com (fout-a3-smtp.messagingengine.com [103.168.172.146]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0DA86C14F5E5 for <oauth@ietf.org>; Sun, 29 Sep 2024 01:31:12 -0700 (PDT)
Received: from phl-compute-09.internal (phl-compute-09.phl.internal [10.202.2.49]) by mailfout.phl.internal (Postfix) with ESMTP id A02801380691 for <oauth@ietf.org>; Sun, 29 Sep 2024 03:39:55 -0400 (EDT)
Received: from phl-mailfrontend-02 ([10.202.2.163]) by phl-compute-09.internal (MEProxy); Sun, 29 Sep 2024 03:39:55 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mnot.net; h=cc :content-type:content-type:date:from:from:in-reply-to :mime-version:reply-to:subject:subject:to:to; s=fm3; t= 1727595595; x=1727681995; bh=ssKNKD2ATTtZjDrHl+LMNWlwTrjm8TMZLD1 pZbmzUd4=; b=Zlfk65ZGqlqSb/cvJaa0cq04fLTHqpB25bNphl0H0izAzGGYJzP CxEk9CTHDV/pGjsL3QWFtk4fMQSOHxxAOyx9mBs3pYFh6v6BXkNb5eLh0dI0GcI1 YyS6ZeD9ZkopbT5kfraru7c7cT+yojDJCVTZTtNih6d7//lz9BfecYOiOtN/PK2E Lsa4zcRokxTOUK9Vr/U7dgn069dZ11yHuAj+zwAkDEEWiwZ5kexjGMiDMETq6J0U FGEvMImgXkJGB2xT4MxHsL+1iA4ff6HfCdQt7VIMSX2uiU5NQw30n/EkIVjBJ6J9 AxMLdInv1hRCdpqSfCvb4lIzDY73J1hi4GA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:content-type:date :feedback-id:feedback-id:from:from:in-reply-to:mime-version :reply-to:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t=1727595595; x= 1727681995; bh=ssKNKD2ATTtZjDrHl+LMNWlwTrjm8TMZLD1pZbmzUd4=; b=m xs/79utmfwMSA9Tcujlpf9P10+tOHHFglStqYWMw0TyJB/Z0b+e8WlhIqionVO7I YpQrMjM7QwscvpC+i4C4tqmoHBgA5vZdLHdwThFNz5/bkCZteClHVxrRMjEP3Oak oJOR1vmhfFlNpv6XAIz3LOdXB+QZ8o4D5wsB74lIhGS39hXWdbiHjteL8htZ/dEF nNlZKWOOq5CWi6TqXCGFFxdXE3Cuk6klEeARLwJiEiPMRYrbTC2zPQi9zwm6qa+v nlwCtlbJ0ZbjYrcZIysD65fZZB+1C4KIHtmVFtCpFWUE4iNFgVwHymyt5lDOa86E ih95HcO66sPn+V/QXErcQ==
X-ME-Sender: <xms:SwT5ZhJKE3bS2IwvbMro9CObiSL3zaqiZ-1YlWn3eaDLJsEUXg7D4w> <xme:SwT5ZtLRUMdqniuUBJ_8Y6WiBScIZAGE_7CjDQJPXAzWM991ZwzMXdibSqGRVf0za E9lc7k-UmA2iVQ-Nw>
X-ME-Received: <xmr:SwT5Zpta5PqmOyEr5GEnBlLOohqlwrvN0PW4gct9D_dnssAkII2zQfWid8s0mia__biQ6AscCA5eMcjkKT78EbO11PQWOSCnJIzCihFFL5hru8pTsOhWoxCFyy57jXOgW0s>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeftddrvdduvddguddvgecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpggftfghnshhusghstghrihgsvgdp uffrtefokffrpgfnqfghnecuuegrihhlohhuthemuceftddtnecupfhoucgurghtvgcufh hivghlugculdegledmnecujfgurheptggghffvufesrgdttdertddtjeenucfhrhhomhep tfgvphhoshhithhorhihucettghtihhvihhthicuufhumhhmrghrhicuuehothcuoeguoh gpnhhothgprhgvphhlhiesmhhnohhtrdhnvghtqeenucggtffrrghtthgvrhhnpeekfedv udetjedvfeekheeiveeugfefhfetteevgeffkefffeetffdvleehudeiteenucffohhmrg hinhepghhithhhuhgsrdgtohhmnecuvehluhhsthgvrhfuihiivgepvdenucfrrghrrghm pehmrghilhhfrhhomhepughopghnohhtpghrvghplhihsehmnhhothdrnhgvthdpnhgspg hrtghpthhtohepuddpmhhouggvpehsmhhtphhouhhtpdhrtghpthhtohepohgruhhthhes ihgvthhfrdhorhhg
X-ME-Proxy: <xmx:SwT5ZiZCaTLtCaxJFZPfBLmtcb9bJeIp0E7lEPSMivVWxAX50jipFg> <xmx:SwT5ZoYSizMppHazKWpOzFlPJcyCKD-X4cREsjcW4hdYA4Bc5pzUSw> <xmx:SwT5ZmDjSa234ESx8TwkciPZCbC8lySqeH1evamzGIPuoJvOWh9KSA> <xmx:SwT5Zmah23nTNTbk8kWFGynC0heUA9QfELJoud2cnCMgQCb8OHiQxw> <xmx:SwT5Znmql6m3zHiRiLFHVoN04UCLdWzlKkBcRW7uY8DwMOoVpPKFGv8r>
Feedback-ID: i1c3946f2:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA for <oauth@ietf.org>; Sun, 29 Sep 2024 03:39:55 -0400 (EDT)
Content-Type: multipart/alternative; boundary="===============8250517822292006327=="
MIME-Version: 1.0
From: Repository Activity Summary Bot <do_not_reply@mnot.net>
To: oauth@ietf.org
Message-Id: <20240929083112.0DA86C14F5E5@ietfa.amsl.com>
Date: Sun, 29 Sep 2024 01:31:12 -0700
Message-ID-Hash: MXLU6M76ATVDBZXIRVJDCYHXDJSQ7W2R
X-Message-ID-Hash: MXLU6M76ATVDBZXIRVJDCYHXDJSQ7W2R
X-MailFrom: do_not_reply@mnot.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-oauth.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [OAUTH-WG] Weekly github digest (OAuth Activity Summary)
List-Id: OAUTH WG <oauth.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/-upcW9C-KbYgsUPmwTf5D8C0OEE>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Owner: <mailto:oauth-owner@ietf.org>
List-Post: <mailto:oauth@ietf.org>
List-Subscribe: <mailto:oauth-join@ietf.org>
List-Unsubscribe: <mailto:oauth-leave@ietf.org>



Events without label "editorial"

Issues
------
* oauth-wg/oauth-transaction-tokens (+9/-7/πŸ’¬19)
  9 issues created:
  - Authentication mechanisms (by PieterKas)
    https://github.com/oauth-wg/oauth-transaction-tokens/issues/135 
  - Clarify why the "aud" claim remains unchanged (by PieterKas)
    https://github.com/oauth-wg/oauth-transaction-tokens/issues/134 
  - access_token potential for confusion (by PieterKas)
    https://github.com/oauth-wg/oauth-transaction-tokens/issues/133 
  - rctx MUST (by PieterKas)
    https://github.com/oauth-wg/oauth-transaction-tokens/issues/132 
  - Can a sub_id change? (by PieterKas)
    https://github.com/oauth-wg/oauth-transaction-tokens/issues/131 
  - Editorial change (by PieterKas)
    https://github.com/oauth-wg/oauth-transaction-tokens/issues/130 
  - Trust Domain definition (by PieterKas)
    https://github.com/oauth-wg/oauth-transaction-tokens/issues/129 
  - Ascii Diagram update (by PieterKas)
    https://github.com/oauth-wg/oauth-transaction-tokens/issues/128 
  - Clarify Transaction Token Context (by PieterKas)
    https://github.com/oauth-wg/oauth-transaction-tokens/issues/127 

  10 issues received 19 new comments:
  - #135 Authentication mechanisms (5 by PieterKas, gffletch)
    https://github.com/oauth-wg/oauth-transaction-tokens/issues/135 
  - #134 Clarify why the "aud" claim remains unchanged (1 by gffletch)
    https://github.com/oauth-wg/oauth-transaction-tokens/issues/134 
  - #133 access_token potential for confusion (2 by PieterKas, gffletch)
    https://github.com/oauth-wg/oauth-transaction-tokens/issues/133 
  - #132 rctx MUST (2 by PieterKas, gffletch)
    https://github.com/oauth-wg/oauth-transaction-tokens/issues/132 
  - #131 Can a sub_id change? (1 by gffletch)
    https://github.com/oauth-wg/oauth-transaction-tokens/issues/131 
  - #130 Editorial change (1 by PieterKas)
    https://github.com/oauth-wg/oauth-transaction-tokens/issues/130 
  - #127 Clarify Transaction Token Context (4 by PieterKas, gffletch)
    https://github.com/oauth-wg/oauth-transaction-tokens/issues/127 
  - #119 Azd claim name conflict with RAR (1 by gffletch)
    https://github.com/oauth-wg/oauth-transaction-tokens/issues/119 
  - #118 RAR object inside a TraT (1 by gffletch)
    https://github.com/oauth-wg/oauth-transaction-tokens/issues/118 
  - #115 Audience, scope & purpose (1 by gffletch)
    https://github.com/oauth-wg/oauth-transaction-tokens/issues/115 

  7 issues closed:
  - Logging guidance and PII data handling https://github.com/oauth-wg/oauth-transaction-tokens/issues/124 
  - Clarify why the "aud" claim remains unchanged https://github.com/oauth-wg/oauth-transaction-tokens/issues/134 
  - rctx MUST https://github.com/oauth-wg/oauth-transaction-tokens/issues/132 
  - Ascii Diagram update https://github.com/oauth-wg/oauth-transaction-tokens/issues/128 
  - access_token potential for confusion https://github.com/oauth-wg/oauth-transaction-tokens/issues/133 
  - Trust Domain definition https://github.com/oauth-wg/oauth-transaction-tokens/issues/129 
  - Editorial change https://github.com/oauth-wg/oauth-transaction-tokens/issues/130 

* oauth-wg/oauth-sd-jwt-vc (+0/-1/πŸ’¬2)
  2 issues received 2 new comments:
  - #249 Suggestion: Should this spec be more open to multiple Credential formats? [W3C Verifiable Credentials 2.0] (1 by awoie)
    https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/249 [pending close] 
  - #247 Potential Privacy implications of verifier knowing display information (1 by danielfett)
    https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/247 

  1 issues closed:
  - Suggestion: Should this spec be more open to multiple Credential formats? [W3C Verifiable Credentials 2.0] https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/249 [pending close] 

* oauth-wg/draft-ietf-oauth-resource-metadata (+1/-0/πŸ’¬4)
  1 issues created:
  - Ambiguous handling of the resource_metadata WWW-Authenticate parameter (by randomstuff)
    https://github.com/oauth-wg/draft-ietf-oauth-resource-metadata/issues/56 

  3 issues received 4 new comments:
  - #56 Ambiguous handling of the resource_metadata WWW-Authenticate parameter (1 by selfissued)
    https://github.com/oauth-wg/draft-ietf-oauth-resource-metadata/issues/56 
  - #55 The client cannot tells whether audience restriction has been applied (2 by aaronpk, selfissued)
    https://github.com/oauth-wg/draft-ietf-oauth-resource-metadata/issues/55 
  - #8 Question: What should the WWW-Authenticate header return (1 by randomstuff)
    https://github.com/oauth-wg/draft-ietf-oauth-resource-metadata/issues/8 

* oauth-wg/oauth-selective-disclosure-jwt (+2/-3/πŸ’¬11)
  2 issues created:
  - Decoy Digest Implications (by AlexHodder)
    https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/470 
  - Mixed-type arrays (by alenhorvat)
    https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/469 

  5 issues received 11 new comments:
  - #470 Decoy Digest Implications (2 by AlexHodder, danielfett)
    https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/470 
  - #469 Mixed-type arrays (2 by alenhorvat, danielfett)
    https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/469 [pending-close] 
  - #468 sd_alg, _sd_alg - Option for claims reuse? (2 by Sakurann, alenhorvat)
    https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/468 
  - #465 JWT and unprotected header - generalisation? (4 by alenhorvat, bc-pi)
    https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/465 
  - #463 holder key as DID (1 by bc-pi)
    https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/463 [pending-close] 

  3 issues closed:
  - Mixed-type arrays https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/469 [pending-close] 
  - holder key as DID https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/463 [pending-close] 
  - JWT and unprotected header - generalisation? https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/465 

* oauth-wg/oauth-v2-1 (+2/-0/πŸ’¬0)
  2 issues created:
  - 7.X Stateless tokens and key rotation (by sakimura)
    https://github.com/oauth-wg/oauth-v2-1/issues/189 
  - 7.12 Phishing Attacks: Clarification and additional advice to the reader (by sakimura)
    https://github.com/oauth-wg/oauth-v2-1/issues/188 

* oauth-wg/draft-ietf-oauth-status-list (+1/-2/πŸ’¬0)
  1 issues created:
  - Missing IANA section for status types (by paulbastian)
    https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/177 

  2 issues closed:
  - Add implementations considerations https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/24 [ready-for-pr] 
  - requirement for status list size https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/47 [ready-for-pr] 



Pull requests
-------------
* oauth-wg/oauth-transaction-tokens (+8/-4/πŸ’¬0)
  8 pull requests submitted:
  - Clarify `subject_token_type` value when requesting a replacement Txn-Token (by gffletch)
    https://github.com/oauth-wg/oauth-transaction-tokens/pull/143 
  - Updated Mutual Authentication Guidance (by PieterKas)
    https://github.com/oauth-wg/oauth-transaction-tokens/pull/142 
  - Additional detail on 'aud' claim (by PieterKas)
    https://github.com/oauth-wg/oauth-transaction-tokens/pull/141 
  - Clarification on token context (by PieterKas)
    https://github.com/oauth-wg/oauth-transaction-tokens/pull/140 
  - Proposed editorial update to  Txn-Token Response (by PieterKas)
    https://github.com/oauth-wg/oauth-transaction-tokens/pull/139 
  - Trust domain clarification (by PieterKas)
    https://github.com/oauth-wg/oauth-transaction-tokens/pull/138 
  - Clarify Transaction Token Context (by PieterKas)
    https://github.com/oauth-wg/oauth-transaction-tokens/pull/137 
  - Editorial changes to the ASCII diagrams (by PieterKas)
    https://github.com/oauth-wg/oauth-transaction-tokens/pull/136 

  4 pull requests merged:
  - clarified logging recommendation
    https://github.com/oauth-wg/oauth-transaction-tokens/pull/125 
  - Proposed editorial update to  Txn-Token Response
    https://github.com/oauth-wg/oauth-transaction-tokens/pull/139 
  - Trust domain clarification
    https://github.com/oauth-wg/oauth-transaction-tokens/pull/138 
  - Editorial changes to the ASCII diagrams
    https://github.com/oauth-wg/oauth-transaction-tokens/pull/136 

* oauth-wg/oauth-sd-jwt-vc (+0/-1/πŸ’¬0)
  1 pull requests merged:
  - Set upload email in makefile
    https://github.com/oauth-wg/oauth-sd-jwt-vc/pull/255 

* oauth-wg/oauth-selective-disclosure-jwt (+1/-2/πŸ’¬6)
  1 pull requests submitted:
  - Update upload artifact to v4  (by bc-pi)
    https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/471 

  3 pull requests received 6 new comments:
  - #471 Update upload artifact to v4  (1 by bc-pi)
    https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/471 
  - #467 introduction rewrite (1 by rohanmahy)
    https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/467 
  - #466 Addressing one more of Mike's previous review comments (4 by Sakurann, bc-pi)
    https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/466 

  2 pull requests merged:
  - Addressing one more of Mike's previous review comments
    https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/466 
  - Update upload artifact to v4 
    https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/471 

* oauth-wg/draft-ietf-oauth-status-list (+0/-1/πŸ’¬0)
  1 pull requests merged:
  - add implementation consideration for Default Values and Double Alloca…
    https://github.com/oauth-wg/draft-ietf-oauth-status-list/pull/172 


Repositories tracked by this digest:
-----------------------------------
* https://github.com/oauth-wg/oauth-browser-based-apps
* https://github.com/oauth-wg/oauth-identity-chaining
* https://github.com/oauth-wg/oauth-transaction-tokens
* https://github.com/oauth-wg/oauth-sd-jwt-vc
* https://github.com/oauth-wg/draft-ietf-oauth-resource-metadata
* https://github.com/oauth-wg/oauth-cross-device-security
* https://github.com/oauth-wg/oauth-selective-disclosure-jwt
* https://github.com/oauth-wg/oauth-v2-1
* https://github.com/oauth-wg/draft-ietf-oauth-status-list
* https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth