[OAUTH-WG] Weekly github digest (OAuth Activity Summary)
Repository Activity Summary Bot <do_not_reply@mnot.net> Sun, 29 September 2024 08:31 UTC
Return-Path: <do_not_reply@mnot.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6FE9CC14F5F1 for <oauth@ietfa.amsl.com>; Sun, 29 Sep 2024 01:31:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.706
X-Spam-Level:
X-Spam-Status: No, score=-1.706 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (2048-bit key) reason="fail (message has been altered)" header.d=mnot.net header.b="Zlfk65ZG"; dkim=fail (2048-bit key) reason="fail (message has been altered)" header.d=messagingengine.com header.b="mxs/79ut"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZI2UPjFPFCPq for <oauth@ietfa.amsl.com>; Sun, 29 Sep 2024 01:31:12 -0700 (PDT)
Received: from fout-a3-smtp.messagingengine.com (fout-a3-smtp.messagingengine.com [103.168.172.146]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0DA86C14F5E5 for <oauth@ietf.org>; Sun, 29 Sep 2024 01:31:12 -0700 (PDT)
Received: from phl-compute-09.internal (phl-compute-09.phl.internal [10.202.2.49]) by mailfout.phl.internal (Postfix) with ESMTP id A02801380691 for <oauth@ietf.org>; Sun, 29 Sep 2024 03:39:55 -0400 (EDT)
Received: from phl-mailfrontend-02 ([10.202.2.163]) by phl-compute-09.internal (MEProxy); Sun, 29 Sep 2024 03:39:55 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mnot.net; h=cc :content-type:content-type:date:from:from:in-reply-to :mime-version:reply-to:subject:subject:to:to; s=fm3; t= 1727595595; x=1727681995; bh=ssKNKD2ATTtZjDrHl+LMNWlwTrjm8TMZLD1 pZbmzUd4=; b=Zlfk65ZGqlqSb/cvJaa0cq04fLTHqpB25bNphl0H0izAzGGYJzP CxEk9CTHDV/pGjsL3QWFtk4fMQSOHxxAOyx9mBs3pYFh6v6BXkNb5eLh0dI0GcI1 YyS6ZeD9ZkopbT5kfraru7c7cT+yojDJCVTZTtNih6d7//lz9BfecYOiOtN/PK2E Lsa4zcRokxTOUK9Vr/U7dgn069dZ11yHuAj+zwAkDEEWiwZ5kexjGMiDMETq6J0U FGEvMImgXkJGB2xT4MxHsL+1iA4ff6HfCdQt7VIMSX2uiU5NQw30n/EkIVjBJ6J9 AxMLdInv1hRCdpqSfCvb4lIzDY73J1hi4GA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:content-type:date :feedback-id:feedback-id:from:from:in-reply-to:mime-version :reply-to:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t=1727595595; x= 1727681995; bh=ssKNKD2ATTtZjDrHl+LMNWlwTrjm8TMZLD1pZbmzUd4=; b=m xs/79utmfwMSA9Tcujlpf9P10+tOHHFglStqYWMw0TyJB/Z0b+e8WlhIqionVO7I YpQrMjM7QwscvpC+i4C4tqmoHBgA5vZdLHdwThFNz5/bkCZteClHVxrRMjEP3Oak oJOR1vmhfFlNpv6XAIz3LOdXB+QZ8o4D5wsB74lIhGS39hXWdbiHjteL8htZ/dEF nNlZKWOOq5CWi6TqXCGFFxdXE3Cuk6klEeARLwJiEiPMRYrbTC2zPQi9zwm6qa+v nlwCtlbJ0ZbjYrcZIysD65fZZB+1C4KIHtmVFtCpFWUE4iNFgVwHymyt5lDOa86E ih95HcO66sPn+V/QXErcQ==
X-ME-Sender: <xms:SwT5ZhJKE3bS2IwvbMro9CObiSL3zaqiZ-1YlWn3eaDLJsEUXg7D4w> <xme:SwT5ZtLRUMdqniuUBJ_8Y6WiBScIZAGE_7CjDQJPXAzWM991ZwzMXdibSqGRVf0za E9lc7k-UmA2iVQ-Nw>
X-ME-Received: <xmr:SwT5Zpta5PqmOyEr5GEnBlLOohqlwrvN0PW4gct9D_dnssAkII2zQfWid8s0mia__biQ6AscCA5eMcjkKT78EbO11PQWOSCnJIzCihFFL5hru8pTsOhWoxCFyy57jXOgW0s>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeftddrvdduvddguddvgecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpggftfghnshhusghstghrihgsvgdp uffrtefokffrpgfnqfghnecuuegrihhlohhuthemuceftddtnecupfhoucgurghtvgcufh hivghlugculdegledmnecujfgurheptggghffvufesrgdttdertddtjeenucfhrhhomhep tfgvphhoshhithhorhihucettghtihhvihhthicuufhumhhmrghrhicuuehothcuoeguoh gpnhhothgprhgvphhlhiesmhhnohhtrdhnvghtqeenucggtffrrghtthgvrhhnpeekfedv udetjedvfeekheeiveeugfefhfetteevgeffkefffeetffdvleehudeiteenucffohhmrg hinhepghhithhhuhgsrdgtohhmnecuvehluhhsthgvrhfuihiivgepvdenucfrrghrrghm pehmrghilhhfrhhomhepughopghnohhtpghrvghplhihsehmnhhothdrnhgvthdpnhgspg hrtghpthhtohepuddpmhhouggvpehsmhhtphhouhhtpdhrtghpthhtohepohgruhhthhes ihgvthhfrdhorhhg
X-ME-Proxy: <xmx:SwT5ZiZCaTLtCaxJFZPfBLmtcb9bJeIp0E7lEPSMivVWxAX50jipFg> <xmx:SwT5ZoYSizMppHazKWpOzFlPJcyCKD-X4cREsjcW4hdYA4Bc5pzUSw> <xmx:SwT5ZmDjSa234ESx8TwkciPZCbC8lySqeH1evamzGIPuoJvOWh9KSA> <xmx:SwT5Zmah23nTNTbk8kWFGynC0heUA9QfELJoud2cnCMgQCb8OHiQxw> <xmx:SwT5Znmql6m3zHiRiLFHVoN04UCLdWzlKkBcRW7uY8DwMOoVpPKFGv8r>
Feedback-ID: i1c3946f2:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA for <oauth@ietf.org>; Sun, 29 Sep 2024 03:39:55 -0400 (EDT)
Content-Type: multipart/alternative; boundary="===============8250517822292006327=="
MIME-Version: 1.0
From: Repository Activity Summary Bot <do_not_reply@mnot.net>
To: oauth@ietf.org
Message-Id: <20240929083112.0DA86C14F5E5@ietfa.amsl.com>
Date: Sun, 29 Sep 2024 01:31:12 -0700
Message-ID-Hash: MXLU6M76ATVDBZXIRVJDCYHXDJSQ7W2R
X-Message-ID-Hash: MXLU6M76ATVDBZXIRVJDCYHXDJSQ7W2R
X-MailFrom: do_not_reply@mnot.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-oauth.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [OAUTH-WG] Weekly github digest (OAuth Activity Summary)
List-Id: OAUTH WG <oauth.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/-upcW9C-KbYgsUPmwTf5D8C0OEE>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Owner: <mailto:oauth-owner@ietf.org>
List-Post: <mailto:oauth@ietf.org>
List-Subscribe: <mailto:oauth-join@ietf.org>
List-Unsubscribe: <mailto:oauth-leave@ietf.org>
Events without label "editorial" Issues ------ * oauth-wg/oauth-transaction-tokens (+9/-7/π¬19) 9 issues created: - Authentication mechanisms (by PieterKas) https://github.com/oauth-wg/oauth-transaction-tokens/issues/135 - Clarify why the "aud" claim remains unchanged (by PieterKas) https://github.com/oauth-wg/oauth-transaction-tokens/issues/134 - access_token potential for confusion (by PieterKas) https://github.com/oauth-wg/oauth-transaction-tokens/issues/133 - rctx MUST (by PieterKas) https://github.com/oauth-wg/oauth-transaction-tokens/issues/132 - Can a sub_id change? (by PieterKas) https://github.com/oauth-wg/oauth-transaction-tokens/issues/131 - Editorial change (by PieterKas) https://github.com/oauth-wg/oauth-transaction-tokens/issues/130 - Trust Domain definition (by PieterKas) https://github.com/oauth-wg/oauth-transaction-tokens/issues/129 - Ascii Diagram update (by PieterKas) https://github.com/oauth-wg/oauth-transaction-tokens/issues/128 - Clarify Transaction Token Context (by PieterKas) https://github.com/oauth-wg/oauth-transaction-tokens/issues/127 10 issues received 19 new comments: - #135 Authentication mechanisms (5 by PieterKas, gffletch) https://github.com/oauth-wg/oauth-transaction-tokens/issues/135 - #134 Clarify why the "aud" claim remains unchanged (1 by gffletch) https://github.com/oauth-wg/oauth-transaction-tokens/issues/134 - #133 access_token potential for confusion (2 by PieterKas, gffletch) https://github.com/oauth-wg/oauth-transaction-tokens/issues/133 - #132 rctx MUST (2 by PieterKas, gffletch) https://github.com/oauth-wg/oauth-transaction-tokens/issues/132 - #131 Can a sub_id change? (1 by gffletch) https://github.com/oauth-wg/oauth-transaction-tokens/issues/131 - #130 Editorial change (1 by PieterKas) https://github.com/oauth-wg/oauth-transaction-tokens/issues/130 - #127 Clarify Transaction Token Context (4 by PieterKas, gffletch) https://github.com/oauth-wg/oauth-transaction-tokens/issues/127 - #119 Azd claim name conflict with RAR (1 by gffletch) https://github.com/oauth-wg/oauth-transaction-tokens/issues/119 - #118 RAR object inside a TraT (1 by gffletch) https://github.com/oauth-wg/oauth-transaction-tokens/issues/118 - #115 Audience, scope & purpose (1 by gffletch) https://github.com/oauth-wg/oauth-transaction-tokens/issues/115 7 issues closed: - Logging guidance and PII data handling https://github.com/oauth-wg/oauth-transaction-tokens/issues/124 - Clarify why the "aud" claim remains unchanged https://github.com/oauth-wg/oauth-transaction-tokens/issues/134 - rctx MUST https://github.com/oauth-wg/oauth-transaction-tokens/issues/132 - Ascii Diagram update https://github.com/oauth-wg/oauth-transaction-tokens/issues/128 - access_token potential for confusion https://github.com/oauth-wg/oauth-transaction-tokens/issues/133 - Trust Domain definition https://github.com/oauth-wg/oauth-transaction-tokens/issues/129 - Editorial change https://github.com/oauth-wg/oauth-transaction-tokens/issues/130 * oauth-wg/oauth-sd-jwt-vc (+0/-1/π¬2) 2 issues received 2 new comments: - #249 Suggestion: Should this spec be more open to multiple Credential formats? [W3C Verifiable Credentials 2.0] (1 by awoie) https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/249 [pending close] - #247 Potential Privacy implications of verifier knowing display information (1 by danielfett) https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/247 1 issues closed: - Suggestion: Should this spec be more open to multiple Credential formats? [W3C Verifiable Credentials 2.0] https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/249 [pending close] * oauth-wg/draft-ietf-oauth-resource-metadata (+1/-0/π¬4) 1 issues created: - Ambiguous handling of the resource_metadata WWW-Authenticate parameter (by randomstuff) https://github.com/oauth-wg/draft-ietf-oauth-resource-metadata/issues/56 3 issues received 4 new comments: - #56 Ambiguous handling of the resource_metadata WWW-Authenticate parameter (1 by selfissued) https://github.com/oauth-wg/draft-ietf-oauth-resource-metadata/issues/56 - #55 The client cannot tells whether audience restriction has been applied (2 by aaronpk, selfissued) https://github.com/oauth-wg/draft-ietf-oauth-resource-metadata/issues/55 - #8 Question: What should the WWW-Authenticate header return (1 by randomstuff) https://github.com/oauth-wg/draft-ietf-oauth-resource-metadata/issues/8 * oauth-wg/oauth-selective-disclosure-jwt (+2/-3/π¬11) 2 issues created: - Decoy Digest Implications (by AlexHodder) https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/470 - Mixed-type arrays (by alenhorvat) https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/469 5 issues received 11 new comments: - #470 Decoy Digest Implications (2 by AlexHodder, danielfett) https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/470 - #469 Mixed-type arrays (2 by alenhorvat, danielfett) https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/469 [pending-close] - #468 sd_alg, _sd_alg - Option for claims reuse? (2 by Sakurann, alenhorvat) https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/468 - #465 JWT and unprotected header - generalisation? (4 by alenhorvat, bc-pi) https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/465 - #463 holder key as DID (1 by bc-pi) https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/463 [pending-close] 3 issues closed: - Mixed-type arrays https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/469 [pending-close] - holder key as DID https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/463 [pending-close] - JWT and unprotected header - generalisation? https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/465 * oauth-wg/oauth-v2-1 (+2/-0/π¬0) 2 issues created: - 7.X Stateless tokens and key rotation (by sakimura) https://github.com/oauth-wg/oauth-v2-1/issues/189 - 7.12 Phishing Attacks: Clarification and additional advice to the reader (by sakimura) https://github.com/oauth-wg/oauth-v2-1/issues/188 * oauth-wg/draft-ietf-oauth-status-list (+1/-2/π¬0) 1 issues created: - Missing IANA section for status types (by paulbastian) https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/177 2 issues closed: - Add implementations considerations https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/24 [ready-for-pr] - requirement for status list size https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/47 [ready-for-pr] Pull requests ------------- * oauth-wg/oauth-transaction-tokens (+8/-4/π¬0) 8 pull requests submitted: - Clarify `subject_token_type` value when requesting a replacement Txn-Token (by gffletch) https://github.com/oauth-wg/oauth-transaction-tokens/pull/143 - Updated Mutual Authentication Guidance (by PieterKas) https://github.com/oauth-wg/oauth-transaction-tokens/pull/142 - Additional detail on 'aud' claim (by PieterKas) https://github.com/oauth-wg/oauth-transaction-tokens/pull/141 - Clarification on token context (by PieterKas) https://github.com/oauth-wg/oauth-transaction-tokens/pull/140 - Proposed editorial update to Txn-Token Response (by PieterKas) https://github.com/oauth-wg/oauth-transaction-tokens/pull/139 - Trust domain clarification (by PieterKas) https://github.com/oauth-wg/oauth-transaction-tokens/pull/138 - Clarify Transaction Token Context (by PieterKas) https://github.com/oauth-wg/oauth-transaction-tokens/pull/137 - Editorial changes to the ASCII diagrams (by PieterKas) https://github.com/oauth-wg/oauth-transaction-tokens/pull/136 4 pull requests merged: - clarified logging recommendation https://github.com/oauth-wg/oauth-transaction-tokens/pull/125 - Proposed editorial update to Txn-Token Response https://github.com/oauth-wg/oauth-transaction-tokens/pull/139 - Trust domain clarification https://github.com/oauth-wg/oauth-transaction-tokens/pull/138 - Editorial changes to the ASCII diagrams https://github.com/oauth-wg/oauth-transaction-tokens/pull/136 * oauth-wg/oauth-sd-jwt-vc (+0/-1/π¬0) 1 pull requests merged: - Set upload email in makefile https://github.com/oauth-wg/oauth-sd-jwt-vc/pull/255 * oauth-wg/oauth-selective-disclosure-jwt (+1/-2/π¬6) 1 pull requests submitted: - Update upload artifact to v4 (by bc-pi) https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/471 3 pull requests received 6 new comments: - #471 Update upload artifact to v4 (1 by bc-pi) https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/471 - #467 introduction rewrite (1 by rohanmahy) https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/467 - #466 Addressing one more of Mike's previous review comments (4 by Sakurann, bc-pi) https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/466 2 pull requests merged: - Addressing one more of Mike's previous review comments https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/466 - Update upload artifact to v4 https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/471 * oauth-wg/draft-ietf-oauth-status-list (+0/-1/π¬0) 1 pull requests merged: - add implementation consideration for Default Values and Double Allocaβ¦ https://github.com/oauth-wg/draft-ietf-oauth-status-list/pull/172 Repositories tracked by this digest: ----------------------------------- * https://github.com/oauth-wg/oauth-browser-based-apps * https://github.com/oauth-wg/oauth-identity-chaining * https://github.com/oauth-wg/oauth-transaction-tokens * https://github.com/oauth-wg/oauth-sd-jwt-vc * https://github.com/oauth-wg/draft-ietf-oauth-resource-metadata * https://github.com/oauth-wg/oauth-cross-device-security * https://github.com/oauth-wg/oauth-selective-disclosure-jwt * https://github.com/oauth-wg/oauth-v2-1 * https://github.com/oauth-wg/draft-ietf-oauth-status-list * https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth
- [OAUTH-WG] Weekly github digest (OAuth Activity S⦠Repository Activity Summary Bot