[OAUTH-WG] Weekly github digest (OAuth Activity Summary)
Repository Activity Summary Bot <do_not_reply@mnot.net> Sun, 14 September 2025 07:40 UTC
Return-Path: <do_not_reply@mnot.net>
X-Original-To: oauth@mail2.ietf.org
Delivered-To: oauth@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 010596268DB1 for <oauth@mail2.ietf.org>; Sun, 14 Sep 2025 00:40:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.397
X-Spam-Level:
X-Spam-Status: No, score=-2.397 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=fail (2048-bit key) reason="fail (message has been altered)" header.d=mnot.net header.b="aGSOkkWh"; dkim=fail (2048-bit key) reason="fail (message has been altered)" header.d=messagingengine.com header.b="RQNMB+5a"
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id maytk7z0HzVi for <oauth@mail2.ietf.org>; Sun, 14 Sep 2025 00:40:58 -0700 (PDT)
Received: from fhigh-b5-smtp.messagingengine.com (fhigh-b5-smtp.messagingengine.com [202.12.124.156]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256)) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 5EFA8626814B for <oauth@ietf.org>; Sun, 14 Sep 2025 00:40:11 -0700 (PDT)
Received: from phl-compute-02.internal (phl-compute-02.internal [10.202.2.42]) by mailfhigh.stl.internal (Postfix) with ESMTP id 1313D7A009B for <oauth@ietf.org>; Sun, 14 Sep 2025 03:40:11 -0400 (EDT)
Received: from phl-mailfrontend-02 ([10.202.2.163]) by phl-compute-02.internal (MEProxy); Sun, 14 Sep 2025 03:40:11 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mnot.net; h=cc :content-type:content-type:date:from:from:in-reply-to:message-id :mime-version:reply-to:subject:subject:to:to; s=fm2; t= 1757835610; x=1757922010; bh=DMJXKhnrkXwb+vjKtdk1Mju92mT3ebvDeaP 7c8YM7bE=; b=aGSOkkWhHd1Vp0faJpJLCQJtUlZaM79f8V1aEClIAoeNKoFR29N lF8MB8nShyn438Nh9kNaOTVbl4e/EvVnhO4cg7GD4X9zdLQUhBLmDvz9WhLMPhHP mpdLRaEGMKHWEZ46pYYGouZAwmf2V/2ma5tQr7H9jdKGIywlKj+BQg8it1qK6qfV /5XT0kxbzihSN//j1NalH8eWT2Am/H4RjsfA50G9iE5qBQFOAC5TibjgmJlypUTD SiNTE/XyTAAYhXvnD3vaPCP2OY8hkIeK8wjbeWxre0RGwWAAQap/oSyk0Wo6dHCB AsX+UZfTDWOnM7VSwKnhIR3TojShIsmJhew==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:content-type:date :feedback-id:feedback-id:from:from:in-reply-to:message-id :mime-version:reply-to:subject:subject:to:to:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=1757835610; x= 1757922010; bh=DMJXKhnrkXwb+vjKtdk1Mju92mT3ebvDeaP7c8YM7bE=; b=R QNMB+5aS0PXShikdZMEDm7NuUqDkev5LRLDf0Z8aO8v6o8ZoBtsanPYtFV+X/tnk 4PHSJC0/0QUQU0SOkThvnq8zIXgFl3lUGJG9SvXt9aM8nwkTxHmtngQorPHSZsCv Wu+ht9/EOXaiYIiYTVyYWD0zElSscQW+kCinnJnPhjkzwkt4X0CePgERh0uSQoCU 0dfZqS7nGE8+2ImPXZZ7HeCnFdiYBXcl30WT++ilmHCfb3UBgyW2vDJwRhQ5R/VE euYxDosT2XUDklKiSpxQ289KjSLTADMEFmx0MnNOhSvvcP7Tlo+L5RQPS8KEMWq9 XTi2zVloNimvDhHSMVHjg==
X-ME-Sender: <xms:WnHGaBVzsCr5P8ZTrM5V9dY5oCHtmYF4o8HrxPh8EZZPVyI3soD3vQ> <xme:WnHGaM2qkgobM3xxE_NU8lakKoL3ukEZmIFwVvuiYZIU6lGy_HB3iPdizJWZ78rEP CTg6jreJFTiRC2JZA>
X-ME-Received: <xmr:WnHGaOD7gif7wyKqUzfby-C9hAM4AcN5IQoftFCGgzDgylzrdvsPpEf1fPcQ_QiCVhX9pq9E4LOwXuZ2WQRibT9ReriCo6KAxx9keU0HPd6U9y3Ztko73TQiA3m0c-OlsVQ7rA>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeffedrtdeggdefgedvgecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpuffrtefokffrpgfnqfghnecuuegr ihhlohhuthemuceftddtnecupfhoucgurghtvgcufhhivghlugculdegledmnecujfgurh eptggghffvufesrgdttdertddtjeenucfhrhhomheptfgvphhoshhithhorhihucettght ihhvihhthicuufhumhhmrghrhicuuehothcuoeguohgpnhhothgprhgvphhlhiesmhhnoh htrdhnvghtqeenucggtffrrghtthgvrhhnpeekfedvudetjedvfeekheeiveeugfefhfet teevgeffkefffeetffdvleehudeiteenucffohhmrghinhepghhithhhuhgsrdgtohhmne cuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepughopghn ohhtpghrvghplhihsehmnhhothdrnhgvthdpnhgspghrtghpthhtohepuddpmhhouggvpe hsmhhtphhouhhtpdhrtghpthhtohepohgruhhthhesihgvthhfrdhorhhg
X-ME-Proxy: <xmx:WnHGaKjpsm9S7ZPNs1nYBJtvnpBWsJO4epPVBe8vX1k6jHRsVMJs0A> <xmx:WnHGaK_tb8yO1cVJgTeEcakB2sN_p06cJlxlYToViNQKPvd-Wsf1cw> <xmx:WnHGaO9irBv_6V58PwnqUIpMAidyyJ34c2hY7S2L-0AnNwvAYL9s_A> <xmx:WnHGaLDGR-E5A9TAly7hhD8UWp0ojxxhwCMt0GI8ITao8LvR65L-Iw> <xmx:WnHGaHNdoiZDOdxsItVM4mmSVYUfzklBHx30dnmRVIDa2YwY4IjA8ccY>
Feedback-ID: i1c3946f2:Fastmail
Message-Id: <1757835610.432473.507712E6@outbound.messagingengine.com>
Received: by mail.messagingengine.com (Postfix) with ESMTPA for <oauth@ietf.org>; Sun, 14 Sep 2025 03:40:10 -0400 (EDT)
Content-Type: multipart/alternative; boundary="===============8871853877758814139=="
MIME-Version: 1.0
From: Repository Activity Summary Bot <do_not_reply@mnot.net>
To: oauth@ietf.org
Date: Sun, 14 Sep 2025 00:40:11 -0700
Message-ID-Hash: GQVFJ4ONUOUU4QU5OZK4YZW2N6F2TRGJ
X-Message-ID-Hash: GQVFJ4ONUOUU4QU5OZK4YZW2N6F2TRGJ
X-MailFrom: do_not_reply@mnot.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-oauth.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [OAUTH-WG] Weekly github digest (OAuth Activity Summary)
List-Id: OAUTH WG <oauth.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/G0rFK8ALTR9iHOb1dNsMG6gtKxg>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Owner: <mailto:oauth-owner@ietf.org>
List-Post: <mailto:oauth@ietf.org>
List-Subscribe: <mailto:oauth-join@ietf.org>
List-Unsubscribe: <mailto:oauth-leave@ietf.org>
Events without label "editorial"
Issues
------
* oauth-wg/oauth-identity-chaining (+0/-3/š¬3)
3 issues received 3 new comments:
- #146 Improve examples in the appendix (1 by bc-pi)
https://github.com/oauth-wg/oauth-identity-chaining/issues/146
- #139 Updates to reflect changes to RFC7523 (jwt_privatekey attack) (1 by bc-pi)
https://github.com/oauth-wg/oauth-identity-chaining/issues/139
- #120 OAuth client acting as a client (1 by bc-pi)
https://github.com/oauth-wg/oauth-identity-chaining/issues/120
3 issues closed:
- Required `requested_token_type` parameter https://github.com/oauth-wg/oauth-identity-chaining/issues/111
- WGLC (2 of ?): claims/token transcription/rewrite security https://github.com/oauth-wg/oauth-identity-chaining/issues/170
- WGLC (1 of ?): trust relationship realization https://github.com/oauth-wg/oauth-identity-chaining/issues/169
* oauth-wg/oauth-transaction-tokens (+0/-0/š¬14)
10 issues received 14 new comments:
- #232 Need consistent normative language for txn claim (1 by PieterKas)
https://github.com/oauth-wg/oauth-transaction-tokens/issues/232 [WGLC Feedback]
- #231 Describe parameter use (1 by PieterKas)
https://github.com/oauth-wg/oauth-transaction-tokens/issues/231 [WGLC Feedback]
- #230 Clarify "JWT Representation" (1 by PieterKas)
https://github.com/oauth-wg/oauth-transaction-tokens/issues/230 [WGLC Feedback]
- #229 Consider "Authorization surface" (1 by PieterKas)
https://github.com/oauth-wg/oauth-transaction-tokens/issues/229 [WGLC Feedback]
- #228 Clarify claim usage (1 by PieterKas)
https://github.com/oauth-wg/oauth-transaction-tokens/issues/228 [WGLC Feedback]
- #222 Should tctx field be a MUST (1 by ashayraut)
https://github.com/oauth-wg/oauth-transaction-tokens/issues/222 [WGLC Feedback]
- #217 Transaction token Lifetime extension (1 by ashayraut)
https://github.com/oauth-wg/oauth-transaction-tokens/issues/217 [WGLC Feedback]
- #194 Reconsider 'purp' claim scope (4 by PieterKas, bc-pi, dagdagdag83)
https://github.com/oauth-wg/oauth-transaction-tokens/issues/194 [WGLC Feedback]
- #193 Rationale for 'txn' being REQUIRED (2 by ashayraut, bc-pi)
https://github.com/oauth-wg/oauth-transaction-tokens/issues/193 [WGLC Feedback]
- #191 Exception for self-signed JWTs (1 by jsalowey)
https://github.com/oauth-wg/oauth-transaction-tokens/issues/191 [WGLC Feedback]
* oauth-wg/oauth-sd-jwt-vc (+1/-0/š¬7)
1 issues created:
- StringOrURI should probably not be used (by bc-pi)
https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/343
3 issues received 7 new comments:
- #343 StringOrURI should probably not be used (3 by adeinega, bc-pi)
https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/343
- #342 Remove JSON schema from Type Metadata (1 by bc-pi)
https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/342
- #247 Potential Privacy implications of verifier knowing display information (3 by bc-pi, cre8)
https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/247 [pending close] [blocked]
* oauth-wg/draft-ietf-oauth-attestation-based-client-auth (+0/-3/š¬0)
3 issues closed:
- Allow MAC as signature algorithms? https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/130
- Add option without PoP but with ad-hoc client attetation and nonce https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/111 [ready-for-pr]
- Client Attestation HTTP Headers https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/118 [discuss]
* oauth-wg/oauth-identity-assertion-authz-grant (+3/-0/š¬6)
3 issues created:
- Clarify that IdP client can be mapped via ID-JAG to AS specific client (by mcguinness)
https://github.com/oauth-wg/oauth-identity-assertion-authz-grant/issues/45
- Include more examples of claims in the id-jag (by meghnadubey)
https://github.com/oauth-wg/oauth-identity-assertion-authz-grant/issues/43
- IdP metadata recommendation (by meghnadubey)
https://github.com/aaronpk/draft-parecki-oauth-identity-assertion-authz-grant/issues/38
4 issues received 6 new comments:
- #45 Clarify that IdP client can be mapped via ID-JAG to AS specific client (3 by mcguinness, meghnadubey)
https://github.com/oauth-wg/oauth-identity-assertion-authz-grant/issues/45
- #41 Clarify ID-JAG is a typed profile of JWT Assertion Grant (1 by meghnadubey)
https://github.com/oauth-wg/oauth-identity-assertion-authz-grant/issues/41
- #40 Editorial cleanup to make clear interaction and role of the AS for the Resource App (1 by meghnadubey)
https://github.com/oauth-wg/oauth-identity-assertion-authz-grant/issues/40
- #39 Adopt Tenant Claim from OpenID Enterprise Extensions for ID-JAG (1 by meghnadubey)
https://github.com/oauth-wg/oauth-identity-assertion-authz-grant/issues/39
* oauth-wg/draft-ietf-oauth-rfc8725bis (+0/-1/š¬1)
1 issues received 1 new comments:
- #19 Representation of time values to void the 2038 bug (1 by selfissued)
https://github.com/oauth-wg/draft-ietf-oauth-rfc8725bis/issues/19
1 issues closed:
- Markdown magic https://github.com/oauth-wg/draft-ietf-oauth-rfc8725bis/issues/20
Pull requests
-------------
* oauth-wg/oauth-identity-chaining (+2/-1/š¬0)
2 pull requests submitted:
- six seven (by bc-pi)
https://github.com/oauth-wg/oauth-identity-chaining/pull/173
- six seven (by bc-pi)
https://github.com/oauth-wg/oauth-identity-chaining/pull/172
1 pull requests merged:
- prospective changes from WGLC reviews
https://github.com/oauth-wg/oauth-identity-chaining/pull/171
* oauth-wg/oauth-transaction-tokens (+4/-5/š¬2)
4 pull requests submitted:
- Clarify "request_context" (by PieterKas)
https://github.com/oauth-wg/oauth-transaction-tokens/pull/247
- Remove "surface" to describe extend of authorization (by PieterKas)
https://github.com/oauth-wg/oauth-transaction-tokens/pull/246
- Delete "represenntation" (by PieterKas)
https://github.com/oauth-wg/oauth-transaction-tokens/pull/245
- considerations for internal requests (by jsalowey)
https://github.com/oauth-wg/oauth-transaction-tokens/pull/244
2 pull requests received 2 new comments:
- #240 added internal flow (1 by jsalowey)
https://github.com/oauth-wg/oauth-transaction-tokens/pull/240
- #239 Clarify authentication requriements (1 by PieterKas)
https://github.com/oauth-wg/oauth-transaction-tokens/pull/239
5 pull requests merged:
- Multiple TTS Instances
https://github.com/oauth-wg/oauth-transaction-tokens/pull/242
- renamed microservice to workload
https://github.com/oauth-wg/oauth-transaction-tokens/pull/185
- Delete draft-ietf-oauth-transaction-tokens-03.md
https://github.com/oauth-wg/oauth-transaction-tokens/pull/187
- Delete "represenntation"
https://github.com/oauth-wg/oauth-transaction-tokens/pull/245
- Remove "surface" to describe extend of authorization
https://github.com/oauth-wg/oauth-transaction-tokens/pull/246
* oauth-wg/oauth-sd-jwt-vc (+1/-0/š¬0)
1 pull requests submitted:
- Remove JSON schema from Type Metadata (by bc-pi)
https://github.com/oauth-wg/oauth-sd-jwt-vc/pull/345
* oauth-wg/draft-ietf-oauth-attestation-based-client-auth (+2/-3/š¬7)
2 pull requests submitted:
- mandate header fields (by c2bo)
https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/pull/148
- add use_fresh_attestation error type (by c2bo)
https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/pull/147
3 pull requests received 7 new comments:
- #147 add use_fresh_attestation error type (5 by c2bo, panva)
https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/pull/147
- #146 DPoP Optimisation (1 by paulbastian)
https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/pull/146
- #142 70 register as and client metadata for algorithm negotiation of attestations and pops (1 by paulbastian)
https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/pull/142
3 pull requests merged:
- remove restrictions to not allow MAC-based algorithms
https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/pull/141
- add use_fresh_attestation error type
https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/pull/147
- mandate header fields
https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/pull/148
* oauth-wg/draft-ietf-oauth-rfc8725bis (+0/-1/š¬0)
1 pull requests merged:
- Venue info and boilerplate directive
https://github.com/oauth-wg/draft-ietf-oauth-rfc8725bis/pull/21
Repositories tracked by this digest:
-----------------------------------
* https://github.com/oauth-wg/oauth-browser-based-apps
* https://github.com/oauth-wg/oauth-identity-chaining
* https://github.com/oauth-wg/oauth-transaction-tokens
* https://github.com/oauth-wg/oauth-sd-jwt-vc
* https://github.com/oauth-wg/draft-ietf-oauth-resource-metadata
* https://github.com/oauth-wg/oauth-cross-device-security
* https://github.com/oauth-wg/oauth-selective-disclosure-jwt
* https://github.com/oauth-wg/oauth-v2-1
* https://github.com/oauth-wg/draft-ietf-oauth-status-list
* https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth
* https://github.com/oauth-wg/oauth-identity-assertion-authz-grant
* https://github.com/oauth-wg/draft-ietf-oauth-rfc8725bis
* https://github.com/oauth-wg/draft-ietf-oauth-rfc7523bis
* https://github.com/oauth-wg/oauth-first-party-apps
--
To have a summary like this sent to your list, see: https://github.com/ietf-github-services/activity-summary
- [OAUTH-WG] Weekly github digest (OAuth Activity S⦠Repository Activity Summary Bot