[OAUTH-WG] Weekly github digest (OAuth Activity Summary)

Repository Activity Summary Bot <do_not_reply@mnot.net> Sun, 15 September 2024 07:39 UTC

Return-Path: <do_not_reply@mnot.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 63FC7C15198F for <oauth@ietfa.amsl.com>; Sun, 15 Sep 2024 00:39:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.705
X-Spam-Level:
X-Spam-Status: No, score=-1.705 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (2048-bit key) reason="fail (message has been altered)" header.d=mnot.net header.b="gAlTlDSg"; dkim=fail (2048-bit key) reason="fail (message has been altered)" header.d=messagingengine.com header.b="cVcMolGE"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id biU2O2GaWR9F for <oauth@ietfa.amsl.com>; Sun, 15 Sep 2024 00:39:45 -0700 (PDT)
Received: from fhigh8-smtp.messagingengine.com (fhigh8-smtp.messagingengine.com [103.168.172.159]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 81C9EC15107C for <oauth@ietf.org>; Sun, 15 Sep 2024 00:39:41 -0700 (PDT)
Received: from phl-compute-10.internal (phl-compute-10.phl.internal [10.202.2.50]) by mailfhigh.phl.internal (Postfix) with ESMTP id AFAE51140244 for <oauth@ietf.org>; Sun, 15 Sep 2024 03:39:40 -0400 (EDT)
Received: from phl-mailfrontend-02 ([10.202.2.163]) by phl-compute-10.internal (MEProxy); Sun, 15 Sep 2024 03:39:40 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mnot.net; h=cc :content-type:content-type:date:from:from:in-reply-to :mime-version:reply-to:subject:subject:to:to; s=fm2; t= 1726385980; x=1726472380; bh=Bv01+a0SiDIqhse8SfYIUauQBI9O9U2eFAY pBNgdgFw=; b=gAlTlDSg1tAH8RpEwUZDzpHIoOMzkcHW9nCm8wlnGBVowl5Q0Og 9wZyDlK04iiWQam5JfAGWYtWOrTqM0nWB04dP6bI/OZzzRZWVkJVqeXQAbQ8AqDf zftEIzBINhD2x8Ln6BjlKzNaKpMr9wZd0/Cle6wFeUZcxGvuXJetf3gBEUnR7s/T NcYZSfxBP6HRpLkN6hcJZJyXoIcjukj49VGi0TT/7gc3sGZZmwZTBaVnIF6ZC8UR lWNxNQWGCez6GJMOQ+7clYrR10R4i/gY5bQG9APxgEioxB54Ge6o04oOe8WJS8kf mhfx9kVsYioKAoXNs4UdW/oex1veu9bJovg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:content-type:date :feedback-id:feedback-id:from:from:in-reply-to:mime-version :reply-to:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=1726385980; x= 1726472380; bh=Bv01+a0SiDIqhse8SfYIUauQBI9O9U2eFAYpBNgdgFw=; b=c VcMolGECxFtA7EJ4xh4iqQrHAUHojrHdiIGjErL7Xvi2X2R6FWda6rAmEDzALf4z Usb6O60u9fnTJpxjw6q3A+dxCEMngqneMNiRpvkEv4uTn822K6iNrJMSMONp+3dy ykwPDoDg1DI66TnKgXwE97tWI/ZI9bZcMffZa2Aey4vZCJwTKPQ1mzmOMZ1fvke0 HiTto5ZzbIk53f67bAy4WEZ3hgQ5BOLUni4hzRl8ntngm1wOouRFbY0hfChAELVb zA8fKALpt9Jg/j7cCo84Exy/q8OR25kC4D19KH+/pyysaHCLyLFm8KmCZ5oZtPHE qzxjw2ZYvtKd8AfIqJyZg==
X-ME-Sender: <xms:PI_mZnuvTo60JFFI4ZUyjSqkkj02pFH85sDUac_9gasAcG7nqPaUMA> <xme:PI_mZodVgwDoHfey6JgpCrlFx-sgLTkFvFrmTVHG_lCXADlt7lEdBdFTPWo23rLSq grT4cq_lf5Aldx6lg>
X-ME-Received: <xmr:PI_mZqwMlxhdWfuAA9loV-jIi2kx3ghEps97LvHEExAlm4Y8SDP_olUJnfUyUTMb>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeftddrudekvddgudekucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggvpdfu rfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucfpohcuuggrthgvuchfih gvlhguucdlgeelmdenucfjughrpegtggfhvffusegrtddtredttdejnecuhfhrohhmpeft vghpohhsihhtohhrhicutegtthhivhhithihucfuuhhmmhgrrhihuceuohhtuceoughopg hnohhtpghrvghplhihsehmnhhothdrnhgvtheqnecuggftrfgrthhtvghrnhepkeefvddu teejvdefkeehieevuefgfefhteetveegffekffefteffvdelheduieetnecuffhomhgrih hnpehgihhthhhusgdrtghomhenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhep mhgrihhlfhhrohhmpeguohgpnhhothgprhgvphhlhiesmhhnohhtrdhnvghtpdhnsggprh gtphhtthhopedupdhmohguvgepshhmthhpohhuthdprhgtphhtthhopehorghuthhhsehi vghtfhdrohhrgh
X-ME-Proxy: <xmx:PI_mZmNZJkmezaXt1H1v5EkkpgFOba6oDt1ib3aSzbLIVI41wbVyoA> <xmx:PI_mZn_FKhclaCGx3Qhb8565T8dx9lxJq1piwPTVakwDPaMwt14TYA> <xmx:PI_mZmXNoP6kdsCW2dxQUUGg2SJlF_GvkPuvGnKEsLJqWgyLLBzSng> <xmx:PI_mZofDuUT2DEA5MHbpTCKqUTkq9x-VFPl5a4UrEgwZfHEt0eRFDA> <xmx:PI_mZpJjU7ZAauji9gFiJyTovaBGt9dqOMLdL79-uQszgWyw5EyTjuBt>
Feedback-ID: i1c3946f2:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA for <oauth@ietf.org>; Sun, 15 Sep 2024 03:39:40 -0400 (EDT)
Content-Type: multipart/alternative; boundary="===============8592013882006260414=="
MIME-Version: 1.0
From: Repository Activity Summary Bot <do_not_reply@mnot.net>
To: oauth@ietf.org
Message-Id: <20240915073941.81C9EC15107C@ietfa.amsl.com>
Date: Sun, 15 Sep 2024 00:39:41 -0700
Message-ID-Hash: YUEU2O3DIJWSUDVY3HOUF7MAE3CXLR53
X-Message-ID-Hash: YUEU2O3DIJWSUDVY3HOUF7MAE3CXLR53
X-MailFrom: do_not_reply@mnot.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-oauth.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [OAUTH-WG] Weekly github digest (OAuth Activity Summary)
List-Id: OAUTH WG <oauth.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/HVQGk6q7QYho0KQSsCIs28s5058>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Owner: <mailto:oauth-owner@ietf.org>
List-Post: <mailto:oauth@ietf.org>
List-Subscribe: <mailto:oauth-join@ietf.org>
List-Unsubscribe: <mailto:oauth-leave@ietf.org>



Events without label "editorial"

Issues
------
* oauth-wg/oauth-transaction-tokens (+0/-0/πŸ’¬1)
  1 issues received 1 new comments:
  - #113 subject_token_type for Replacement Txn-Token Request (1 by dteleguin)
    https://github.com/oauth-wg/oauth-transaction-tokens/issues/113 

* oauth-wg/oauth-sd-jwt-vc (+0/-2/πŸ’¬0)
  2 issues closed:
  - clarify example(s)   https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/246 
  - Add output example https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/194 [wg-05] 

* oauth-wg/draft-ietf-oauth-resource-metadata (+2/-3/πŸ’¬4)
  2 issues created:
  - Add motivating example for resource metadata to the spec (by selfissued)
    https://github.com/oauth-wg/draft-ietf-oauth-resource-metadata/issues/50 
  - Add step numbers to sequence diagram, if possible (by selfissued)
    https://github.com/oauth-wg/draft-ietf-oauth-resource-metadata/issues/49 

  1 issues received 4 new comments:
  - #50 Add motivating example for resource metadata to the spec (4 by aaronpk, selfissued)
    https://github.com/oauth-wg/draft-ietf-oauth-resource-metadata/issues/50 

  3 issues closed:
  - Add motivating example for resource metadata to the spec https://github.com/oauth-wg/draft-ietf-oauth-resource-metadata/issues/50 
  - Declaring support for DPoP and Certificate-Bound Access Tokens https://github.com/oauth-wg/draft-ietf-oauth-resource-metadata/issues/48 
  - Add step numbers to sequence diagram, if possible https://github.com/oauth-wg/draft-ietf-oauth-resource-metadata/issues/49 

* oauth-wg/oauth-selective-disclosure-jwt (+2/-0/πŸ’¬0)
  2 issues created:
  - WGLC updates (by bc-pi)
    https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/464 
  - holder key as DID (by ThierryThevenet)
    https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/463 

* oauth-wg/oauth-v2-1 (+1/-0/πŸ’¬1)
  1 issues created:
  - Standardize refresh token expiration field in token responses (by pilcrowOnPaper)
    https://github.com/oauth-wg/oauth-v2-1/issues/187 

  1 issues received 1 new comments:
  - #187 Standardize refresh token expiration field in token responses (1 by aaronpk)
    https://github.com/oauth-wg/oauth-v2-1/issues/187 

* oauth-wg/draft-ietf-oauth-status-list (+1/-2/πŸ’¬4)
  1 issues created:
  - Clean up IANA section (by c2bo)
    https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/174 

  4 issues received 4 new comments:
  - #168 Support for content negotiation as denoted in the standard is limited for some CDNs and http servers (1 by c2bo)
    https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/168 [discuss] 
  - #84 IETF 118: Guidance for which contexts/usecases StatusList is a valuable revocation mechanism (1 by paulbastian)
    https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/84 
  - #68 Should the JWT StatusList encoded 1-bit bytearray map to W3C StatusList 2021 bitstring? (1 by paulbastian)
    https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/68 
  - #53 restriction to numeric status (1 by paulbastian)
    https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/53 

  2 issues closed:
  - Call for Adoption Feedback: JSON/CBOR instead of JWT/CWT https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/72 
  - arbitrary size restrictions on status https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/52 

* oauth-wg/draft-ietf-oauth-attestation-based-client-auth (+0/-0/πŸ’¬4)
  2 issues received 4 new comments:
  - #79 Usage of "public clients" / "deployments traditionally viewed as a public client" (3 by babisRoutis, jogu, paulbastian)
    https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/79 [discuss] 
  - #72 Add required typ values for the client-attestation and client-attestation-pop in line with JWT BCP (1 by c2bo)
    https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/72 



Pull requests
-------------
* oauth-wg/oauth-transaction-tokens (+1/-1/πŸ’¬3)
  1 pull requests submitted:
  - Update draft-ietf-oauth-transaction-tokens.md (by federicofdez)
    https://github.com/oauth-wg/oauth-transaction-tokens/pull/126 

  2 pull requests received 3 new comments:
  - #126 Update draft-ietf-oauth-transaction-tokens.md (1 by tulshi)
    https://github.com/oauth-wg/oauth-transaction-tokens/pull/126 
  - #125 clarified logging recommendation (2 by obfuscoder, tulshi)
    https://github.com/oauth-wg/oauth-transaction-tokens/pull/125 

  1 pull requests merged:
  - Update draft-ietf-oauth-transaction-tokens.md
    https://github.com/oauth-wg/oauth-transaction-tokens/pull/126 

* oauth-wg/oauth-sd-jwt-vc (+0/-1/πŸ’¬0)
  1 pull requests merged:
  - clarify, add context, or otherwise improve examples
    https://github.com/oauth-wg/oauth-sd-jwt-vc/pull/252 

* oauth-wg/draft-ietf-oauth-resource-metadata (+4/-3/πŸ’¬15)
  4 pull requests submitted:
  - Add metadata parameter for RAR types supported (by selfissued)
    https://github.com/oauth-wg/draft-ietf-oauth-resource-metadata/pull/54 
  - add email example to intro (by aaronpk)
    https://github.com/oauth-wg/draft-ietf-oauth-resource-metadata/pull/53 
  - Add metadata values for DPoP and MTLS (by selfissued)
    https://github.com/oauth-wg/draft-ietf-oauth-resource-metadata/pull/52 
  - Addressed ART, SecDir, and OpsDir reviews (by selfissued)
    https://github.com/oauth-wg/draft-ietf-oauth-resource-metadata/pull/51 

  2 pull requests received 15 new comments:
  - #54 Add metadata parameter for RAR types supported (1 by RalphBragg)
    https://github.com/oauth-wg/draft-ietf-oauth-resource-metadata/pull/54 
  - #52 Add metadata values for DPoP and MTLS (14 by aaronpk, randomstuff, selfissued)
    https://github.com/oauth-wg/draft-ietf-oauth-resource-metadata/pull/52 

  3 pull requests merged:
  - add email example to intro
    https://github.com/oauth-wg/draft-ietf-oauth-resource-metadata/pull/53 
  - Add metadata values for DPoP and MTLS
    https://github.com/oauth-wg/draft-ietf-oauth-resource-metadata/pull/52 
  - Addressed ART, SecDir, and OpsDir reviews
    https://github.com/oauth-wg/draft-ietf-oauth-resource-metadata/pull/51 

* oauth-wg/draft-ietf-oauth-status-list (+4/-0/πŸ’¬2)
  4 pull requests submitted:
  - fix CWT status_list map encoding (by c2bo)
    https://github.com/oauth-wg/draft-ietf-oauth-status-list/pull/173 
  - add implementation consideration for Default Values and Double Alloca… (by paulbastian)
    https://github.com/oauth-wg/draft-ietf-oauth-status-list/pull/172 
  - sd jwt example (by c2bo)
    https://github.com/oauth-wg/draft-ietf-oauth-status-list/pull/171 
  - update security consideration (by paulbastian)
    https://github.com/oauth-wg/draft-ietf-oauth-status-list/pull/170 

  1 pull requests received 2 new comments:
  - #171 sd jwt example (2 by c2bo, paulbastian)
    https://github.com/oauth-wg/draft-ietf-oauth-status-list/pull/171 


Repositories tracked by this digest:
-----------------------------------
* https://github.com/oauth-wg/oauth-browser-based-apps
* https://github.com/oauth-wg/oauth-identity-chaining
* https://github.com/oauth-wg/oauth-transaction-tokens
* https://github.com/oauth-wg/oauth-sd-jwt-vc
* https://github.com/oauth-wg/draft-ietf-oauth-resource-metadata
* https://github.com/oauth-wg/oauth-cross-device-security
* https://github.com/oauth-wg/oauth-selective-disclosure-jwt
* https://github.com/oauth-wg/oauth-v2-1
* https://github.com/oauth-wg/draft-ietf-oauth-status-list
* https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth