[OAUTH-WG] Weekly github digest (OAuth Activity Summary)
Repository Activity Summary Bot <do_not_reply@mnot.net> Sun, 31 March 2024 08:51 UTC
Return-Path: <do_not_reply@mnot.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D0FFCC14F60A for <oauth@ietfa.amsl.com>; Sun, 31 Mar 2024 01:51:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.696
X-Spam-Level:
X-Spam-Status: No, score=-6.696 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (2048-bit key) reason="fail (message has been altered)" header.d=mnot.net header.b="e27eOGsX"; dkim=fail (2048-bit key) reason="fail (message has been altered)" header.d=messagingengine.com header.b="TACvja7U"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1Eguf6R9w8xy for <oauth@ietfa.amsl.com>; Sun, 31 Mar 2024 01:51:24 -0700 (PDT)
Received: from flow3-smtp.messagingengine.com (flow3-smtp.messagingengine.com [103.168.172.138]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D5B4EC14F69C for <oauth@ietf.org>; Sun, 31 Mar 2024 01:51:23 -0700 (PDT)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailflow.nyi.internal (Postfix) with ESMTP id D11C72003E4 for <oauth@ietf.org>; Sun, 31 Mar 2024 03:38:53 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162]) by compute1.internal (MEProxy); Sun, 31 Mar 2024 03:38:53 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mnot.net; h=cc :content-type:content-type:date:from:from:in-reply-to :mime-version:reply-to:subject:subject:to:to; s=fm3; t= 1711870733; x=1711877933; bh=BcmFfdzJ1o0qnYO50cubPw7DcBWr86J2Z3e l44rb24E=; b=e27eOGsX+wsrZDPayXkV3zA+aMTd8nLg7j/BpQ2yrEl6rpvwEA/ zYHeU1N8RR5WzKz3yVFj/Bv0OukwYabfIAB+clhsu3xDLUvMt0+Xx9vUcW3pAqCQ 5Cy5KymZxV7jDOvbc0DAr1pde4Ks/MMTDv9MWXIvg/RknIqjHOca6Z3NRFmEViQ6 JbA3fAY/HeDc+tFKMeAq4y+r63Z1KnpIC9Cknng+QGwR6x1yrqYw95axRxr2ytj/ HtOVABgJ2BqE4RwEatOwfBVuOt+0D26FUe49Nb1A/aDJgzthzWkVOGsy1FHySs4s hSGfLmFG0rFkHrI8k094xqYifoRCEl+iabw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:content-type:date :feedback-id:feedback-id:from:from:in-reply-to:mime-version :reply-to:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t=1711870733; x= 1711877933; bh=BcmFfdzJ1o0qnYO50cubPw7DcBWr86J2Z3el44rb24E=; b=T ACvja7UZr/8b1d49zO+9avUShqvXbVu3+o0fUrcUoWFPzy9OyUXnaDhc2E8Y2VuJ phLDRK+Ego5J3cIoVMXo11TBPFrrPhCHl0od/FEGbFV10WpsVA0/+UJZUGPovizt qwRmDp3N//xmp415JuoTxHXszjAdp+LwkOaRT/bLk4z61eD2hEvrU7b7mHNZF8+a 6mDlzHOGvg9zo0g2inOug6OplRzbf6XQFVW28f000zq8DHdR9Cpfcaop+6eI3kDd QkroeIz3iuiSswOsZzwsv0oldSsO6t9CwnqZOo2l8y+rM21LIu9Zma0kr1tRnIjg KylWFyOfaqCxxCKwr1gmg==
X-ME-Sender: <xms:DRMJZiYMz7Uu0mT29u9ynCD0jShjpea7GHWokH8giYamYgAzmrAvpg> <xme:DRMJZlZsEN1VKaBPo1OOJVq_d3PA5DyUGPshd7UXgE-Oj1Risi-qQ3FqC-X951daX KXe4_EfHzzUX8jKfg>
X-ME-Received: <xmr:DRMJZs-8-0uNCB0lr_qMgFEpfSwxsgGFyQjABgr4OCTjo4xBb6iXaF31Xy5F>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvledruddviedgudduudcutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecupfhoucgurghtvgcufhhivghlugculdegledmne gorfhhihhshhhinhhgqdfigedvhedquddutdculdeftddtmdenucfjughrpegtggfhvffu segrtddtredttdejnecuhfhrohhmpeftvghpohhsihhtohhrhicutegtthhivhhithihuc fuuhhmmhgrrhihuceuohhtuceoughopghnohhtpghrvghplhihsehmnhhothdrnhgvtheq necuggftrfgrthhtvghrnhepkeefvdduteejvdefkeehieevuefgfefhteetveegffekff efteffvdelheduieetnecuffhomhgrihhnpehgihhthhhusgdrtghomhenucevlhhushht vghrufhiiigvpedunecurfgrrhgrmhepmhgrihhlfhhrohhmpeguohgpnhhothgprhgvph hlhiesmhhnohhtrdhnvght
X-ME-Proxy: <xmx:DRMJZkrKiFtafJxvX_WPO0jHxsslRhJrPsgVWn8wXvxVgF9C_JiCtw> <xmx:DRMJZtpheMMTysMR5ZuHnWwK4vkVyUbIXbopTbY4kbZfLv3ScV34kA> <xmx:DRMJZiQiCiSe6WU60aF7CXv_vG1KJ1la2JQ_fG0a4KjnbYgNAvz-wg> <xmx:DRMJZtpyypbmico6LCsJj0eE9syZu4JF04cU0AtE-DWcWUwDFtQtLA> <xmx:DRMJZuAUTxChx4BguLNsTgrwdOH9rqO-98G1pB9v-27AZuBEc4xqU74yGdM>
Feedback-ID: i1c3946f2:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA for <oauth@ietf.org>; Sun, 31 Mar 2024 03:38:53 -0400 (EDT)
Content-Type: multipart/alternative; boundary="===============6990955878270397133=="
MIME-Version: 1.0
From: Repository Activity Summary Bot <do_not_reply@mnot.net>
To: oauth@ietf.org
Message-Id: <20240331085123.D5B4EC14F69C@ietfa.amsl.com>
Date: Sun, 31 Mar 2024 01:51:23 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/JqeA0P7shFxXmIvo8jB0YfksHvw>
Subject: [OAUTH-WG] Weekly github digest (OAuth Activity Summary)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 31 Mar 2024 08:51:28 -0000
Events without label "editorial" Issues ------ * oauth-wg/oauth-browser-based-apps (+1/-0/š¬1) 1 issues created: - Address outstanding comments from Justin Richer (by philippederyck) https://github.com/oauth-wg/oauth-browser-based-apps/issues/44 1 issues received 1 new comments: - #42 Consistently use *applications* or *apps* (1 by aaronpk) https://github.com/oauth-wg/oauth-browser-based-apps/issues/42 * oauth-wg/oauth-identity-chaining (+0/-1/š¬1) 1 issues received 1 new comments: - #89 JWT Authorization Grant allows broadening the scope (1 by obfuscoder) https://github.com/oauth-wg/oauth-identity-chaining/issues/89 1 issues closed: - JWT Authorization Grant allows broadening the scope https://github.com/oauth-wg/oauth-identity-chaining/issues/89 * oauth-wg/oauth-transaction-tokens (+10/-3/š¬8) 10 issues created: - Additional guidance on privacy in logging (by tulshi) https://github.com/oauth-wg/oauth-transaction-tokens/issues/88 - Possible confusion in IANA registry section (by tulshi) https://github.com/oauth-wg/oauth-transaction-tokens/issues/84 - Privacy section improvements (by tulshi) https://github.com/oauth-wg/oauth-transaction-tokens/issues/83 - Replacement token `sub` and `aud` modification language (by tulshi) https://github.com/oauth-wg/oauth-transaction-tokens/issues/82 - Clarify `sub` field (by tulshi) https://github.com/oauth-wg/oauth-transaction-tokens/issues/81 - Extensibility of `azd` and `rctx` (by tulshi) https://github.com/oauth-wg/oauth-transaction-tokens/issues/80 - Clarify difference between `rctx` and `azd` (by tulshi) https://github.com/oauth-wg/oauth-transaction-tokens/issues/79 - `purp` claim name and optionality (by tulshi) https://github.com/oauth-wg/oauth-transaction-tokens/issues/78 - `txn` value should be optional (by tulshi) https://github.com/oauth-wg/oauth-transaction-tokens/issues/77 - Move 'aud' requirement in Trust Domain away from 'Terminology' section (by tulshi) https://github.com/oauth-wg/oauth-transaction-tokens/issues/76 5 issues received 8 new comments: - #77 `txn` value should be optional (3 by gffletch, yaronf) https://github.com/oauth-wg/oauth-transaction-tokens/issues/77 - #76 Move 'aud' requirement in Trust Domain away from 'Terminology' section (2 by gffletch) https://github.com/oauth-wg/oauth-transaction-tokens/issues/76 - #74 Section 2.2.2 - Needs tighter security controls on replacement tokens (1 by obfuscoder) https://github.com/oauth-wg/oauth-transaction-tokens/issues/74 - #69 Do we still need replacement transaction tokens. (1 by tulshi) https://github.com/oauth-wg/oauth-transaction-tokens/issues/69 - #53 Transaction Tokens for S2S calls (1 by gffletch) https://github.com/oauth-wg/oauth-transaction-tokens/issues/53 3 issues closed: - Privacy section improvements https://github.com/oauth-wg/oauth-transaction-tokens/issues/83 - Do we still need replacement transaction tokens. https://github.com/oauth-wg/oauth-transaction-tokens/issues/69 - It would be good to show how, in a replacement txn-token, the identity of the previous sub_id is preserved. The replacement token may have a new sub_id that represent the workload that requested the replacement token. https://github.com/oauth-wg/oauth-transaction-tokens/issues/44 [pre-adoption] * oauth-wg/oauth-sd-jwt-vc (+2/-1/š¬1) 2 issues created: - Add JWS example (by awoie) https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/222 - Integrity of Type Metadata (by danielfett) https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/221 1 issues received 1 new comments: - #144 examples for ARF. (1 by danielfett) https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/144 [wg-04] 1 issues closed: - examples for ARF. https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/144 [wg-04] * oauth-wg/oauth-selective-disclosure-jwt (+0/-0/š¬1) 1 issues received 1 new comments: - #417 state what salt does (1 by bc-pi) https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/417 Pull requests ------------- * oauth-wg/oauth-browser-based-apps (+2/-0/š¬0) 2 pull requests submitted: - Feedback (by 0xandybarlow) https://github.com/oauth-wg/oauth-browser-based-apps/pull/46 - Processed review from Justin Richer (by philippederyck) https://github.com/oauth-wg/oauth-browser-based-apps/pull/45 * oauth-wg/oauth-transaction-tokens (+4/-3/š¬3) 4 pull requests submitted: - Update draft-ietf-oauth-transaction-tokens.md (by gffletch) https://github.com/oauth-wg/oauth-transaction-tokens/pull/89 - Clarified responsibilities of Txn-Token Service in (by tulshi) https://github.com/oauth-wg/oauth-transaction-tokens/pull/87 - Addressed privacy changes identified by Yaron (by tulshi) https://github.com/oauth-wg/oauth-transaction-tokens/pull/86 - editorial fixes identified by Yaron (by tulshi) https://github.com/oauth-wg/oauth-transaction-tokens/pull/85 3 pull requests received 3 new comments: - #89 Update draft-ietf-oauth-transaction-tokens.md (1 by tulshi) https://github.com/oauth-wg/oauth-transaction-tokens/pull/89 - #86 Addressed privacy changes identified by Yaron (1 by tulshi) https://github.com/oauth-wg/oauth-transaction-tokens/pull/86 - #75 Section 6 - Cardinality of txn-token services (1 by dhs-aws) https://github.com/oauth-wg/oauth-transaction-tokens/pull/75 3 pull requests merged: - Addressed privacy changes identified by Yaron https://github.com/oauth-wg/oauth-transaction-tokens/pull/86 - Section 6 - Cardinality of txn-token services https://github.com/oauth-wg/oauth-transaction-tokens/pull/75 - editorial fixes identified by Yaron https://github.com/oauth-wg/oauth-transaction-tokens/pull/85 * oauth-wg/draft-ietf-oauth-resource-metadata (+1/-0/š¬0) 1 pull requests submitted: - Apply Atul's WGLC feedback (by selfissued) https://github.com/oauth-wg/draft-ietf-oauth-resource-metadata/pull/23 * oauth-wg/oauth-selective-disclosure-jwt (+1/-0/š¬0) 1 pull requests submitted: - better explain what salt does (by bc-pi) https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/421 Repositories tracked by this digest: ----------------------------------- * https://github.com/oauth-wg/oauth-browser-based-apps * https://github.com/oauth-wg/oauth-identity-chaining * https://github.com/oauth-wg/oauth-transaction-tokens * https://github.com/oauth-wg/oauth-sd-jwt-vc * https://github.com/oauth-wg/draft-ietf-oauth-resource-metadata * https://github.com/oauth-wg/oauth-cross-device-security * https://github.com/oauth-wg/oauth-selective-disclosure-jwt * https://github.com/oauth-wg/oauth-v2-1
- [OAUTH-WG] Weekly github digest (OAuth Activity Sā¦ Repository Activity Summary Bot