[OAUTH-WG] Weekly github digest (OAuth Activity Summary)

Repository Activity Summary Bot <do_not_reply@mnot.net> Sun, 28 July 2024 07:56 UTC

Return-Path: <do_not_reply@mnot.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 69728C14F69E for <oauth@ietfa.amsl.com>; Sun, 28 Jul 2024 00:56:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.707
X-Spam-Level:
X-Spam-Status: No, score=-1.707 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (2048-bit key) reason="fail (message has been altered)" header.d=mnot.net header.b="Mj/xbpE3"; dkim=fail (2048-bit key) reason="fail (message has been altered)" header.d=messagingengine.com header.b="bphRw+lw"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VXj47X-SSdgd for <oauth@ietfa.amsl.com>; Sun, 28 Jul 2024 00:56:12 -0700 (PDT)
Received: from fout8-smtp.messagingengine.com (fout8-smtp.messagingengine.com [103.168.172.151]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EEABFC14F713 for <oauth@ietf.org>; Sun, 28 Jul 2024 00:56:11 -0700 (PDT)
Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailfout.nyi.internal (Postfix) with ESMTP id B8A9F1380637 for <oauth@ietf.org>; Sun, 28 Jul 2024 03:39:21 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162]) by compute5.internal (MEProxy); Sun, 28 Jul 2024 03:39:21 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mnot.net; h=cc :content-type:content-type:date:from:from:in-reply-to :mime-version:reply-to:subject:subject:to:to; s=fm1; t= 1722152361; x=1722238761; bh=j0MPxLj6wLrxDD6aw0O0BGWi1qW4l0BEKoj GaoFrqBE=; b=Mj/xbpE3ZTiC2KVGkkZbWhDzAkoq/PQYYaoMqyAfeT8VDqS8D6q YhCcU9JMfsUnfkZQHSXz1VWsDE7RwyreqH6rWSZ84JJO9bB6VtCrYoYUp1/+rpPK WRv669X6LkJbzcNYvi6ZQrt6O1+Q3drbE6JXneGd4Y1V5ObYoEIGX5norW1M0HiK vg8wzybpx7/V4w9n+p7I8g/bEqwyYnmlU8q98fkXAYvW2LBZ6C9830ivkNBHYQqJ haSdTLhzXkzhcaY4YEFyCW56qYgns+8nqDY4ptaR2Blw0soV0E5x+sdfvUIs3P64 r24tScPMJjWnNsD9VaW6oTAROl9yqW8wPPA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:content-type:date :feedback-id:feedback-id:from:from:in-reply-to:mime-version :reply-to:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm3; t=1722152361; x= 1722238761; bh=j0MPxLj6wLrxDD6aw0O0BGWi1qW4l0BEKojGaoFrqBE=; b=b phRw+lwE0jWdcTht/A57XR76O0/HOx9uvCZveUI4gTvjIlTggHhM9A3NS15lIKcJ IdcAdRiiLE01hvVE61G1BLlo7Bdn7206ub+IocGdyQ2AqdFotFD++/4iyTp/mPaG UxdhXMDoGs8IAD2AwXonJnaEXXNqMrUZYY19LbwDff2Gc0h7SBOsLj3f7Uud2GyH N/ZL3p2l1T0Wn1w1Fm7ECWwXt4Mo/ANqQt/Kw+gP6/WxKqX14XQXnLnWF4xz8Amr B33zdiCSNhbkLrrlgYz+zBcCGZsHLQCnTiNJppRna7is0C8cko7u6ni+MxiMOvgZ 26gvXdR1lCzdasuiodLjg==
X-ME-Sender: <xms:qfWlZin6HFwT7N70wd8CGsDkdTHtIxoWvdeN4hEQD6-4eJQGaTKdMg> <xme:qfWlZp112bR6iyX4ZZu_8EcyNq6bv9YVYqAhUqq15fVWCKmpZ3C2SNumNXwRiXKGY CabbzgBMbd0ww8spA>
X-ME-Received: <xmr:qfWlZgp6XupKziBLSd3ADR1IAhPTXWCI5xFbQAiS8uiiauyq1wckLBxXs6eQF0Rk2a5rzYYbhGwNL8SBR9aeihw6Tt4SL07LFz9MROm9niLF2GtfFZe6t0u4_1Zk5Ukg3A>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeftddrieelgddulecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecupfhoucgurghtvgcufhhivghlugculdegledmnecujf gurheptggghffvufesrgdttdertddtjeenucfhrhhomheptfgvphhoshhithhorhihucet tghtihhvihhthicuufhumhhmrghrhicuuehothcuoeguohgpnhhothgprhgvphhlhiesmh hnohhtrdhnvghtqeenucggtffrrghtthgvrhhnpeekfedvudetjedvfeekheeiveeugfef hfetteevgeffkefffeetffdvleehudeiteenucffohhmrghinhepghhithhhuhgsrdgtoh hmnecuvehluhhsthgvrhfuihiivgepudenucfrrghrrghmpehmrghilhhfrhhomhepugho pghnohhtpghrvghplhihsehmnhhothdrnhgvthdpnhgspghrtghpthhtoheptd
X-ME-Proxy: <xmx:qfWlZmle-h25X3pzJM5LQZOkbhO7AQt-cXX-UsIDMZu_jBZa1JRKmA> <xmx:qfWlZg1NfAfObzekmVuU6D67IYHp05PDR2ByQSPzk5_3p_DDxpVo3A> <xmx:qfWlZtsYCayZNydAblbTZi5vTv4XeSFzvydAwCGtqS5_y_wpcT1cYQ> <xmx:qfWlZsXotbJjCWjx4-JhzXPAy9y5laCLy0p-v6Z74TJVO4mlGW_1hA> <xmx:qfWlZuAOjR2CXT7ptDw9O1hwK60HM9poAFYMfDsG35yPcs3JpTGlPomM>
Feedback-ID: i1c3946f2:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA for <oauth@ietf.org>; Sun, 28 Jul 2024 03:39:21 -0400 (EDT)
Content-Type: multipart/alternative; boundary="===============5442276381987888428=="
MIME-Version: 1.0
From: Repository Activity Summary Bot <do_not_reply@mnot.net>
To: oauth@ietf.org
Message-Id: <20240728075611.EEABFC14F713@ietfa.amsl.com>
Date: Sun, 28 Jul 2024 00:56:11 -0700
Message-ID-Hash: 5T2SYNSLQLNBNBCNRXXPZZDA3F7YQDRI
X-Message-ID-Hash: 5T2SYNSLQLNBNBCNRXXPZZDA3F7YQDRI
X-MailFrom: do_not_reply@mnot.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-oauth.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [OAUTH-WG] Weekly github digest (OAuth Activity Summary)
List-Id: OAUTH WG <oauth.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/NzZiIArDhechvbUG0W7DgEQwnZI>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Owner: <mailto:oauth-owner@ietf.org>
List-Post: <mailto:oauth@ietf.org>
List-Subscribe: <mailto:oauth-join@ietf.org>
List-Unsubscribe: <mailto:oauth-leave@ietf.org>



Events without label "editorial"

Issues
------
* oauth-wg/oauth-transaction-tokens (+9/-1/šŸ’¬16)
  9 issues created:
  - `subject_token` description needs to be more flexible (by tulshi)
    https://github.com/oauth-wg/oauth-transaction-tokens/issues/121 
  - The "N_A" value for the "txn" claim can complicate processing (by tulshi)
    https://github.com/oauth-wg/oauth-transaction-tokens/issues/120 
  - Azd claim name conflict with RAR (by tulshi)
    https://github.com/oauth-wg/oauth-transaction-tokens/issues/119 
  - RAR object inside a TraT (by tulshi)
    https://github.com/oauth-wg/oauth-transaction-tokens/issues/118 
  - IANA registration procedures (by tulshi)
    https://github.com/oauth-wg/oauth-transaction-tokens/issues/117 
  - Audience, scope & purpose (by arndt-s)
    https://github.com/oauth-wg/oauth-transaction-tokens/issues/115 
  - Seconds vs. milliseconds in the example (by dteleguin)
    https://github.com/oauth-wg/oauth-transaction-tokens/issues/114 
  - subject_token_type for Replacement Txn-Token Request (by dteleguin)
    https://github.com/oauth-wg/oauth-transaction-tokens/issues/113 
  - please add document history to the draft (by Sakurann)
    https://github.com/oauth-wg/oauth-transaction-tokens/issues/112 

  9 issues received 16 new comments:
  - #120 The "N_A" value for the "txn" claim can complicate processing (1 by tulshi)
    https://github.com/oauth-wg/oauth-transaction-tokens/issues/120 
  - #119 Azd claim name conflict with RAR (2 by jricher, tulshi)
    https://github.com/oauth-wg/oauth-transaction-tokens/issues/119 
  - #118 RAR object inside a TraT (2 by gffletch, jricher)
    https://github.com/oauth-wg/oauth-transaction-tokens/issues/118 
  - #115 Audience, scope & purpose (4 by arndt-s, gffletch, obfuscoder)
    https://github.com/oauth-wg/oauth-transaction-tokens/issues/115 
  - #114 Seconds vs. milliseconds in the example (1 by gffletch)
    https://github.com/oauth-wg/oauth-transaction-tokens/issues/114 
  - #113 subject_token_type for Replacement Txn-Token Request (1 by gffletch)
    https://github.com/oauth-wg/oauth-transaction-tokens/issues/113 
  - #111 Batch or long running processes and extending lifetime of a token (2 by gffletch, tulshi)
    https://github.com/oauth-wg/oauth-transaction-tokens/issues/111 
  - #110 Tx token lifetime guidance missing for replacement token (1 by PieterKas)
    https://github.com/oauth-wg/oauth-transaction-tokens/issues/110 
  - #108 A dummy transaction token - useful for debugging (2 by ashayraut, tulshi)
    https://github.com/oauth-wg/oauth-transaction-tokens/issues/108 

  1 issues closed:
  - Seconds vs. milliseconds in the example https://github.com/oauth-wg/oauth-transaction-tokens/issues/114 

* oauth-wg/oauth-sd-jwt-vc (+6/-0/šŸ’¬5)
  6 issues created:
  - Drop all references to DIDs and DID resolution - rely on extensibility already in the draft (by leifj)
    https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/250 
  - Suggestion: Should this spec be more open to multiple Credential formats? [W3C Verifiable Credentials 2.0] (by goncalo-frade-iohk)
    https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/249 
  - Provide information where a credential can be obtained (by danielfett)
    https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/248 
  - Potential Privacy implications of verifier knowing display information (by Sakurann)
    https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/247 
  - clarify example(s)   (by bc-pi)
    https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/246 
  - Ambiguity what should happen when no `kid` parameter is present in header when DID is used as `iss` value (by TimoGlastra)
    https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/245 

  3 issues received 5 new comments:
  - #250 Drop all references to DIDs and DID resolution (2 by bc-pi, selfissued)
    https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/250 
  - #248 Provide information where a credential can be obtained (1 by awoie)
    https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/248 
  - #245 Ambiguity what should happen when no `kid` parameter is present in header when DID is used as `iss` value (2 by bc-pi, peacekeeper)
    https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/245 

* oauth-wg/oauth-selective-disclosure-jwt (+1/-0/šŸ’¬0)
  1 issues created:
  - (maybe) clarify example(s)  (by bc-pi)
    https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/444 

* oauth-wg/oauth-v2-1 (+1/-0/šŸ’¬0)
  1 issues created:
  - Section 4.1.2.1 Error Response is unclear on how to handle an Invalid Authorization Endpoint request (by dfcoffin)
    https://github.com/oauth-wg/oauth-v2-1/issues/184 

* oauth-wg/draft-ietf-oauth-attestation-based-client-auth (+1/-0/šŸ’¬1)
  1 issues created:
  - client_id optional in the request body (by Sakurann)
    https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/81 

  1 issues received 1 new comments:
  - #71 Propose to change the draft name (1 by Sakurann)
    https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/71 



Pull requests
-------------
* oauth-wg/oauth-transaction-tokens (+1/-1/šŸ’¬0)
  1 pull requests submitted:
  - Correct JSON example - address issue #114 (by gffletch)
    https://github.com/oauth-wg/oauth-transaction-tokens/pull/116 

  1 pull requests merged:
  - Correct JSON example - address issue #114
    https://github.com/oauth-wg/oauth-transaction-tokens/pull/116 

* oauth-wg/draft-ietf-oauth-resource-metadata (+0/-1/šŸ’¬0)
  1 pull requests merged:
  - Removed extraneous paragraph
    https://github.com/oauth-wg/draft-ietf-oauth-resource-metadata/pull/46 


Repositories tracked by this digest:
-----------------------------------
* https://github.com/oauth-wg/oauth-browser-based-apps
* https://github.com/oauth-wg/oauth-identity-chaining
* https://github.com/oauth-wg/oauth-transaction-tokens
* https://github.com/oauth-wg/oauth-sd-jwt-vc
* https://github.com/oauth-wg/draft-ietf-oauth-resource-metadata
* https://github.com/oauth-wg/oauth-cross-device-security
* https://github.com/oauth-wg/oauth-selective-disclosure-jwt
* https://github.com/oauth-wg/oauth-v2-1
* https://github.com/oauth-wg/draft-ietf-oauth-status-list
* https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth