IETF Logo Mail Archive

[OAUTH-WG] Weekly github digest (OAuth Activity Summary)

Repository Activity Summary Bot <do_not_reply@mnot.net> Sun, 24 March 2024 09:01 UTC

Return-Path: <do_not_reply@mnot.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D3C32C14F721 for <oauth@ietfa.amsl.com>; Sun, 24 Mar 2024 02:01:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.705
X-Spam-Level:
X-Spam-Status: No, score=-1.705 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (2048-bit key) reason="fail (message has been altered)" header.d=mnot.net header.b="JJzTDv+z"; dkim=fail (2048-bit key) reason="fail (message has been altered)" header.d=messagingengine.com header.b="wu4tv2oT"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pccK5ZpUjVOB for <oauth@ietfa.amsl.com>; Sun, 24 Mar 2024 02:01:19 -0700 (PDT)
Received: from wflow7-smtp.messagingengine.com (wflow7-smtp.messagingengine.com [64.147.123.142]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EED3FC14F6BA for <oauth@ietf.org>; Sun, 24 Mar 2024 02:01:18 -0700 (PDT)
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailflow.west.internal (Postfix) with ESMTP id 04B382CC04B1 for <oauth@ietf.org>; Sun, 24 Mar 2024 03:40:06 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163]) by compute4.internal (MEProxy); Sun, 24 Mar 2024 03:40:07 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mnot.net; h=cc :content-type:content-type:date:from:from:in-reply-to :mime-version:reply-to:subject:subject:to:to; s=fm3; t= 1711266006; x=1711273206; bh=qNKn3Q8roiszo6z2ERnc8sFd0VdipIWRQ7c YLhJ/+FU=; b=JJzTDv+zCAXQRaVTzZTrcn409oQ18Mvqovob25cw8XIzZDx9eEI cmniCkITzi1CciXlCFjn6KjAlx+xHhqAwe8UuO2IuM7YvNp3if1N06uOnUM1S0xC Yv7l55HTIOUEsOaxN1txvqgMEOZommo5kh057TKE7I0FYUsUd1P7KtKFYGR3UxkL aZ7k1gfMdvMqiEO73EwKw94vADmFeFB6/RdpTKsasdqZcc+1MSm98yHnTdVujFLa Q2ZkFkCoVHOXvAnK2t4r4tIy9ut7bPxcXgS56M7yRWNpsmxfxbmU7vtWUJW2ht1M 9huW3/H3Jy+kJp6oauVAFh2PAfkUHwsV+tw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:content-type:date :feedback-id:feedback-id:from:from:in-reply-to:mime-version :reply-to:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t=1711266006; x= 1711273206; bh=qNKn3Q8roiszo6z2ERnc8sFd0VdipIWRQ7cYLhJ/+FU=; b=w u4tv2oTk/Y3/xin6FuPG7ofCzm2a21bnrIXQ3AcFP9Fpv7L/S2sst0MxcF7FWCx7 30JZx72DkDbYBYgAzkkCK3Y7ZCXWa5XZXAu3UmeDMfXLzCOgYKY38wMIGDe5yq6m Aeq7nRUIx6q+NSEbxz9TXwHUOs+vOM3lTAYxFta1wmdnGXVubSCq5kPC+63TWLIA ZFKqT3VpO1NmeMlSK1mmX3nbc6pUnXK942HuhItn4YamtiuxLqyweo62o4wtq+bk YdkbVxalBdW8Rnr/XvZujJk1RiZLXgXT9yI/BmsWXXFe28k9tq7WA86eTjitBvVc o5duRcS1/hWDcsI/hgzeg==
X-ME-Sender: <xms:1tj_Zea4ozVMz6mJfKKvZhRcBaMpEMd9Nd2gX4rEO0b0ukiwntl71w> <xme:1tj_ZRZ60h5PwHBe5LcGJ7IKHzUXomZc8Ku5NUV8k82Hf_ZjhJdoxWzMbkKVyTeAK BL6WoUmi8LXTHHQ2w>
X-ME-Received: <xmr:1tj_ZY8X9tBuuCiHiIlpYqWZUVmoV0pMWSzZv3-0Z_ydh7-mbhpoRlhDMRql>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvledruddtiedgtdekucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucfpohcuuggrthgvuchfihgvlhguucdlgeelmdenog frhhhishhhihhnghdqifegvdehqdduuddtucdlfedttddmnecujfgurheptggghffvufes rgdttdertddtjeenucfhrhhomheptfgvphhoshhithhorhihucettghtihhvihhthicuuf humhhmrghrhicuuehothcuoeguohgpnhhothgprhgvphhlhiesmhhnohhtrdhnvghtqeen ucggtffrrghtthgvrhhnpeekfedvudetjedvfeekheeiveeugfefhfetteevgeffkefffe etffdvleehudeiteenucffohhmrghinhepghhithhhuhgsrdgtohhmnecuvehluhhsthgv rhfuihiivgepvdenucfrrghrrghmpehmrghilhhfrhhomhepughopghnohhtpghrvghplh ihsehmnhhothdrnhgvth
X-ME-Proxy: <xmx:1tj_ZQruqRCCUQcWytnk7G20WLy0vXpkJ1k7uRLbT-62dqtvHpwyzw> <xmx:1tj_ZZoasx1jsC1IoRetS2krbARxHjZSm6Iw5qi1YlM92wgDvWFkaw> <xmx:1tj_ZeRLByI6-Qbc6Zf7WRCJ5rn5MlJz24WoNZvSDuH7W6IAmBHIlA> <xmx:1tj_ZZq5FyzwvTHsKpPkz0bOo6CT3tB2x3TmMciYjRj18nE_jLd3QQ> <xmx:1tj_ZaDwiGme6unWwfD532bZuxTknbh7u8myBNT9kfJr1iC8urjFGq-djdIUhjqI>
Feedback-ID: i1c3946f2:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA for <oauth@ietf.org>; Sun, 24 Mar 2024 03:40:05 -0400 (EDT)
Content-Type: multipart/alternative; boundary="===============2921177436931717304=="
MIME-Version: 1.0
From: Repository Activity Summary Bot <do_not_reply@mnot.net>
To: oauth@ietf.org
Message-Id: <20240324090118.EED3FC14F6BA@ietfa.amsl.com>
Date: Sun, 24 Mar 2024 02:01:18 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/QOSPwaG-oQ-UskW8nmcipEe7268>
Subject: [OAUTH-WG] Weekly github digest (OAuth Activity Summary)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Mar 2024 09:01:23 -0000



Events without label "editorial"

Issues
------
* oauth-wg/oauth-browser-based-apps (+2/-0/šŸ’¬0)
  2 issues created:
  - Properly render sublists (by philippederyck)
    https://github.com/oauth-wg/oauth-browser-based-apps/issues/43 
  - Consistently use *applications* or *apps* (by philippederyck)
    https://github.com/oauth-wg/oauth-browser-based-apps/issues/42 

* oauth-wg/oauth-identity-chaining (+1/-0/šŸ’¬0)
  1 issues created:
  - JWT Authorization Grant allows broadening the scope (by obfuscoder)
    https://github.com/oauth-wg/oauth-identity-chaining/issues/89 

* oauth-wg/oauth-transaction-tokens (+2/-1/šŸ’¬7)
  2 issues created:
  - Section 2.2.2 - Needs tighter security controls on replacement tokens (by dhs-aws)
    https://github.com/oauth-wg/oauth-transaction-tokens/issues/74 
  - Add GitHub metadata to spec draft (by tulshi)
    https://github.com/oauth-wg/oauth-transaction-tokens/issues/72 

  5 issues received 7 new comments:
  - #69 Do we still need replacement transaction tokens. (1 by gffletch)
    https://github.com/oauth-wg/oauth-transaction-tokens/issues/69 
  - #62 Long-living Access Token needed for internal batch processes/offline tasks? (2 by gffletch, obfuscoder)
    https://github.com/oauth-wg/oauth-transaction-tokens/issues/62 
  - #53 Transaction Tokens for S2S calls (2 by gffletch, obfuscoder)
    https://github.com/oauth-wg/oauth-transaction-tokens/issues/53 
  - #50 Separate transaction tokens from JWT (1 by obfuscoder)
    https://github.com/oauth-wg/oauth-transaction-tokens/issues/50 
  - #44 It would be good to show how, in a replacement txn-token, the identity of the previous sub_id is preserved. The replacement token may have a new sub_id that represent the workload that requested the replacement token. (1 by gffletch)
    https://github.com/oauth-wg/oauth-transaction-tokens/issues/44 [pre-adoption] 

  1 issues closed:
  - Add GitHub metadata to spec draft https://github.com/oauth-wg/oauth-transaction-tokens/issues/72 

* oauth-wg/oauth-sd-jwt-vc (+0/-0/šŸ’¬1)
  1 issues received 1 new comments:
  - #215 the wallet finding the user claims in the credential (1 by Sakurann)
    https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/215 

* oauth-wg/oauth-selective-disclosure-jwt (+4/-0/šŸ’¬6)
  4 issues created:
  - why can't cnf be the only way to bind to a holder public key? (by bc-pi)
    https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/419 
  - Explicit clarification over correct formatting of objects with no disclosed elements (by MichaelFraser99)
    https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/418 
  - state what salt does (by bc-pi)
    https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/417 
  - Add Test suite for SD-JWT (by lukasjhan)
    https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/416 

  3 issues received 6 new comments:
  - #419 why can't cnf be the only way to bind to a holder public key? (2 by bifurcation, selfissued)
    https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/419 
  - #418 Explicit clarification over correct formatting of objects with no disclosed elements (1 by bc-pi)
    https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/418 
  - #417 state what salt does (3 by bc-pi, larryzhu2018, selfissued)
    https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/417 

* oauth-wg/oauth-v2-1 (+0/-1/šŸ’¬11)
  1 issues received 11 new comments:
  - #128 Describe OAuth's use of application/x-www-form-urlencoded encoding (11 by aaronpk, jogu, panva, selfissued)
    https://github.com/oauth-wg/oauth-v2-1/issues/128 [help wanted] [ietf-117] 

  1 issues closed:
  - Ensure Security BCP recommendations are all incorporated into 2.1 https://github.com/oauth-wg/oauth-v2-1/issues/136 



Pull requests
-------------
* oauth-wg/oauth-browser-based-apps (+1/-0/šŸ’¬2)
  1 pull requests submitted:
  - Add BFF advice for performance purposes (by emmanuelgautier)
    https://github.com/oauth-wg/oauth-browser-based-apps/pull/40 

  1 pull requests received 2 new comments:
  - #40 Add BFF advice for performance purposes (2 by emmanuelgautier, philippederyck)
    https://github.com/oauth-wg/oauth-browser-based-apps/pull/40 

* oauth-wg/oauth-transaction-tokens (+2/-1/šŸ’¬0)
  2 pull requests submitted:
  - Section 6 - Cardinality of txn-token services (by dhs-aws)
    https://github.com/oauth-wg/oauth-transaction-tokens/pull/75 
  - add link to github and editor's draft (by aaronpk)
    https://github.com/oauth-wg/oauth-transaction-tokens/pull/73 

  1 pull requests merged:
  - add link to github and editor's draft
    https://github.com/oauth-wg/oauth-transaction-tokens/pull/73 

* oauth-wg/oauth-selective-disclosure-jwt (+1/-0/šŸ’¬3)
  1 pull requests submitted:
  - Add specificity around handling of disclosure resulting in an empty object (by MichaelFraser99)
    https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/420 

  2 pull requests received 3 new comments:
  - #420 Add specificity around handling of disclosure resulting in an empty object (1 by bc-pi)
    https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/420 
  - #394 Distinguish SD-JWT from SD-JWT+KB (2 by bc-pi, bifurcation)
    https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/394 


Repositories tracked by this digest:
-----------------------------------
* https://github.com/oauth-wg/oauth-browser-based-apps
* https://github.com/oauth-wg/oauth-identity-chaining
* https://github.com/oauth-wg/oauth-transaction-tokens
* https://github.com/oauth-wg/oauth-sd-jwt-vc
* https://github.com/oauth-wg/draft-ietf-oauth-resource-metadata
* https://github.com/oauth-wg/oauth-cross-device-security
* https://github.com/oauth-wg/oauth-selective-disclosure-jwt
* https://github.com/oauth-wg/oauth-v2-1

v2.23.0 | Report a Bug | By Email