[OAUTH-WG] Weekly github digest (OAuth Activity Summary)
Repository Activity Summary Bot <do_not_reply@mnot.net> Sun, 24 March 2024 09:01 UTC
Return-Path: <do_not_reply@mnot.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D3C32C14F721 for <oauth@ietfa.amsl.com>; Sun, 24 Mar 2024 02:01:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.705
X-Spam-Level:
X-Spam-Status: No, score=-1.705 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (2048-bit key) reason="fail (message has been altered)" header.d=mnot.net header.b="JJzTDv+z"; dkim=fail (2048-bit key) reason="fail (message has been altered)" header.d=messagingengine.com header.b="wu4tv2oT"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pccK5ZpUjVOB for <oauth@ietfa.amsl.com>; Sun, 24 Mar 2024 02:01:19 -0700 (PDT)
Received: from wflow7-smtp.messagingengine.com (wflow7-smtp.messagingengine.com [64.147.123.142]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EED3FC14F6BA for <oauth@ietf.org>; Sun, 24 Mar 2024 02:01:18 -0700 (PDT)
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailflow.west.internal (Postfix) with ESMTP id 04B382CC04B1 for <oauth@ietf.org>; Sun, 24 Mar 2024 03:40:06 -0400 (EDT)
Received: from mailfrontend2 ([10.202.2.163]) by compute4.internal (MEProxy); Sun, 24 Mar 2024 03:40:07 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mnot.net; h=cc :content-type:content-type:date:from:from:in-reply-to :mime-version:reply-to:subject:subject:to:to; s=fm3; t= 1711266006; x=1711273206; bh=qNKn3Q8roiszo6z2ERnc8sFd0VdipIWRQ7c YLhJ/+FU=; b=JJzTDv+zCAXQRaVTzZTrcn409oQ18Mvqovob25cw8XIzZDx9eEI cmniCkITzi1CciXlCFjn6KjAlx+xHhqAwe8UuO2IuM7YvNp3if1N06uOnUM1S0xC Yv7l55HTIOUEsOaxN1txvqgMEOZommo5kh057TKE7I0FYUsUd1P7KtKFYGR3UxkL aZ7k1gfMdvMqiEO73EwKw94vADmFeFB6/RdpTKsasdqZcc+1MSm98yHnTdVujFLa Q2ZkFkCoVHOXvAnK2t4r4tIy9ut7bPxcXgS56M7yRWNpsmxfxbmU7vtWUJW2ht1M 9huW3/H3Jy+kJp6oauVAFh2PAfkUHwsV+tw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:content-type:date :feedback-id:feedback-id:from:from:in-reply-to:mime-version :reply-to:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t=1711266006; x= 1711273206; bh=qNKn3Q8roiszo6z2ERnc8sFd0VdipIWRQ7cYLhJ/+FU=; b=w u4tv2oTk/Y3/xin6FuPG7ofCzm2a21bnrIXQ3AcFP9Fpv7L/S2sst0MxcF7FWCx7 30JZx72DkDbYBYgAzkkCK3Y7ZCXWa5XZXAu3UmeDMfXLzCOgYKY38wMIGDe5yq6m Aeq7nRUIx6q+NSEbxz9TXwHUOs+vOM3lTAYxFta1wmdnGXVubSCq5kPC+63TWLIA ZFKqT3VpO1NmeMlSK1mmX3nbc6pUnXK942HuhItn4YamtiuxLqyweo62o4wtq+bk YdkbVxalBdW8Rnr/XvZujJk1RiZLXgXT9yI/BmsWXXFe28k9tq7WA86eTjitBvVc o5duRcS1/hWDcsI/hgzeg==
X-ME-Sender: <xms:1tj_Zea4ozVMz6mJfKKvZhRcBaMpEMd9Nd2gX4rEO0b0ukiwntl71w> <xme:1tj_ZRZ60h5PwHBe5LcGJ7IKHzUXomZc8Ku5NUV8k82Hf_ZjhJdoxWzMbkKVyTeAK BL6WoUmi8LXTHHQ2w>
X-ME-Received: <xmr:1tj_ZY8X9tBuuCiHiIlpYqWZUVmoV0pMWSzZv3-0Z_ydh7-mbhpoRlhDMRql>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvledruddtiedgtdekucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucfpohcuuggrthgvuchfihgvlhguucdlgeelmdenog frhhhishhhihhnghdqifegvdehqdduuddtucdlfedttddmnecujfgurheptggghffvufes rgdttdertddtjeenucfhrhhomheptfgvphhoshhithhorhihucettghtihhvihhthicuuf humhhmrghrhicuuehothcuoeguohgpnhhothgprhgvphhlhiesmhhnohhtrdhnvghtqeen ucggtffrrghtthgvrhhnpeekfedvudetjedvfeekheeiveeugfefhfetteevgeffkefffe etffdvleehudeiteenucffohhmrghinhepghhithhhuhgsrdgtohhmnecuvehluhhsthgv rhfuihiivgepvdenucfrrghrrghmpehmrghilhhfrhhomhepughopghnohhtpghrvghplh ihsehmnhhothdrnhgvth
X-ME-Proxy: <xmx:1tj_ZQruqRCCUQcWytnk7G20WLy0vXpkJ1k7uRLbT-62dqtvHpwyzw> <xmx:1tj_ZZoasx1jsC1IoRetS2krbARxHjZSm6Iw5qi1YlM92wgDvWFkaw> <xmx:1tj_ZeRLByI6-Qbc6Zf7WRCJ5rn5MlJz24WoNZvSDuH7W6IAmBHIlA> <xmx:1tj_ZZq5FyzwvTHsKpPkz0bOo6CT3tB2x3TmMciYjRj18nE_jLd3QQ> <xmx:1tj_ZaDwiGme6unWwfD532bZuxTknbh7u8myBNT9kfJr1iC8urjFGq-djdIUhjqI>
Feedback-ID: i1c3946f2:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA for <oauth@ietf.org>; Sun, 24 Mar 2024 03:40:05 -0400 (EDT)
Content-Type: multipart/alternative; boundary="===============2921177436931717304=="
MIME-Version: 1.0
From: Repository Activity Summary Bot <do_not_reply@mnot.net>
To: oauth@ietf.org
Message-Id: <20240324090118.EED3FC14F6BA@ietfa.amsl.com>
Date: Sun, 24 Mar 2024 02:01:18 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/QOSPwaG-oQ-UskW8nmcipEe7268>
Subject: [OAUTH-WG] Weekly github digest (OAuth Activity Summary)
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Mar 2024 09:01:23 -0000
Events without label "editorial" Issues ------ * oauth-wg/oauth-browser-based-apps (+2/-0/š¬0) 2 issues created: - Properly render sublists (by philippederyck) https://github.com/oauth-wg/oauth-browser-based-apps/issues/43 - Consistently use *applications* or *apps* (by philippederyck) https://github.com/oauth-wg/oauth-browser-based-apps/issues/42 * oauth-wg/oauth-identity-chaining (+1/-0/š¬0) 1 issues created: - JWT Authorization Grant allows broadening the scope (by obfuscoder) https://github.com/oauth-wg/oauth-identity-chaining/issues/89 * oauth-wg/oauth-transaction-tokens (+2/-1/š¬7) 2 issues created: - Section 2.2.2 - Needs tighter security controls on replacement tokens (by dhs-aws) https://github.com/oauth-wg/oauth-transaction-tokens/issues/74 - Add GitHub metadata to spec draft (by tulshi) https://github.com/oauth-wg/oauth-transaction-tokens/issues/72 5 issues received 7 new comments: - #69 Do we still need replacement transaction tokens. (1 by gffletch) https://github.com/oauth-wg/oauth-transaction-tokens/issues/69 - #62 Long-living Access Token needed for internal batch processes/offline tasks? (2 by gffletch, obfuscoder) https://github.com/oauth-wg/oauth-transaction-tokens/issues/62 - #53 Transaction Tokens for S2S calls (2 by gffletch, obfuscoder) https://github.com/oauth-wg/oauth-transaction-tokens/issues/53 - #50 Separate transaction tokens from JWT (1 by obfuscoder) https://github.com/oauth-wg/oauth-transaction-tokens/issues/50 - #44 It would be good to show how, in a replacement txn-token, the identity of the previous sub_id is preserved. The replacement token may have a new sub_id that represent the workload that requested the replacement token. (1 by gffletch) https://github.com/oauth-wg/oauth-transaction-tokens/issues/44 [pre-adoption] 1 issues closed: - Add GitHub metadata to spec draft https://github.com/oauth-wg/oauth-transaction-tokens/issues/72 * oauth-wg/oauth-sd-jwt-vc (+0/-0/š¬1) 1 issues received 1 new comments: - #215 the wallet finding the user claims in the credential (1 by Sakurann) https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/215 * oauth-wg/oauth-selective-disclosure-jwt (+4/-0/š¬6) 4 issues created: - why can't cnf be the only way to bind to a holder public key? (by bc-pi) https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/419 - Explicit clarification over correct formatting of objects with no disclosed elements (by MichaelFraser99) https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/418 - state what salt does (by bc-pi) https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/417 - Add Test suite for SD-JWT (by lukasjhan) https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/416 3 issues received 6 new comments: - #419 why can't cnf be the only way to bind to a holder public key? (2 by bifurcation, selfissued) https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/419 - #418 Explicit clarification over correct formatting of objects with no disclosed elements (1 by bc-pi) https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/418 - #417 state what salt does (3 by bc-pi, larryzhu2018, selfissued) https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/417 * oauth-wg/oauth-v2-1 (+0/-1/š¬11) 1 issues received 11 new comments: - #128 Describe OAuth's use of application/x-www-form-urlencoded encoding (11 by aaronpk, jogu, panva, selfissued) https://github.com/oauth-wg/oauth-v2-1/issues/128 [help wanted] [ietf-117] 1 issues closed: - Ensure Security BCP recommendations are all incorporated into 2.1 https://github.com/oauth-wg/oauth-v2-1/issues/136 Pull requests ------------- * oauth-wg/oauth-browser-based-apps (+1/-0/š¬2) 1 pull requests submitted: - Add BFF advice for performance purposes (by emmanuelgautier) https://github.com/oauth-wg/oauth-browser-based-apps/pull/40 1 pull requests received 2 new comments: - #40 Add BFF advice for performance purposes (2 by emmanuelgautier, philippederyck) https://github.com/oauth-wg/oauth-browser-based-apps/pull/40 * oauth-wg/oauth-transaction-tokens (+2/-1/š¬0) 2 pull requests submitted: - Section 6 - Cardinality of txn-token services (by dhs-aws) https://github.com/oauth-wg/oauth-transaction-tokens/pull/75 - add link to github and editor's draft (by aaronpk) https://github.com/oauth-wg/oauth-transaction-tokens/pull/73 1 pull requests merged: - add link to github and editor's draft https://github.com/oauth-wg/oauth-transaction-tokens/pull/73 * oauth-wg/oauth-selective-disclosure-jwt (+1/-0/š¬3) 1 pull requests submitted: - Add specificity around handling of disclosure resulting in an empty object (by MichaelFraser99) https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/420 2 pull requests received 3 new comments: - #420 Add specificity around handling of disclosure resulting in an empty object (1 by bc-pi) https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/420 - #394 Distinguish SD-JWT from SD-JWT+KB (2 by bc-pi, bifurcation) https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/394 Repositories tracked by this digest: ----------------------------------- * https://github.com/oauth-wg/oauth-browser-based-apps * https://github.com/oauth-wg/oauth-identity-chaining * https://github.com/oauth-wg/oauth-transaction-tokens * https://github.com/oauth-wg/oauth-sd-jwt-vc * https://github.com/oauth-wg/draft-ietf-oauth-resource-metadata * https://github.com/oauth-wg/oauth-cross-device-security * https://github.com/oauth-wg/oauth-selective-disclosure-jwt * https://github.com/oauth-wg/oauth-v2-1
- [OAUTH-WG] Weekly github digest (OAuth Activity Sā¦ Repository Activity Summary Bot