[OAUTH-WG] Weekly github digest (OAuth Activity Summary)
Repository Activity Summary Bot <do_not_reply@mnot.net> Sun, 19 October 2025 07:41 UTC
Return-Path: <do_not_reply@mnot.net>
X-Original-To: oauth@mail2.ietf.org
Delivered-To: oauth@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id B993E76E084B for <oauth@mail2.ietf.org>; Sun, 19 Oct 2025 00:41:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.397
X-Spam-Level:
X-Spam-Status: No, score=-2.397 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, MSGID_FROM_MTA_HEADER=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=fail (2048-bit key) reason="fail (message has been altered)" header.d=mnot.net header.b="In2jesY0"; dkim=fail (2048-bit key) reason="fail (message has been altered)" header.d=messagingengine.com header.b="w23oVP0r"
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id si7mNfqkxC7H for <oauth@mail2.ietf.org>; Sun, 19 Oct 2025 00:41:23 -0700 (PDT)
Received: from fhigh-b5-smtp.messagingengine.com (fhigh-b5-smtp.messagingengine.com [202.12.124.156]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256)) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id A740F76DFAE8 for <oauth@ietf.org>; Sun, 19 Oct 2025 00:40:39 -0700 (PDT)
Received: from phl-compute-04.internal (phl-compute-04.internal [10.202.2.44]) by mailfhigh.stl.internal (Postfix) with ESMTP id 583FB7A00D7 for <oauth@ietf.org>; Sun, 19 Oct 2025 03:40:39 -0400 (EDT)
Received: from phl-mailfrontend-01 ([10.202.2.162]) by phl-compute-04.internal (MEProxy); Sun, 19 Oct 2025 03:40:39 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mnot.net; h=cc :content-type:content-type:date:from:from:in-reply-to:message-id :mime-version:reply-to:subject:subject:to:to; s=fm3; t= 1760859639; x=1760946039; bh=hycUqGLYTQfufLsOFDhUzaoc1g9zCZH7ROm vsRh6iDc=; b=In2jesY0YJQ2CzE707Auge7heo8mQ52eLTqQSDcQhwpq/ggum+L /Vcs/xe4/pJbiCd1ZJvPMyurxIrvZDjy42Y9BP+a5rki7Iw8xQfavrzbOlz6gDTb xuO94ltnaZ8V3ZIAZB5tbXf0knaIW1a4TnmOt3uFPvDqaRhi/7s4yZ7OZVmslb69 ddUkWbnGE0jkVS7Ug3RMV+ebcgkqwnAXP59gdDR21VQ/tfk29Q/ckRB+VkXuKm9g PSpcUtfVV/Npll+v2YgFa7DuvASGy4OXG5IBKMZuYMCTx9pS5qRLdLvrl9Ot5obs 5EGLagKtrDuxFdiEQSh5Xcg0UtmHhySNVqQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:content-type:date :feedback-id:feedback-id:from:from:in-reply-to:message-id :mime-version:reply-to:subject:subject:to:to:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t=1760859639; x= 1760946039; bh=hycUqGLYTQfufLsOFDhUzaoc1g9zCZH7ROmvsRh6iDc=; b=w 23oVP0rCs/QhxtJEev/2oB9RFoJvGLpn3qG5QOCNWXDvI4efPexE9Fe+9Jy+vaH4 +puLJFrXJCRMEkKRVcmBocmxnAzbDS34pqYbHhUCRRtIEkWfMCzulzUK7lng2Axn XWYhh6YqtnvU1CxR2eWaDdzIcEremGyEH09l3YQFpGtTnsWVgv9+jT7XleSc0eil Uenq64riz4p7orzuyWY3o6aYS0UWkrdkyfMSZDnt6LC4tmdpmqERylvMOotylVws dzLTH6Ala6f40BvZcVQ0UnKwG2jxmF97HkurYgsen9N3XgLeYVAGu/n1sZW1vxMG dZqs7hfYfgzSBAdnwdIqg==
X-ME-Sender: <xms:95X0aCmHwLg2Dq1Aeu67ePHac5IdYw9eA1vbWTMJ-F_8DMTFcQayEQ> <xme:95X0aPvz0T0L9e1T5dDYvPrYxQObUIKcxN6ZPgQHebvzIf6wOecpHU6gPMSTjDQBa o5g4oBjLVDTI6omWTsvaHs3WJXlZYTypsP9Y3FttghUtl8BnS_E_w>
X-ME-Received: <xmr:95X0aLswrZG7WQ87gKUrsWFrcfF0nSKY2x2ScUJurlZRYNnkrrXY8lkXGhB31qBfjA855jKmdfcwcNjVIHlhLJq-S9On40qk6C_x3PP3Xm3y2Y1jvprm3fcMMOFQ-sz76p57RuV->
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeffedrtdeggddufeegfeehucetufdoteggodetrf dotffvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfurfetoffkrfgpnffqhgenuceu rghilhhouhhtmecufedttdenucfpohcuuggrthgvuchfihgvlhguucdlgeelmdenucfjug hrpegtggfhvffusegrtddtredttdejnecuhfhrohhmpeftvghpohhsihhtohhrhicutegt thhivhhithihucfuuhhmmhgrrhihuceuohhtuceoughopghnohhtpghrvghplhihsehmnh hothdrnhgvtheqnecuggftrfgrthhtvghrnhepkeefvdduteejvdefkeehieevuefgfefh teetveegffekffefteffvdelheduieetnecuffhomhgrihhnpehgihhthhhusgdrtghomh enucevlhhushhtvghrufhiiigvpeefnecurfgrrhgrmhepmhgrihhlfhhrohhmpeguohgp nhhothgprhgvphhlhiesmhhnohhtrdhnvghtpdhnsggprhgtphhtthhopedupdhmohguvg epshhmthhpohhuthdprhgtphhtthhopehorghuthhhsehivghtfhdrohhrgh
X-ME-Proxy: <xmx:95X0aDbWiV3m77o1GHZkUbF70cwlUfHW_z94bNGg2cvQqKH6-V-r0g> <xmx:95X0aEYkD3SrQhRMXqWf5foG4wdfTAj3gsD5lGLdb5SwdxDCBUTgnA> <xmx:95X0aPXWBpLYa3uxDsVbCa42i7A3wDsATEEakhTRsDpja_dwVHsEkw> <xmx:95X0aL2ZCpOLNL0CWWhCyVT0O6zuSP_QLfPxAjDYu35YBqIgWt90gQ> <xmx:95X0aDsxg2YaP_vNxJxAjl6QIF0LWlFAWlQoOc_k9hU7G6pzk3eUofPt>
Feedback-ID: i1c3946f2:Fastmail
Message-Id: <1760859639.3916359.0D863CA4@outbound.messagingengine.com>
Received: by mail.messagingengine.com (Postfix) with ESMTPA for <oauth@ietf.org>; Sun, 19 Oct 2025 03:40:38 -0400 (EDT)
Content-Type: multipart/alternative; boundary="===============6479908910873863654=="
MIME-Version: 1.0
From: Repository Activity Summary Bot <do_not_reply@mnot.net>
To: oauth@ietf.org
Date: Sun, 19 Oct 2025 00:40:39 -0700
Message-ID-Hash: J3HRQV5BB27RCRPAVDLCFXH3GCGA4C7J
X-Message-ID-Hash: J3HRQV5BB27RCRPAVDLCFXH3GCGA4C7J
X-MailFrom: do_not_reply@mnot.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-oauth.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [OAUTH-WG] Weekly github digest (OAuth Activity Summary)
List-Id: OAUTH WG <oauth.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/_C4H3QOgTSG81L9HxHEH4rGy2N8>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Owner: <mailto:oauth-owner@ietf.org>
List-Post: <mailto:oauth@ietf.org>
List-Subscribe: <mailto:oauth-join@ietf.org>
List-Unsubscribe: <mailto:oauth-leave@ietf.org>
Events without label "editorial"
Issues
------
* oauth-wg/oauth-transaction-tokens (+0/-3/š¬4)
4 issues received 4 new comments:
- #223 Clarify Example (1 by PieterKas)
https://github.com/oauth-wg/oauth-transaction-tokens/issues/223 [WGLC Feedback]
- #222 Should tctx field be a MUST (1 by PieterKas)
https://github.com/oauth-wg/oauth-transaction-tokens/issues/222 [WGLC Feedback]
- #221 Clarify difference between sub and req_wl (1 by PieterKas)
https://github.com/oauth-wg/oauth-transaction-tokens/issues/221 [WGLC Feedback]
- #220 Clarify aud claim (1 by PieterKas)
https://github.com/oauth-wg/oauth-transaction-tokens/issues/220 [WGLC Feedback]
3 issues closed:
- Expand on use case in section 2.2.1 https://github.com/oauth-wg/oauth-transaction-tokens/issues/208 [WGLC Feedback]
- WGLC feedback from Brian - Editorial https://github.com/oauth-wg/oauth-transaction-tokens/issues/204 [WGLC Feedback]
- 18 287 4576 https://github.com/oauth-wg/oauth-transaction-tokens/issues/263
* oauth-wg/oauth-sd-jwt-vc (+0/-18/š¬20)
13 issues received 20 new comments:
- #346 Support of the default Issuer Signature Mechanism. Required or not? (1 by danielfett)
https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/346 [discuss] [pending close]
- #293 Risk of issuer monitoring with jwt-vc-issuer metadata (3 by awoie, cre8)
https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/293
- #291 Support of the suspension or of the revovation of a Digital Credential without using the status claim (1 by danielfett)
https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/291 [pending close] [policy]
- #289 The SD-JWT DC does not CONTAIN the Key Binding JWT (1 by bc-pi)
https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/289 [HAS PR]
- #288 The definition of "Verifiable Credential (VC)"should be replaced by a definition of "Digital Credential (DC)" (2 by awoie, danielfett)
https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/288 [pending close]
- #287 The following sentence would need to be clarified and reworded (1 by danielfett)
https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/287 [pending close]
- #286 Suspension and revocation of Digital Credentials (1 by danielfett)
https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/286 [pending close] [future-extension] [policy]
- #284 A statement about "Verifiable Credentials" should be changed (2 by bc-pi, danielfett)
https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/284 [pending close]
- #283 The wording "Verifiable Credentials" should be changed into "Digital Credentials" (2 by awoie, danielfett)
https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/283 [pending close]
- #273 Provide guidance on versioning (1 by bc-pi)
https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/273 [HAS PR]
- #247 Potential Privacy implications of verifier knowing display information (1 by bc-pi)
https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/247 [pending close] [blocked]
- #222 allow JWS JSON serialization (was add example) (3 by awoie, bc-pi, danielfett)
https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/222 [pending close]
- #145 how cnf claim can be used with any other types of "binding" (1 by bc-pi)
https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/145 [pending close] [future-extension]
18 issues closed:
- allow JWS JSON serialization (was add example) https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/222 [pending close]
- Potential Privacy implications of verifier knowing display information https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/247 [pending close] [blocked]
- Suspension and revocation of Digital Credentials https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/286 [pending close] [future-extension] [policy]
- Support of the default Issuer Signature Mechanism. Required or not? https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/346 [discuss] [pending close]
- A statement about "Verifiable Credentials" should be changed https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/284 [pending close]
- The following sentence would need to be clarified and reworded https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/287 [pending close]
- The definition of "Verifiable Credential (VC)"should be replaced by a definition of "Digital Credential (DC)" https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/288 [pending close]
- The wording "Verifiable Credentials" should be changed into "Digital Credentials" https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/283 [pending close]
- Support of the suspension or of the revovation of a Digital Credential without using the status claim https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/291 [pending close] [policy]
- Provide guidance on versioning https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/273 [HAS PR]
- Figure 1 Issuer-Holder-Verifier Model should be modified https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/285 [HAS PR]
- The SD-JWT DC does not CONTAIN the Key Binding JWT https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/289 [HAS PR]
- Add security considerations on when/what metadata is/can be trusted https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/282 [HAS PR]
- Consider recommending a way to encode other data types. https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/225 [HAS PR]
- Declaration of arrays to the type metadata. https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/314 [HAS PR]
- Add language on x5c protection https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/240 [HAS PR]
- Risk of issuer monitoring with jwt-vc-issuer metadata https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/293
- Say something about presentations if KB-JWT is not used https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/297 [HAS PR]
* oauth-wg/draft-ietf-oauth-resource-metadata (+0/-1/š¬1)
1 issues received 1 new comments:
- #56 Ambiguous handling of the resource_metadata WWW-Authenticate parameter (1 by aaronpk)
https://github.com/oauth-wg/draft-ietf-oauth-resource-metadata/issues/56
1 issues closed:
- Ambiguous handling of the resource_metadata WWW-Authenticate parameter https://github.com/oauth-wg/draft-ietf-oauth-resource-metadata/issues/56
* oauth-wg/oauth-v2-1 (+0/-4/š¬4)
3 issues received 4 new comments:
- #210 Add definitions for client_secret_basic, client_secret_post and none client authentication methods (1 by aaronpk)
https://github.com/oauth-wg/oauth-v2-1/issues/210 [ietf-124]
- #183 Clarify `aud` values that should be accepted in `private_key_jwt` at the token (and other) endpoints (2 by aaronpk, bc-pi)
https://github.com/oauth-wg/oauth-v2-1/issues/183
- #120 How can an AS support both 2.0 and 2.1 clients concurrently (1 by njwatson32)
https://github.com/oauth-wg/oauth-v2-1/issues/120 [ietf-124]
4 issues closed:
- what does it mean to "sanitise" state/redirect urls? https://github.com/oauth-wg/oauth-v2-1/issues/209
- Add definitions for client_secret_basic, client_secret_post and none client authentication methods https://github.com/oauth-wg/oauth-v2-1/issues/210 [ietf-124]
- Strict JavaScript Exclusiveness? https://github.com/oauth-wg/oauth-v2-1/issues/174
- specific reference to Section 4.3.4 of RFC9100 for TLS server certificate check https://github.com/oauth-wg/oauth-v2-1/issues/221
* oauth-wg/draft-ietf-oauth-status-list (+0/-0/š¬2)
1 issues received 2 new comments:
- #304 Feedback from AD review (2 by c2bo, paulbastian)
https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/304
* oauth-wg/draft-ietf-oauth-attestation-based-client-auth (+13/-0/š¬0)
13 issues created:
- Editorial: Remove two sentences that contain left references to nonce (by Denisthemalice)
https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/165
- In section 10.6. (Replay Attack Detection) the current description is incorrect (by Denisthemalice)
https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/164
- A client should be able to request a challenge without using a challenge endpoint (by Denisthemalice)
https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/163
- It is proposed to remove use self-contained challenges (by Denisthemalice)
https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/162
- The terminology in section 3 should be changed (by Denisthemalice)
https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/161
- The Figure 1 should be redrawn (by Denisthemalice)
https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/160
- The Client Attestation PoP JWT should be able to support a data origin authentication service (by Denisthemalice)
https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/159
- The description of the flows should be reconsidered (by Denisthemalice)
https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/158
- The Introduction should be reworded (by Denisthemalice)
https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/157
- It would be worthwhile to define claims able to carry the type of the device and the firmware/software that the device is running (by Denisthemalice)
https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/156
- The privacy considerations in section 11 from RFC 9334 should be endorsed (by Denisthemalice)
https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/155
- A protocol for the renewal of one-time use Client Attestation JWTs is necessary (by Denisthemalice)
https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/154
- Should this document be applicable both to Authorization Servers and Resource Servers ? (by Denisthemalice)
https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/153
* oauth-wg/oauth-identity-assertion-authz-grant (+1/-5/š¬30)
1 issues created:
- recommendation on https for audience param? (by sdesen)
https://github.com/oauth-wg/oauth-identity-assertion-authz-grant/issues/53
12 issues received 30 new comments:
- #53 recommendation on https for audience param? (1 by mcguinness)
https://github.com/oauth-wg/oauth-identity-assertion-authz-grant/issues/53
- #52 Discovering allowed Resource App (instances) for the logged in user (3 by mcguinness, meghnadubey)
https://github.com/oauth-wg/oauth-identity-assertion-authz-grant/issues/52
- #51 Support for Multi-Instance Apps (12 by aaronpk, dlozlla, mcguinness, meghnadubey)
https://github.com/oauth-wg/oauth-identity-assertion-authz-grant/issues/51
- #48 The spec states that `refresh_token` SHOULD NOT be used (1 by mcguinness)
https://github.com/oauth-wg/oauth-identity-assertion-authz-grant/issues/48
- #45 Clarify that IdP client can be mapped via ID-JAG to AS specific client (2 by aaronpk, meghnadubey)
https://github.com/oauth-wg/oauth-identity-assertion-authz-grant/issues/45
- #41 Clarify ID-JAG is a typed profile of JWT Assertion Grant (1 by aaronpk)
https://github.com/oauth-wg/oauth-identity-assertion-authz-grant/issues/41
- #40 Editorial cleanup to make clear interaction and role of the AS for the Resource App (1 by aaronpk)
https://github.com/oauth-wg/oauth-identity-assertion-authz-grant/issues/40
- #39 Adopt Tenant Claim from OpenID Enterprise Extensions for ID-JAG (1 by aaronpk)
https://github.com/oauth-wg/oauth-identity-assertion-authz-grant/issues/39
- #28 Proof-of-Possession Token for Resource App (5 by aaronpk, mcguinness)
https://github.com/oauth-wg/oauth-identity-assertion-authz-grant/issues/28
- #17 Client ID Registration (1 by aaronpk)
https://github.com/oauth-wg/oauth-identity-assertion-authz-grant/issues/17
- #14 Discuss the need for client_id mapping (1 by aaronpk)
https://github.com/oauth-wg/oauth-identity-assertion-authz-grant/issues/14
- #13 Why don't the IdP requests the access token from the AS? (1 by aaronpk)
https://github.com/oauth-wg/oauth-identity-assertion-authz-grant/issues/13
5 issues closed:
- Editorial cleanup to make clear interaction and role of the AS for the Resource App https://github.com/oauth-wg/oauth-identity-assertion-authz-grant/issues/40
- Add scope to 6.1 processing rules https://github.com/oauth-wg/oauth-identity-assertion-authz-grant/issues/49
- Adopt Tenant Claim from OpenID Enterprise Extensions for ID-JAG https://github.com/oauth-wg/oauth-identity-assertion-authz-grant/issues/39
- Clarify ID-JAG is a typed profile of JWT Assertion Grant https://github.com/oauth-wg/oauth-identity-assertion-authz-grant/issues/41
- id-jag SHOULD be short-lived https://github.com/oauth-wg/oauth-identity-assertion-authz-grant/issues/37
* oauth-wg/draft-ietf-oauth-client-id-metadata-document (+0/-0/š¬5)
1 issues received 5 new comments:
- #36 specify native app restriction for clarity on client authentication section (5 by JetA2, ThisIsMissEm, aaronpk, matthieusieben)
https://github.com/oauth-wg/draft-ietf-oauth-client-id-metadata-document/issues/36
Pull requests
-------------
* oauth-wg/oauth-identity-chaining (+1/-0/š¬0)
1 pull requests submitted:
- (by arndt-s)
* oauth-wg/oauth-transaction-tokens (+2/-0/š¬0)
2 pull requests submitted:
- (by PieterKas)
- (by arndt-s)
* oauth-wg/oauth-sd-jwt-vc (+12/-0/š¬12)
12 pull requests submitted:
- (by bc-pi)
- (by danielfett)
- (by danielfett)
- (by danielfett)
- (by awoie)
- (by awoie)
- (by bc-pi)
- (by awoie)
- (by awoie)
- (by awoie)
- (by bc-pi)
- (by bc-pi)
6 pull requests received 12 new comments:
- #371 Change PID example to make clear that it is not normative in any way (1 by bc-pi)
https://github.com/oauth-wg/oauth-sd-jwt-vc/pull/371
- #368 Improve example around array elements and paths (1 by danielfett)
https://github.com/oauth-wg/oauth-sd-jwt-vc/pull/368
- #364 editorial: fix formatting (2 by awoie, danielfett)
https://github.com/oauth-wg/oauth-sd-jwt-vc/pull/364
- #363 Limit scope of x509 certificates to protected header (6 by awoie, bc-pi, danielfett, peppelinux)
https://github.com/oauth-wg/oauth-sd-jwt-vc/pull/363 [discuss] [DO NOT MERGE]
- #362 make it clear that presentations don't need kb (1 by awoie)
https://github.com/oauth-wg/oauth-sd-jwt-vc/pull/362
- #360 Provide some guidance on versioning via the `vct` value (1 by bc-pi)
https://github.com/oauth-wg/oauth-sd-jwt-vc/pull/360
* oauth-wg/oauth-v2-1 (+4/-0/š¬0)
4 pull requests submitted:
- (by aaronpk)
- (by aaronpk)
- (by aaronpk)
- (by aaronpk)
* oauth-wg/draft-ietf-oauth-status-list (+1/-0/š¬1)
1 pull requests submitted:
- (by paulbastian)
1 pull requests received 1 new comments:
- #305 AD review (1 by c2bo)
https://github.com/oauth-wg/draft-ietf-oauth-status-list/pull/305
* oauth-wg/oauth-identity-assertion-authz-grant (+3/-0/š¬0)
3 pull requests submitted:
- (by aaronpk)
- (by mcguinness)
- (by mcguinness)
Repositories tracked by this digest:
-----------------------------------
* https://github.com/oauth-wg/oauth-browser-based-apps
* https://github.com/oauth-wg/oauth-identity-chaining
* https://github.com/oauth-wg/oauth-transaction-tokens
* https://github.com/oauth-wg/oauth-sd-jwt-vc
* https://github.com/oauth-wg/draft-ietf-oauth-resource-metadata
* https://github.com/oauth-wg/oauth-cross-device-security
* https://github.com/oauth-wg/oauth-selective-disclosure-jwt
* https://github.com/oauth-wg/oauth-v2-1
* https://github.com/oauth-wg/draft-ietf-oauth-status-list
* https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth
* https://github.com/oauth-wg/oauth-identity-assertion-authz-grant
* https://github.com/oauth-wg/draft-ietf-oauth-rfc8725bis
* https://github.com/oauth-wg/draft-ietf-oauth-rfc7523bis
* https://github.com/oauth-wg/oauth-first-party-apps
* https://github.com/oauth-wg/draft-ietf-oauth-client-id-metadata-document
--
To have a summary like this sent to your list, see: https://github.com/ietf-github-services/activity-summary
- [OAUTH-WG] Weekly github digest (OAuth Activity Sā¦ Repository Activity Summary Bot