[OAUTH-WG] Weekly github digest (OAuth Activity Summary)

Repository Activity Summary Bot <do_not_reply@mnot.net> Sun, 01 September 2024 08:01 UTC

Return-Path: <do_not_reply@mnot.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B03FEC14F6FA for <oauth@ietfa.amsl.com>; Sun, 1 Sep 2024 01:01:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.407
X-Spam-Level:
X-Spam-Status: No, score=-2.407 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (2048-bit key) reason="fail (message has been altered)" header.d=mnot.net header.b="oRnSLSmF"; dkim=fail (2048-bit key) reason="fail (message has been altered)" header.d=messagingengine.com header.b="evUuqVzP"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LJrGphWxTqZK for <oauth@ietfa.amsl.com>; Sun, 1 Sep 2024 01:01:09 -0700 (PDT)
Received: from fhigh8-smtp.messagingengine.com (fhigh8-smtp.messagingengine.com [103.168.172.159]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2C2D6C14F5F6 for <oauth@ietf.org>; Sun, 1 Sep 2024 01:01:09 -0700 (PDT)
Received: from phl-compute-05.internal (phl-compute-05.nyi.internal [10.202.2.45]) by mailfhigh.nyi.internal (Postfix) with ESMTP id 030341140284 for <oauth@ietf.org>; Sun, 1 Sep 2024 03:41:22 -0400 (EDT)
Received: from phl-mailfrontend-02 ([10.202.2.163]) by phl-compute-05.internal (MEProxy); Sun, 01 Sep 2024 03:41:22 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mnot.net; h=cc :content-type:content-type:date:from:from:in-reply-to :mime-version:reply-to:subject:subject:to:to; s=fm2; t= 1725176481; x=1725262881; bh=ETPdKuP2eYCU9DB0sKpbcyRi3WeHdUytX0x HzvF+eO8=; b=oRnSLSmFmB500sQR3SJekzVT1vbQJgMkCq8VeO9bq5w07L674BP hCQ1g68CnaBZ6q3Qo2DnKZb048xJPsh0k6wPFsfgkZKSFYBuec7cx2Wa7lCHDpB+ Dei5zGZt3K49BeuJLPGA0vRCf4FyaPg3be9WgN2wqW/1dybyv/i/hiX1Sb5okR/H v4DdN/hJY7NlSpgm4keb/ir/71aogHd5+alDtLTts/GdQEn90SeFgDEnCZhZTtb/ FGVjSO9DVxfjxOf+GMXAQRUgibLjfOxiPYMGXdi4qZdzB1xMT56sGz+7qyPYp0s1 XmaXcYxz4BCAnTY5awAdWAkFaipH74O0W7A==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:content-type:date :feedback-id:feedback-id:from:from:in-reply-to:mime-version :reply-to:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=1725176481; x= 1725262881; bh=ETPdKuP2eYCU9DB0sKpbcyRi3WeHdUytX0xHzvF+eO8=; b=e vUuqVzP4EM3aHCSIsWFao1mpuyyE6q+mHH5WyC6LfqPPqYnv6dI56I41TkH/mG/k Xb83F95IRiZZiAEovSIpnSD3nXox6npU8afyYnNHrjYD4ZM2/Ui8V9aWXQre9bWH QePlhQvXJnxUERmm1M/QyRm7OJlllCWQhWeIchi4QwUbsDHhCf+BkoL7uJE+sTPW reSP9BxyqeWkHNLSos3ZFCnI3xnKJ/enR7HDyOyaJIwel4s+R89iuyTJE2Y3HtJF 3BsXEwQzsAB1JIiqCLuX5xTU1lskjytNtc8waxaADMfSWZNNAQnZEV5SEJ1r5hgp v0fP7GLp+Ub5PplW/b66w==
X-ME-Sender: <xms:oRrUZnBR2aaZ33P0XmPfWjR6JZOSKxf6-NcXnjBjtjS80jlE6sxk5w> <xme:oRrUZtho6MQpCViWhInYW5QdwapaE5_NuFHbgyIiuHzRISBqki2XaxJrtVJjepFum rMagGcfSX7n4u0FFA>
X-ME-Received: <xmr:oRrUZikMp5P_gmM6ogWf6QtDjZIx62qMpglsyQLyHc5vtl-5ZsCznXczxpaCyA>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeftddrudegfedgudekucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggvpdfu rfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucfpohcuuggrthgvuchfih gvlhguucdlgeelmdenucfjughrpegtggfhvffusegrtddtredttdejnecuhfhrohhmpeft vghpohhsihhtohhrhicutegtthhivhhithihucfuuhhmmhgrrhihuceuohhtuceoughopg hnohhtpghrvghplhihsehmnhhothdrnhgvtheqnecuggftrfgrthhtvghrnhepkeefvddu teejvdefkeehieevuefgfefhteetveegffekffefteffvdelheduieetnecuffhomhgrih hnpehgihhthhhusgdrtghomhenucevlhhushhtvghrufhiiigvpedvnecurfgrrhgrmhep mhgrihhlfhhrohhmpeguohgpnhhothgprhgvphhlhiesmhhnohhtrdhnvghtpdhnsggprh gtphhtthhopedupdhmohguvgepshhmthhpohhuthdprhgtphhtthhopehorghuthhhsehi vghtfhdrohhrgh
X-ME-Proxy: <xmx:oRrUZpxvvPteUrwYUuw6Ifxh5VTu7XvbIv08oeBlGVZsXFsun4hINQ> <xmx:oRrUZsRxleOUh6jZ1djAdbSSX1i91qRmmn9LDzZC8z-Wc15HNfDW-A> <xmx:oRrUZsYkboQlTn6Am7o_prjbjrYgnHqjAkwo6si27h_e-vrcWRrzbw> <xmx:oRrUZtQdFWWHHLNM7GabXQp1P8nsYSlgRbMUpKRDwG6Q0ghYEVdqXg> <xmx:oRrUZndzCxKRuzko5wm-b4qwlEGhkrfUz4ThH3cy-na4fXw_LPpPLMcs>
Feedback-ID: i1c3946f2:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA for <oauth@ietf.org>; Sun, 1 Sep 2024 03:41:21 -0400 (EDT)
Content-Type: multipart/alternative; boundary="===============3435845478240591270=="
MIME-Version: 1.0
From: Repository Activity Summary Bot <do_not_reply@mnot.net>
To: oauth@ietf.org
Message-Id: <20240901080109.2C2D6C14F5F6@ietfa.amsl.com>
Date: Sun, 01 Sep 2024 01:01:09 -0700
Message-ID-Hash: 54C56S7F733AKPSU6BKMHTX2OAPW5VEJ
X-Message-ID-Hash: 54C56S7F733AKPSU6BKMHTX2OAPW5VEJ
X-MailFrom: do_not_reply@mnot.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-oauth.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [OAUTH-WG] Weekly github digest (OAuth Activity Summary)
List-Id: OAUTH WG <oauth.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/cZtTlI0m1TfJuOZMgtliFCre-VU>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Owner: <mailto:oauth-owner@ietf.org>
List-Post: <mailto:oauth@ietf.org>
List-Subscribe: <mailto:oauth-join@ietf.org>
List-Unsubscribe: <mailto:oauth-leave@ietf.org>



Events without label "editorial"

Issues
------
* oauth-wg/oauth-transaction-tokens (+1/-1/πŸ’¬2)
  1 issues created:
  - Logging guidance and PII data handling (by ashayraut)
    https://github.com/oauth-wg/oauth-transaction-tokens/issues/124 

  1 issues received 2 new comments:
  - #124 Logging guidance and PII data handling (2 by ashayraut, obfuscoder)
    https://github.com/oauth-wg/oauth-transaction-tokens/issues/124 

  1 issues closed:
  - `subject_token` description needs to be more flexible https://github.com/oauth-wg/oauth-transaction-tokens/issues/121 

* oauth-wg/oauth-sd-jwt-vc (+0/-0/πŸ’¬3)
  2 issues received 3 new comments:
  - #250 Drop all references to DIDs and DID resolution (2 by kimdhamilton, peacekeeper)
    https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/250 
  - #212 Embedded Issuer Policies (1 by paulbastian)
    https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/212 [pending close] 

* oauth-wg/draft-ietf-oauth-resource-metadata (+1/-0/πŸ’¬2)
  1 issues created:
  - Declaring support for DPoP and Certificate-Bound Access Tokens (by randomstuff)
    https://github.com/oauth-wg/draft-ietf-oauth-resource-metadata/issues/48 

  1 issues received 2 new comments:
  - #48 Declaring support for DPoP and Certificate-Bound Access Tokens (2 by randomstuff, selfissued)
    https://github.com/oauth-wg/draft-ietf-oauth-resource-metadata/issues/48 

* oauth-wg/oauth-selective-disclosure-jwt (+0/-2/πŸ’¬1)
  1 issues received 1 new comments:
  - #439 burn the burning of private keys   (1 by Sakurann)
    https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/439 [discuss-first] [on-hold] 

  2 issues closed:
  - Give "JSON document of the SD-JWT processing and verification algorithm" a name https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/443 [has-PR] 
  - (maybe) clarify example(s)  https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/444 [has-PR] 

* oauth-wg/draft-ietf-oauth-status-list (+3/-8/πŸ’¬13)
  3 issues created:
  - Support for content negotiation as denoted in the standard is limited for some CDNs and http servers (by markuskreusch)
    https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/168 
  - Support for content negotiation as denoted in the standard is limited for some CDNs and http servers (by markuskreusch)
    https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/167 
  - Reference the JWT BCP (by paulbastian)
    https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/165 

  12 issues received 13 new comments:
  - #168 Support for content negotiation as denoted in the standard is limited for some CDNs and http servers (1 by paulbastian)
    https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/168 
  - #167 Support for content negotiation as denoted in the standard is limited for some CDNs and http servers (1 by markuskreusch)
    https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/167 
  - #165 Reference the JWT BCP (1 by paulbastian)
    https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/165 
  - #156 Simplifying compression requirements (1 by paulbastian)
    https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/156 
  - #151 Allow multiple status lists in SD-JWT VC (1 by paulbastian)
    https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/151 
  - #138 Support an optional feature for historical resolution (1 by paulbastian)
    https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/138 
  - #133 Implementation Consideration (1 by paulbastian)
    https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/133 
  - #115 Check for IANA CWT claims (2 by c2bo, paulbastian)
    https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/115 
  - #62 Privacy requirement - how to provide and demonstrate the consent given to the RP to allow it to check the revocation status (1 by peppelinux)
    https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/62 
  - #51 "A Status List can not represent multiple statuses per Referenced Token" (1 by paulbastian)
    https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/51 
  - #47 requirement for status list size (1 by paulbastian)
    https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/47 
  - #24 Add implementations considerations (1 by paulbastian)
    https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/24 

  8 issues closed:
  - Support for content negotiation as denoted in the standard is limited for some CDNs and http servers https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/167 
  - Check for IANA CWT claims https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/115 
  - Add section about CORS https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/58 
  - Easy way to debug a Status List https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/157 
  - Privacy requirement - how to provide and demonstrate the consent given to the RP to allow it to check the revocation status https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/62 
  - rename "referenced token"  https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/26 
  - Implementation Consideration https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/133 
  - Strip = from Base64url encoding? https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/44 

* oauth-wg/draft-ietf-oauth-attestation-based-client-auth (+0/-1/πŸ’¬3)
  2 issues received 3 new comments:
  - #61 IETF 118 : Should this mechanism be used in parallel with Client Authentication /with Dynamic Client Registration (2 by embesozzi, jogu)
    https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/61 
  - #15 Security levels in the attestation (1 by c2bo)
    https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/15 

  1 issues closed:
  - new HTTP headers are supposed to request their registration https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/78 



Pull requests
-------------
* oauth-wg/oauth-identity-chaining (+1/-0/πŸ’¬0)
  1 pull requests submitted:
  - Add sender constrained tokens (redo) (by kburgin3)
    https://github.com/oauth-wg/oauth-identity-chaining/pull/95 

* oauth-wg/oauth-transaction-tokens (+1/-1/πŸ’¬0)
  1 pull requests submitted:
  - moved txn field usage information to Security Considerations section (by tulshi)
    https://github.com/oauth-wg/oauth-transaction-tokens/pull/123 

  1 pull requests merged:
  - added unsigned json subject token type
    https://github.com/oauth-wg/oauth-transaction-tokens/pull/122 

* oauth-wg/oauth-sd-jwt-vc (+1/-0/πŸ’¬1)
  1 pull requests submitted:
  - clarify, add context, or otherwise improve examples (by bc-pi)
    https://github.com/oauth-wg/oauth-sd-jwt-vc/pull/252 

  1 pull requests received 1 new comments:
  - #252 clarify, add context, or otherwise improve examples (1 by bc-pi)
    https://github.com/oauth-wg/oauth-sd-jwt-vc/pull/252 

* oauth-wg/oauth-selective-disclosure-jwt (+4/-3/πŸ’¬1)
  4 pull requests submitted:
  - Remove text about publishing private keys (by bc-pi)
    https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/460 
  - Using a capital letter "B" to start the sentence (by bc-pi)
    https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/459 
  - Moved considerations around unlinkability to the top of the Privacy Considerations section (by bc-pi)
    https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/458 
  - clarify, add context, or otherwise improve examples (by bc-pi)
    https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/457 

  1 pull requests received 1 new comments:
  - #456 Introduced/used the phrase processed SD-JWT payload in Section 8.1 on Verifying the SD-JWT (1 by bc-pi)
    https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/456 

  3 pull requests merged:
  - Introduced/used the phrase processed SD-JWT payload in Section 8.1 on Verifying the SD-JWT
    https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/456 
  - clarify, add context, or otherwise improve examples
    https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/457 
  - Using a capital letter "B" to start the sentence
    https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/459 

* oauth-wg/draft-ietf-oauth-status-list (+4/-5/πŸ’¬4)
  4 pull requests submitted:
  - add cors considerations to the http endpoint (by c2bo)
    https://github.com/oauth-wg/draft-ietf-oauth-status-list/pull/166 
  - remove requirement for matching iss claim in Referenced Token and Sta… (by paulbastian)
    https://github.com/oauth-wg/draft-ietf-oauth-status-list/pull/164 
  - add testing tool (by paulbastian)
    https://github.com/oauth-wg/draft-ietf-oauth-status-list/pull/163 
  - move base64url introduction to terminology (by c2bo)
    https://github.com/oauth-wg/draft-ietf-oauth-status-list/pull/162 

  1 pull requests received 4 new comments:
  - #164 remove requirement for matching iss claim in Referenced Token and Sta… (4 by c2bo, paulbastian)
    https://github.com/oauth-wg/draft-ietf-oauth-status-list/pull/164 

  5 pull requests merged:
  - add cors considerations to the http endpoint
    https://github.com/oauth-wg/draft-ietf-oauth-status-list/pull/166 
  - add testing tool
    https://github.com/oauth-wg/draft-ietf-oauth-status-list/pull/163 
  - fix reference of Status List in CBOR format
    https://github.com/oauth-wg/draft-ietf-oauth-status-list/pull/161 
  - add cwt claim key for status_list 
    https://github.com/oauth-wg/draft-ietf-oauth-status-list/pull/160 
  - move base64url introduction to terminology
    https://github.com/oauth-wg/draft-ietf-oauth-status-list/pull/162 

* oauth-wg/draft-ietf-oauth-attestation-based-client-auth (+2/-2/πŸ’¬0)
  2 pull requests submitted:
  - add christian as author (by c2bo)
    https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/pull/83 
  - add http field name (header) iana registration (by c2bo)
    https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/pull/82 

  2 pull requests merged:
  - add http field name (header) iana registration
    https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/pull/82 
  - add christian as author
    https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/pull/83 


Repositories tracked by this digest:
-----------------------------------
* https://github.com/oauth-wg/oauth-browser-based-apps
* https://github.com/oauth-wg/oauth-identity-chaining
* https://github.com/oauth-wg/oauth-transaction-tokens
* https://github.com/oauth-wg/oauth-sd-jwt-vc
* https://github.com/oauth-wg/draft-ietf-oauth-resource-metadata
* https://github.com/oauth-wg/oauth-cross-device-security
* https://github.com/oauth-wg/oauth-selective-disclosure-jwt
* https://github.com/oauth-wg/oauth-v2-1
* https://github.com/oauth-wg/draft-ietf-oauth-status-list
* https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth