[OAUTH-WG] Weekly github digest (OAuth Activity Summary)
Repository Activity Summary Bot <do_not_reply@mnot.net> Sun, 19 January 2025 07:39 UTC
Return-Path: <do_not_reply@mnot.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9F886C1D52FD for <oauth@ietfa.amsl.com>; Sat, 18 Jan 2025 23:39:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.703
X-Spam-Level:
X-Spam-Status: No, score=-1.703 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (2048-bit key) reason="fail (message has been altered)" header.d=mnot.net header.b="IPWDM1R/"; dkim=fail (2048-bit key) reason="fail (message has been altered)" header.d=messagingengine.com header.b="CRT7bADJ"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JrxAlCXlDItm for <oauth@ietfa.amsl.com>; Sat, 18 Jan 2025 23:39:37 -0800 (PST)
Received: from fhigh-b7-smtp.messagingengine.com (fhigh-b7-smtp.messagingengine.com [202.12.124.158]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C0385C1D531B for <oauth@ietf.org>; Sat, 18 Jan 2025 23:39:37 -0800 (PST)
Received: from phl-compute-04.internal (phl-compute-04.phl.internal [10.202.2.44]) by mailfhigh.stl.internal (Postfix) with ESMTP id 3AF0E2540120 for <oauth@ietf.org>; Sun, 19 Jan 2025 02:39:37 -0500 (EST)
Received: from phl-mailfrontend-02 ([10.202.2.163]) by phl-compute-04.internal (MEProxy); Sun, 19 Jan 2025 02:39:37 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mnot.net; h=cc :content-type:content-type:date:from:from:in-reply-to :mime-version:reply-to:subject:subject:to:to; s=fm3; t= 1737272377; x=1737358777; bh=x4VNYCxJYoukH3Pt2g4OqQUrdOZhcfZOPEm MUxFh9Ec=; b=IPWDM1R/LYQe1gvJju/juI2B0Icx8WEjV82z5hBFw6b7g3jw4XD 6G1iWoCWiBpMCClVJMFZE+LJTpmwWHItaAowaaJMekVFDC5Got1jIBjTbz0wVMhu xXwjLxaFToPNnhaLRfwmoZ29Dy4q1By0YlEAT7AtBpl6ZSawr6gySruVWXQiAKCs y6h9lxKNv4zX+9enTLMP6pyMaCwbX2Wd5osH0PQM6He9UdF37oce/lYi6Tc/bcQS chG6px9e4r/IY40V4YMZaqlb1x30CiRJNFnCWoUeY1EaEG2X7PF76WKucugpdiOn hRBoLtJlMEbFLADmzCA0FoOSrrRTiO1Y4CQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:content-type:date :feedback-id:feedback-id:from:from:in-reply-to:mime-version :reply-to:subject:subject:to:to:x-me-proxy:x-me-sender :x-me-sender:x-sasl-enc; s=fm2; t=1737272377; x=1737358777; bh=x 4VNYCxJYoukH3Pt2g4OqQUrdOZhcfZOPEmMUxFh9Ec=; b=CRT7bADJkN7k/Az50 DQnjry61hSH7Mhp5+lGP84OFHZ0x1z00bBYe+5Z6klXChhE7LkFUdsJbmp8wJ35x IiwDSJVH7XZooqyURRyRxeGP2z1pw2em32b55AGx8ibTEQatvkmT8qHNHVMjFBLT xFdQep+OSWX1COTRF4WoxDsM5UWQS94oFlt6uteyb3RTo5dIPLVVFz4JUmQwi7Nk j1CZkqMWXZKQwMii3licwIzIA80ua3JQT/6a2EGjgevq0eFH67ytQxtEUQkf9xrC NuJhgoHU4c1ydGR1hu19axb0lOw4eleyg5eJumz5I8THBYI2Uw4gOnAG1OqMBw+5 OM0zQ==
X-ME-Sender: <xms:OKyMZ4SoZurVmntaucyCq_zIEZTi6_CJU-yOyQG-0Vc16Zk4bEkt0w> <xme:OKyMZ1x0wiLFYqk3Tp17LST4FXlA80fCH-pb8WDpF_MQnmzu5YgAHN6B1rqErkfgt fcMwyP8EG9W9lIP3A>
X-ME-Received: <xmr:OKyMZ12LhoVFoWWgqNlC2TRiDdPKpce0FjZrkW7fn-xx5JnUu36CPyOgNYt6eckKwbvp0W7NKgs1MKqzFrF9LPlz2t_66UToCtd32L9rmIK_q330ZrkzEcKmSbLguxtEZ3i_f0O4>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefuddrudeiiedguddtjecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpggftfghnshhusghstghrihgsvgdp uffrtefokffrpgfnqfghnecuuegrihhlohhuthemuceftddtnecupfhoucgurghtvgcufh hivghlugculdegledmnecujfgurheptggghffvufesrgdttdertddtjeenucfhrhhomhep tfgvphhoshhithhorhihucettghtihhvihhthicuufhumhhmrghrhicuuehothcuoeguoh gpnhhothgprhgvphhlhiesmhhnohhtrdhnvghtqeenucggtffrrghtthgvrhhnpeekfedv udetjedvfeekheeiveeugfefhfetteevgeffkefffeetffdvleehudeiteenucffohhmrg hinhepghhithhhuhgsrdgtohhmnecuvehluhhsthgvrhfuihiivgepudenucfrrghrrghm pehmrghilhhfrhhomhepughopghnohhtpghrvghplhihsehmnhhothdrnhgvthdpnhgspg hrtghpthhtohepuddpmhhouggvpehsmhhtphhouhhtpdhrtghpthhtohepohgruhhthhes ihgvthhfrdhorhhg
X-ME-Proxy: <xmx:OKyMZ8BQHiBjJ630RJoBOu_UKAskaasR-d1q9c5c9ZmmFlFGh9hZnA> <xmx:OKyMZximuBbIwS47EBjN61e8-Ax32DXKOnEzZBkUJonynAnMzQeWmQ> <xmx:OKyMZ4rk3gC3bRZC2G-7ZTn0PijiGaAencJOP_IQdAmo_zGY5QSO0g> <xmx:OKyMZ0jcEG4UhyVRAXh1vTeEh8c_j-dAygg7PDnvSB2DGh332zv72g> <xmx:OayMZ0teOUPbDE263NNchawtOb3beAGLIT52NJpFi8EpEsXNX8M2tVil>
Feedback-ID: i1c3946f2:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA for <oauth@ietf.org>; Sun, 19 Jan 2025 02:39:36 -0500 (EST)
Content-Type: multipart/alternative; boundary="===============3935072033122964068=="
MIME-Version: 1.0
From: Repository Activity Summary Bot <do_not_reply@mnot.net>
To: oauth@ietf.org
Message-Id: <20250119073937.C0385C1D531B@ietfa.amsl.com>
Date: Sat, 18 Jan 2025 23:39:37 -0800
Message-ID-Hash: PKC3L54Y74X2VJHCM5QMVIIA6XL3PEYR
X-Message-ID-Hash: PKC3L54Y74X2VJHCM5QMVIIA6XL3PEYR
X-MailFrom: do_not_reply@mnot.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-oauth.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [OAUTH-WG] Weekly github digest (OAuth Activity Summary)
List-Id: OAUTH WG <oauth.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/fq99NuPO0xd2MrWJ99SQlKdY3oQ>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Owner: <mailto:oauth-owner@ietf.org>
List-Post: <mailto:oauth@ietf.org>
List-Subscribe: <mailto:oauth-join@ietf.org>
List-Unsubscribe: <mailto:oauth-leave@ietf.org>
Events without label "editorial" Issues ------ * oauth-wg/oauth-browser-based-apps (+2/-6/š¬11) 2 issues created: - Address SEC AD review comments (by aaronpk) https://github.com/oauth-wg/oauth-browser-based-apps/issues/64 - When can the BFF ignore "SHOULD encrypt its cookie contents"? (by aaronpk) https://github.com/oauth-wg/oauth-browser-based-apps/issues/63 6 issues received 11 new comments: - #64 Address SEC AD review comments (2 by aaronpk) https://github.com/oauth-wg/oauth-browser-based-apps/issues/64 - #63 When can the BFF ignore "SHOULD encrypt its cookie contents"? (5 by aaronpk, philippederyck, randomstuff) https://github.com/oauth-wg/oauth-browser-based-apps/issues/63 - #62 Using Web Workers to refresh access tokens adds implementation complexity for marginal security benefit (1 by aaronpk) https://github.com/oauth-wg/oauth-browser-based-apps/issues/62 - #58 Remove reference to TMI-BFF draft (1 by aaronpk) https://github.com/oauth-wg/oauth-browser-based-apps/issues/58 - #52 Fragments, performance, and historic notes. (1 by aaronpk) https://github.com/oauth-wg/oauth-browser-based-apps/issues/52 - #48 Add BCP references to the normative section (1 by aaronpk) https://github.com/oauth-wg/oauth-browser-based-apps/issues/48 6 issues closed: - Address SEC AD review comments https://github.com/oauth-wg/oauth-browser-based-apps/issues/64 - Using Web Workers to refresh access tokens adds implementation complexity for marginal security benefit https://github.com/oauth-wg/oauth-browser-based-apps/issues/62 - When can the BFF ignore "SHOULD encrypt its cookie contents"? https://github.com/oauth-wg/oauth-browser-based-apps/issues/63 - Remove reference to TMI-BFF draft https://github.com/oauth-wg/oauth-browser-based-apps/issues/58 - Fragments, performance, and historic notes. https://github.com/oauth-wg/oauth-browser-based-apps/issues/52 - Add BCP references to the normative section https://github.com/oauth-wg/oauth-browser-based-apps/issues/48 * oauth-wg/oauth-transaction-tokens (+0/-2/š¬5) 5 issues received 5 new comments: - #131 Can a sub_id change? (1 by gffletch) https://github.com/oauth-wg/oauth-transaction-tokens/issues/131 - #118 RAR object inside a TraT (1 by gffletch) https://github.com/oauth-wg/oauth-transaction-tokens/issues/118 [pre-last-call] - #115 Audience, scope & purpose (1 by gffletch) https://github.com/oauth-wg/oauth-transaction-tokens/issues/115 - #111 Batch or long running processes and extending lifetime of a token (1 by gffletch) https://github.com/oauth-wg/oauth-transaction-tokens/issues/111 - #109 Key rotation guidance (1 by gffletch) https://github.com/oauth-wg/oauth-transaction-tokens/issues/109 2 issues closed: - Tx token lifetime guidance missing for replacement token https://github.com/oauth-wg/oauth-transaction-tokens/issues/110 - Azd claim name conflict with RAR https://github.com/oauth-wg/oauth-transaction-tokens/issues/119 * oauth-wg/oauth-selective-disclosure-jwt (+0/-2/š¬1) 1 issues received 1 new comments: - #530 Missing procedures for Holder to validate disclosures received from Issuer (1 by danielfett) https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/530 [ready-for-PR] 2 issues closed: - text for privacy considerations https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/534 - Missing procedures for Holder to validate disclosures received from Issuer https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/530 [has-PR] * oauth-wg/draft-ietf-oauth-status-list (+12/-0/š¬16) 12 issues created: - Add a section to provide estimations about the size and the number of Token Status Lists (by Denisthemalice) https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/229 - Resilience of the architecture when facing network problems ? (by Denisthemalice) https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/228 - Which keys should be used to sign and verify Status List Tokens ? (by Denisthemalice) https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/227 - The status list mechanism as currently described does not allow for interoperability (by Denisthemalice) https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/225 - Interims Feedback: Explain motivation to split issuer / status list issuer / status list provider (by paulbastian) https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/224 - Interims Feedback: Short-lived credentials (by c2bo) https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/223 - Interims Feedback: Discussion around Suspended Status Type (by paulbastian) https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/222 - Reduce the statuses to 2 and 1 bit (by Denisthemalice) https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/221 - The term Issuer SHOULD NOT be used to refer to an entity acting "for all three roles" (by Denisthemalice) https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/220 - Proposed replacement for 13.1, 13.2 and 13.3 placed under section 13 (Implementation Considerations) (by Denisthemalice) https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/219 - Comments on section 12.5.2 Unlinkability (by Denisthemalice) https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/218 - Comments on section 12.5.1 Unlinkability (by Denisthemalice) https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/217 10 issues received 16 new comments: - #229 Add a section to provide estimations about the size and the number of Token Status Lists (1 by paulbastian) https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/229 - #228 Resilience of the architecture when facing network problems ? (2 by Denisthemalice, paulbastian) https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/228 - #227 Which keys should be used to sign and verify Status List Tokens ? (2 by Denisthemalice, c2bo) https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/227 - #225 The status list mechanism as currently described does not allow for interoperability (3 by Denisthemalice, c2bo) https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/225 - #222 Interims Feedback: Discussion around Suspended Status Type (1 by c2bo) https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/222 - #221 Reduce the statuses to 2 and 1 bit (2 by c2bo, paulbastian) https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/221 - #219 Proposed replacement for 13.1, 13.2 and 13.3 placed under section 13 (Implementation Considerations) (1 by paulbastian) https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/219 - #217 Comments on section 12.5.1 Unlinkability (1 by paulbastian) https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/217 - #216 Test vectors (2 by c2bo) https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/216 - #83 IETF 118: Mention prior art (1 by c2bo) https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/83 [discuss] Pull requests ------------- * oauth-wg/oauth-sd-jwt-vc (+2/-0/š¬5) 2 pull requests submitted: - ed: improved clarity on registered claims paragraph (by awoie) https://github.com/oauth-wg/oauth-sd-jwt-vc/pull/296 - Fix #267, explain why we are not using JSON Path or JSON Pointer (by danielfett) https://github.com/oauth-wg/oauth-sd-jwt-vc/pull/295 1 pull requests received 5 new comments: - #294 Make extension point for issuer key resolution more explicit (5 by awoie, bc-pi, danielfett, peacekeeper) https://github.com/oauth-wg/oauth-sd-jwt-vc/pull/294 * oauth-wg/oauth-selective-disclosure-jwt (+2/-4/š¬9) 2 pull requests submitted: - Try to address Rohan's comments (by danielfett) https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/541 - Changes to linkability and data storage sections (by danielfett) https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/540 3 pull requests received 9 new comments: - #543 Reinsert "the standard" (2 by bc-pi, wbl) https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/543 - #541 Try to address Rohan's comments (1 by bc-pi) https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/541 - #535 add Watson Ladd's suggested text with minor adaptations (6 by Denisthemalice, danielfett, wbl) https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/535 4 pull requests merged: - ISO/IEC 29100 is too private https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/475 - add Watson Ladd's suggested text with minor adaptations https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/535 - Changes to linkability and data storage sections https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/540 - Try to address Rohan's comments https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/541 * oauth-wg/draft-ietf-oauth-status-list (+1/-1/š¬0) 1 pull requests submitted: - update organization (by c2bo) https://github.com/oauth-wg/draft-ietf-oauth-status-list/pull/226 1 pull requests merged: - update organization https://github.com/oauth-wg/draft-ietf-oauth-status-list/pull/226 Repositories tracked by this digest: ----------------------------------- * https://github.com/oauth-wg/oauth-browser-based-apps * https://github.com/oauth-wg/oauth-identity-chaining * https://github.com/oauth-wg/oauth-transaction-tokens * https://github.com/oauth-wg/oauth-sd-jwt-vc * https://github.com/oauth-wg/draft-ietf-oauth-resource-metadata * https://github.com/oauth-wg/oauth-cross-device-security * https://github.com/oauth-wg/oauth-selective-disclosure-jwt * https://github.com/oauth-wg/oauth-v2-1 * https://github.com/oauth-wg/draft-ietf-oauth-status-list * https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth
- [OAUTH-WG] Weekly github digest (OAuth Activity Sā¦ Repository Activity Summary Bot