[OAUTH-WG] Weekly github digest (OAuth Activity Summary)
Repository Activity Summary Bot <do_not_reply@mnot.net> Sun, 08 June 2025 07:41 UTC
Return-Path: <do_not_reply@mnot.net>
X-Original-To: oauth@mail2.ietf.org
Delivered-To: oauth@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id CE2E3324A847 for <oauth@mail2.ietf.org>; Sun, 8 Jun 2025 00:41:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.398
X-Spam-Level:
X-Spam-Status: No, score=-2.398 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=fail (2048-bit key) reason="fail (message has been altered)" header.d=mnot.net header.b="xG7TbuR5"; dkim=fail (2048-bit key) reason="fail (message has been altered)" header.d=messagingengine.com header.b="pSuZgDN+"
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s15s0lNtf6ZX for <oauth@mail2.ietf.org>; Sun, 8 Jun 2025 00:41:48 -0700 (PDT)
Received: from fout-a4-smtp.messagingengine.com (fout-a4-smtp.messagingengine.com [103.168.172.147]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256)) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 4A04F324A504 for <oauth@ietf.org>; Sun, 8 Jun 2025 00:41:33 -0700 (PDT)
Received: from phl-compute-06.internal (phl-compute-06.phl.internal [10.202.2.46]) by mailfout.phl.internal (Postfix) with ESMTP id 2D26A13801B7 for <oauth@ietf.org>; Sun, 8 Jun 2025 03:41:33 -0400 (EDT)
Received: from phl-mailfrontend-01 ([10.202.2.162]) by phl-compute-06.internal (MEProxy); Sun, 08 Jun 2025 03:41:33 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mnot.net; h=cc :content-type:content-type:date:from:from:in-reply-to :mime-version:reply-to:subject:subject:to:to; s=fm2; t= 1749368493; x=1749454893; bh=PZdwJ8r475MMp+sNB2+nSlbjvEw08aucbow i7YFpJE0=; b=xG7TbuR5HbIdbyduqN+gq0eIbFc0CYO31lqgDYf6W1OVlounSwK psLlL2VjtpfyfUj2Euqe7XK4NqfnBMi9uBpx+dsallikgAKyMPIGsfrXiis9Wrhl 6hBWbpNEXQ46BFJ94F2YY86nEy5V5G7ARR2Cty2+MPZNhu0SlE13I8t2vrBbB6qQ sdwGZbyTfbfFYlisbn7FtWXFLN6wbzV7qy8tUYq84V065aRQbwoVRgzAVB9+iM4r hjr4xy75aN6LgHRavBvLNbBR1W3gWhPjvtr8OtDbz9fe1HD0YoI5+WhSaeG83j/d QlE7arPUoeOKdo31uvYJR882EvD4oNTyUZg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:content-type:date :feedback-id:feedback-id:from:from:in-reply-to:mime-version :reply-to:subject:subject:to:to:x-me-proxy:x-me-sender :x-me-sender:x-sasl-enc; s=fm1; t=1749368493; x=1749454893; bh=P ZdwJ8r475MMp+sNB2+nSlbjvEw08aucbowi7YFpJE0=; b=pSuZgDN+2PKoM6c0E We0NRQMDRfZEdUKKhUq6rsHfeSPwBK3/JQ5Q/olcStlMJS78bhBSTIWz1dV2wVIh gxh+iSvfcKZK+LRU/nnw+B1fcuhOxy2UPR5qoYBBfk1iaeKoKCodeernw96YMSNQ v2pz92PrrCcRvS2y1YefAuv6Rhej5pGksu3LFsb7iwWShtEurAYOehvQ2jwR/EYl 2K+EESW5S6cOfaEGRKByfQN+LVe30rjLyFAipiugkc2ho1aDay76K5OT6oF3nJLU MXVgXITyUHhbDiCH1+wK8fTfoxuY/8wSKDDk3mS2OTR6AMES09KORDMxDU1SqXyM qOSQQ==
X-ME-Sender: <xms:rT5FaAE1exkHxD8MU7VNX5FWS6v3X3LOd4---tqkMoq2h4ItLd2haw> <xme:rT5FaJWT9o2cJLxXwMlGWoS1ABWw0UL18QbW4XHwrACasTbVf71JXmQqze54cRvNl KCpRCkzIJOmqHnjFQ>
X-ME-Received: <xmr:rT5FaKIMUTUUC8e6_41jJVF8htMr41TEvsSr1lmXC2RHSmqV2mxpb-w88ZXFE2PITAv0QOE2jU00-WjrQaLdauy5gvDZxCstop-HM65W8CghIV1YJmtgDeqgN8rypecq5OMhdLkf>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeffedrtddugdejheeiucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggvpdfu rfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucfpohcuuggrthgvuchfih gvlhguucdlgeelmdenucfjughrpegtggfhvffusegrtddtredttdejnecuhfhrohhmpeft vghpohhsihhtohhrhicutegtthhivhhithihucfuuhhmmhgrrhihuceuohhtuceoughopg hnohhtpghrvghplhihsehmnhhothdrnhgvtheqnecuggftrfgrthhtvghrnhepkeefvddu teejvdefkeehieevuefgfefhteetveegffekffefteffvdelheduieetnecuffhomhgrih hnpehgihhthhhusgdrtghomhenucevlhhushhtvghrufhiiigvpedvnecurfgrrhgrmhep mhgrihhlfhhrohhmpeguohgpnhhothgprhgvphhlhiesmhhnohhtrdhnvghtpdhnsggprh gtphhtthhopedupdhmohguvgepshhmthhpohhuthdprhgtphhtthhopehorghuthhhsehi vghtfhdrohhrgh
X-ME-Proxy: <xmx:rT5FaCFZF-tgElUpZH0mQNJhHoKLcjXeO1UThqNWfPW7US_XfBUdrg> <xmx:rT5FaGVdtBflAugOMBsiYzk1l1Fa5p-Nauh_yFXju1S2-Rf-NDdANg> <xmx:rT5FaFMet1Mch2pHYUTlddUn5KklavY0Gc36SuqOUErpA68gyBrqtQ> <xmx:rT5FaN0MWIugByaSwqdSdkIqthwaMDi4g-cdbM9krJi2Hljljm0pHQ> <xmx:rT5FaKphxNybNLgJ30GKRwfcm9WJLdV0DWgi7ZNjku24sEj6l-NDh-PA>
Feedback-ID: i1c3946f2:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA for <oauth@ietf.org>; Sun, 8 Jun 2025 03:41:32 -0400 (EDT)
Content-Type: multipart/alternative; boundary="===============1538963393527070316=="
MIME-Version: 1.0
From: Repository Activity Summary Bot <do_not_reply@mnot.net>
To: oauth@ietf.org
Message-Id: <20250608074133.4A04F324A504@mail2.ietf.org>
Date: Sun, 08 Jun 2025 00:41:33 -0700
Message-ID-Hash: N2F2Y4SHGR6CUN4PDNFHX2I42OQT6AEY
X-Message-ID-Hash: N2F2Y4SHGR6CUN4PDNFHX2I42OQT6AEY
X-MailFrom: do_not_reply@mnot.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-oauth.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [OAUTH-WG] Weekly github digest (OAuth Activity Summary)
List-Id: OAUTH WG <oauth.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/qIJyljoZlISrX4-xNxrNAGzOD6M>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Owner: <mailto:oauth-owner@ietf.org>
List-Post: <mailto:oauth@ietf.org>
List-Subscribe: <mailto:oauth-join@ietf.org>
List-Unsubscribe: <mailto:oauth-leave@ietf.org>
Events without label "editorial"
Issues
------
* oauth-wg/oauth-browser-based-apps (+1/-0/š¬0)
1 issues created:
- Clarification on refresh token requirements for browser-based clients (by devinivy)
https://github.com/oauth-wg/oauth-browser-based-apps/issues/105
* oauth-wg/oauth-sd-jwt-vc (+1/-1/š¬10)
1 issues created:
- Recommend against using the x5u parameter in JWK (by nikosft)
https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/315
7 issues received 10 new comments:
- #314 Declaration of arrays to the type metadata. (2 by babisRoutis, danielfett)
https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/314 [Ready-for-PR]
- #311 Clarification on extend (2 by babisRoutis, danielfett)
https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/311 [discuss]
- #310 Should `mandatory` be added to claim metadata? (2 by babisRoutis, danielfett)
https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/310 [enhancement] [discuss]
- #308 Document integrity examples use wrong Base64url encoding (1 by awoie)
https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/308
- #305 Support PNG background besides just color or SVG (1 by danielfett)
https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/305 [enhancement]
- #302 Add security consideration: Extending a type doesn't imply authorization to issue the type (1 by awoie)
https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/302
- #301 Claim vocabulary for PID? (1 by danielfett)
https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/301
1 issues closed:
- Claim vocabulary for PID? https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/301
* oauth-wg/oauth-selective-disclosure-jwt (+1/-0/š¬0)
1 issues created:
- Issuer/Verifier unlinkability with an honest Verifier can be broken if certain JWS headers are used (by nikosft)
https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/581
* oauth-wg/oauth-v2-1 (+1/-0/š¬0)
1 issues created:
- Make PKCE optional when DPoP + PAR are used (by matthieusieben)
https://github.com/oauth-wg/oauth-v2-1/issues/214
* oauth-wg/draft-ietf-oauth-attestation-based-client-auth (+2/-1/š¬17)
2 issues created:
- Similar proposal in AT Protocol: DPoP-bound private_key_jwt client authentication (by devinivy)
https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/123
- Create section on Processing and Verification (by c2bo)
https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/122
8 issues received 17 new comments:
- #118 Client Attestation HTTP Headers (3 by Macke, paulbastian, tplooker)
https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/118 [discuss]
- #117 Editorial - what is a "traditional OAuth2 ecosystem" (2 by Macke, tplooker)
https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/117
- #116 "transaction" is easily misunderstood (2 by Macke, tplooker)
https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/116 [has-pr]
- #111 Add option without PoP but with ad-hoc client attetation and nonce (2 by tplooker)
https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/111
- #109 Add Authorization Server policy section about "Reuse of a Client Attestation JWT" (2 by Macke, tplooker)
https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/109 [has-pr]
- #105 Steps (1) to (4) should be moved into an informative annex (1 by paulbastian)
https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/105
- #95 Add section to consider usage at RS (2 by c2bo, tplooker)
https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/95 [discuss]
- #81 client_id optional in the request body (3 by c2bo, tplooker)
https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/81 [discuss]
1 issues closed:
- Editorial - "## Rotation of Client Instance Key" https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/119 [has-pr]
Pull requests
-------------
* oauth-wg/oauth-identity-chaining (+0/-1/š¬0)
1 pull requests merged:
- Editorial pass for consistency with the main document.
https://github.com/oauth-wg/oauth-identity-chaining/pull/149
* oauth-wg/oauth-transaction-tokens (+1/-1/š¬0)
1 pull requests submitted:
- Added Tokenetes link in the readme. (by tulshi)
https://github.com/oauth-wg/oauth-transaction-tokens/pull/177
1 pull requests merged:
- Added Tokenetes link in the readme.
https://github.com/oauth-wg/oauth-transaction-tokens/pull/177
* oauth-wg/oauth-cross-device-security (+3/-1/š¬2)
3 pull requests submitted:
- Informative/Normative split (by PieterKas)
https://github.com/oauth-wg/oauth-cross-device-security/pull/161
- Formatting (by PieterKas)
https://github.com/oauth-wg/oauth-cross-device-security/pull/160
- Normative/Informative reference split (by PieterKas)
https://github.com/oauth-wg/oauth-cross-device-security/pull/159
1 pull requests received 2 new comments:
- #161 Informative/Normative split (2 by PieterKas, panva)
https://github.com/oauth-wg/oauth-cross-device-security/pull/161
1 pull requests merged:
- Formatting
https://github.com/oauth-wg/oauth-cross-device-security/pull/160
* oauth-wg/draft-ietf-oauth-status-list (+1/-1/š¬0)
1 pull requests submitted:
- Update Paul's affiliation (by paulbastian)
https://github.com/oauth-wg/draft-ietf-oauth-status-list/pull/290
1 pull requests merged:
- Update Paul's affiliation
https://github.com/oauth-wg/draft-ietf-oauth-status-list/pull/290
* oauth-wg/draft-ietf-oauth-attestation-based-client-auth (+2/-2/š¬7)
2 pull requests submitted:
- Add missing +jwt in Client Attestation PoP JWT example (by thomasdarimont)
https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/pull/121
- Minor tweak to implementation considerations formatting (by tplooker)
https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/pull/120
3 pull requests received 7 new comments:
- #120 Minor tweak to implementation considerations formatting (2 by c2bo, tplooker)
https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/pull/120
- #115 update example attestation jwt iss (1 by c2bo)
https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/pull/115
- #112 initial draft for challenge endpoint (4 by tplooker)
https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/pull/112
2 pull requests merged:
- Minor tweak to implementation considerations formatting
https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/pull/120
- update example attestation jwt iss
https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/pull/115
Repositories tracked by this digest:
-----------------------------------
* https://github.com/oauth-wg/oauth-browser-based-apps
* https://github.com/oauth-wg/oauth-identity-chaining
* https://github.com/oauth-wg/oauth-transaction-tokens
* https://github.com/oauth-wg/oauth-sd-jwt-vc
* https://github.com/oauth-wg/draft-ietf-oauth-resource-metadata
* https://github.com/oauth-wg/oauth-cross-device-security
* https://github.com/oauth-wg/oauth-selective-disclosure-jwt
* https://github.com/oauth-wg/oauth-v2-1
* https://github.com/oauth-wg/draft-ietf-oauth-status-list
* https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth
--
To have a summary like this sent to your list, see: https://github.com/ietf-github-services/activity-summary
- [OAUTH-WG] Weekly github digest (OAuth Activity Sā¦ Repository Activity Summary Bot