[OAUTH-WG] Weekly github digest (OAuth Activity Summary)
Repository Activity Summary Bot <do_not_reply@mnot.net> Sun, 22 September 2024 07:56 UTC
Return-Path: <do_not_reply@mnot.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 375D2C151543 for <oauth@ietfa.amsl.com>; Sun, 22 Sep 2024 00:56:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.706
X-Spam-Level:
X-Spam-Status: No, score=-1.706 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (2048-bit key) reason="fail (message has been altered)" header.d=mnot.net header.b="KMOF20Li"; dkim=fail (2048-bit key) reason="fail (message has been altered)" header.d=messagingengine.com header.b="KA9IbbLO"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tVURjQRFYX8R for <oauth@ietfa.amsl.com>; Sun, 22 Sep 2024 00:56:09 -0700 (PDT)
Received: from fout3-smtp.messagingengine.com (fout3-smtp.messagingengine.com [103.168.172.146]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CBEC5C14CF1E for <oauth@ietf.org>; Sun, 22 Sep 2024 00:56:09 -0700 (PDT)
Received: from phl-compute-05.internal (phl-compute-05.phl.internal [10.202.2.45]) by mailfout.phl.internal (Postfix) with ESMTP id 0994613802A0 for <oauth@ietf.org>; Sun, 22 Sep 2024 03:40:13 -0400 (EDT)
Received: from phl-mailfrontend-01 ([10.202.2.162]) by phl-compute-05.internal (MEProxy); Sun, 22 Sep 2024 03:40:13 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mnot.net; h=cc :content-type:content-type:date:from:from:in-reply-to :mime-version:reply-to:subject:subject:to:to; s=fm3; t= 1726990813; x=1727077213; bh=O1zgRxQsG2MBJ1PV4GDbk+W0xBdJdUWmAVt KEIWYiFk=; b=KMOF20Li072X6RsptydxZpuRk5BaIhBa3czgZmMc43GqCZXnImn uTzYkFhKq3eA2smPI/stbV9LgSC6KVjYe3K8urJL6vV1n/rhx5cPAYFssgLvMMJ9 3Mc9Z/4np2FO8gKN4j70SrwmS4uOX2iPFhOOZ7JDuztfy5t5zgLauAUMb8RslTRq SH6BUvkNQatJRhSw8Iasuu7fbPtrlcPUCtU12DlL4ITI87P2ziY+JCbbcr17yntQ QJe2TwgWerfgk/SWbJOT2jZzOVM1cgVfHzQ1SGMpe/MO/FJT+cZvzYZea8uxvk8C vupkE3KkqMuyE2yLJgxC/JWRtdXmeXITVCQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:content-type:date :feedback-id:feedback-id:from:from:in-reply-to:mime-version :reply-to:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t=1726990813; x= 1727077213; bh=O1zgRxQsG2MBJ1PV4GDbk+W0xBdJdUWmAVtKEIWYiFk=; b=K A9IbbLOkxkKhOFtVTE3e6gHuJcZ6KgXg3ydJHz7cA8h8iDO/ei1YjmYM6aKOCl1p J2tHCiODGbQgW9CFjYUw5NuYrGSTPJ+nwNklN3vxF+5kzbNZZdoe4tuQN9y/9mxi T/aAX6ry20e9ALmXmyG/7LB4i4VshkV1AK4gTgu74fPL+MoUTvTAP32UX9/iW9UN HiqOHyCZ2MTkvR4gICyyUu91spB38X1bs3K/E9NK/7NIuS8tESuG7oHRVHwgaJTo Oognnf1xwDO5WPBaaOikmlWldodUSfzmurvAbkFehdH5MOWwKqTu7ct7pNcTYCyK ESpOeYWUVWBLIQfSjuZ4g==
X-ME-Sender: <xms:3MnvZtWhvWtiROhpt6IHi8Aj7lQyBdcm-L6oQNxo679gt_udguT9tA> <xme:3MnvZtlhdW0Y-Ga02uVbpOG08_FKQMWzEigerE3R3hFrQZwTsYR550yU6IZZqVxHS P44ifJudHXYpMjzBQ>
X-ME-Received: <xmr:3MnvZpb3T2qXRNHYg9YvzZYakb8FKdGXnRllhN8JBZ7Ed0PYahpEodoium_ENAk>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeftddrudeliedguddvfecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpggftfghnshhusghstghrihgsvgdp uffrtefokffrpgfnqfghnecuuegrihhlohhuthemuceftddtnecupfhoucgurghtvgcufh hivghlugculdegledmnecujfgurheptggghffvufesrgdttdertddtjeenucfhrhhomhep tfgvphhoshhithhorhihucettghtihhvihhthicuufhumhhmrghrhicuuehothcuoeguoh gpnhhothgprhgvphhlhiesmhhnohhtrdhnvghtqeenucggtffrrghtthgvrhhnpeekfedv udetjedvfeekheeiveeugfefhfetteevgeffkefffeetffdvleehudeiteenucffohhmrg hinhepghhithhhuhgsrdgtohhmnecuvehluhhsthgvrhfuihiivgepgeenucfrrghrrghm pehmrghilhhfrhhomhepughopghnohhtpghrvghplhihsehmnhhothdrnhgvthdpnhgspg hrtghpthhtohepuddpmhhouggvpehsmhhtphhouhhtpdhrtghpthhtohepohgruhhthhes ihgvthhfrdhorhhg
X-ME-Proxy: <xmx:3MnvZgWbqLMNeG3lWuS28uLvV6r8Y-v_C7bCpwNey_FPbcMRw1DQZA> <xmx:3MnvZnlD8HR1adAhAe0Bm_TILRdnHDQA0ggzsyZDi7tiqZkQIln2xw> <xmx:3MnvZtcMXkm5d6AbT7-U5C1r2ubCwHNyq9odid4YqLkHItp-BD1omw> <xmx:3MnvZhEzZncvP4bl0CDbMnp6B_4sCvRD7I9ZHEwYpVCTm1QSXewxbg> <xmx:3cnvZszmKPHpUmTuqwHlgO-Hv0E-7iAwB5vaAsXO33FWZXExeCwIZB5M>
Feedback-ID: i1c3946f2:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA for <oauth@ietf.org>; Sun, 22 Sep 2024 03:40:12 -0400 (EDT)
Content-Type: multipart/alternative; boundary="===============1226324649800737536=="
MIME-Version: 1.0
From: Repository Activity Summary Bot <do_not_reply@mnot.net>
To: oauth@ietf.org
Message-Id: <20240922075609.CBEC5C14CF1E@ietfa.amsl.com>
Date: Sun, 22 Sep 2024 00:56:09 -0700
Message-ID-Hash: ZXGH3CMB7IUNQ335EF47D2F45UVJP4R6
X-Message-ID-Hash: ZXGH3CMB7IUNQ335EF47D2F45UVJP4R6
X-MailFrom: do_not_reply@mnot.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-oauth.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [OAUTH-WG] Weekly github digest (OAuth Activity Summary)
List-Id: OAUTH WG <oauth.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/yuQ9l5UiTPbI9xcQMbdnU5N4hNY>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Owner: <mailto:oauth-owner@ietf.org>
List-Post: <mailto:oauth@ietf.org>
List-Subscribe: <mailto:oauth-join@ietf.org>
List-Unsubscribe: <mailto:oauth-leave@ietf.org>
Events without label "editorial"
Issues
------
* oauth-wg/oauth-sd-jwt-vc (+2/-0/π¬6)
2 issues created:
- Fetch vct from URL or from registry (by alenhorvat)
https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/256
- Issuer-signed JWT Verification Key Validation - Separation of signature and identity verification/validation? (by alenhorvat)
https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/253
3 issues received 6 new comments:
- #253 Issuer-signed JWT Verification Key Validation - Separation of signature and identity verification/validation? (4 by alenhorvat, peacekeeper)
https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/253
- #250 Drop all references to DIDs and DID resolution (1 by peacekeeper)
https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/250
- #121 Is the following a valid SD-JWT-VC or how can it be mapped to the SD-JWT-VC? (1 by alenhorvat)
https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/121 [question] [pending close]
* oauth-wg/draft-ietf-oauth-resource-metadata (+1/-0/π¬0)
1 issues created:
- The client cannot tells whether audience restriction has been applied (by randomstuff)
https://github.com/oauth-wg/draft-ietf-oauth-resource-metadata/issues/55
* oauth-wg/oauth-selective-disclosure-jwt (+2/-0/π¬1)
2 issues created:
- sd_alg, _sd_alg - Option for claims reuse? (by alenhorvat)
https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/468
- JWT and unprotected header - generalisation? (by alenhorvat)
https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/465
1 issues received 1 new comments:
- #463 holder key as DID (1 by Sakurann)
https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/463
* oauth-wg/draft-ietf-oauth-status-list (+0/-8/π¬4)
3 issues received 4 new comments:
- #168 Support for content negotiation as denoted in the standard is limited for some CDNs and http servers (1 by tplooker)
https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/168 [discuss]
- #107 Add further implementation guidance around when and how to use ttl vs exp claim (2 by paulbastian, tplooker)
https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/107 [ready-for-pr]
- #86 Consider making `status` a JWT header instead of a JWT claim (1 by paulbastian)
https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/86 [discuss]
8 issues closed:
- Call for Adoption Feedback: Privacy concerns https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/73 [ready-for-pr]
- Consider adding an implementation consideration around using private relay style protocols for status list access https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/93 [ready-for-pr]
- Privacy Consideration https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/132 [ready-for-pr]
- Reference the JWT BCP https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/165 [ready-for-pr]
- Implementation consideration to endianess https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/146 [ready-for-pr]
- do we mandate the issuer of Referenced Token is the same entity issuing the Status List? https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/108 [ready-for-pr]
- Remove requirement on matching iss values https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/159 [ready-for-pr]
- Consider making `status` a JWT header instead of a JWT claim https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/86 [discuss]
Pull requests
-------------
* oauth-wg/oauth-identity-chaining (+0/-0/π¬1)
1 pull requests received 1 new comments:
- #94 Added use cases (1 by PieterKas)
https://github.com/oauth-wg/oauth-identity-chaining/pull/94
* oauth-wg/oauth-sd-jwt-vc (+2/-2/π¬3)
2 pull requests submitted:
- Set upload email in makefile (by bc-pi)
https://github.com/oauth-wg/oauth-sd-jwt-vc/pull/255
- hope is a waking dream (by bc-pi)
https://github.com/oauth-wg/oauth-sd-jwt-vc/pull/254
3 pull requests received 3 new comments:
- #255 Set upload email in makefile (1 by bc-pi)
https://github.com/oauth-wg/oauth-sd-jwt-vc/pull/255
- #254 hope is a waking dream (1 by bc-pi)
https://github.com/oauth-wg/oauth-sd-jwt-vc/pull/254
- #251 Tightened exposition of Issuer-signed JWT Verification Key Validation section (1 by peacekeeper)
https://github.com/oauth-wg/oauth-sd-jwt-vc/pull/251
2 pull requests merged:
- hope is a waking dream
https://github.com/oauth-wg/oauth-sd-jwt-vc/pull/254
- Add display and claim metadata
https://github.com/oauth-wg/oauth-sd-jwt-vc/pull/236
* oauth-wg/draft-ietf-oauth-resource-metadata (+0/-1/π¬0)
1 pull requests merged:
- Add metadata parameter for RAR types supported
https://github.com/oauth-wg/draft-ietf-oauth-resource-metadata/pull/54
* oauth-wg/oauth-selective-disclosure-jwt (+2/-0/π¬1)
2 pull requests submitted:
- introduction rewrite (by dickhardt)
https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/467
- Addressing one more or Mike's previous review comments (by bc-pi)
https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/466
1 pull requests received 1 new comments:
- #466 Addressing one more or Mike's previous review comments (1 by bc-pi)
https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/466
* oauth-wg/draft-ietf-oauth-status-list (+2/-6/π¬2)
2 pull requests submitted:
- status list token cwt example uses new claim key (by c2bo)
https://github.com/oauth-wg/draft-ietf-oauth-status-list/pull/176
- fix rendering & improve IANA registration text (by c2bo)
https://github.com/oauth-wg/draft-ietf-oauth-status-list/pull/175
2 pull requests received 2 new comments:
- #175 fix rendering & improve IANA registration text (1 by paulbastian)
https://github.com/oauth-wg/draft-ietf-oauth-status-list/pull/175
- #170 update security consideration (1 by paulbastian)
https://github.com/oauth-wg/draft-ietf-oauth-status-list/pull/170
6 pull requests merged:
- status list token cwt example uses new claim key
https://github.com/oauth-wg/draft-ietf-oauth-status-list/pull/176
- update security consideration
https://github.com/oauth-wg/draft-ietf-oauth-status-list/pull/170
- remove requirement for matching iss claim in Referenced Token and Staβ¦
https://github.com/oauth-wg/draft-ietf-oauth-status-list/pull/164
- sd jwt example
https://github.com/oauth-wg/draft-ietf-oauth-status-list/pull/171
- fix CWT status_list map encoding
https://github.com/oauth-wg/draft-ietf-oauth-status-list/pull/173
- fix rendering & improve IANA registration text
https://github.com/oauth-wg/draft-ietf-oauth-status-list/pull/175
Repositories tracked by this digest:
-----------------------------------
* https://github.com/oauth-wg/oauth-browser-based-apps
* https://github.com/oauth-wg/oauth-identity-chaining
* https://github.com/oauth-wg/oauth-transaction-tokens
* https://github.com/oauth-wg/oauth-sd-jwt-vc
* https://github.com/oauth-wg/draft-ietf-oauth-resource-metadata
* https://github.com/oauth-wg/oauth-cross-device-security
* https://github.com/oauth-wg/oauth-selective-disclosure-jwt
* https://github.com/oauth-wg/oauth-v2-1
* https://github.com/oauth-wg/draft-ietf-oauth-status-list
* https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth
- [OAUTH-WG] Weekly github digest (OAuth Activity S⦠Repository Activity Summary Bot