[OAUTH-WG] Weekly github digest (OAuth Activity Summary)

Repository Activity Summary Bot <do_not_reply@mnot.net> Sun, 25 August 2024 07:46 UTC

Return-Path: <do_not_reply@mnot.net>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7FF80C14F5E8 for <oauth@ietfa.amsl.com>; Sun, 25 Aug 2024 00:46:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.707
X-Spam-Level:
X-Spam-Status: No, score=-6.707 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (2048-bit key) reason="fail (message has been altered)" header.d=mnot.net header.b="LGDFB7H0"; dkim=fail (2048-bit key) reason="fail (message has been altered)" header.d=messagingengine.com header.b="ntqIx/5n"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5sHgpqbMRiSl for <oauth@ietfa.amsl.com>; Sun, 25 Aug 2024 00:46:10 -0700 (PDT)
Received: from fhigh7-smtp.messagingengine.com (fhigh7-smtp.messagingengine.com [103.168.172.158]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C0D05C14F5E4 for <oauth@ietf.org>; Sun, 25 Aug 2024 00:46:10 -0700 (PDT)
Received: from phl-compute-08.internal (phl-compute-08.nyi.internal [10.202.2.48]) by mailfhigh.nyi.internal (Postfix) with ESMTP id 8F8A31151AF9 for <oauth@ietf.org>; Sun, 25 Aug 2024 03:40:00 -0400 (EDT)
Received: from phl-mailfrontend-01 ([10.202.2.162]) by phl-compute-08.internal (MEProxy); Sun, 25 Aug 2024 03:40:00 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mnot.net; h=cc :content-type:content-type:date:from:from:in-reply-to :mime-version:reply-to:subject:subject:to:to; s=fm2; t= 1724571600; x=1724658000; bh=ytJWoLl24O/uwPi2njtdLctvHbnDzGDDg3Q aZi36E+k=; b=LGDFB7H05+MmJAZxSpgOQwCSc/9MT3oy381OAYQxgJ9z2E0J1Ej o5W6pp/LEsoUNqPmuSXZHRFRHOBnWwAMqC/hqHK2ctfvlRgdJwDwqgymJ51Fc4em Cs6IHdjw+WWay1FloeAx5PZ+TM9AvveSUOiJa15bnuSBOAOmoTfp5Nv9fI5TAePJ OEoTl/6VntLTZmOFeNLHr0ecPRujzIAS9vGACVyNdAyoT8aItfYU15O6NUEC38kj 5vsuZcl9mAV74ZqOWNzdrwHIubxSwG+xqsCX2X8yxfsyD8VuEnEnYHViCvmdDe5p 1Iyj2Z9RgCPql4wwmC1WHpTqPAqvK7zE39A==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:content-type:date :feedback-id:feedback-id:from:from:in-reply-to:mime-version :reply-to:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=1724571600; x= 1724658000; bh=ytJWoLl24O/uwPi2njtdLctvHbnDzGDDg3QaZi36E+k=; b=n tqIx/5nhfOamVODnLvCOhRlR/Jrkv1Vtj9wjxoBG6G9JkrvzP9VVaslD0t+GgHbX nNK4G01g++BGD+4IzgwcDmhZjZlYeJXhsvFwpbmtXUyxiN7wAm/hEZUZFPUOjK9b QTqy2gBJ43FZ9KlLmFRvWU6m6jO+4mgg7kcKE+1NCUn4qk1pDM0J2uYki8QTWPBp rZw/Pw/+EUyROpUhD/U55nT3Zupnpjg6ZxOXYDdcni/en07KkUjNCbYE+KLbi5oO TaRibhcBQdpSGhxT1bgC/sqNnuA9lzV3MXdVSTBiOIM1FjxsyhoT6bjTj5boEy2y 0cddDOXyW593kr6qqEJ9Q==
X-ME-Sender: <xms:0N_KZjoMwcKN7oRcgJYTR85YU-AUiSuzrmva4MFuGYpTpInyyG8F2g> <xme:0N_KZtpsnDbSFpAexbCTV_kULrSAt-kpjpc80ej_PRv4kMO4J1NwaUoweUdPkI5G5 4FzOqtxA6g8TX9XmQ>
X-ME-Received: <xmr:0N_KZgONviYZEd8_oPlxu7V58lM3K_DedQEo32Jnb6KXkK_63xiqQU9ApKwkNjk>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeftddruddvhedguddvfecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpggftfghnshhusghstghrihgsvgdp uffrtefokffrpgfnqfghnecuuegrihhlohhuthemuceftddtnecupfhoucgurghtvgcufh hivghlugculdegledmnecujfgurheptggghffvufesrgdttdertddtjeenucfhrhhomhep tfgvphhoshhithhorhihucettghtihhvihhthicuufhumhhmrghrhicuuehothcuoeguoh gpnhhothgprhgvphhlhiesmhhnohhtrdhnvghtqeenucggtffrrghtthgvrhhnpeekfedv udetjedvfeekheeiveeugfefhfetteevgeffkefffeetffdvleehudeiteenucffohhmrg hinhepghhithhhuhgsrdgtohhmnecuvehluhhsthgvrhfuihiivgepfeenucfrrghrrghm pehmrghilhhfrhhomhepughopghnohhtpghrvghplhihsehmnhhothdrnhgvthdpnhgspg hrtghpthhtohepuddpmhhouggvpehsmhhtphhouhhtpdhrtghpthhtohepohgruhhthhes ihgvthhfrdhorhhg
X-ME-Proxy: <xmx:0N_KZm4oeo8c4KXgHGYc-8P_uw0NlwgAuIZ99WlpvV6MMpZdHQ_ptg> <xmx:0N_KZi7PAb2aD5tBpqkwulpnXG9gLyuopj05fler79mh2K6x40u6ag> <xmx:0N_KZugmN30WIijrlprZGLD6uARO5bWK76fdRFF_ehYEhz4WZ8Yo7w> <xmx:0N_KZk6S7V3rrrppkhiviwztDwpbQq07XYUFOmW2tOWZxgrrZqUxrQ> <xmx:0N_KZiFUWr3GgVXuh5zJXidk9in63OPfW9noJJpahyQaarH8Uh6TPDwZ>
Feedback-ID: i1c3946f2:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA for <oauth@ietf.org>; Sun, 25 Aug 2024 03:40:00 -0400 (EDT)
Content-Type: multipart/alternative; boundary="===============6308436071656563545=="
MIME-Version: 1.0
From: Repository Activity Summary Bot <do_not_reply@mnot.net>
To: oauth@ietf.org
Message-Id: <20240825074610.C0D05C14F5E4@ietfa.amsl.com>
Date: Sun, 25 Aug 2024 00:46:10 -0700
Message-ID-Hash: J3BNO5P2SUBLNULZ74S4IWJHJWZ7M77O
X-Message-ID-Hash: J3BNO5P2SUBLNULZ74S4IWJHJWZ7M77O
X-MailFrom: do_not_reply@mnot.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-oauth.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [OAUTH-WG] Weekly github digest (OAuth Activity Summary)
List-Id: OAUTH WG <oauth.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/zZ1CchQnFyygz1_cjQ8FjYChLLw>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Owner: <mailto:oauth-owner@ietf.org>
List-Post: <mailto:oauth@ietf.org>
List-Subscribe: <mailto:oauth-join@ietf.org>
List-Unsubscribe: <mailto:oauth-leave@ietf.org>



Events without label "editorial"

Issues
------
* oauth-wg/oauth-sd-jwt-vc (+0/-0/šŸ’¬3)
  2 issues received 3 new comments:
  - #250 Drop all references to DIDs and DID resolution (2 by awoie, decentralgabe)
    https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/250 
  - #245 Ambiguity what should happen when no `kid` parameter is present in header when DID is used as `iss` value (1 by babisRoutis)
    https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/245 

* oauth-wg/oauth-selective-disclosure-jwt (+0/-0/šŸ’¬3)
  2 issues received 3 new comments:
  - #444 (maybe) clarify example(s)  (2 by bc-pi)
    https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/444 
  - #443 Give "JSON document of the SD-JWT processing and verification algorithm" a name (1 by bc-pi)
    https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/443 

* oauth-wg/draft-ietf-oauth-attestation-based-client-auth (+0/-0/šŸ’¬7)
  3 issues received 7 new comments:
  - #81 client_id optional in the request body (1 by c2bo)
    https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/81 
  - #61 IETF 118 : Should this mechanism be used in parallel with Client Authentication /with Dynamic Client Registration (1 by embesozzi)
    https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/61 
  - #59 Using a server provided nonce to limit the lifetime of a Client Attestation PoP JWT (5 by c2bo, paulbastian, tlodderstedt)
    https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/59 



Pull requests
-------------
* oauth-wg/oauth-sd-jwt-vc (+1/-0/šŸ’¬0)
  1 pull requests submitted:
  - Tightened exposition of Issuer-signed JWT Verification Key Validation section (by bc-pi)
    https://github.com/oauth-wg/oauth-sd-jwt-vc/pull/251 

* oauth-wg/oauth-selective-disclosure-jwt (+3/-3/šŸ’¬2)
  3 pull requests submitted:
  - Introduced the phrase processed SD-JWT payload in Section 8.1 on Verifying the SD-JWT (by bc-pi)
    https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/456 
  - Add editorial and reference fixes to -12 history (by bc-pi)
    https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/455 
  - additional updates from Mike's review (by bc-pi)
    https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/454 

  1 pull requests received 2 new comments:
  - #454 additional updates from Mike's review (2 by bc-pi)
    https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/454 

  3 pull requests merged:
  - Add editorial and reference fixes to -12 history
    https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/455 
  - additional updates from Mike's review
    https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/454 
  - a new PR to add PR #452 in document history
    https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/453 

* oauth-wg/draft-ietf-oauth-status-list (+2/-0/šŸ’¬0)
  2 pull requests submitted:
  - fix reference of Status List in CBOR format (by paulbastian)
    https://github.com/oauth-wg/draft-ietf-oauth-status-list/pull/161 
  - add cwt claim key for status_list  (by c2bo)
    https://github.com/oauth-wg/draft-ietf-oauth-status-list/pull/160 

* oauth-wg/draft-ietf-oauth-attestation-based-client-auth (+0/-0/šŸ’¬2)
  2 pull requests received 2 new comments:
  - #64 Adds server-provided nonces for Client Attestation PoP JWT freshness verification (1 by paulbastian)
    https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/pull/64 
  - #51 add text on aal (1 by paulbastian)
    https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/pull/51 


Repositories tracked by this digest:
-----------------------------------
* https://github.com/oauth-wg/oauth-browser-based-apps
* https://github.com/oauth-wg/oauth-identity-chaining
* https://github.com/oauth-wg/oauth-transaction-tokens
* https://github.com/oauth-wg/oauth-sd-jwt-vc
* https://github.com/oauth-wg/draft-ietf-oauth-resource-metadata
* https://github.com/oauth-wg/oauth-cross-device-security
* https://github.com/oauth-wg/oauth-selective-disclosure-jwt
* https://github.com/oauth-wg/oauth-v2-1
* https://github.com/oauth-wg/draft-ietf-oauth-status-list
* https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth