[OAUTH-WG] Weekly github digest (OAuth Activity Summary)



Events without label "editorial"

Issues
------
* oauth-wg/oauth-sd-jwt-vc (+1/-0/💬6)
 1 issues created:
 - Should `sd` `allowed` used by issuers? (by babisRoutis)

https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/323

 5 issues received 6 new comments:
 - #321 Be more opinionated about validity claims? (1 by danielfett)

https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/321 [pending close]- #319 Mapping for 'termsOfUse' from VCDM (2 by danielfett, tweeddalex)https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/319 [pending close]- #315 Recommend against using the x5u parameter in JWK (1 by danielfett)https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/315- #310 Should `mandatory` be added to claim metadata? (1 by danielfett)https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/310 [enhancement] [discuss]- #253 Issuer-signed JWT Verification Key Validation - Separation of signature and identity verification/validation? (1 by bc-pi)https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/253 [discuss]

* oauth-wg/oauth-cross-device-security (+0/-5/💬3)
 3 issues received 3 new comments:
 - #169 broken internal links (1 by PieterKas)

https://github.com/oauth-wg/oauth-cross-device-security/issues/169- #166 Make Authorisation Server role explicit in establishing Proximity (1 by PieterKas)https://github.com/oauth-wg/oauth-cross-device-security/issues/166- #164 Editorial Updates (1 by PieterKas)https://github.com/oauth-wg/oauth-cross-device-security/issues/164

 5 issues closed:

- Add acknowledgement for Dan Moore's contribution https://github.com/oauth-wg/oauth-cross-device-security/issues/168- Make Authorisation Server role explicit in establishing Proximity https://github.com/oauth-wg/oauth-cross-device-security/issues/166- Additional Info about shared network https://github.com/oauth-wg/oauth-cross-device-security/issues/165- Editorial Updates https://github.com/oauth-wg/oauth-cross-device-security/issues/164- broken internal links https://github.com/oauth-wg/oauth-cross-device-security/issues/169

* oauth-wg/oauth-selective-disclosure-jwt (+0/-2/💬1)
 1 issues received 1 new comments:
 - #574 Providing interoperability for ECDH-HMAC signatures on key binding JWT 
(1 by bc-pi)

https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/574 [help wanted] [question] [pending-close]

 2 issues closed:

- Providing interoperability for ECDH-HMAC signatures on key binding JWT https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/574 [help wanted] [question] [pending-close]- Issuer/Verifier unlinkability with an honest Verifier can be broken if certain JWS headers are used https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/581

* oauth-wg/oauth-v2-1 (+1/-0/💬0)
 1 issues created:
 - clarity on refresh_token grant with lesser scope change without 
"offline_access" (by dvanmali)

https://github.com/oauth-wg/oauth-v2-1/issues/216

* oauth-wg/draft-ietf-oauth-status-list (+1/-3/💬0)
 1 issues created:
 - property uri (by adeinega)

https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/298

 3 issues closed:

- More Feedback from Denis https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/294- Extended Key Usage OID https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/283- Feedback regarding expected format https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/292

* oauth-wg/draft-ietf-oauth-attestation-based-client-auth (+3/-12/💬8)
 3 issues created:
 - pop iat should now be required (by panva)

https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/133- Dedicated error code for missing client attestation (by mickrau)https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/131- Allow MAC as signature algorithms? (by paulbastian)https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/130

 2 issues received 8 new comments:
 - #131 Dedicated error code for missing client attestation (6 by mickrau, 
panva, paulbastian)

https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/131- #81 client_id optional in the request body (2 by tplooker)https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/81 [has-pr]

 12 issues closed:

- Create section on Processing and Verification https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/122 [has-pr]- client_id optional in the request body https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/81 [has-pr]- Editorial - what is a "traditional OAuth2 ecosystem" https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/117 [has-pr]- Remove `exp` from the PoP https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/124 [has-pr]- Add Authorization Server policy section about "Reuse of a Client Attestation JWT" https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/109 [has-pr]- "transaction" is easily misunderstood https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/116 [has-pr]- Client MUST support nonce fetching https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/103 [has-pr]- Support returning nonce in any responses, similar to DPoP https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/101 [has-pr]- Potential problems with HTTP OPTIONS? https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/102 [has-pr]- Nonce is meant for freshness, not to guarantee one-time use https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/104 [has-pr]- Evolution of the nonce fetching https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/110 [has-pr]- Add relevant oauth error responses to token requests when the client attestation is invalid https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/73 [has-pr]



Pull requests
-------------
* oauth-wg/oauth-identity-chaining (+1/-0/💬0)
 1 pull requests submitted:
 - Use IANA.media-types so the tooling can find the media types registry 
without an explicit target (by bc-pi)

https://github.com/oauth-wg/oauth-identity-chaining/pull/167

* oauth-wg/oauth-sd-jwt-vc (+2/-1/💬1)
 2 pull requests submitted:
 - Fixes 317 (by babisRoutis)

https://github.com/oauth-wg/oauth-sd-jwt-vc/pull/324- -11 (by bc-pi)https://github.com/oauth-wg/oauth-sd-jwt-vc/pull/322

 1 pull requests received 1 new comments:
 - #324 Fixes 317 (1 by bc-pi)

https://github.com/oauth-wg/oauth-sd-jwt-vc/pull/324

 1 pull requests merged:
 - -11

https://github.com/oauth-wg/oauth-sd-jwt-vc/pull/322

* oauth-wg/oauth-cross-device-security (+6/-5/💬0)
 6 pull requests submitted:
 - Add Dan Moore to acknowledgement (by PieterKas)

https://github.com/oauth-wg/oauth-cross-device-security/pull/175- Authorization Server only mitigations (by PieterKas)https://github.com/oauth-wg/oauth-cross-device-security/pull/174- Clarify authorization server role in establishing proximity (by PieterKas)https://github.com/oauth-wg/oauth-cross-device-security/pull/173- Devices not sharing a network (by PieterKas)https://github.com/oauth-wg/oauth-cross-device-security/pull/172- Editorial Updates - Issue 164 (by PieterKas)https://github.com/oauth-wg/oauth-cross-device-security/pull/171- Fixing Labels (by PieterKas)https://github.com/oauth-wg/oauth-cross-device-security/pull/170

 5 pull requests merged:
 - Add Dan Moore to acknowledgement

https://github.com/oauth-wg/oauth-cross-device-security/pull/175- Clarify authorization server role in establishing proximityhttps://github.com/oauth-wg/oauth-cross-device-security/pull/173- Devices not sharing a networkhttps://github.com/oauth-wg/oauth-cross-device-security/pull/172- Editorial Updates - Issue 164https://github.com/oauth-wg/oauth-cross-device-security/pull/171- Fixing Labelshttps://github.com/oauth-wg/oauth-cross-device-security/pull/170

* oauth-wg/draft-ietf-oauth-status-list (+1/-3/💬3)
 1 pull requests submitted:
 - grammar fixes (by adeinega)

https://github.com/oauth-wg/draft-ietf-oauth-status-list/pull/297

 3 pull requests received 3 new comments:
 - #296 change accept header from must to should (1 by tplooker)

https://github.com/oauth-wg/draft-ietf-oauth-status-list/pull/296- #295 some nitpicks and clarifications (1 by tplooker)https://github.com/oauth-wg/draft-ietf-oauth-status-list/pull/295- #284 fix rendering of OID and make clear that it can be used for other status mechanisms (1 by tplooker)https://github.com/oauth-wg/draft-ietf-oauth-status-list/pull/284

 3 pull requests merged:
 - some nitpicks and clarifications

https://github.com/oauth-wg/draft-ietf-oauth-status-list/pull/295- fix rendering of OID and make clear that it can be used for other status mechanismshttps://github.com/oauth-wg/draft-ietf-oauth-status-list/pull/284- change accept header from must to shouldhttps://github.com/oauth-wg/draft-ietf-oauth-status-list/pull/296

* oauth-wg/draft-ietf-oauth-attestation-based-client-auth (+7/-6/💬2)
 7 pull requests submitted:
 - Updates to error handling (by panva)

https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/pull/135- require iat in PoP (by panva)https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/pull/134- fix using use_attestation_challenge error parameter code for missing … (by mickrau)https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/pull/132- Clarify that client_id in client attestation MUST be consistent with token request (by tplooker)https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/pull/129- Editorial nit about usage of client attestation outside of OAuth (by tplooker)https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/pull/128- Update paul's affiliation (by paulbastian)https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/pull/127- Verification and Processing rules (by c2bo)https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/pull/126

 2 pull requests received 2 new comments:
 - #132 fix using use_attestation_challenge error parameter code for missing … 
(1 by panva)

https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/pull/132- #125 Remove expr from pop (1 by tplooker)https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/pull/125

 6 pull requests merged:
 - Verification and Processing rules

https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/pull/126- Clarify that client_id in client attestation MUST be consistent with token requesthttps://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/pull/129- Editorial nit about usage of client attestation outside of OAuthhttps://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/pull/128- Update paul's affiliationhttps://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/pull/127- Remove expr from pophttps://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/pull/125- new proposal for challenge endpointhttps://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/pull/112


Repositories tracked by this digest:
-----------------------------------
* https://github.com/oauth-wg/oauth-browser-based-apps
* https://github.com/oauth-wg/oauth-identity-chaining
* https://github.com/oauth-wg/oauth-transaction-tokens
* https://github.com/oauth-wg/oauth-sd-jwt-vc
* https://github.com/oauth-wg/draft-ietf-oauth-resource-metadata
* https://github.com/oauth-wg/oauth-cross-device-security
* https://github.com/oauth-wg/oauth-selective-disclosure-jwt
* https://github.com/oauth-wg/oauth-v2-1
* https://github.com/oauth-wg/draft-ietf-oauth-status-list
* https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth


--
To have a summary like this sent to your list, see: 
https://github.com/ietf-github-services/activity-summary

_______________________________________________
OAuth mailing list -- oauth@ietf.org
To unsubscribe send an email to oauth-le...@ietf.org

[OAUTH-WG] Weekly github digest (OAuth Activity Summary)

Reply via email to