Events without label "editorial" Issues ------ * oauth-wg/oauth-sd-jwt-vc (+1/-0/💬6) 1 issues created: - Should `sd` `allowed` used by issuers? (by babisRoutis)https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/323
5 issues received 6 new comments: - #321 Be more opinionated about validity claims? (1 by danielfett)https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/321 [pending close] - #319 Mapping for 'termsOfUse' from VCDM (2 by danielfett, tweeddalex) https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/319 [pending close] - #315 Recommend against using the x5u parameter in JWK (1 by danielfett) https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/315 - #310 Should `mandatory` be added to claim metadata? (1 by danielfett) https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/310 [enhancement] [discuss] - #253 Issuer-signed JWT Verification Key Validation - Separation of signature and identity verification/validation? (1 by bc-pi) https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/253 [discuss]
* oauth-wg/oauth-cross-device-security (+0/-5/💬3) 3 issues received 3 new comments: - #169 broken internal links (1 by PieterKas)https://github.com/oauth-wg/oauth-cross-device-security/issues/169 - #166 Make Authorisation Server role explicit in establishing Proximity (1 by PieterKas) https://github.com/oauth-wg/oauth-cross-device-security/issues/166 - #164 Editorial Updates (1 by PieterKas) https://github.com/oauth-wg/oauth-cross-device-security/issues/164
5 issues closed:- Add acknowledgement for Dan Moore's contribution https://github.com/oauth-wg/oauth-cross-device-security/issues/168 - Make Authorisation Server role explicit in establishing Proximity https://github.com/oauth-wg/oauth-cross-device-security/issues/166 - Additional Info about shared network https://github.com/oauth-wg/oauth-cross-device-security/issues/165 - Editorial Updates https://github.com/oauth-wg/oauth-cross-device-security/issues/164 - broken internal links https://github.com/oauth-wg/oauth-cross-device-security/issues/169
* oauth-wg/oauth-selective-disclosure-jwt (+0/-2/💬1) 1 issues received 1 new comments: - #574 Providing interoperability for ECDH-HMAC signatures on key binding JWT (1 by bc-pi)https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/574 [help wanted] [question] [pending-close]
2 issues closed:- Providing interoperability for ECDH-HMAC signatures on key binding JWT https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/574 [help wanted] [question] [pending-close] - Issuer/Verifier unlinkability with an honest Verifier can be broken if certain JWS headers are used https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/581
* oauth-wg/oauth-v2-1 (+1/-0/💬0) 1 issues created: - clarity on refresh_token grant with lesser scope change without "offline_access" (by dvanmali)https://github.com/oauth-wg/oauth-v2-1/issues/216
* oauth-wg/draft-ietf-oauth-status-list (+1/-3/💬0) 1 issues created: - property uri (by adeinega)https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/298
3 issues closed:- More Feedback from Denis https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/294 - Extended Key Usage OID https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/283 - Feedback regarding expected format https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/292
* oauth-wg/draft-ietf-oauth-attestation-based-client-auth (+3/-12/💬8) 3 issues created: - pop iat should now be required (by panva)https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/133 - Dedicated error code for missing client attestation (by mickrau) https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/131 - Allow MAC as signature algorithms? (by paulbastian) https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/130
2 issues received 8 new comments: - #131 Dedicated error code for missing client attestation (6 by mickrau, panva, paulbastian)https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/131 - #81 client_id optional in the request body (2 by tplooker) https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/81 [has-pr]
12 issues closed:- Create section on Processing and Verification https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/122 [has-pr] - client_id optional in the request body https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/81 [has-pr] - Editorial - what is a "traditional OAuth2 ecosystem" https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/117 [has-pr] - Remove `exp` from the PoP https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/124 [has-pr] - Add Authorization Server policy section about "Reuse of a Client Attestation JWT" https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/109 [has-pr] - "transaction" is easily misunderstood https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/116 [has-pr] - Client MUST support nonce fetching https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/103 [has-pr] - Support returning nonce in any responses, similar to DPoP https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/101 [has-pr] - Potential problems with HTTP OPTIONS? https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/102 [has-pr] - Nonce is meant for freshness, not to guarantee one-time use https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/104 [has-pr] - Evolution of the nonce fetching https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/110 [has-pr] - Add relevant oauth error responses to token requests when the client attestation is invalid https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/73 [has-pr]
Pull requests ------------- * oauth-wg/oauth-identity-chaining (+1/-0/💬0) 1 pull requests submitted: - Use IANA.media-types so the tooling can find the media types registry without an explicit target (by bc-pi)https://github.com/oauth-wg/oauth-identity-chaining/pull/167
* oauth-wg/oauth-sd-jwt-vc (+2/-1/💬1) 2 pull requests submitted: - Fixes 317 (by babisRoutis)https://github.com/oauth-wg/oauth-sd-jwt-vc/pull/324 - -11 (by bc-pi) https://github.com/oauth-wg/oauth-sd-jwt-vc/pull/322
1 pull requests received 1 new comments: - #324 Fixes 317 (1 by bc-pi)https://github.com/oauth-wg/oauth-sd-jwt-vc/pull/324
1 pull requests merged: - -11https://github.com/oauth-wg/oauth-sd-jwt-vc/pull/322
* oauth-wg/oauth-cross-device-security (+6/-5/💬0) 6 pull requests submitted: - Add Dan Moore to acknowledgement (by PieterKas)https://github.com/oauth-wg/oauth-cross-device-security/pull/175 - Authorization Server only mitigations (by PieterKas) https://github.com/oauth-wg/oauth-cross-device-security/pull/174 - Clarify authorization server role in establishing proximity (by PieterKas) https://github.com/oauth-wg/oauth-cross-device-security/pull/173 - Devices not sharing a network (by PieterKas) https://github.com/oauth-wg/oauth-cross-device-security/pull/172 - Editorial Updates - Issue 164 (by PieterKas) https://github.com/oauth-wg/oauth-cross-device-security/pull/171 - Fixing Labels (by PieterKas) https://github.com/oauth-wg/oauth-cross-device-security/pull/170
5 pull requests merged: - Add Dan Moore to acknowledgementhttps://github.com/oauth-wg/oauth-cross-device-security/pull/175 - Clarify authorization server role in establishing proximity https://github.com/oauth-wg/oauth-cross-device-security/pull/173 - Devices not sharing a network https://github.com/oauth-wg/oauth-cross-device-security/pull/172 - Editorial Updates - Issue 164 https://github.com/oauth-wg/oauth-cross-device-security/pull/171 - Fixing Labels https://github.com/oauth-wg/oauth-cross-device-security/pull/170
* oauth-wg/draft-ietf-oauth-status-list (+1/-3/💬3) 1 pull requests submitted: - grammar fixes (by adeinega)https://github.com/oauth-wg/draft-ietf-oauth-status-list/pull/297
3 pull requests received 3 new comments: - #296 change accept header from must to should (1 by tplooker)https://github.com/oauth-wg/draft-ietf-oauth-status-list/pull/296 - #295 some nitpicks and clarifications (1 by tplooker) https://github.com/oauth-wg/draft-ietf-oauth-status-list/pull/295 - #284 fix rendering of OID and make clear that it can be used for other status mechanisms (1 by tplooker) https://github.com/oauth-wg/draft-ietf-oauth-status-list/pull/284
3 pull requests merged: - some nitpicks and clarificationshttps://github.com/oauth-wg/draft-ietf-oauth-status-list/pull/295 - fix rendering of OID and make clear that it can be used for other status mechanisms https://github.com/oauth-wg/draft-ietf-oauth-status-list/pull/284 - change accept header from must to should https://github.com/oauth-wg/draft-ietf-oauth-status-list/pull/296
* oauth-wg/draft-ietf-oauth-attestation-based-client-auth (+7/-6/💬2) 7 pull requests submitted: - Updates to error handling (by panva)https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/pull/135 - require iat in PoP (by panva) https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/pull/134 - fix using use_attestation_challenge error parameter code for missing … (by mickrau) https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/pull/132 - Clarify that client_id in client attestation MUST be consistent with token request (by tplooker) https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/pull/129 - Editorial nit about usage of client attestation outside of OAuth (by tplooker) https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/pull/128 - Update paul's affiliation (by paulbastian) https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/pull/127 - Verification and Processing rules (by c2bo) https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/pull/126
2 pull requests received 2 new comments: - #132 fix using use_attestation_challenge error parameter code for missing … (1 by panva)https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/pull/132 - #125 Remove expr from pop (1 by tplooker) https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/pull/125
6 pull requests merged: - Verification and Processing ruleshttps://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/pull/126 - Clarify that client_id in client attestation MUST be consistent with token request https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/pull/129 - Editorial nit about usage of client attestation outside of OAuth https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/pull/128 - Update paul's affiliation https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/pull/127 - Remove expr from pop https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/pull/125 - new proposal for challenge endpoint https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/pull/112
Repositories tracked by this digest: ----------------------------------- * https://github.com/oauth-wg/oauth-browser-based-apps * https://github.com/oauth-wg/oauth-identity-chaining * https://github.com/oauth-wg/oauth-transaction-tokens * https://github.com/oauth-wg/oauth-sd-jwt-vc * https://github.com/oauth-wg/draft-ietf-oauth-resource-metadata * https://github.com/oauth-wg/oauth-cross-device-security * https://github.com/oauth-wg/oauth-selective-disclosure-jwt * https://github.com/oauth-wg/oauth-v2-1 * https://github.com/oauth-wg/draft-ietf-oauth-status-list * https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth -- To have a summary like this sent to your list, see: https://github.com/ietf-github-services/activity-summary
_______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
