[OAUTH-WG] Weekly github digest (OAuth Activity Summary)



Events without label "editorial"

Issues
------
* oauth-wg/oauth-identity-chaining (+0/-3/💬3)
 3 issues received 3 new comments:
 - #146 Improve examples in the appendix (1 by bc-pi)

https://github.com/oauth-wg/oauth-identity-chaining/issues/146- #139 Updates to reflect changes to RFC7523 (jwt_privatekey attack) (1 by bc-pi)https://github.com/oauth-wg/oauth-identity-chaining/issues/139- #120 OAuth client acting as a client (1 by bc-pi)https://github.com/oauth-wg/oauth-identity-chaining/issues/120

 3 issues closed:

- Required `requested_token_type` parameter https://github.com/oauth-wg/oauth-identity-chaining/issues/111- WGLC (2 of ?): claims/token transcription/rewrite security https://github.com/oauth-wg/oauth-identity-chaining/issues/170- WGLC (1 of ?): trust relationship realization https://github.com/oauth-wg/oauth-identity-chaining/issues/169

* oauth-wg/oauth-transaction-tokens (+0/-0/💬14)
 10 issues received 14 new comments:
 - #232 Need consistent normative language for txn claim (1 by PieterKas)

https://github.com/oauth-wg/oauth-transaction-tokens/issues/232 [WGLC Feedback]- #231 Describe parameter use (1 by PieterKas)https://github.com/oauth-wg/oauth-transaction-tokens/issues/231 [WGLC Feedback]- #230 Clarify "JWT Representation" (1 by PieterKas)https://github.com/oauth-wg/oauth-transaction-tokens/issues/230 [WGLC Feedback]- #229 Consider "Authorization surface" (1 by PieterKas)https://github.com/oauth-wg/oauth-transaction-tokens/issues/229 [WGLC Feedback]- #228 Clarify claim usage (1 by PieterKas)https://github.com/oauth-wg/oauth-transaction-tokens/issues/228 [WGLC Feedback]- #222 Should tctx field be a MUST (1 by ashayraut)https://github.com/oauth-wg/oauth-transaction-tokens/issues/222 [WGLC Feedback]- #217 Transaction token Lifetime extension (1 by ashayraut)https://github.com/oauth-wg/oauth-transaction-tokens/issues/217 [WGLC Feedback]- #194 Reconsider 'purp' claim scope (4 by PieterKas, bc-pi, dagdagdag83)https://github.com/oauth-wg/oauth-transaction-tokens/issues/194 [WGLC Feedback]- #193 Rationale for 'txn' being REQUIRED (2 by ashayraut, bc-pi)https://github.com/oauth-wg/oauth-transaction-tokens/issues/193 [WGLC Feedback]- #191 Exception for self-signed JWTs (1 by jsalowey)https://github.com/oauth-wg/oauth-transaction-tokens/issues/191 [WGLC Feedback]

* oauth-wg/oauth-sd-jwt-vc (+1/-0/💬7)
 1 issues created:
 - StringOrURI should probably not be used (by bc-pi)

https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/343

 3 issues received 7 new comments:
 - #343 StringOrURI should probably not be used (3 by adeinega, bc-pi)

https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/343- #342 Remove JSON schema from Type Metadata (1 by bc-pi)https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/342- #247 Potential Privacy implications of verifier knowing display information (3 by bc-pi, cre8)https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/247 [pending close] [blocked]

* oauth-wg/draft-ietf-oauth-attestation-based-client-auth (+0/-3/💬0)
 3 issues closed:

- Allow MAC as signature algorithms? https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/130- Add option without PoP but with ad-hoc client attetation and nonce https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/111 [ready-for-pr]- Client Attestation HTTP Headers https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/118 [discuss]

* oauth-wg/oauth-identity-assertion-authz-grant (+3/-0/💬6)
 3 issues created:
 - Clarify that IdP client can be mapped via ID-JAG to AS specific client (by 
mcguinness)

https://github.com/oauth-wg/oauth-identity-assertion-authz-grant/issues/45- Include more examples of claims in the id-jag (by meghnadubey)https://github.com/oauth-wg/oauth-identity-assertion-authz-grant/issues/43- IdP metadata recommendation (by meghnadubey)https://github.com/aaronpk/draft-parecki-oauth-identity-assertion-authz-grant/issues/38

 4 issues received 6 new comments:
 - #45 Clarify that IdP client can be mapped via ID-JAG to AS specific client 
(3 by mcguinness, meghnadubey)

https://github.com/oauth-wg/oauth-identity-assertion-authz-grant/issues/45- #41 Clarify ID-JAG is a typed profile of JWT Assertion Grant (1 by meghnadubey)https://github.com/oauth-wg/oauth-identity-assertion-authz-grant/issues/41- #40 Editorial cleanup to make clear interaction and role of the AS for the Resource App (1 by meghnadubey)https://github.com/oauth-wg/oauth-identity-assertion-authz-grant/issues/40- #39 Adopt Tenant Claim from OpenID Enterprise Extensions for ID-JAG (1 by meghnadubey)https://github.com/oauth-wg/oauth-identity-assertion-authz-grant/issues/39

* oauth-wg/draft-ietf-oauth-rfc8725bis (+0/-1/💬1)
 1 issues received 1 new comments:
 - #19 Representation of time values to void the 2038 bug (1 by selfissued)

https://github.com/oauth-wg/draft-ietf-oauth-rfc8725bis/issues/19

 1 issues closed:

- Markdown magic https://github.com/oauth-wg/draft-ietf-oauth-rfc8725bis/issues/20



Pull requests
-------------
* oauth-wg/oauth-identity-chaining (+2/-1/💬0)
 2 pull requests submitted:
 - six seven (by bc-pi)

https://github.com/oauth-wg/oauth-identity-chaining/pull/173- six seven (by bc-pi)https://github.com/oauth-wg/oauth-identity-chaining/pull/172

 1 pull requests merged:
 - prospective changes from WGLC reviews

https://github.com/oauth-wg/oauth-identity-chaining/pull/171

* oauth-wg/oauth-transaction-tokens (+4/-5/💬2)
 4 pull requests submitted:
 - Clarify "request_context" (by PieterKas)

https://github.com/oauth-wg/oauth-transaction-tokens/pull/247- Remove "surface" to describe extend of authorization (by PieterKas)https://github.com/oauth-wg/oauth-transaction-tokens/pull/246- Delete "represenntation" (by PieterKas)https://github.com/oauth-wg/oauth-transaction-tokens/pull/245- considerations for internal requests (by jsalowey)https://github.com/oauth-wg/oauth-transaction-tokens/pull/244

 2 pull requests received 2 new comments:
 - #240 added internal flow (1 by jsalowey)

https://github.com/oauth-wg/oauth-transaction-tokens/pull/240- #239 Clarify authentication requriements (1 by PieterKas)https://github.com/oauth-wg/oauth-transaction-tokens/pull/239

 5 pull requests merged:
 - Multiple TTS Instances

https://github.com/oauth-wg/oauth-transaction-tokens/pull/242- renamed microservice to workloadhttps://github.com/oauth-wg/oauth-transaction-tokens/pull/185- Delete draft-ietf-oauth-transaction-tokens-03.mdhttps://github.com/oauth-wg/oauth-transaction-tokens/pull/187- Delete "represenntation"https://github.com/oauth-wg/oauth-transaction-tokens/pull/245- Remove "surface" to describe extend of authorizationhttps://github.com/oauth-wg/oauth-transaction-tokens/pull/246

* oauth-wg/oauth-sd-jwt-vc (+1/-0/💬0)
 1 pull requests submitted:
 - Remove JSON schema from Type Metadata (by bc-pi)

https://github.com/oauth-wg/oauth-sd-jwt-vc/pull/345

* oauth-wg/draft-ietf-oauth-attestation-based-client-auth (+2/-3/💬7)
 2 pull requests submitted:
 - mandate header fields (by c2bo)

https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/pull/148- add use_fresh_attestation error type (by c2bo)https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/pull/147

 3 pull requests received 7 new comments:
 - #147 add use_fresh_attestation error type (5 by c2bo, panva)

https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/pull/147- #146 DPoP Optimisation (1 by paulbastian)https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/pull/146- #142 70 register as and client metadata for algorithm negotiation of attestations and pops (1 by paulbastian)https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/pull/142

 3 pull requests merged:
 - remove restrictions to not allow MAC-based algorithms

https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/pull/141- add use_fresh_attestation error typehttps://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/pull/147- mandate header fieldshttps://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/pull/148

* oauth-wg/draft-ietf-oauth-rfc8725bis (+0/-1/💬0)
 1 pull requests merged:
 - Venue info and boilerplate directive

https://github.com/oauth-wg/draft-ietf-oauth-rfc8725bis/pull/21


Repositories tracked by this digest:
-----------------------------------
* https://github.com/oauth-wg/oauth-browser-based-apps
* https://github.com/oauth-wg/oauth-identity-chaining
* https://github.com/oauth-wg/oauth-transaction-tokens
* https://github.com/oauth-wg/oauth-sd-jwt-vc
* https://github.com/oauth-wg/draft-ietf-oauth-resource-metadata
* https://github.com/oauth-wg/oauth-cross-device-security
* https://github.com/oauth-wg/oauth-selective-disclosure-jwt
* https://github.com/oauth-wg/oauth-v2-1
* https://github.com/oauth-wg/draft-ietf-oauth-status-list
* https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth
* https://github.com/oauth-wg/oauth-identity-assertion-authz-grant
* https://github.com/oauth-wg/draft-ietf-oauth-rfc8725bis
* https://github.com/oauth-wg/draft-ietf-oauth-rfc7523bis
* https://github.com/oauth-wg/oauth-first-party-apps


--
To have a summary like this sent to your list, see: 
https://github.com/ietf-github-services/activity-summary

_______________________________________________
OAuth mailing list -- [email protected]
To unsubscribe send an email to [email protected]

[OAUTH-WG] Weekly github digest (OAuth Activity Summary)

Reply via email to