Events without label "editorial"
Issues
------
* oauth-wg/oauth-transaction-tokens (+0/-6/💬7)
5 issues received 7 new comments:
- #217 Transaction token Lifetime extension (2 by PieterKas)
https://github.com/oauth-wg/oauth-transaction-tokens/issues/217 [WGLC Feedback]
- #211 Extend life of transaction tokens (1 by PieterKas)
https://github.com/oauth-wg/oauth-transaction-tokens/issues/211 [WGLC Feedback]
- #206 Relation of purpose to scope validated at API gateway (1 by gffletch)
https://github.com/oauth-wg/oauth-transaction-tokens/issues/206
- #201 Unsigned JWT Expiration Time (2 by PieterKas, bc-pi)
https://github.com/oauth-wg/oauth-transaction-tokens/issues/201 [WGLC Feedback] [WGLC Discuss]
- #183 New Token identifier during replacement (1 by ashayraut)
https://github.com/oauth-wg/oauth-transaction-tokens/issues/183
6 issues closed:
- Empty Type Parameter https://github.com/oauth-wg/oauth-transaction-tokens/issues/235 [WGLC Feedback]
- Create internally initiated example https://github.com/oauth-wg/oauth-transaction-tokens/issues/212 [WGLC Feedback]
- Consider replacing Scope with Purpose https://github.com/oauth-wg/oauth-transaction-tokens/issues/178
- Reconsider 'purp' claim scope https://github.com/oauth-wg/oauth-transaction-tokens/issues/194 [WGLC Feedback]
- Unsigned JWT Expiration Time https://github.com/oauth-wg/oauth-transaction-tokens/issues/201 [WGLC Feedback] [WGLC Discuss]
- Relace StringOrURI with String https://github.com/oauth-wg/oauth-transaction-tokens/issues/195 [WGLC Feedback]
* oauth-wg/oauth-sd-jwt-vc (+1/-6/💬6)
1 issues created:
- metadata lists extensions that consumers must know to properly validate SD
JWTs (by bc-pi)
https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/354
5 issues received 6 new comments:
- #352 background_image is used in many OIDC4VCI configurations, would it be
possible to add it as an option aside logo in the rendering method simple (2 by
ThierryThevenet, bc-pi)
https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/352
- #287 The following sentence would need to be clarified and reworded (1 by bc-pi)
https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/287 [pending close]
- #285 Figure 1 Issuer-Holder-Verifier Model should be modified (1 by bc-pi)
https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/285
- #223 I18N for Metadata (1 by awoie)
https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/223 [discuss] [Ready-for-PR] [metadata] [PRIO]
- #221 Security considerations on integrity of Type Metadata (1 by awoie)
https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/221 [pending close] [metadata]
6 issues closed:
- add extension point for type metadata https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/350 [schema]
- Remove JSON schema from Type Metadata https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/342 [schema]
- JSON Schema and required claims https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/332 [schema]
- Is it required to validate the whole chain of schemas? https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/238 [schema]
- Distinguish between issuance and presentation schemas https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/237 [discuss] [schema]
- Security considerations on integrity of Type Metadata https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/221 [pending close] [metadata]
* oauth-wg/oauth-v2-1 (+1/-0/💬0)
1 issues created:
- specifc ref to Section 4.3.4 of RFC9100 for tls cert check (by bc-pi)
https://github.com/oauth-wg/oauth-v2-1/issues/221
* oauth-wg/draft-ietf-oauth-attestation-based-client-auth (+1/-0/💬2)
1 issues created:
- Ambiguity concerning MAC algorithms in Client Attestation JWT (by dzarras)
https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/151
1 issues received 2 new comments:
- #150 Challenges on Previous Responses. Do we need this? (2 by babisRoutis,
panva)
https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/150
* oauth-wg/oauth-identity-assertion-authz-grant (+0/-0/💬3)
2 issues received 3 new comments:
- #48 The spec states that `refresh_token` SHOULD NOT be used (2 by
mcguinness, meghnadubey)
https://github.com/oauth-wg/oauth-identity-assertion-authz-grant/issues/48
- #45 Clarify that IdP client can be mapped via ID-JAG to AS specific client (1 by mcguinness)
https://github.com/oauth-wg/oauth-identity-assertion-authz-grant/issues/45
* oauth-wg/draft-ietf-oauth-rfc8725bis (+1/-3/💬13)
1 issues created:
- In
https://www.ietf.org/archive/id/draft-sheffer-oauth-rfc8725bis-01.html#name-weak-symmetric-keys
perhaps you want to mention this open source project which cracks JWTs signed
with a weak HMAC key: https://github.com/brendan-rius/c-jwt-cracker (by yaronf)
https://github.com/oauth-wg/draft-ietf-oauth-rfc8725bis/issues/24
3 issues received 13 new comments:
- #19 Representation of time values to void the 2038 bug (1 by yaronf)
https://github.com/oauth-wg/draft-ietf-oauth-rfc8725bis/issues/19
- #15 JWTs issued for one individual must not be usable by another individual with a complicity between these individuals (6 by Denisthemalice, dickhardt)
https://github.com/oauth-wg/draft-ietf-oauth-rfc8725bis/issues/15
- #14 Comments from Dan Moore (6 by yaronf)
https://github.com/oauth-wg/draft-ietf-oauth-rfc8725bis/issues/14
3 issues closed:
- Need a "Changes from RFC8725" section https://github.com/oauth-wg/draft-ietf-oauth-rfc8725bis/issues/18
- In https://www.ietf.org/archive/id/draft-sheffer-oauth-rfc8725bis-01.html#name-weak-symmetric-keys perhaps you want to mention this open source project which cracks JWTs signed with a weak HMAC key: https://github.com/brendan-rius/c-jwt-cracker https://github.com/oauth-wg/draft-ietf-oauth-rfc8725bis/issues/24
- Representation of time values to void the 2038 bug https://github.com/oauth-wg/draft-ietf-oauth-rfc8725bis/issues/19
Pull requests
-------------
* oauth-wg/oauth-transaction-tokens (+2/-4/💬1)
2 pull requests submitted:
- MUST instead of MAY on transaction lifetime (by PieterKas)
https://github.com/oauth-wg/oauth-transaction-tokens/pull/256
- Remove 'exp' from unsigned subject_token (by PieterKas)
https://github.com/oauth-wg/oauth-transaction-tokens/pull/255
1 pull requests received 1 new comments:
- #254 Allow for alternatives to RFC8693 (1 by PieterKas)
https://github.com/oauth-wg/oauth-transaction-tokens/pull/254
4 pull requests merged:
- Clarify why the Type: field is empty
https://github.com/oauth-wg/oauth-transaction-tokens/pull/241
- added internal flow
https://github.com/oauth-wg/oauth-transaction-tokens/pull/240
- Removal of `purp` claim
https://github.com/oauth-wg/oauth-transaction-tokens/pull/249
- Remove 'exp' from unsigned subject_token
https://github.com/oauth-wg/oauth-transaction-tokens/pull/255
* oauth-wg/oauth-sd-jwt-vc (+1/-1/💬0)
1 pull requests submitted:
- Rename lang to locale (because tradition) (by danielfett)
https://github.com/oauth-wg/oauth-sd-jwt-vc/pull/353
1 pull requests merged:
- Remove JSON schema from Type Metadata
https://github.com/oauth-wg/oauth-sd-jwt-vc/pull/345
* oauth-wg/oauth-v2-1 (+1/-0/💬0)
1 pull requests submitted:
- ref Section 4.3.4 of RFC9110 for TLS server cert check (by bc-pi)
https://github.com/oauth-wg/oauth-v2-1/pull/222
* oauth-wg/draft-ietf-oauth-rfc8725bis (+2/-1/💬0)
2 pull requests submitted:
- More substantial edits by Dan Moore (by yaronf)
https://github.com/oauth-wg/draft-ietf-oauth-rfc8725bis/pull/25
- Dan Moore's comments - the editorial part (by yaronf)
https://github.com/oauth-wg/draft-ietf-oauth-rfc8725bis/pull/23
1 pull requests merged:
- New section: changes from RFC 8725
https://github.com/oauth-wg/draft-ietf-oauth-rfc8725bis/pull/22
Repositories tracked by this digest:
-----------------------------------
* https://github.com/oauth-wg/oauth-browser-based-apps
* https://github.com/oauth-wg/oauth-identity-chaining
* https://github.com/oauth-wg/oauth-transaction-tokens
* https://github.com/oauth-wg/oauth-sd-jwt-vc
* https://github.com/oauth-wg/draft-ietf-oauth-resource-metadata
* https://github.com/oauth-wg/oauth-cross-device-security
* https://github.com/oauth-wg/oauth-selective-disclosure-jwt
* https://github.com/oauth-wg/oauth-v2-1
* https://github.com/oauth-wg/draft-ietf-oauth-status-list
* https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth
* https://github.com/oauth-wg/oauth-identity-assertion-authz-grant
* https://github.com/oauth-wg/draft-ietf-oauth-rfc8725bis
* https://github.com/oauth-wg/draft-ietf-oauth-rfc7523bis
* https://github.com/oauth-wg/oauth-first-party-apps
--
To have a summary like this sent to your list, see:
https://github.com/ietf-github-services/activity-summary
_______________________________________________
OAuth mailing list -- [email protected]
To unsubscribe send an email to [email protected]
