Events without label "editorial"
Issues
------
* oauth-wg/oauth-transaction-tokens (+0/-3/💬4)
4 issues received 4 new comments:
- #223 Clarify Example (1 by PieterKas)
https://github.com/oauth-wg/oauth-transaction-tokens/issues/223 [WGLC Feedback]
- #222 Should tctx field be a MUST (1 by PieterKas)
https://github.com/oauth-wg/oauth-transaction-tokens/issues/222 [WGLC Feedback]
- #221 Clarify difference between sub and req_wl (1 by PieterKas)
https://github.com/oauth-wg/oauth-transaction-tokens/issues/221 [WGLC Feedback]
- #220 Clarify aud claim (1 by PieterKas)
https://github.com/oauth-wg/oauth-transaction-tokens/issues/220 [WGLC Feedback]
3 issues closed:
- Expand on use case in section 2.2.1 https://github.com/oauth-wg/oauth-transaction-tokens/issues/208 [WGLC Feedback]
- WGLC feedback from Brian - Editorial https://github.com/oauth-wg/oauth-transaction-tokens/issues/204 [WGLC Feedback]
- 18 287 4576 https://github.com/oauth-wg/oauth-transaction-tokens/issues/263
* oauth-wg/oauth-sd-jwt-vc (+0/-18/💬20)
13 issues received 20 new comments:
- #346 Support of the default Issuer Signature Mechanism. Required or not? (1
by danielfett)
https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/346 [discuss] [pending close]
- #293 Risk of issuer monitoring with jwt-vc-issuer metadata (3 by awoie, cre8)
https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/293
- #291 Support of the suspension or of the revovation of a Digital Credential without using the status claim (1 by danielfett)
https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/291 [pending close] [policy]
- #289 The SD-JWT DC does not CONTAIN the Key Binding JWT (1 by bc-pi)
https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/289 [HAS PR]
- #288 The definition of "Verifiable Credential (VC)"should be replaced by a definition of "Digital Credential (DC)" (2 by awoie, danielfett)
https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/288 [pending close]
- #287 The following sentence would need to be clarified and reworded (1 by danielfett)
https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/287 [pending close]
- #286 Suspension and revocation of Digital Credentials (1 by danielfett)
https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/286 [pending close] [future-extension] [policy]
- #284 A statement about "Verifiable Credentials" should be changed (2 by bc-pi, danielfett)
https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/284 [pending close]
- #283 The wording "Verifiable Credentials" should be changed into "Digital Credentials" (2 by awoie, danielfett)
https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/283 [pending close]
- #273 Provide guidance on versioning (1 by bc-pi)
https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/273 [HAS PR]
- #247 Potential Privacy implications of verifier knowing display information (1 by bc-pi)
https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/247 [pending close] [blocked]
- #222 allow JWS JSON serialization (was add example) (3 by awoie, bc-pi, danielfett)
https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/222 [pending close]
- #145 how cnf claim can be used with any other types of "binding" (1 by bc-pi)
https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/145 [pending close] [future-extension]
18 issues closed:
- allow JWS JSON serialization (was add example) https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/222 [pending close]
- Potential Privacy implications of verifier knowing display information https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/247 [pending close] [blocked]
- Suspension and revocation of Digital Credentials https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/286 [pending close] [future-extension] [policy]
- Support of the default Issuer Signature Mechanism. Required or not? https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/346 [discuss] [pending close]
- A statement about "Verifiable Credentials" should be changed https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/284 [pending close]
- The following sentence would need to be clarified and reworded https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/287 [pending close]
- The definition of "Verifiable Credential (VC)"should be replaced by a definition of "Digital Credential (DC)" https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/288 [pending close]
- The wording "Verifiable Credentials" should be changed into "Digital Credentials" https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/283 [pending close]
- Support of the suspension or of the revovation of a Digital Credential without using the status claim https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/291 [pending close] [policy]
- Provide guidance on versioning https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/273 [HAS PR]
- Figure 1 Issuer-Holder-Verifier Model should be modified https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/285 [HAS PR]
- The SD-JWT DC does not CONTAIN the Key Binding JWT https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/289 [HAS PR]
- Add security considerations on when/what metadata is/can be trusted https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/282 [HAS PR]
- Consider recommending a way to encode other data types. https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/225 [HAS PR]
- Declaration of arrays to the type metadata. https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/314 [HAS PR]
- Add language on x5c protection https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/240 [HAS PR]
- Risk of issuer monitoring with jwt-vc-issuer metadata https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/293
- Say something about presentations if KB-JWT is not used https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/297 [HAS PR]
* oauth-wg/draft-ietf-oauth-resource-metadata (+0/-1/💬1)
1 issues received 1 new comments:
- #56 Ambiguous handling of the resource_metadata WWW-Authenticate parameter
(1 by aaronpk)
https://github.com/oauth-wg/draft-ietf-oauth-resource-metadata/issues/56
1 issues closed:
- Ambiguous handling of the resource_metadata WWW-Authenticate parameter https://github.com/oauth-wg/draft-ietf-oauth-resource-metadata/issues/56
* oauth-wg/oauth-v2-1 (+0/-4/💬4)
3 issues received 4 new comments:
- #210 Add definitions for client_secret_basic, client_secret_post and none
client authentication methods (1 by aaronpk)
https://github.com/oauth-wg/oauth-v2-1/issues/210 [ietf-124]
- #183 Clarify `aud` values that should be accepted in `private_key_jwt` at the token (and other) endpoints (2 by aaronpk, bc-pi)
https://github.com/oauth-wg/oauth-v2-1/issues/183
- #120 How can an AS support both 2.0 and 2.1 clients concurrently (1 by njwatson32)
https://github.com/oauth-wg/oauth-v2-1/issues/120 [ietf-124]
4 issues closed:
- what does it mean to "sanitise" state/redirect urls? https://github.com/oauth-wg/oauth-v2-1/issues/209
- Add definitions for client_secret_basic, client_secret_post and none client authentication methods https://github.com/oauth-wg/oauth-v2-1/issues/210 [ietf-124]
- Strict JavaScript Exclusiveness? https://github.com/oauth-wg/oauth-v2-1/issues/174
- specific reference to Section 4.3.4 of RFC9100 for TLS server certificate check https://github.com/oauth-wg/oauth-v2-1/issues/221
* oauth-wg/draft-ietf-oauth-status-list (+0/-0/💬2)
1 issues received 2 new comments:
- #304 Feedback from AD review (2 by c2bo, paulbastian)
https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/304
* oauth-wg/draft-ietf-oauth-attestation-based-client-auth (+13/-0/💬0)
13 issues created:
- Editorial: Remove two sentences that contain left references to nonce (by
Denisthemalice)
https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/165
- In section 10.6. (Replay Attack Detection) the current description is incorrect (by Denisthemalice)
https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/164
- A client should be able to request a challenge without using a challenge endpoint (by Denisthemalice)
https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/163
- It is proposed to remove use self-contained challenges (by Denisthemalice)
https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/162
- The terminology in section 3 should be changed (by Denisthemalice)
https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/161
- The Figure 1 should be redrawn (by Denisthemalice)
https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/160
- The Client Attestation PoP JWT should be able to support a data origin authentication service (by Denisthemalice)
https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/159
- The description of the flows should be reconsidered (by Denisthemalice)
https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/158
- The Introduction should be reworded (by Denisthemalice)
https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/157
- It would be worthwhile to define claims able to carry the type of the device and the firmware/software that the device is running (by Denisthemalice)
https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/156
- The privacy considerations in section 11 from RFC 9334 should be endorsed (by Denisthemalice)
https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/155
- A protocol for the renewal of one-time use Client Attestation JWTs is necessary (by Denisthemalice)
https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/154
- Should this document be applicable both to Authorization Servers and Resource Servers ? (by Denisthemalice)
https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/153
* oauth-wg/oauth-identity-assertion-authz-grant (+1/-5/💬30)
1 issues created:
- recommendation on https for audience param? (by sdesen)
https://github.com/oauth-wg/oauth-identity-assertion-authz-grant/issues/53
12 issues received 30 new comments:
- #53 recommendation on https for audience param? (1 by mcguinness)
https://github.com/oauth-wg/oauth-identity-assertion-authz-grant/issues/53
- #52 Discovering allowed Resource App (instances) for the logged in user (3 by mcguinness, meghnadubey)
https://github.com/oauth-wg/oauth-identity-assertion-authz-grant/issues/52
- #51 Support for Multi-Instance Apps (12 by aaronpk, dlozlla, mcguinness, meghnadubey)
https://github.com/oauth-wg/oauth-identity-assertion-authz-grant/issues/51
- #48 The spec states that `refresh_token` SHOULD NOT be used (1 by mcguinness)
https://github.com/oauth-wg/oauth-identity-assertion-authz-grant/issues/48
- #45 Clarify that IdP client can be mapped via ID-JAG to AS specific client (2 by aaronpk, meghnadubey)
https://github.com/oauth-wg/oauth-identity-assertion-authz-grant/issues/45
- #41 Clarify ID-JAG is a typed profile of JWT Assertion Grant (1 by aaronpk)
https://github.com/oauth-wg/oauth-identity-assertion-authz-grant/issues/41
- #40 Editorial cleanup to make clear interaction and role of the AS for the Resource App (1 by aaronpk)
https://github.com/oauth-wg/oauth-identity-assertion-authz-grant/issues/40
- #39 Adopt Tenant Claim from OpenID Enterprise Extensions for ID-JAG (1 by aaronpk)
https://github.com/oauth-wg/oauth-identity-assertion-authz-grant/issues/39
- #28 Proof-of-Possession Token for Resource App (5 by aaronpk, mcguinness)
https://github.com/oauth-wg/oauth-identity-assertion-authz-grant/issues/28
- #17 Client ID Registration (1 by aaronpk)
https://github.com/oauth-wg/oauth-identity-assertion-authz-grant/issues/17
- #14 Discuss the need for client_id mapping (1 by aaronpk)
https://github.com/oauth-wg/oauth-identity-assertion-authz-grant/issues/14
- #13 Why don't the IdP requests the access token from the AS? (1 by aaronpk)
https://github.com/oauth-wg/oauth-identity-assertion-authz-grant/issues/13
5 issues closed:
- Editorial cleanup to make clear interaction and role of the AS for the Resource App https://github.com/oauth-wg/oauth-identity-assertion-authz-grant/issues/40
- Add scope to 6.1 processing rules https://github.com/oauth-wg/oauth-identity-assertion-authz-grant/issues/49
- Adopt Tenant Claim from OpenID Enterprise Extensions for ID-JAG https://github.com/oauth-wg/oauth-identity-assertion-authz-grant/issues/39
- Clarify ID-JAG is a typed profile of JWT Assertion Grant https://github.com/oauth-wg/oauth-identity-assertion-authz-grant/issues/41
- id-jag SHOULD be short-lived https://github.com/oauth-wg/oauth-identity-assertion-authz-grant/issues/37
* oauth-wg/draft-ietf-oauth-client-id-metadata-document (+0/-0/💬5)
1 issues received 5 new comments:
- #36 specify native app restriction for clarity on client authentication
section (5 by JetA2, ThisIsMissEm, aaronpk, matthieusieben)
https://github.com/oauth-wg/draft-ietf-oauth-client-id-metadata-document/issues/36
Pull requests
-------------
* oauth-wg/oauth-identity-chaining (+1/-0/💬0)
1 pull requests submitted:
- (by arndt-s)
* oauth-wg/oauth-transaction-tokens (+2/-0/💬0)
2 pull requests submitted:
- (by PieterKas)
- (by arndt-s)
* oauth-wg/oauth-sd-jwt-vc (+12/-0/💬12)
12 pull requests submitted:
- (by bc-pi)
- (by danielfett)
- (by danielfett)
- (by danielfett)
- (by awoie)
- (by awoie)
- (by bc-pi)
- (by awoie)
- (by awoie)
- (by awoie)
- (by bc-pi)
- (by bc-pi)
6 pull requests received 12 new comments:
- #371 Change PID example to make clear that it is not normative in any way (1
by bc-pi)
https://github.com/oauth-wg/oauth-sd-jwt-vc/pull/371
- #368 Improve example around array elements and paths (1 by danielfett)
https://github.com/oauth-wg/oauth-sd-jwt-vc/pull/368
- #364 editorial: fix formatting (2 by awoie, danielfett)
https://github.com/oauth-wg/oauth-sd-jwt-vc/pull/364
- #363 Limit scope of x509 certificates to protected header (6 by awoie, bc-pi, danielfett, peppelinux)
https://github.com/oauth-wg/oauth-sd-jwt-vc/pull/363 [discuss] [DO NOT MERGE]
- #362 make it clear that presentations don't need kb (1 by awoie)
https://github.com/oauth-wg/oauth-sd-jwt-vc/pull/362
- #360 Provide some guidance on versioning via the `vct` value (1 by bc-pi)
https://github.com/oauth-wg/oauth-sd-jwt-vc/pull/360
* oauth-wg/oauth-v2-1 (+4/-0/💬0)
4 pull requests submitted:
- (by aaronpk)
- (by aaronpk)
- (by aaronpk)
- (by aaronpk)
* oauth-wg/draft-ietf-oauth-status-list (+1/-0/💬1)
1 pull requests submitted:
- (by paulbastian)
1 pull requests received 1 new comments:
- #305 AD review (1 by c2bo)
https://github.com/oauth-wg/draft-ietf-oauth-status-list/pull/305
* oauth-wg/oauth-identity-assertion-authz-grant (+3/-0/💬0)
3 pull requests submitted:
- (by aaronpk)
- (by mcguinness)
- (by mcguinness)
Repositories tracked by this digest:
-----------------------------------
* https://github.com/oauth-wg/oauth-browser-based-apps
* https://github.com/oauth-wg/oauth-identity-chaining
* https://github.com/oauth-wg/oauth-transaction-tokens
* https://github.com/oauth-wg/oauth-sd-jwt-vc
* https://github.com/oauth-wg/draft-ietf-oauth-resource-metadata
* https://github.com/oauth-wg/oauth-cross-device-security
* https://github.com/oauth-wg/oauth-selective-disclosure-jwt
* https://github.com/oauth-wg/oauth-v2-1
* https://github.com/oauth-wg/draft-ietf-oauth-status-list
* https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth
* https://github.com/oauth-wg/oauth-identity-assertion-authz-grant
* https://github.com/oauth-wg/draft-ietf-oauth-rfc8725bis
* https://github.com/oauth-wg/draft-ietf-oauth-rfc7523bis
* https://github.com/oauth-wg/oauth-first-party-apps
* https://github.com/oauth-wg/draft-ietf-oauth-client-id-metadata-document
--
To have a summary like this sent to your list, see:
https://github.com/ietf-github-services/activity-summary
_______________________________________________
OAuth mailing list -- [email protected]
To unsubscribe send an email to [email protected]
