Events without label "editorial"
Issues
------
* oauth-wg/oauth-identity-chaining (+1/-0/💬3)
1 issues created:
- (WGLC 2 of ?) claims/token transcription/rewrite security (by bc-pi)
https://github.com/oauth-wg/oauth-identity-chaining/issues/170
2 issues received 3 new comments:
- #139 Updates to reflect changes to RFC7523 (jwt_privatekey attack) (2 by
bc-pi)
https://github.com/oauth-wg/oauth-identity-chaining/issues/139
- #111 Required `requested_token_type` parameter (1 by bc-pi)
https://github.com/oauth-wg/oauth-identity-chaining/issues/111
* oauth-wg/oauth-transaction-tokens (+1/-0/💬14)
1 issues created:
- Consistency Pass Needed (by PieterKas)
https://github.com/oauth-wg/oauth-transaction-tokens/issues/243
7 issues received 14 new comments:
- #235 Empty Type Parameter (1 by bc-pi)
https://github.com/oauth-wg/oauth-transaction-tokens/issues/235 [WGLC Feedback]
- #234 TTS Configuration (1 by PieterKas)
https://github.com/oauth-wg/oauth-transaction-tokens/issues/234 [WGLC Feedback]
- #233 Logical vs Physical TTS (1 by PieterKas)
https://github.com/oauth-wg/oauth-transaction-tokens/issues/233 [WGLC Feedback]
- #218 Reference WIMSE WIT (1 by dagdagdag83)
https://github.com/oauth-wg/oauth-transaction-tokens/issues/218 [WGLC Feedback]
- #212 Create internally initiated example (1 by jsalowey)
https://github.com/oauth-wg/oauth-transaction-tokens/issues/212 [WGLC Feedback]
- #194 Reconsider 'purp' claim scope (8 by PieterKas, bc-pi, dagdagdag83, tulshi)
https://github.com/oauth-wg/oauth-transaction-tokens/issues/194 [WGLC Feedback]
- #189 Allow Gateways to issue Tx-token to self without using RFC8693 (1 by dagdagdag83)
https://github.com/oauth-wg/oauth-transaction-tokens/issues/189 [WGLC Feedback]
* oauth-wg/oauth-sd-jwt-vc (+1/-5/💬7)
1 issues created:
- Remove JSON schema from Type Metadata (by bc-pi)
https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/342
5 issues received 7 new comments:
- #342 Remove JSON schema from Type Metadata (3 by adeinega, cre8)
https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/342
- #334 Remove Type Metadata Glue Documents (1 by bc-pi)
https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/334
- #331 Type Metadata documents in the unprotected header of the JWS (1 by bc-pi)
https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/331
- #247 Potential Privacy implications of verifier knowing display information (1 by bc-pi)
https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/247 [pending close] [blocked]
- #223 I18N for Metadata (1 by bc-pi)
https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/223 [discuss] [metadata] [PRIO] [wg-05]
5 issues closed:
- Add security consideration: Extending a type doesn't imply authorization to issue the type https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/302 [HAS PR]
- Type Metadata documents in the unprotected header of the JWS https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/331
- Remove Type Metadata Glue Documents https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/334
- Why vct is not selectively disclosable, but vct#integrity is not? https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/258 [Ready-for-PR]
- mandate JWT when ietf status list is used (there is also cwt) https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/333 [HAS PR]
* oauth-wg/draft-ietf-oauth-status-list (+1/-2/💬4)
1 issues created:
- Clarification : Status List Token (in CWT) to the HTTP Response (by
babisRoutis)
https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/302
3 issues received 4 new comments:
- #302 Clarification : Status List Token (in CWT) to the HTTP Response (2 by
babisRoutis, paulbastian)
https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/302
- #301 the maximum size of a Status List (1 by tplooker)
https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/301 [pending-close]
- #300 Brotli vs Zlib (1 by paulbastian)
https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/300 [pending-close]
2 issues closed:
- the maximum size of a Status List https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/301 [pending-close]
- Brotli vs Zlib https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/300 [pending-close]
* oauth-wg/draft-ietf-oauth-attestation-based-client-auth (+0/-0/💬3)
2 issues received 3 new comments:
- #140 Feedback from mailing list (1 by paulbastian)
https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/140
- #70 Register AS and client metadata for algorithm negotiation of attestations and pops (2 by panva, paulbastian)
https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/70
Pull requests
-------------
* oauth-wg/oauth-identity-chaining (+1/-1/💬0)
1 pull requests submitted:
- DRAFT prospective changes from WGLC review (by bc-pi)
https://github.com/oauth-wg/oauth-identity-chaining/pull/171
1 pull requests merged:
- Use IANA.media-types so the tooling can find the media types registry
without an explicit target
https://github.com/oauth-wg/oauth-identity-chaining/pull/167
* oauth-wg/oauth-transaction-tokens (+3/-1/💬1)
3 pull requests submitted:
- Multiple TTS Instances (by PieterKas)
https://github.com/oauth-wg/oauth-transaction-tokens/pull/242
- Clarify why the Type: field is empty (by PieterKas)
https://github.com/oauth-wg/oauth-transaction-tokens/pull/241
- added internal flow (by jsalowey)
https://github.com/oauth-wg/oauth-transaction-tokens/pull/240
1 pull requests received 1 new comments:
- #240 added internal flow (1 by bc-pi)
https://github.com/oauth-wg/oauth-transaction-tokens/pull/240
1 pull requests merged:
- Proposed change to definition of authorization context
https://github.com/oauth-wg/oauth-transaction-tokens/pull/237
* oauth-wg/oauth-sd-jwt-vc (+0/-3/💬2)
1 pull requests received 2 new comments:
- #337 fix: add extend for claim metadata (2 by babisRoutis, cre8)
https://github.com/oauth-wg/oauth-sd-jwt-vc/pull/337
3 pull requests merged:
- fix: add security consideration for issuer authorization.
https://github.com/oauth-wg/oauth-sd-jwt-vc/pull/338
- Set vct:integrity to the list of attribute to not selectively disclosed
https://github.com/oauth-wg/oauth-sd-jwt-vc/pull/336
- Status List Token has to be a JWT
https://github.com/oauth-wg/oauth-sd-jwt-vc/pull/339
* oauth-wg/draft-ietf-oauth-attestation-based-client-auth (+5/-0/💬0)
5 pull requests submitted:
- Pb clarify refresh token binding (by paulbastian)
https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/pull/145
- check client_id at PAR endpoint (by paulbastian)
https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/pull/144
- make draft standards track and update Paul's affiliation (by paulbastian)
https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/pull/143
- 70 register as and client metadata for algorithm negotiation of attestations and pops (by paulbastian)
https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/pull/142
- remove restrictions to not allow MAC-based algorithms (by paulbastian)
https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/pull/141
Repositories tracked by this digest:
-----------------------------------
* https://github.com/oauth-wg/oauth-browser-based-apps
* https://github.com/oauth-wg/oauth-identity-chaining
* https://github.com/oauth-wg/oauth-transaction-tokens
* https://github.com/oauth-wg/oauth-sd-jwt-vc
* https://github.com/oauth-wg/draft-ietf-oauth-resource-metadata
* https://github.com/oauth-wg/oauth-cross-device-security
* https://github.com/oauth-wg/oauth-selective-disclosure-jwt
* https://github.com/oauth-wg/oauth-v2-1
* https://github.com/oauth-wg/draft-ietf-oauth-status-list
* https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth
--
To have a summary like this sent to your list, see:
https://github.com/ietf-github-services/activity-summary
_______________________________________________
OAuth mailing list -- [email protected]
To unsubscribe send an email to [email protected]
