Events without label "editorial"
Issues
------
* oauth-wg/oauth-transaction-tokens (+0/-0/💬3)
3 issues received 3 new comments:
- #314 Clarification required regarding 'sub' field in Txn-Token (1 by tulshi)
https://github.com/oauth-wg/oauth-transaction-tokens/issues/314
- #311 Security consideration section on "replacement transaction tokens" (1 by PieterKas)
https://github.com/oauth-wg/oauth-transaction-tokens/issues/311
- #310 Do we need a security consideration for `actor_token`? (1 by PieterKas)
https://github.com/oauth-wg/oauth-transaction-tokens/issues/310
* oauth-wg/oauth-sd-jwt-vc (+0/-1/💬0)
1 issues closed:
- Reconsider tacit endorsement of a rent-seeking standards publication model https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/393
* oauth-wg/oauth-cross-device-security (+0/-0/💬1)
1 issues received 1 new comments:
- #148 Do we want to mention the WICG browser api? (1 by danielfett)
https://github.com/oauth-wg/oauth-cross-device-security/issues/148
* oauth-wg/oauth-v2-1 (+0/-7/💬10)
10 issues received 10 new comments:
- #233 make mix-up mitigation via issuer mandatory (1 by aaronpk)
https://github.com/oauth-wg/oauth-v2-1/issues/233 [ietf-125]
- #232 Sender-constrained refresh tokens examples improvement (1 by aaronpk)
https://github.com/oauth-wg/oauth-v2-1/issues/232
- #220 Clarify the PKCE mechanism (1 by aaronpk)
https://github.com/oauth-wg/oauth-v2-1/issues/220
- #211 Refresh Tokens (1 by aaronpk)
https://github.com/oauth-wg/oauth-v2-1/issues/211
- #200 Reorganize section 7.1.1 (1 by aaronpk)
https://github.com/oauth-wg/oauth-v2-1/issues/200
- #194 Reference Errors in Section 4.1.1 (1 by aaronpk)
https://github.com/oauth-wg/oauth-v2-1/issues/194
- #192 rework description of access token (1 by aaronpk)
https://github.com/oauth-wg/oauth-v2-1/issues/192
- #184 Section 4.1.2.1 Error Response is unclear on how to handle an Invalid Authorization Endpoint request (1 by aaronpk)
https://github.com/oauth-wg/oauth-v2-1/issues/184
- #170 Ambigious text around whether `code_challenge` is required (1 by aaronpk)
https://github.com/oauth-wg/oauth-v2-1/issues/170
- #108 Should auth-param in WWW-Authenticate be optional? (1 by aaronpk)
https://github.com/oauth-wg/oauth-v2-1/issues/108
7 issues closed:
- Section 4.1.2.1 Error Response is unclear on how to handle an Invalid Authorization Endpoint request https://github.com/oauth-wg/oauth-v2-1/issues/184
- rework description of access token https://github.com/oauth-wg/oauth-v2-1/issues/192
- Reference Errors in Section 4.1.1 https://github.com/oauth-wg/oauth-v2-1/issues/194
- Refresh Tokens https://github.com/oauth-wg/oauth-v2-1/issues/211
- Clarify the PKCE mechanism https://github.com/oauth-wg/oauth-v2-1/issues/220
- Sender-constrained refresh tokens examples improvement https://github.com/oauth-wg/oauth-v2-1/issues/232
- Ensure open redirector language from RFC9700 is referenced https://github.com/oauth-wg/oauth-v2-1/issues/234
* oauth-wg/draft-ietf-oauth-attestation-based-client-auth (+1/-0/💬8)
1 issues created:
- DPoP key binding via cnf.jkt in RFC7523 client assertions as an alternative
(by matthieusieben)
https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/172
1 issues received 8 new comments:
- #172 DPoP key binding via cnf.jkt in RFC7523 client assertions as an
alternative (8 by c2bo, matthieusieben, paulbastian)
https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/172
* oauth-wg/oauth-first-party-apps (+0/-40/💬35)
22 issues received 35 new comments:
- #138 Questions to draft (1 by aaronpk)
https://github.com/oauth-wg/oauth-first-party-apps/issues/138
- #137 Adopting the reference MCP Tools specs for the discovery and execution of supported authenticators (a.k.a. tools) (2 by aaronpk, embesozzi)
https://github.com/oauth-wg/oauth-first-party-apps/issues/137
- #135 Alternative approach suggestion: application/device centered, not user (2 by aaronpk, damienbod)
https://github.com/oauth-wg/oauth-first-party-apps/issues/135
- #128 Requirement of having an opaque auth_session value (1 by aaronpk)
https://github.com/oauth-wg/oauth-first-party-apps/issues/128
- #120 Device binding of the auth_session (3 by PieterKas, gffletch)
https://github.com/oauth-wg/oauth-first-party-apps/issues/120
- #118 error_uri may be unnecessary for first party apps (1 by gffletch)
https://github.com/oauth-wg/oauth-first-party-apps/issues/118
- #117 Handling parameters that have no meaning in a first party app context (1 by gffletch)
https://github.com/oauth-wg/oauth-first-party-apps/issues/117
- #114 Authorization server and 3rd party apps (2 by gffletch)
https://github.com/oauth-wg/oauth-first-party-apps/issues/114 [discuss]
- #113 parameters that must not be present in authorization challenge request (3 by aaronpk, gffletch)
https://github.com/oauth-wg/oauth-first-party-apps/issues/113
- #111 Consider mentioning URL registration (1 by gffletch)
https://github.com/oauth-wg/oauth-first-party-apps/issues/111
- #110 extend the definition of first party to include strictly defined trust frameworks (2 by aaronpk, gffletch)
https://github.com/oauth-wg/oauth-first-party-apps/issues/110
- #109 why not define a new grant type for this flow (not for the different authentication factors) (2 by PieterKas, gffletch)
https://github.com/oauth-wg/oauth-first-party-apps/issues/109 [discuss]
- #108 REQUIRED in annex B is confusing (1 by gffletch)
https://github.com/oauth-wg/oauth-first-party-apps/issues/108
- #106 what drives the need for the interoperability in this specification? (2 by gffletch)
https://github.com/oauth-wg/oauth-first-party-apps/issues/106
- #100 why define a new "auth_session" parameter? (2 by PieterKas)
https://github.com/oauth-wg/oauth-first-party-apps/issues/100
- #99 stronger client auth at the authorization challenge endpoint needed (1 by PieterKas)
https://github.com/oauth-wg/oauth-first-party-apps/issues/99
- #96 Interest and implementations (1 by PieterKas)
https://github.com/oauth-wg/oauth-first-party-apps/issues/96
- #87 Extra reference (1 by PieterKas)
https://github.com/oauth-wg/oauth-first-party-apps/issues/87
- #82 Credential stuffing (1 by PieterKas)
https://github.com/oauth-wg/oauth-first-party-apps/issues/82
- #79 Should we "update" RFC6749 (2 by PieterKas, aaronpk)
https://github.com/oauth-wg/oauth-first-party-apps/issues/79 [discuss]
- #75 Binding to device (2 by PieterKas, aaronpk)
https://github.com/oauth-wg/oauth-first-party-apps/issues/75 [discuss]
- #71 ASCII? (1 by aaronpk)
https://github.com/oauth-wg/oauth-first-party-apps/issues/71
40 issues closed:
- Binding to device https://github.com/oauth-wg/oauth-first-party-apps/issues/75 [discuss]
- Questions to draft https://github.com/oauth-wg/oauth-first-party-apps/issues/138
- Alternative approach suggestion: application/device centered, not user https://github.com/oauth-wg/oauth-first-party-apps/issues/135
- Adopting the reference MCP Tools specs for the discovery and execution of supported authenticators (a.k.a. tools) https://github.com/oauth-wg/oauth-first-party-apps/issues/137
- extend the definition of first party to include strictly defined trust frameworks https://github.com/oauth-wg/oauth-first-party-apps/issues/110
- Credential stuffing https://github.com/oauth-wg/oauth-first-party-apps/issues/82
- Which extensions exactly? https://github.com/oauth-wg/oauth-first-party-apps/issues/69
- Should we "update" RFC6749 https://github.com/oauth-wg/oauth-first-party-apps/issues/79 [discuss]
- Extra reference https://github.com/oauth-wg/oauth-first-party-apps/issues/87
- Add section with refresh token error response example https://github.com/oauth-wg/oauth-first-party-apps/issues/97
- stronger client auth at the authorization challenge endpoint needed https://github.com/oauth-wg/oauth-first-party-apps/issues/99
- client authentication with client_id https://github.com/oauth-wg/oauth-first-party-apps/issues/101
- For PAR, PAR endpoint should be used. https://github.com/oauth-wg/oauth-first-party-apps/issues/105
- the usage of JWE in stateless implementations...... https://github.com/oauth-wg/oauth-first-party-apps/issues/107
- Handling parameters that have no meaning in a first party app context https://github.com/oauth-wg/oauth-first-party-apps/issues/117
- error_uri may be unnecessary for first party apps https://github.com/oauth-wg/oauth-first-party-apps/issues/118
- Minimum length of the auth_session when presented as a random string https://github.com/oauth-wg/oauth-first-party-apps/issues/119
- Determining the first-partyness of an application https://github.com/oauth-wg/oauth-first-party-apps/issues/122
- Change platform authenticator to passkey https://github.com/oauth-wg/oauth-first-party-apps/issues/124
- Requirement of having an opaque auth_session value https://github.com/oauth-wg/oauth-first-party-apps/issues/128
- parameters that must not be present in authorization challenge request https://github.com/oauth-wg/oauth-first-party-apps/issues/113
- Binding the auth session to the device https://github.com/oauth-wg/oauth-first-party-apps/issues/129 [discuss]
- is there a reason why you use `authorization_code` and not `code` in the authorization code response? https://github.com/oauth-wg/oauth-first-party-apps/issues/102
- clarify which error codes are new and which ones are extending the existing ones https://github.com/oauth-wg/oauth-first-party-apps/issues/103
- mentione negotiation of user authentication in the UX section https://github.com/oauth-wg/oauth-first-party-apps/issues/104
- REQUIRED in annex B is confusing https://github.com/oauth-wg/oauth-first-party-apps/issues/108
- what drives the need for the interoperability in this specification? https://github.com/oauth-wg/oauth-first-party-apps/issues/106
- Authorization server and 3rd party apps https://github.com/oauth-wg/oauth-first-party-apps/issues/114 [discuss]
- why define a new "auth_session" parameter? https://github.com/oauth-wg/oauth-first-party-apps/issues/100
- why not define a new grant type for this flow (not for the different authentication factors) https://github.com/oauth-wg/oauth-first-party-apps/issues/109 [discuss]
- RS Behavior https://github.com/oauth-wg/oauth-first-party-apps/issues/68
- Possibility to use the auth_session in new authorization request when redirect to web https://github.com/oauth-wg/oauth-first-party-apps/issues/126
- ASCII? https://github.com/oauth-wg/oauth-first-party-apps/issues/71
- Add guidance on service providers https://github.com/oauth-wg/oauth-first-party-apps/issues/90
- Relationship with "Native Apps" RFC https://github.com/oauth-wg/oauth-first-party-apps/issues/78
- Ordering of operations in Appendix A.1 https://github.com/oauth-wg/oauth-first-party-apps/issues/123
- Returning the auth_session parameter from the token endpoint https://github.com/oauth-wg/oauth-first-party-apps/issues/121
- Consider mentioning URL registration https://github.com/oauth-wg/oauth-first-party-apps/issues/111
- Definition of First Party Apps https://github.com/oauth-wg/oauth-first-party-apps/issues/80
- Motivation https://github.com/oauth-wg/oauth-first-party-apps/issues/63
Pull requests
-------------
* oauth-wg/oauth-transaction-tokens (+3/-0/💬0)
3 pull requests submitted:
- (by PieterKas)
- (by tulshi)
- (by gffletch)
* oauth-wg/oauth-sd-jwt-vc (+2/-0/💬1)
2 pull requests submitted:
- (by bc-pi)
- (by bc-pi)
1 pull requests received 1 new comments:
- #394 somewhat rework the Relationships to Other Documents section including
a qualification that references therein are not endorsing closed-door standards
development with pay-to-access publication model (1 by bc-pi)
https://github.com/oauth-wg/oauth-sd-jwt-vc/pull/394
* oauth-wg/oauth-cross-device-security (+1/-0/💬0)
1 pull requests submitted:
- (by danielfett)
* oauth-wg/oauth-v2-1 (+3/-0/💬1)
3 pull requests submitted:
- (by panva)
- (by panva)
- (by panva)
1 pull requests received 1 new comments:
- #238 resolve ambiguity around repeated parameters (1 by bc-pi)
https://github.com/oauth-wg/oauth-v2-1/pull/238
* oauth-wg/draft-ietf-oauth-attestation-based-client-auth (+3/-0/💬1)
3 pull requests submitted:
- (by paulbastian)
- (by paulbastian)
- (by paulbastian)
1 pull requests received 1 new comments:
- #146 DPoP Optimisation (1 by tplooker)
https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/pull/146
* oauth-wg/oauth-first-party-apps (+17/-0/💬4)
17 pull requests submitted:
- (by gffletch)
- (by gffletch)
- (by gffletch)
- (by PieterKas)
- (by PieterKas)
- (by PieterKas)
- (by gffletch)
- (by gffletch)
- (by gffletch)
- (by gffletch)
- (by gffletch)
- (by gffletch)
- (by PieterKas)
- (by PieterKas)
- (by PieterKas)
- (by PieterKas)
- (by PieterKas)
4 pull requests received 4 new comments:
- #165 Clarify use of client_id (1 by PieterKas)
https://github.com/oauth-wg/oauth-first-party-apps/pull/165
- #155 Replace ASCII error with UTF-8 (1 by aaronpk)
https://github.com/oauth-wg/oauth-first-party-apps/pull/155
- #148 Reorder steps for user verification process (1 by aaronpk)
https://github.com/oauth-wg/oauth-first-party-apps/pull/148
- #141 Support native app2app with federation and redirect_to_app (1 by aaronpk)
https://github.com/oauth-wg/oauth-first-party-apps/pull/141
Repositories tracked by this digest:
-----------------------------------
* https://github.com/oauth-wg/oauth-browser-based-apps
* https://github.com/oauth-wg/oauth-identity-chaining
* https://github.com/oauth-wg/oauth-transaction-tokens
* https://github.com/oauth-wg/oauth-sd-jwt-vc
* https://github.com/oauth-wg/draft-ietf-oauth-resource-metadata
* https://github.com/oauth-wg/oauth-cross-device-security
* https://github.com/oauth-wg/oauth-selective-disclosure-jwt
* https://github.com/oauth-wg/oauth-v2-1
* https://github.com/oauth-wg/draft-ietf-oauth-status-list
* https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth
* https://github.com/oauth-wg/oauth-identity-assertion-authz-grant
* https://github.com/oauth-wg/draft-ietf-oauth-rfc8725bis
* https://github.com/oauth-wg/draft-ietf-oauth-rfc7523bis
* https://github.com/oauth-wg/oauth-first-party-apps
* https://github.com/oauth-wg/draft-ietf-oauth-client-id-metadata-document
--
To have a summary like this sent to your list, see:
https://github.com/ietf-github-services/activity-summary
_______________________________________________
OAuth mailing list -- [email protected]
To unsubscribe send an email to [email protected]
