Events without label "editorial"
Issues
------
* oauth-wg/oauth-transaction-tokens (+0/-0/💬1)
1 issues received 1 new comments:
- #314 Clarification required regarding 'sub' field in Txn-Token (1 by
ashayraut)
https://github.com/oauth-wg/oauth-transaction-tokens/issues/314
* oauth-wg/oauth-cross-device-security (+0/-1/💬0)
1 issues closed:
- Do we want to mention the WICG browser api? https://github.com/oauth-wg/oauth-cross-device-security/issues/148
* oauth-wg/oauth-v2-1 (+0/-2/💬0)
2 issues closed:
- Add more security sensitive examples to intro to illustrate suitability https://github.com/oauth-wg/oauth-v2-1/issues/122
- Clarify `aud` values that should be accepted in `private_key_jwt` at the token (and other) endpoints https://github.com/oauth-wg/oauth-v2-1/issues/183
* oauth-wg/draft-ietf-oauth-attestation-based-client-auth (+2/-13/💬4)
2 issues created:
- Restructuring of the draft (by paulbastian)
https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/184
- mention that the attester key could be obtained from client's jwks? (by jogu)
https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/182
4 issues received 4 new comments:
- #184 Restructuring of the draft (1 by c2bo)
https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/184
- #182 mention that the attester key could be obtained from client's jwks? (1 by c2bo)
https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/182
- #137 Merge PAR & token endpoint sections? (1 by paulbastian)
https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/137 [ready-for-pr]
- #95 Add section to consider usage at RS (1 by paulbastian)
https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/95 [ready-for-pr]
13 issues closed:
- Make iss optional in Client Attestation JWT https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/171 [ready-for-pr]
- A protocol for the renewal of one-time use Client Attestation JWTs is necessary https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/154 [pending-close]
- Add section to consider usage at RS https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/95 [ready-for-pr]
- Merge PAR & token endpoint sections? https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/137 [ready-for-pr]
- Ambiguity concerning MAC algorithms in Client Attestation JWT https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/151 [ready-for-pr]
- Public clients and their interaction with existing OAuth 2.0 extensions vs attest_jwt_client_auth clients https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/113 [has-pr]
- Client authentication method or not? https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/167 [ready-for-pr]
- Attestation-based authenticated Client. Public or Confidential? https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/152 [ready-for-pr]
- Usage of "public clients" / "deployments traditionally viewed as a public client" https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/79 [ready-for-pr]
- Challenges on Previous Responses. Do we need this? https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/150 [ready-for-pr]
- Clarify IANA Registration for headers https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/139 [pending-close]
- Authorization Server metadata defined inside implementation considerations https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/169 [has-pr]
- Feedback from mailing list https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/issues/140 [ready-for-pr]
* oauth-wg/oauth-identity-assertion-authz-grant (+0/-2/💬3)
2 issues received 3 new comments:
- #71 Add recommendations/considerations for user provisioning (2 by aaronpk,
vsinghania-stytch)
https://github.com/oauth-wg/oauth-identity-assertion-authz-grant/issues/71
- #51 Support for Multi-Instance Apps (1 by aaronpk)
https://github.com/oauth-wg/oauth-identity-assertion-authz-grant/issues/51
2 issues closed:
- Add recommendations/considerations for user provisioning https://github.com/oauth-wg/oauth-identity-assertion-authz-grant/issues/71
- Support for Multi-Instance Apps https://github.com/oauth-wg/oauth-identity-assertion-authz-grant/issues/51
* oauth-wg/draft-ietf-oauth-client-id-metadata-document (+0/-7/💬19)
9 issues received 19 new comments:
- #57 Changes in Client Keys can happen for non-nefarious reasons (2 by
aaronpk, bc-pi)
https://github.com/oauth-wg/draft-ietf-oauth-client-id-metadata-document/issues/57 [ietf-125]
- #55 Add security consideration around boundary of client identity (2 by max-stytch)
https://github.com/oauth-wg/draft-ietf-oauth-client-id-metadata-document/issues/55
- #45 Add Security Consideration for Client Metadata Changes (1 by aaronpk)
https://github.com/oauth-wg/draft-ietf-oauth-client-id-metadata-document/issues/45
- #44 Clarify `client_id` Matching When HTTP Redirects Occur (1 by aaronpk)
https://github.com/oauth-wg/draft-ietf-oauth-client-id-metadata-document/issues/44 [ietf-125]
- #43 Strengthen SSRF Protection Requirements to Mandatory Standards (1 by aaronpk)
https://github.com/oauth-wg/draft-ietf-oauth-client-id-metadata-document/issues/43 [ietf-125]
- #39 Support clients that have authentication credentials (e.g. SPIFFE creds) (1 by aaronpk)
https://github.com/oauth-wg/draft-ietf-oauth-client-id-metadata-document/issues/39
- #32 Rolling changes to client_id (9 by ThisIsMissEm, max-stytch)
https://github.com/oauth-wg/draft-ietf-oauth-client-id-metadata-document/issues/32
- #11 What should the AS do when it notices a client has changed its keys (1 by aaronpk)
https://github.com/oauth-wg/draft-ietf-oauth-client-id-metadata-document/issues/11
- #5 Compare & contrast with draft-looker-oauth-client-discovery (1 by aaronpk)
https://github.com/oauth-wg/draft-ietf-oauth-client-id-metadata-document/issues/5
7 issues closed:
- Add guidance for an AS that supports both registered and unregistered clients https://github.com/oauth-wg/draft-ietf-oauth-client-id-metadata-document/issues/17 [ietf-125]
- Compare & contrast with draft-looker-oauth-client-discovery https://github.com/oauth-wg/draft-ietf-oauth-client-id-metadata-document/issues/5
- Clarify `client_id` Matching When HTTP Redirects Occur https://github.com/oauth-wg/draft-ietf-oauth-client-id-metadata-document/issues/44 [ietf-125]
- Strengthen SSRF Protection Requirements to Mandatory Standards https://github.com/oauth-wg/draft-ietf-oauth-client-id-metadata-document/issues/43 [ietf-125]
- Support clients that have authentication credentials (e.g. SPIFFE creds) https://github.com/oauth-wg/draft-ietf-oauth-client-id-metadata-document/issues/39
- Add Security Consideration for Client Metadata Changes https://github.com/oauth-wg/draft-ietf-oauth-client-id-metadata-document/issues/45
- Align `abbrev` with CIMD as is commonly used https://github.com/oauth-wg/draft-ietf-oauth-client-id-metadata-document/issues/58
Pull requests
-------------
* oauth-wg/oauth-transaction-tokens (+1/-0/💬0)
1 pull requests submitted:
- (by tulshi)
* oauth-wg/oauth-cross-device-security (+1/-0/💬0)
1 pull requests submitted:
- (by PieterKas)
* oauth-wg/oauth-v2-1 (+1/-0/💬0)
1 pull requests submitted:
- (by panva)
* oauth-wg/draft-ietf-oauth-attestation-based-client-auth (+8/-0/💬4)
8 pull requests submitted:
- (by paulbastian)
- (by paulbastian)
- (by tplooker)
- (by c2bo)
- (by c2bo)
- (by c2bo)
- (by c2bo)
- (by c2bo)
3 pull requests received 4 new comments:
- #181 Remove nbf claim definition (1 by c2bo)
https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/pull/181
- #173 remove `iss` from Client Attestation JWT (2 by tplooker)
https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/pull/173
- #146 DPoP Optimisation (1 by tplooker)
https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth/pull/146
* oauth-wg/oauth-identity-assertion-authz-grant (+1/-0/💬0)
1 pull requests submitted:
- (by mcguinness)
* oauth-wg/draft-ietf-oauth-rfc8725bis (+3/-0/💬0)
3 pull requests submitted:
- (by hannestschofenig)
- (by hannestschofenig)
- (by hannestschofenig)
* oauth-wg/draft-ietf-oauth-rfc7523bis (+2/-0/💬0)
2 pull requests submitted:
- (by bc-pi)
- (by selfissued)
* oauth-wg/draft-ietf-oauth-client-id-metadata-document (+6/-0/💬10)
6 pull requests submitted:
- (by aaronpk)
- (by itsvs)
- (by aaronpk)
- (by aaronpk)
- (by aaronpk)
- (by aaronpk)
6 pull requests received 10 new comments:
- #67 Add `software_version` to identify metadata changes (3 by ThisIsMissEm,
aaronpk, itsvs)
https://github.com/oauth-wg/draft-ietf-oauth-client-id-metadata-document/pull/67 [ietf-125]
- #63 require sending Accept header when fetching metadata (3 by ThisIsMissEm, aaronpk)
https://github.com/oauth-wg/draft-ietf-oauth-client-id-metadata-document/pull/63 [ietf-125]
- #51 Add Accept header requirement when fetching Client Metadata (1 by aaronpk)
https://github.com/oauth-wg/draft-ietf-oauth-client-id-metadata-document/pull/51
- #49 Improve SSRF security considerations (1 by aaronpk)
https://github.com/oauth-wg/draft-ietf-oauth-client-id-metadata-document/pull/49
- #46 Prohibit following redirects whilst fetching Client Metadata (1 by aaronpk)
https://github.com/oauth-wg/draft-ietf-oauth-client-id-metadata-document/pull/46
- #33 Rework for Client ID Prefix draft compatibility (1 by aaronpk)
https://github.com/oauth-wg/draft-ietf-oauth-client-id-metadata-document/pull/33
Repositories tracked by this digest:
-----------------------------------
* https://github.com/oauth-wg/oauth-browser-based-apps
* https://github.com/oauth-wg/oauth-identity-chaining
* https://github.com/oauth-wg/oauth-transaction-tokens
* https://github.com/oauth-wg/oauth-sd-jwt-vc
* https://github.com/oauth-wg/draft-ietf-oauth-resource-metadata
* https://github.com/oauth-wg/oauth-cross-device-security
* https://github.com/oauth-wg/oauth-selective-disclosure-jwt
* https://github.com/oauth-wg/oauth-v2-1
* https://github.com/oauth-wg/draft-ietf-oauth-status-list
* https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth
* https://github.com/oauth-wg/oauth-identity-assertion-authz-grant
* https://github.com/oauth-wg/draft-ietf-oauth-rfc8725bis
* https://github.com/oauth-wg/draft-ietf-oauth-rfc7523bis
* https://github.com/oauth-wg/oauth-first-party-apps
* https://github.com/oauth-wg/draft-ietf-oauth-client-id-metadata-document
--
To have a summary like this sent to your list, see:
https://github.com/ietf-github-services/activity-summary
_______________________________________________
OAuth mailing list -- [email protected]
To unsubscribe send an email to [email protected]
