[OAUTH-WG] Weekly github digest (OAuth Activity Summary)

Sun, 18 Feb 2024 00:12:00 -0800 



Events without label "editorial"

Issues
------
* oauth-wg/oauth-browser-based-apps (+1/-2/💬7)
 1 issues created:
 - DPoP (by criztovyl)

   https://github.com/oauth-wg/oauth-browser-based-apps/issues/32 


 4 issues received 7 new comments:
 - #32 DPoP (2 by aaronpk)

   https://github.com/oauth-wg/oauth-browser-based-apps/issues/32 
 - #31 6.1.3.2 Question: benefits of encrypting cookie contents in BFF security (1 by aaronpk)
   https://github.com/oauth-wg/oauth-browser-based-apps/issues/31 
 - #26 Suggestion: add new section 6.1.3.3.3. Use Anti-forgery cookies (3 by aaronpk, damienbod)
   https://github.com/oauth-wg/oauth-browser-based-apps/issues/26 
 - #25 6.1.4.3 Suggestion: change text and remove significant burden  (1 by aaronpk)
   https://github.com/oauth-wg/oauth-browser-based-apps/issues/25 


 2 issues closed:

 - DPoP https://github.com/oauth-wg/oauth-browser-based-apps/issues/32 
 - 6.1.3.2 Question: benefits of encrypting cookie contents in BFF security https://github.com/oauth-wg/oauth-browser-based-apps/issues/31 


* oauth-wg/oauth-identity-chaining (+1/-2/💬5)
 1 issues created:
 - Should we allow identity chaining with DPoP tokens? (by arndt-s)

   https://github.com/oauth-wg/oauth-identity-chaining/issues/79 


 2 issues received 5 new comments:
 - #75 Describe or give examples of what kinds of tokens a client would 
exchange (4 by PieterKas, aaronpk, arndt-s, bc-pi)

   https://github.com/oauth-wg/oauth-identity-chaining/issues/75 
 - #66 Clarify that draft is not limited to the use cases (1 by bc-pi)
   https://github.com/oauth-wg/oauth-identity-chaining/issues/66 


 2 issues closed:

 - Change spec name to focus on Authz https://github.com/oauth-wg/oauth-identity-chaining/issues/67 
 - Clarify that draft is not limited to the use cases https://github.com/oauth-wg/oauth-identity-chaining/issues/66 


* oauth-wg/oauth-sd-jwt-vc (+2/-2/💬8)
 2 issues created:
 - Embedded Issuer Policies (by paulbastian)

   https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/212 
 - Consider supporting IPLD links in vct field (by oed)
   https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/211 


 3 issues received 8 new comments:
 - #212 Embedded Issuer Policies (3 by Sakurann, bc-pi, peppelinux)

   https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/212 
 - #211 Consider supporting IPLD links in vct field (3 by danielfett, oed)
   https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/211 
 - #205 defining how DID can be used as user's indetifier (2 by Sakurann, bc-pi)
   https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/205 


 2 issues closed:

 - metadata path description https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/203 
 - Add sd_hash to payload of Key Biniding JWT example https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/206 


* oauth-wg/oauth-cross-device-security (+1/-0/💬2)
 1 issues created:
 - Add references to VC Presentation specs (by PieterKas)

   https://github.com/oauth-wg/oauth-cross-device-security/issues/118 


 2 issues received 2 new comments:
 - #118 Add references to VC Presentation specs (1 by PieterKas)

   https://github.com/oauth-wg/oauth-cross-device-security/issues/118 
 - #100 Reference ISO mdl (1 by PieterKas)
   https://github.com/oauth-wg/oauth-cross-device-security/issues/100 


* oauth-wg/oauth-selective-disclosure-jwt (+0/-4/💬10)
 6 issues received 10 new comments:
 - #393 Provide ABNF (4 by bc-pi, bifurcation, danielfett)

   https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/393 
 - #375 Make SD-JWT(0) and JWT the same (1 by danielfett)
   https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/375 
 - #368 contextualize verifier policy (or something like that)  (1 by danielfett)
   https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/368 
 - #365 typ:example+sd-jwt everywhere? (1 by bc-pi)
   https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/365 
 - #342 mention that key binding key can be correlatable in batching  (1 by Sakurann)
   https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/342 [has-PR] 
 - #329 batch issuing SD-JWTs without duplicating plain text claim values....? (2 by Sakurann, cobward)
   https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/329 [pending-close] 


 4 issues closed:

 - batch issuing SD-JWTs without duplicating plain text claim values....? https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/329 [pending-close] 
 - contextualize verifier policy (or something like that)  https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/368 
 - typ:example+sd-jwt everywhere? https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/365 
 - mention that key binding key can be correlatable in batching  https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/342 [has-PR] 




Pull requests
-------------
* oauth-wg/oauth-browser-based-apps (+2/-3/💬1)
 2 pull requests submitted:
 - 6.1.3.3.3. Use Anti-forgery/double submit cookies (by damienbod)

   https://github.com/oauth-wg/oauth-browser-based-apps/pull/34 
 - more silent frame edits (by panva)
   https://github.com/oauth-wg/oauth-browser-based-apps/pull/33 


 1 pull requests received 1 new comments:
 - #29 Added section on the security of in-browser communication flows (1 by 
aaronpk)

   https://github.com/oauth-wg/oauth-browser-based-apps/pull/29 


 3 pull requests merged:
 - Added section on the security of in-browser communication flows

   https://github.com/oauth-wg/oauth-browser-based-apps/pull/29 
 - Fix minor editorial issues
   https://github.com/oauth-wg/oauth-browser-based-apps/pull/28 
 - IETF 118 followup review
   https://github.com/oauth-wg/oauth-browser-based-apps/pull/30 


* oauth-wg/oauth-identity-chaining (+3/-3/💬5)
 3 pull requests submitted:
 - Add CODEOWNERS file (by arndt-s)

   https://github.com/oauth-wg/oauth-identity-chaining/pull/81 
 - Fix typos (by arndt-s)
   https://github.com/oauth-wg/oauth-identity-chaining/pull/80 
 - Add continuous integration example and move use cases to the appendix (by arndt-s)
   https://github.com/oauth-wg/oauth-identity-chaining/pull/78 


 3 pull requests received 5 new comments:
 - #81 Add CODEOWNERS file (3 by aaronpk, arndt-s, bc-pi)

   https://github.com/oauth-wg/oauth-identity-chaining/pull/81 
 - #78 Add continuous integration example and move use cases to the appendix (1 by bc-pi)
   https://github.com/oauth-wg/oauth-identity-chaining/pull/78 
 - #76 update draft name (1 by bc-pi)
   https://github.com/oauth-wg/oauth-identity-chaining/pull/76 


 3 pull requests merged:
 - update draft name

   https://github.com/oauth-wg/oauth-identity-chaining/pull/76 
 - Fix typos
   https://github.com/oauth-wg/oauth-identity-chaining/pull/80 
 - Add continuous integration example and move use cases to the appendix
   https://github.com/oauth-wg/oauth-identity-chaining/pull/78 


* oauth-wg/oauth-sd-jwt-vc (+2/-3/💬1)
 2 pull requests submitted:
 - feat: add relationships to other docs section (by awoie)

   https://github.com/oauth-wg/oauth-sd-jwt-vc/pull/210 
 - Added "added Brian Campbell as co-author" to doc history and removed from Acknowledgements (by bc-pi)
   https://github.com/oauth-wg/oauth-sd-jwt-vc/pull/209 


 1 pull requests received 1 new comments:
 - #210 feat: add relationships to other docs section (1 by bc-pi)

   https://github.com/oauth-wg/oauth-sd-jwt-vc/pull/210 


 3 pull requests merged:
 - Added "added Brian Campbell as co-author" to doc history and removed from 
Acknowledgements

   https://github.com/oauth-wg/oauth-sd-jwt-vc/pull/209 
 - Fix inconstancy in the well-known path construction
   https://github.com/oauth-wg/oauth-sd-jwt-vc/pull/204 
 - Switch back to the main sd-jwt-python library branch
   https://github.com/oauth-wg/oauth-sd-jwt-vc/pull/207 


* oauth-wg/oauth-cross-device-security (+2/-0/💬1)
 2 pull requests submitted:
 - Added reference for Verifiable Credential Presentation to section 4 (by 
PieterKas)

   https://github.com/oauth-wg/oauth-cross-device-security/pull/119 
 - Provide actionable guidance on how to use this document (by PieterKas)
   https://github.com/oauth-wg/oauth-cross-device-security/pull/117 


 1 pull requests received 1 new comments:
 - #117 Provide actionable guidance on how to use this document (1 by 
danielfett)

   https://github.com/oauth-wg/oauth-cross-device-security/pull/117 


* oauth-wg/oauth-selective-disclosure-jwt (+2/-1/💬3)
 2 pull requests submitted:
 - Move 'Improve unlinkability considerations' doc history entry to the correct 
draft (-08) (by bc-pi)

   https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/401 
 - Do not disallow HMAC any longer. (by danielfett)
   https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/400 


 3 pull requests received 3 new comments:
 - #400 Do not disallow HMAC any longer. (1 by bc-pi)

   https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/400 
 - #394 Distinguish SD-JWT from SD-JWT+KB (1 by Sakurann)
   https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/394 
 - #354 Rewrite unlinkability considerations (1 by danielfett)
   https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/354 


 1 pull requests merged:
 - Rewrite unlinkability considerations

   https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/354 



Repositories tracked by this digest:
-----------------------------------
* https://github.com/oauth-wg/oauth-browser-based-apps
* https://github.com/oauth-wg/oauth-identity-chaining
* https://github.com/oauth-wg/oauth-transaction-tokens
* https://github.com/oauth-wg/oauth-sd-jwt-vc
* https://github.com/oauth-wg/draft-ietf-oauth-resource-metadata
* https://github.com/oauth-wg/oauth-cross-device-security
* https://github.com/oauth-wg/oauth-selective-disclosure-jwt
* https://github.com/oauth-wg/oauth-v2-1

_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth






















					Reply via email to