[OAUTH-WG] Weekly github digest (OAuth Activity Summary)

Repository Activity Summary Bot Sat, 07 Dec 2024 23:47:15 -0800



Events without label "editorial"

Issues
------
* oauth-wg/oauth-identity-chaining (+0/-7/💬15)
 11 issues received 15 new comments:
 - #111 Required `requested_token_type` parameter (1 by PieterKas)

https://github.com/oauth-wg/oauth-identity-chaining/issues/111- #110 Client Authentication Security Considerations (1 by PieterKas)https://github.com/oauth-wg/oauth-identity-chaining/issues/110- #109 Controlling Scope (1 by PieterKas)https://github.com/oauth-wg/oauth-identity-chaining/issues/109- #108 How would SD-JWT be used in claims transcription (2 by PieterKas, kburgin3)https://github.com/oauth-wg/oauth-identity-chaining/issues/108- #107 Editorial Changes Requested (1 by PieterKas)https://github.com/oauth-wg/oauth-identity-chaining/issues/107- #106 Confirmation key transfer (1 by PieterKas)https://github.com/oauth-wg/oauth-identity-chaining/issues/106- #105 Do we need additional clarification on re-using sender constraining mechanisms? (1 by PieterKas)https://github.com/oauth-wg/oauth-identity-chaining/issues/105- #103 Remove references to Federation (2 by PieterKas)https://github.com/oauth-wg/oauth-identity-chaining/issues/103- #100 Clarify client terminology (1 by PieterKas)https://github.com/oauth-wg/oauth-identity-chaining/issues/100- #93 Security consideration for id_chaining (1 by PieterKas)https://github.com/oauth-wg/oauth-identity-chaining/issues/93- #75 Describe or give examples of what kinds of tokens a client would exchange (3 by PieterKas, aaronpk)https://github.com/oauth-wg/oauth-identity-chaining/issues/75

 7 issues closed:

- Controlling Scope https://github.com/oauth-wg/oauth-identity-chaining/issues/109- Confirmation key transfer https://github.com/oauth-wg/oauth-identity-chaining/issues/106- Do we need additional clarification on re-using sender constraining mechanisms? https://github.com/oauth-wg/oauth-identity-chaining/issues/105- Remove need for additional metadata https://github.com/oauth-wg/oauth-identity-chaining/issues/101- Security consideration for id_chaining https://github.com/oauth-wg/oauth-identity-chaining/issues/93- Remove references to Federation https://github.com/oauth-wg/oauth-identity-chaining/issues/103- Add use case to the appendix https://github.com/oauth-wg/oauth-identity-chaining/issues/68

* oauth-wg/oauth-sd-jwt-vc (+11/-6/💬18)
 11 issues created:
 - Support of the suspension or of the revovation of  a Digital Credential 
without using the status claim (by Denisthemalice)

https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/291- Add a new claim called "dcpol" for "Digital Credential Policy" (by Denisthemalice)https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/290- The SD-JWT DC does not CONTAIN the Key Binding JWT (by Denisthemalice)https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/289- The definition of "Verifiable Credential (VC)"should be replaced by a definition of "Digital Credential (DC)" (by Denisthemalice)https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/288- The following sentence would need to be clarified and reworded (by Denisthemalice)https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/287- Suspension and revocation of Digital Credentials (by Denisthemalice)https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/286- Figure 1 Issuer-Holder-Verifier Model should be modified (by Denisthemalice)https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/285- A statement about "Verifiable Credentials" should be changed (by Denisthemalice)https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/284- The wording "Verifiable Credentials" should be changed into "Digital Credentials" (by Denisthemalice)https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/283- SVG? really? And metadata more broadly (by wbl)https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/282- Should the verifier stop issuer key discovery if they already got one that worked for them? (by awoie)https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/281

 8 issues received 18 new comments:
 - #282 SVG? really? And metadata more broadly (4 by danielfett, wbl)

https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/282 [pending close]- #281 Should the verifier stop issuer key discovery if they already got one that worked for them? (5 by alenhorvat, awoie, babisRoutis, bc-pi)https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/281- #267 Document reasons for not using existing JSON query languages (1 by babisRoutis)https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/267- #250 Drop all references to DIDs and DID resolution (1 by bc-pi)https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/250 [discuss]- #247 Potential Privacy implications of verifier knowing display information (1 by alenhorvat)https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/247 [blocked]- #241 Claim 'vct' is missing in Type Metadata Format (2 by babisRoutis, jtalir)https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/241- #222 Add JWS JSON serialization example (3 by babisRoutis, bc-pi)https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/222 [NEEDS PR] [wg-05]- #215 the wallet finding the user claims in the credential (1 by bc-pi)https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/215 [NEEDS PR]

 6 issues closed:

- Wrong attribute name in the example https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/276- Fetch vct from URL or from registry https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/256- Add 'vct' in well-known registry https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/242- Fix resolving type metadata from URL and limit to HTTPS URLs https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/233- second-guess the choice to use .well-known for type metadata documents https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/264 [discuss]- Non-existent section referred for key binding JWT rules due to a typo https://github.com/oauth-wg/oauth-sd-jwt-vc/issues/274

* oauth-wg/oauth-v2-1 (+2/-1/💬10)
 2 issues created:
 - rework description of access token  (by dickhardt)

https://github.com/oauth-wg/oauth-v2-1/issues/192- Expand on definition of expires_in (by aaronpk)https://github.com/oauth-wg/oauth-v2-1/issues/191

 6 issues received 10 new comments:
 - #189 7.X Stateless tokens and key rotation (1 by aaronpk)

https://github.com/oauth-wg/oauth-v2-1/issues/189- #188 7.12 Phishing Attacks: Clarification and additional advice to the reader (2 by aaronpk)https://github.com/oauth-wg/oauth-v2-1/issues/188- #187 Expand on reasons for not including expires_in in the token response (1 by aaronpk)https://github.com/oauth-wg/oauth-v2-1/issues/187- #151 point implementers to OIDC in intro (4 by aaronpk, dickhardt)https://github.com/oauth-wg/oauth-v2-1/issues/151- #122 Add more security sensitive examples to intro to illustrate suitability (1 by aaronpk)https://github.com/oauth-wg/oauth-v2-1/issues/122- #95 Security consideration of size of client parameters (1 by dickhardt)https://github.com/oauth-wg/oauth-v2-1/issues/95

 1 issues closed:

- Security consideration of size of client parameters https://github.com/oauth-wg/oauth-v2-1/issues/95

* oauth-wg/draft-ietf-oauth-status-list (+1/-3/💬0)
 1 issues created:
 - Proposed rewording of section 12.5.  Unlinkability (by Denisthemalice)

https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/207

 3 issues closed:

- IANA Registry https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/194- Re-work Security considerations https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/199- Add further implementation guidance around when and how to use ttl vs exp claim https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/107 [ready-for-pr]



Pull requests
-------------
* oauth-wg/oauth-identity-chaining (+5/-0/💬0)
 5 pull requests submitted:
 - Editorial change in Claims Transcription (by PieterKas)

https://github.com/oauth-wg/oauth-identity-chaining/pull/116- Editorial clarifications (by PieterKas)https://github.com/oauth-wg/oauth-identity-chaining/pull/115- Clarifying origin of initial client token (by PieterKas)https://github.com/oauth-wg/oauth-identity-chaining/pull/114- Clarify text describing Step F in Figure 1 (by PieterKas)https://github.com/oauth-wg/oauth-identity-chaining/pull/113- Change text to avoid confusion with federation (by PieterKas)https://github.com/oauth-wg/oauth-identity-chaining/pull/112

* oauth-wg/oauth-sd-jwt-vc (+3/-6/💬5)
 3 pull requests submitted:
 - Fix formatting issue introduced by the reintroduction of the DID paragraph 
in -07 (by bc-pi)

https://github.com/oauth-wg/oauth-sd-jwt-vc/pull/280- add -08 placeholder to doc history (by bc-pi)https://github.com/oauth-wg/oauth-sd-jwt-vc/pull/279- Revert changes from PR #251 (by awoie)https://github.com/oauth-wg/oauth-sd-jwt-vc/pull/278

 3 pull requests received 5 new comments:
 - #279 add -08 placeholder to doc history (1 by bc-pi)

https://github.com/oauth-wg/oauth-sd-jwt-vc/pull/279- #262 Warn of the dangers of malicious text (2 by awoie, bc-pi)https://github.com/oauth-wg/oauth-sd-jwt-vc/pull/262 [discuss]- #251 Tightened exposition of Issuer-signed JWT Verification Key Validation section (Drop all references to DIDs and DID resolution while leaving the exensiblity point for those who want to define a profile of SD-JWT VC using DIDs) (2 by ThierryThevenet, rohanmahy)https://github.com/oauth-wg/oauth-sd-jwt-vc/pull/251

 6 pull requests merged:
 - Fix formatting issue introduced by the reintroduction of the DID paragraph 
in -07

https://github.com/oauth-wg/oauth-sd-jwt-vc/pull/280- add -08 placeholder to doc historyhttps://github.com/oauth-wg/oauth-sd-jwt-vc/pull/279- Revert changes from PR #251https://github.com/oauth-wg/oauth-sd-jwt-vc/pull/278- Correct attribute names in Example 2https://github.com/oauth-wg/oauth-sd-jwt-vc/pull/277- Remove .well-known for vctshttps://github.com/oauth-wg/oauth-sd-jwt-vc/pull/272- fix section numbering in SD-JWT references to align with the latest -14 versionhttps://github.com/oauth-wg/oauth-sd-jwt-vc/pull/275

* oauth-wg/draft-ietf-oauth-status-list (+1/-3/💬2)
 1 pull requests submitted:
 - additional text for iana registry (by c2bo)

https://github.com/oauth-wg/draft-ietf-oauth-status-list/pull/206

 1 pull requests received 2 new comments:
 - #206 additional text for iana registry (2 by c2bo, paulbastian)

https://github.com/oauth-wg/draft-ietf-oauth-status-list/pull/206

 3 pull requests merged:
 - additional text for iana registry

https://github.com/oauth-wg/draft-ietf-oauth-status-list/pull/206- update security considerationshttps://github.com/oauth-wg/draft-ietf-oauth-status-list/pull/204- Add further guidance around ttlhttps://github.com/oauth-wg/draft-ietf-oauth-status-list/pull/202


Repositories tracked by this digest:
-----------------------------------
* https://github.com/oauth-wg/oauth-browser-based-apps
* https://github.com/oauth-wg/oauth-identity-chaining
* https://github.com/oauth-wg/oauth-transaction-tokens
* https://github.com/oauth-wg/oauth-sd-jwt-vc
* https://github.com/oauth-wg/draft-ietf-oauth-resource-metadata
* https://github.com/oauth-wg/oauth-cross-device-security
* https://github.com/oauth-wg/oauth-selective-disclosure-jwt
* https://github.com/oauth-wg/oauth-v2-1
* https://github.com/oauth-wg/draft-ietf-oauth-status-list
* https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth

_______________________________________________
OAuth mailing list -- oauth@ietf.org
To unsubscribe send an email to oauth-le...@ietf.org

[OAUTH-WG] Weekly github digest (OAuth Activity Summary)

Reply via email to