[OAUTH-WG] Weekly github digest (OAuth Activity Summary)

Repository Activity Summary Bot Sat, 18 Jan 2025 23:46:40 -0800



Events without label "editorial"

Issues
------
* oauth-wg/oauth-browser-based-apps (+2/-6/💬11)
 2 issues created:
 - Address SEC AD review comments (by aaronpk)

https://github.com/oauth-wg/oauth-browser-based-apps/issues/64- When can the BFF ignore "SHOULD encrypt its cookie contents"? (by aaronpk)https://github.com/oauth-wg/oauth-browser-based-apps/issues/63

 6 issues received 11 new comments:
 - #64 Address SEC AD review comments (2 by aaronpk)

https://github.com/oauth-wg/oauth-browser-based-apps/issues/64- #63 When can the BFF ignore "SHOULD encrypt its cookie contents"? (5 by aaronpk, philippederyck, randomstuff)https://github.com/oauth-wg/oauth-browser-based-apps/issues/63- #62 Using Web Workers to refresh access tokens adds implementation complexity for marginal security benefit (1 by aaronpk)https://github.com/oauth-wg/oauth-browser-based-apps/issues/62- #58 Remove reference to TMI-BFF draft (1 by aaronpk)https://github.com/oauth-wg/oauth-browser-based-apps/issues/58- #52 Fragments, performance, and historic notes. (1 by aaronpk)https://github.com/oauth-wg/oauth-browser-based-apps/issues/52- #48 Add BCP references to the normative section (1 by aaronpk)https://github.com/oauth-wg/oauth-browser-based-apps/issues/48

 6 issues closed:

- Address SEC AD review comments https://github.com/oauth-wg/oauth-browser-based-apps/issues/64- Using Web Workers to refresh access tokens adds implementation complexity for marginal security benefit https://github.com/oauth-wg/oauth-browser-based-apps/issues/62- When can the BFF ignore "SHOULD encrypt its cookie contents"? https://github.com/oauth-wg/oauth-browser-based-apps/issues/63- Remove reference to TMI-BFF draft https://github.com/oauth-wg/oauth-browser-based-apps/issues/58- Fragments, performance, and historic notes. https://github.com/oauth-wg/oauth-browser-based-apps/issues/52- Add BCP references to the normative section https://github.com/oauth-wg/oauth-browser-based-apps/issues/48

* oauth-wg/oauth-transaction-tokens (+0/-2/💬5)
 5 issues received 5 new comments:
 - #131 Can a sub_id change? (1 by gffletch)

https://github.com/oauth-wg/oauth-transaction-tokens/issues/131- #118 RAR object inside a TraT (1 by gffletch)https://github.com/oauth-wg/oauth-transaction-tokens/issues/118 [pre-last-call]- #115 Audience, scope & purpose (1 by gffletch)https://github.com/oauth-wg/oauth-transaction-tokens/issues/115- #111 Batch or long running processes and extending lifetime of a token (1 by gffletch)https://github.com/oauth-wg/oauth-transaction-tokens/issues/111- #109 Key rotation guidance (1 by gffletch)https://github.com/oauth-wg/oauth-transaction-tokens/issues/109

 2 issues closed:

- Tx token lifetime guidance missing for replacement token https://github.com/oauth-wg/oauth-transaction-tokens/issues/110- Azd claim name conflict with RAR https://github.com/oauth-wg/oauth-transaction-tokens/issues/119

* oauth-wg/oauth-selective-disclosure-jwt (+0/-2/💬1)
 1 issues received 1 new comments:
 - #530 Missing procedures for Holder to validate disclosures received from 
Issuer (1 by danielfett)

https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/530 [ready-for-PR]

 2 issues closed:

- text for privacy considerations https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/534- Missing procedures for Holder to validate disclosures received from Issuer https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/530 [has-PR]

* oauth-wg/draft-ietf-oauth-status-list (+12/-0/💬16)
 12 issues created:
 - Add a section to provide estimations about the size and the number of Token 
Status Lists (by Denisthemalice)

https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/229- Resilience of the architecture when facing network problems ? (by Denisthemalice)https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/228- Which keys should be used to sign and verify Status List Tokens ? (by Denisthemalice)https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/227- The status list mechanism as currently described does not allow for interoperability (by Denisthemalice)https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/225- Interims Feedback: Explain motivation to split issuer / status list issuer / status list provider (by paulbastian)https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/224- Interims Feedback: Short-lived credentials (by c2bo)https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/223- Interims Feedback: Discussion around Suspended Status Type (by paulbastian)https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/222- Reduce the statuses to 2 and 1 bit (by Denisthemalice)https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/221- The term Issuer SHOULD NOT be used to refer to an entity acting "for all three roles" (by Denisthemalice)https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/220- Proposed replacement for 13.1, 13.2 and 13.3 placed under section 13 (Implementation Considerations) (by Denisthemalice)https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/219- Comments on section 12.5.2 Unlinkability (by Denisthemalice)https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/218- Comments on section 12.5.1 Unlinkability (by Denisthemalice)https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/217

 10 issues received 16 new comments:
 - #229 Add a section to provide estimations about the size and the number of 
Token Status Lists (1 by paulbastian)

https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/229- #228 Resilience of the architecture when facing network problems ? (2 by Denisthemalice, paulbastian)https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/228- #227 Which keys should be used to sign and verify Status List Tokens ? (2 by Denisthemalice, c2bo)https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/227- #225 The status list mechanism as currently described does not allow for interoperability (3 by Denisthemalice, c2bo)https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/225- #222 Interims Feedback: Discussion around Suspended Status Type (1 by c2bo)https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/222- #221 Reduce the statuses to 2 and 1 bit (2 by c2bo, paulbastian)https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/221- #219 Proposed replacement for 13.1, 13.2 and 13.3 placed under section 13 (Implementation Considerations) (1 by paulbastian)https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/219- #217 Comments on section 12.5.1 Unlinkability (1 by paulbastian)https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/217- #216 Test vectors (2 by c2bo)https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/216- #83 IETF 118: Mention prior art (1 by c2bo)https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/83 [discuss]



Pull requests
-------------
* oauth-wg/oauth-sd-jwt-vc (+2/-0/💬5)
 2 pull requests submitted:
 - ed: improved clarity on registered claims paragraph (by awoie)

https://github.com/oauth-wg/oauth-sd-jwt-vc/pull/296- Fix #267, explain why we are not using JSON Path or JSON Pointer (by danielfett)https://github.com/oauth-wg/oauth-sd-jwt-vc/pull/295

 1 pull requests received 5 new comments:
 - #294 Make extension point for issuer key resolution more explicit (5 by 
awoie, bc-pi, danielfett, peacekeeper)

https://github.com/oauth-wg/oauth-sd-jwt-vc/pull/294

* oauth-wg/oauth-selective-disclosure-jwt (+2/-4/💬9)
 2 pull requests submitted:
 - Try to address Rohan's comments (by danielfett)

https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/541- Changes to linkability and data storage sections (by danielfett)https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/540

 3 pull requests received 9 new comments:
 - #543 Reinsert "the standard" (2 by bc-pi, wbl)

https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/543- #541 Try to address Rohan's comments (1 by bc-pi)https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/541- #535 add Watson Ladd's suggested text with minor adaptations (6 by Denisthemalice, danielfett, wbl)https://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/535

 4 pull requests merged:

- ISO/IEC 29100 is too privatehttps://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/475- add Watson Ladd's suggested text with minor adaptationshttps://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/535- Changes to linkability and data storage sectionshttps://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/540- Try to address Rohan's commentshttps://github.com/oauth-wg/oauth-selective-disclosure-jwt/pull/541

* oauth-wg/draft-ietf-oauth-status-list (+1/-1/💬0)
 1 pull requests submitted:
 - update organization (by c2bo)

https://github.com/oauth-wg/draft-ietf-oauth-status-list/pull/226

 1 pull requests merged:
 - update organization

https://github.com/oauth-wg/draft-ietf-oauth-status-list/pull/226


Repositories tracked by this digest:
-----------------------------------
* https://github.com/oauth-wg/oauth-browser-based-apps
* https://github.com/oauth-wg/oauth-identity-chaining
* https://github.com/oauth-wg/oauth-transaction-tokens
* https://github.com/oauth-wg/oauth-sd-jwt-vc
* https://github.com/oauth-wg/draft-ietf-oauth-resource-metadata
* https://github.com/oauth-wg/oauth-cross-device-security
* https://github.com/oauth-wg/oauth-selective-disclosure-jwt
* https://github.com/oauth-wg/oauth-v2-1
* https://github.com/oauth-wg/draft-ietf-oauth-status-list
* https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth

_______________________________________________
OAuth mailing list -- oauth@ietf.org
To unsubscribe send an email to oauth-le...@ietf.org

[OAUTH-WG] Weekly github digest (OAuth Activity Summary)

Reply via email to