[OAUTH-WG] Weekly github digest (OAuth Activity Summary)

Repository Activity Summary Bot Sat, 08 Feb 2025 23:44:29 -0800



Events without label "editorial"

Issues
------
* oauth-wg/oauth-browser-based-apps (+1/-0/💬0)
 1 issues created:
 - Consider alternative phrasing for "scenarios" (by aaronpk)

https://github.com/oauth-wg/oauth-browser-based-apps/issues/68

* oauth-wg/oauth-transaction-tokens (+1/-0/💬0)
 1 issues created:
 - "Internal microservice" -> workload (by tulshi)

https://github.com/oauth-wg/oauth-transaction-tokens/issues/154

* oauth-wg/oauth-selective-disclosure-jwt (+0/-0/💬2)
 1 issues received 2 new comments:
 - #545 [KB-JWT] exp recommended? (2 by bc-pi, thomaschiozzi-tndigit)

https://github.com/oauth-wg/oauth-selective-disclosure-jwt/issues/545 [pending-close]

* oauth-wg/oauth-v2-1 (+0/-0/💬1)
 1 issues received 1 new comments:
 - #187 Expand on reasons for not including expires_in in the token response (1 
by ObjectIsAdvantag)

https://github.com/oauth-wg/oauth-v2-1/issues/187

* oauth-wg/draft-ietf-oauth-status-list (+5/-9/💬10)
 5 issues created:
 - Status List Token in CWT Format / typ value (by sschulz-t)

https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/262- Section 13.1 should not be about "Referenced Token Lifecycle" but about "Status List Token Lifecycle" (by Denisthemalice)https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/256- About claim "aggregation_uri" (by Denisthemalice)https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/255- Status List Tokens can be fetched either by the Relying Party or by the Holder (by Denisthemalice)https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/254- Change proposals for the definition of the terms "Referenced Token" and " Status List Token" (by Denisthemalice)https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/253

 6 issues received 10 new comments:
 - #262 Status List Token in CWT Format / typ value (1 by c2bo)

https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/262- #256 Section 13.1 should not be about "Referenced Token Lifecycle" but about "Status List Token Lifecycle" (3 by paulbastian)https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/256- #255 About claim "aggregation_uri" (3 by Denisthemalice, paulbastian)https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/255 [pending-close]- #254 Status List Tokens can be fetched either by the Relying Party or by the Holder (1 by paulbastian)https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/254- #243 Extension Token Status List to x509 (1 by Denisthemalice)https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/243- #220 The term Issuer SHOULD NOT be used to refer to an entity acting "for all three roles" (1 by Denisthemalice)https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/220 [pending-close]

 9 issues closed:

- Status List Tokens can be fetched either by the Relying Party or by the Holder https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/254- Interims Feedback: Discussion around Suspended Status Type https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/222- Validation Rules https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/205 [pending-close]- Interims Feedback: Explain motivation to split issuer / status list issuer / status list provider https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/224- Which keys should be used to sign and verify Status List Tokens ? https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/227- Validation Rules (section 8.3) https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/234- New section to define the sLTSign bit of a key usage extension in a PKC https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/235- Token Lifecycle https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/237- Test vectors https://github.com/oauth-wg/draft-ietf-oauth-status-list/issues/216



Pull requests
-------------
* oauth-wg/oauth-browser-based-apps (+2/-3/💬1)
 2 pull requests submitted:
 - update references to Security BCP (by aaronpk)

https://github.com/oauth-wg/oauth-browser-based-apps/pull/67- delete old circleci action (by aaronpk)https://github.com/oauth-wg/oauth-browser-based-apps/pull/66

 1 pull requests received 1 new comments:
 - #65 Gen-ART review: simple editorial fixes and suggestion (1 by aaronpk)

https://github.com/oauth-wg/oauth-browser-based-apps/pull/65

 3 pull requests merged:
 - update references to Security BCP

https://github.com/oauth-wg/oauth-browser-based-apps/pull/67- delete old circleci actionhttps://github.com/oauth-wg/oauth-browser-based-apps/pull/66- Gen-ART review: simple editorial fixes and suggestionhttps://github.com/oauth-wg/oauth-browser-based-apps/pull/65

* oauth-wg/draft-ietf-oauth-status-list (+4/-6/💬2)
 4 pull requests submitted:
 - minor nits by Denis (by paulbastian)

https://github.com/oauth-wg/draft-ietf-oauth-status-list/pull/261- Holders may also fetch and verify Status List Tokens (by paulbastian)https://github.com/oauth-wg/draft-ietf-oauth-status-list/pull/260- Holders may also fetch and verify Status List Tokens (by paulbastian)https://github.com/oauth-wg/draft-ietf-oauth-status-list/pull/259- Update draft-ietf-oauth-status-list.md (by paulbastian)https://github.com/oauth-wg/draft-ietf-oauth-status-list/pull/258

 2 pull requests received 2 new comments:
 - #246 Adds an EKU based X.509 certificate extension (1 by Denisthemalice)

https://github.com/oauth-wg/draft-ietf-oauth-status-list/pull/246- #245 security consideration for signature/mac (1 by Denisthemalice)https://github.com/oauth-wg/draft-ietf-oauth-status-list/pull/245

 6 pull requests merged:
 - Holders may also fetch and verify Status List Tokens

https://github.com/oauth-wg/draft-ietf-oauth-status-list/pull/259- 222 suspended privacy considerationshttps://github.com/oauth-wg/draft-ietf-oauth-status-list/pull/249- mention key resolution in the validation rules sectionhttps://github.com/oauth-wg/draft-ietf-oauth-status-list/pull/252- add recommendations for Key Resolution and Trust Managementhttps://github.com/oauth-wg/draft-ietf-oauth-status-list/pull/248- Relying Parties avoiding correlatable Informationhttps://github.com/oauth-wg/draft-ietf-oauth-status-list/pull/251- More test vectorshttps://github.com/oauth-wg/draft-ietf-oauth-status-list/pull/232


Repositories tracked by this digest:
-----------------------------------
* https://github.com/oauth-wg/oauth-browser-based-apps
* https://github.com/oauth-wg/oauth-identity-chaining
* https://github.com/oauth-wg/oauth-transaction-tokens
* https://github.com/oauth-wg/oauth-sd-jwt-vc
* https://github.com/oauth-wg/draft-ietf-oauth-resource-metadata
* https://github.com/oauth-wg/oauth-cross-device-security
* https://github.com/oauth-wg/oauth-selective-disclosure-jwt
* https://github.com/oauth-wg/oauth-v2-1
* https://github.com/oauth-wg/draft-ietf-oauth-status-list
* https://github.com/oauth-wg/draft-ietf-oauth-attestation-based-client-auth


--
To have a summary like this sent to your list, see: 
https://github.com/ietf-github-services/activity-summary

_______________________________________________
OAuth mailing list -- oauth@ietf.org
To unsubscribe send an email to oauth-le...@ietf.org

[OAUTH-WG] Weekly github digest (OAuth Activity Summary)

Reply via email to