Identity Deep Dive

OAuth WG

OAuth Working Group drafts and implementations

↗ Source ↗ Track repo

Daily Report 2026-06-22

OAuth WG Daily Report - 2026-06-22

  • generated_at_utc: 2026-06-22T12:15:45+00:00
  • snapshot_date: 2026-06-22

Top Priorities

Rank Draft Score Updated Key State Repo
1 draft-ietf-oauth-status-list 114 2026-06-21T16:44:23Z Active, Waiting on Authors draft-ietf-oauth-status-list
2 draft-ietf-oauth-identity-chaining 100 2026-06-19T16:10:53Z Active, Expert Reviews OK oauth-identity-chaining
3 draft-ietf-oauth-rfc8725bis 100 2026-06-19T11:13:26Z Active, Last Call Requested draft-ietf-oauth-rfc8725bis
4 draft-ietf-oauth-transaction-tokens 100 2026-03-27T12:21:42Z Active, I-D Exists oauth-transaction-tokens
5 draft-ietf-oauth-cross-device-security 90 2026-06-18T17:25:59Z Active, No IANA Actions oauth-cross-device-security
6 draft-ietf-oauth-rfc7523bis 77 2026-06-02T15:20:46Z Active, RFC-Ed-Ack draft-ietf-oauth-rfc7523bis
7 draft-ietf-oauth-browser-based-apps 75 2026-05-20T21:18:42Z Active, No IANA Actions oauth-browser-based-apps
8 draft-ietf-oauth-attestation-based-client-auth 66 2026-05-26T06:17:04Z Active, I-D Exists draft-ietf-oauth-attestation-based-client-auth
9 draft-ietf-oauth-identity-assertion-authz-grant 58 2026-05-21T22:18:28Z Active, I-D Exists oauth-identity-assertion-authz-grant
10 draft-ietf-oauth-sd-jwt-vc 57 2026-05-17T19:08:42Z Active, Publication Requested oauth-sd-jwt-vc

Active Drafts

Draft Rev Updated States
draft-ietf-oauth-status-list 21 2026-06-21T16:44:23Z Active, Waiting on Authors, Expert Reviews OK
draft-ietf-oauth-identity-chaining 15 2026-06-19T16:10:53Z Active, Expert Reviews OK, IANA OK - Actions Needed
draft-ietf-oauth-rfc8725bis 06 2026-06-19T11:13:26Z Active, Last Call Requested, Submitted to IESG for Publication
draft-ietf-oauth-cross-device-security 16 2026-06-18T17:25:59Z Active, No IANA Actions, Version Changed - Review Needed
draft-ietf-oauth-spiffe-client-auth 02 2026-06-15T08:11:11Z Active, I-D Exists, WG Document
draft-ietf-oauth-rfc7523bis 11 2026-06-02T15:20:46Z Active, RFC-Ed-Ack, Expert Reviews OK
draft-ietf-oauth-attestation-based-client-auth 09 2026-05-26T06:17:04Z Active, I-D Exists, WG Document
draft-ietf-oauth-identity-assertion-authz-grant 04 2026-05-21T22:18:28Z Active, I-D Exists, WG Document
draft-ietf-oauth-browser-based-apps 26 2026-05-20T21:18:42Z Active, No IANA Actions, Version Changed - Review Needed
draft-ietf-oauth-sd-jwt-vc 16 2026-05-17T19:08:42Z Active, Publication Requested, Submitted to IESG for Publication
draft-ietf-oauth-refresh-token-expiration 02 2026-05-08T21:04:46Z Active, I-D Exists, WG Document
draft-ietf-oauth-transaction-tokens 08 2026-03-27T12:21:42Z Active, I-D Exists, In WG Last Call
draft-ietf-oauth-v2-1 15 2026-03-02T18:53:37Z Active, I-D Exists, WG Document
draft-ietf-oauth-security-topics-update 01 2026-03-02T13:29:59Z Active, I-D Exists, WG Document
draft-ietf-oauth-client-id-metadata-document 01 2026-03-02T03:28:49Z Active, I-D Exists, WG Document

Repo Watch

Repo Pushed Open Issues
oauth-wg/draft-ietf-oauth-status-list 2026-06-21T16:42:51Z 0
oauth-wg/oauth-transaction-tokens 2026-06-21T04:36:17Z 8
oauth-wg/oauth-identity-assertion-authz-grant 2026-06-21T00:25:54Z 22
oauth-wg/oauth-identity-chaining 2026-06-19T11:32:58Z 0
oauth-wg/draft-ietf-oauth-rfc8725bis 2026-06-19T10:56:13Z 0
oauth-wg/oauth-v2-1 2026-06-18T00:46:36Z 46
oauth-wg/draft-ietf-oauth-attestation-based-client-auth 2026-06-18T00:44:45Z 16
oauth-wg/oauth-spiffe-client-authentication 2026-06-18T00:41:14Z 11
oauth-wg/oauth-sd-jwt-vc 2026-06-14T01:21:18Z 8
oauth-wg/draft-ietf-oauth-client-id-metadata-document 2026-05-28T00:16:58Z 43
oauth-wg/rt-expiration 2026-05-08T21:04:25Z 4
oauth-wg/draft-ietf-oauth-rfc7523bis 2026-04-28T21:48:27Z 1

Recent Pull Requests

  • oauth-wg/draft-ietf-oauth-status-list#357 Editorial fixes for kramdown etc. (2026-06-21T16:29:15Z)
  • oauth-wg/oauth-transaction-tokens#355 Add Brian Campbell as a contributor (2026-06-21T04:35:49Z)
  • oauth-wg/oauth-browser-based-apps#112 Updated cookie prefix (2026-06-19T13:03:07Z)
  • oauth-wg/oauth-identity-chaining#196 Address issue 195 (2026-06-19T11:31:33Z)
  • oauth-wg/draft-ietf-oauth-rfc8725bis#41 Use MUST for requirements stated with lowercase must/should (2026-06-19T10:47:45Z)
  • oauth-wg/oauth-identity-assertion-authz-grant#105 Clarify SAML NameID stability, scope, and non-NameID resolution (2026-06-19T05:25:33Z)
  • oauth-wg/oauth-transaction-tokens#354 moved key determination to security considerations (2026-06-19T00:35:32Z)
  • oauth-wg/draft-ietf-oauth-rfc8725bis#40 Add -05 history entry for Deb Cooley's AD comments (2026-06-18T02:20:34Z)
  • oauth-wg/draft-ietf-oauth-rfc8725bis#39 Address Deb's comments (2026-06-17T20:16:18Z)
  • oauth-wg/oauth-identity-chaining#193 nits from Med's IESG Review (2026-06-17T02:27:44Z)

Recent Issues

  • oauth-wg/oauth-transaction-tokens#351 Using RFC 9396's authorization_details as a claim and for request_context (2026-06-21T14:49:35Z)
  • oauth-wg/oauth-identity-chaining#195 Mohamed Boucadair (2026-06-19T18:22:58Z)
  • oauth-wg/oauth-identity-assertion-authz-grant#106 What should this spec say about DPoP server-provided nonces and replay protection? (2026-06-19T05:55:12Z)
  • oauth-wg/oauth-identity-assertion-authz-grant#92 ID-JAG standard claim change suggestions (2026-06-19T05:28:53Z)
  • oauth-wg/oauth-first-party-apps#177 Differentiate actual errors from insufficient authorization by Status Code (2026-06-19T03:40:38Z)
  • oauth-wg/oauth-transaction-tokens#349 More rctx/tctx fun (2026-06-19T01:13:05Z)
  • oauth-wg/oauth-transaction-tokens#325 "Downscoping" transaction tokens to particular target workloads (2026-06-19T00:46:02Z)
  • oauth-wg/oauth-transaction-tokens#330 tctx/rctx/scope (2026-06-19T00:45:22Z)
  • oauth-wg/oauth-transaction-tokens#332 Txn-Token Request: OPTIONAL is different than RECOMMENDED (2026-06-19T00:44:31Z)
  • oauth-wg/oauth-transaction-tokens#338 Consisten capitalisation of Call Chain and Trust Domain (2026-06-19T00:40:45Z)

Organization Events

  • 2026-06-21T16:42:52Z PushEvent oauth-wg/draft-ietf-oauth-status-list
  • 2026-06-21T16:29:57Z PushEvent oauth-wg/draft-ietf-oauth-status-list
  • 2026-06-21T16:29:15Z PushEvent oauth-wg/draft-ietf-oauth-status-list
  • 2026-06-21T04:36:17Z PushEvent oauth-wg/oauth-transaction-tokens
  • 2026-06-21T04:35:49Z DeleteEvent oauth-wg/oauth-transaction-tokens
  • 2026-06-21T04:35:48Z PushEvent oauth-wg/oauth-transaction-tokens
  • 2026-06-21T00:54:50Z PushEvent oauth-wg/oauth-transaction-tokens
  • 2026-06-21T00:25:54Z PushEvent oauth-wg/oauth-identity-assertion-authz-grant
  • 2026-06-19T18:22:59Z IssuesEvent oauth-wg/oauth-identity-chaining Mohamed Boucadair
  • 2026-06-19T13:03:07Z IssueCommentEvent oauth-wg/oauth-browser-based-apps Updated cookie prefix
  • 2026-06-19T11:46:16Z PullRequestEvent oauth-wg/oauth-browser-based-apps opened
  • 2026-06-19T11:32:58Z PushEvent oauth-wg/oauth-identity-chaining
  • 2026-06-19T11:32:00Z PushEvent oauth-wg/oauth-identity-chaining
  • 2026-06-19T11:31:33Z DeleteEvent oauth-wg/oauth-identity-chaining
  • 2026-06-19T11:31:32Z PushEvent oauth-wg/oauth-identity-chaining
  • 2026-06-19T11:29:44Z PullRequestReviewEvent oauth-wg/oauth-identity-chaining created
  • 2026-06-19T11:18:23Z PullRequestReviewEvent oauth-wg/oauth-identity-chaining created
  • 2026-06-19T10:50:39Z DeleteEvent oauth-wg/draft-ietf-oauth-rfc8725bis
  • 2026-06-19T10:49:36Z PushEvent oauth-wg/draft-ietf-oauth-rfc8725bis
  • 2026-06-19T10:48:11Z PushEvent oauth-wg/draft-ietf-oauth-rfc8725bis

Mailarchive Signals

Next Actions

  1. Evaluate the top 3 items in Top Priorities as weekly deep-dive candidates.
  2. Separately track comment deadlines for In Last Call / In WG Last Call drafts.
  3. For repos with a sudden spike in activity, create a scaffold in deep-dives/ to capture key discussion points.

Weekly Digest 2026-W26

OAuth WG Weekly Digest - 2026-W26

Window: 2026-06-15 to 2026-06-22 Generated at: 2026-06-22T13:24:30+00:00

Summary

  • Drafts updated this week: 4
  • PRs touched this week: 16
  • Issues touched this week: 24

Drafts Updated This Week

Draft Rev Updated States
draft-ietf-oauth-status-list 21 2026-06-21T16:44:23Z Active, Waiting on Authors, Expert Reviews OK
draft-ietf-oauth-identity-chaining 15 2026-06-19T16:10:53Z Active, Expert Reviews OK, IANA OK - Actions Needed
draft-ietf-oauth-rfc8725bis 06 2026-06-19T11:13:26Z Active, Last Call Requested, Submitted to IESG for Publication
draft-ietf-oauth-cross-device-security 16 2026-06-18T17:25:59Z Active, No IANA Actions, Version Changed - Review Needed

Top Deep-Dive Candidates

Rank Draft Score Reasons
1 draft-ietf-oauth-status-list 114 lifecycle: RFC Ed Queue (+65); updated within 3 days (+25); repo activity: 12 (+24)
2 draft-ietf-oauth-identity-chaining 100 lifecycle: Submitted to IESG for Publication (+45); updated within 3 days (+25); repo activity: 27 (+30)
3 draft-ietf-oauth-rfc8725bis 100 lifecycle: Submitted to IESG for Publication (+45); updated within 3 days (+25); repo activity: 38 (+30)
4 draft-ietf-oauth-transaction-tokens 100 lifecycle: In WG Last Call (+70); repo activity: 53 (+30)
5 draft-ietf-oauth-cross-device-security 90 lifecycle: RFC Ed Queue (+65); updated within 3 days (+25)
6 draft-ietf-oauth-rfc7523bis 77 lifecycle: RFC Ed Queue (+65); updated within 30 days (+8); repo activity: 2 (+4)
7 draft-ietf-oauth-browser-based-apps 75 lifecycle: RFC Ed Queue (+65); repo activity: 5 (+10)
8 draft-ietf-oauth-attestation-based-client-auth 66 lifecycle: WG Document (+20); updated within 30 days (+8); repo activity: 23 (+30)
9 draft-ietf-oauth-identity-assertion-authz-grant 58 lifecycle: WG Document (+20); repo activity: 37 (+30); open issues: 22 (+8)
10 draft-ietf-oauth-sd-jwt-vc 57 lifecycle: Submitted to IESG for Publication (+45); repo activity: 6 (+12)

Active PRs This Week

  • oauth-wg/draft-ietf-oauth-status-list#357 Editorial fixes for kramdown etc. (2026-06-21T16:29:15Z)
  • oauth-wg/oauth-transaction-tokens#355 Add Brian Campbell as a contributor (2026-06-21T04:35:49Z)
  • oauth-wg/oauth-browser-based-apps#112 Updated cookie prefix (2026-06-19T13:03:07Z)
  • oauth-wg/oauth-identity-chaining#196 Address issue 195 (2026-06-19T11:31:33Z)
  • oauth-wg/draft-ietf-oauth-rfc8725bis#41 Use MUST for requirements stated with lowercase must/should (2026-06-19T10:47:45Z)
  • oauth-wg/oauth-identity-assertion-authz-grant#105 Clarify SAML NameID stability, scope, and non-NameID resolution (2026-06-19T05:25:33Z)
  • oauth-wg/oauth-transaction-tokens#354 moved key determination to security considerations (2026-06-19T00:35:32Z)
  • oauth-wg/draft-ietf-oauth-rfc8725bis#40 Add -05 history entry for Deb Cooley's AD comments (2026-06-18T02:20:34Z)
  • oauth-wg/draft-ietf-oauth-rfc8725bis#39 Address Deb's comments (2026-06-17T20:16:18Z)
  • oauth-wg/oauth-identity-chaining#193 nits from Med's IESG Review (2026-06-17T02:27:44Z)
  • oauth-wg/oauth-transaction-tokens#346 Change Txn-Token Request parameters to RECOMMENDED (2026-06-16T22:33:54Z)
  • oauth-wg/oauth-identity-assertion-authz-grant#102 Add optional ID-JAG encryption with JWE (2026-06-16T17:15:08Z)
  • oauth-wg/oauth-identity-chaining#194 a few less 2119 keywords (2026-06-16T15:43:15Z)
  • oauth-wg/oauth-spiffe-client-authentication#42 Update Github location (2026-06-16T09:31:29Z)
  • oauth-wg/draft-ietf-oauth-attestation-based-client-auth#203 Editorial: code blocks & small note on dpop_jkt (2026-06-16T07:07:00Z)