Identity Deep Dive

OAuth WG

OAuth Working Group drafts and implementations

↗ Source ↗ Track repo

Daily Report 2026-04-28

OAuth WG Daily Report - 2026-04-28

  • generated_at_utc: 2026-04-28T08:31:51Z
  • snapshot: /home/runner/work/identity-deep-dive/identity-deep-dive/tracks/oauth-wg/data/snapshots/2026-04-28T083138Z

Top Priorities

Rank Draft Score Updated Key State Repo
1 draft-ietf-oauth-identity-chaining 135 2026-04-27T16:03:43Z Active, IANA - Review Needed oauth-identity-chaining
2 draft-ietf-oauth-rfc7523bis 118 2026-04-20T20:12:59Z Active, Reviews assigned draft-ietf-oauth-rfc7523bis
3 draft-ietf-oauth-transaction-tokens 108 2026-03-27T12:21:42Z Active, I-D Exists oauth-transaction-tokens
4 draft-ietf-oauth-sd-jwt-vc 105 2026-04-24T18:54:46Z Active, I-D Exists oauth-sd-jwt-vc
5 draft-ietf-oauth-status-list 94 2026-04-20T11:14:05Z Active, Expert Reviews OK draft-ietf-oauth-status-list
6 draft-ietf-oauth-identity-assertion-authz-grant 76 2026-04-22T22:16:37Z Active, I-D Exists oauth-identity-assertion-authz-grant
7 draft-ietf-oauth-cross-device-security 65 2026-03-04T14:06:34Z Active, No IANA Actions oauth-cross-device-security
8 draft-ietf-oauth-browser-based-apps 65 2025-12-04T18:51:39Z Active, No IANA Actions oauth-browser-based-apps
9 draft-ietf-oauth-attestation-based-client-auth 58 2026-03-02T22:12:21Z Active, I-D Exists draft-ietf-oauth-attestation-based-client-auth
10 draft-ietf-oauth-rfc8725bis 45 2026-03-22T09:15:20Z Active, Publication Requested draft-ietf-oauth-rfc8725bis

Active Drafts

Draft Rev Updated States
draft-ietf-oauth-identity-chaining 10 2026-04-27T16:03:43Z Active, IANA - Review Needed, In Last Call
draft-ietf-oauth-sd-jwt-vc 16 2026-04-24T18:54:46Z Active, I-D Exists, WG Consensus: Waiting for Write-Up
draft-ietf-oauth-identity-assertion-authz-grant 03 2026-04-22T22:16:37Z Active, I-D Exists, WG Document
draft-ietf-oauth-rfc7523bis 10 2026-04-20T20:12:59Z Active, Reviews assigned, Version Changed - Review Needed
draft-ietf-oauth-status-list 20 2026-04-20T11:14:05Z Active, Expert Reviews OK, Version Changed - Review Needed
draft-ietf-oauth-transaction-tokens 08 2026-03-27T12:21:42Z Active, I-D Exists, In WG Last Call
draft-ietf-oauth-rfc8725bis 04 2026-03-22T09:15:20Z Active, Publication Requested, Submitted to IESG for Publication
draft-ietf-oauth-cross-device-security 16 2026-03-04T14:06:34Z Active, No IANA Actions, Version Changed - Review Needed
draft-ietf-oauth-attestation-based-client-auth 08 2026-03-02T22:12:21Z Active, I-D Exists, WG Document
draft-ietf-oauth-v2-1 15 2026-03-02T18:53:37Z Active, I-D Exists, WG Document
draft-ietf-oauth-spiffe-client-auth 01 2026-03-02T17:13:18Z Active, I-D Exists, WG Document
draft-ietf-oauth-security-topics-update 01 2026-03-02T13:29:59Z Active, I-D Exists, WG Document
draft-ietf-oauth-client-id-metadata-document 01 2026-03-02T03:28:49Z Active, I-D Exists, WG Document
draft-ietf-oauth-first-party-apps 03 2026-02-28T01:50:14Z Active, I-D Exists, WG Document
draft-ietf-oauth-refresh-token-expiration 01 2026-02-27T22:51:29Z Active, I-D Exists, WG Document

Repo Watch

Repo Pushed Open Issues
oauth-wg/draft-ietf-oauth-attestation-based-client-auth 2026-04-28T00:30:28Z 21
oauth-wg/oauth-identity-assertion-authz-grant 2026-04-28T00:16:08Z 16
oauth-wg/draft-ietf-oauth-client-id-metadata-document 2026-04-28T00:12:25Z 38
oauth-wg/oauth-sd-jwt-vc 2026-04-26T01:01:02Z 1
oauth-wg/oauth-identity-chaining 2026-04-24T22:35:44Z 0
oauth-wg/oauth-transaction-tokens 2026-04-23T00:37:08Z 16
oauth-wg/draft-ietf-oauth-status-list 2026-04-21T00:36:21Z 0
oauth-wg/draft-ietf-oauth-rfc7523bis 2026-04-20T20:12:52Z 1
oauth-wg/oauth-v2-1 2026-04-16T00:29:30Z 49
oauth-wg/oauth-first-party-apps 2026-03-13T11:10:31Z 8
oauth-wg/draft-ietf-oauth-rfc8725bis 2026-03-03T00:12:27Z 0
oauth-wg/oauth-cross-device-security 2026-03-02T16:16:24Z 0

Recent Pull Requests

  • oauth-wg/draft-ietf-oauth-attestation-based-client-auth#189 3 trust (2026-04-26T19:55:17Z)
  • oauth-wg/oauth-identity-assertion-authz-grant#91 minor corrections to the example requests (2026-04-26T17:54:17Z)
  • oauth-wg/oauth-identity-assertion-authz-grant#88 Clarify step-up authentication semantics for token exchange (2026-04-25T17:22:16Z)
  • oauth-wg/oauth-identity-chaining#185 note Aaron's move in the doc history (2026-04-24T22:31:09Z)
  • oauth-wg/oauth-identity-chaining#184 Move Mr. Parecki from contributor to author (2026-04-24T22:09:17Z)
  • oauth-wg/oauth-sd-jwt-vc#407 Document History now with more 17 (2026-04-24T19:01:00Z)
  • oauth-wg/oauth-sd-jwt-vc#405 shepherd review edits (2026-04-24T18:45:08Z)
  • oauth-wg/oauth-sd-jwt-vc#406 shepherd review edits + Move Display & Claim Metadata to be subsections of SD-JWT VC Type Metadata (2026-04-24T18:33:46Z)
  • oauth-wg/oauth-identity-chaining#183 AD comments (2026-04-24T16:56:12Z)
  • oauth-wg/oauth-identity-assertion-authz-grant#89 add headings for IdP/RAS metadata (2026-04-23T17:33:23Z)

Recent Issues

  • oauth-wg/oauth-identity-assertion-authz-grant#92 ID-JAG standard claim change suggestions (2026-04-27T17:31:48Z)
  • oauth-wg/draft-ietf-oauth-client-id-metadata-document#30 Client metadata retrieval can be abused to make server issued requests (2026-04-26T14:40:03Z)
  • oauth-wg/oauth-identity-chaining#182 AD Feedback (2026-04-24T16:13:39Z)
  • oauth-wg/oauth-identity-chaining#139 Updates to reflect changes to RFC7523 (jwt_privatekey attack) (2026-04-23T23:16:04Z)
  • oauth-wg/oauth-identity-chaining#181 Question: DPoP proof handling across trust domain boundaries (2026-04-23T23:12:57Z)
  • oauth-wg/oauth-identity-assertion-authz-grant#90 Add authorization_grant_profiles_supported to client metadata too (2026-04-22T22:34:36Z)
  • oauth-wg/oauth-identity-assertion-authz-grant#80 Adding Optional actor_token to ID-JAG for Explicit Actor Modeling (2026-04-22T22:11:33Z)
  • oauth-wg/oauth-identity-assertion-authz-grant#76 Clarity in preconditions for LLM Agent using Enterprise Tools section (2026-04-22T22:11:32Z)
  • oauth-wg/oauth-identity-assertion-authz-grant#71 Add recommendations/considerations for user provisioning (2026-04-22T22:11:32Z)
  • oauth-wg/oauth-identity-assertion-authz-grant#75 Potential Usecase: Whitelabeling of SaaS Services (2026-04-22T22:11:32Z)

Organization Events

  • 2026-04-28T00:30:29Z PushEvent oauth-wg/draft-ietf-oauth-attestation-based-client-auth
  • 2026-04-28T00:16:09Z PushEvent oauth-wg/oauth-identity-assertion-authz-grant
  • 2026-04-28T00:12:26Z PushEvent oauth-wg/draft-ietf-oauth-client-id-metadata-document
  • 2026-04-27T20:20:26Z WatchEvent oauth-wg/oauth-v2-1 started
  • 2026-04-27T17:31:49Z IssuesEvent oauth-wg/oauth-identity-assertion-authz-grant ID-JAG standard claim change suggestions
  • 2026-04-26T19:54:54Z PushEvent oauth-wg/draft-ietf-oauth-attestation-based-client-auth
  • 2026-04-26T19:54:29Z PushEvent oauth-wg/draft-ietf-oauth-attestation-based-client-auth
  • 2026-04-26T17:54:17Z PullRequestEvent oauth-wg/oauth-identity-assertion-authz-grant opened
  • 2026-04-26T17:39:51Z ForkEvent oauth-wg/oauth-identity-assertion-authz-grant forked
  • 2026-04-26T01:01:03Z PushEvent oauth-wg/oauth-sd-jwt-vc
  • 2026-04-26T00:11:42Z PushEvent oauth-wg/oauth-identity-assertion-authz-grant
  • 2026-04-25T17:22:15Z IssueCommentEvent oauth-wg/oauth-identity-assertion-authz-grant Clarify step-up authentication semantics for token exchange
  • 2026-04-25T17:19:17Z IssueCommentEvent oauth-wg/oauth-identity-assertion-authz-grant Clarify step-up authentication semantics for token exchange
  • 2026-04-24T22:35:45Z PushEvent oauth-wg/oauth-identity-chaining
  • 2026-04-24T22:35:24Z ReleaseEvent oauth-wg/oauth-identity-chaining published
  • 2026-04-24T22:31:34Z PushEvent oauth-wg/oauth-identity-chaining
  • 2026-04-24T22:31:09Z DeleteEvent oauth-wg/oauth-identity-chaining
  • 2026-04-24T22:31:08Z PullRequestEvent oauth-wg/oauth-identity-chaining merged
  • 2026-04-24T22:31:08Z PushEvent oauth-wg/oauth-identity-chaining
  • 2026-04-24T22:16:28Z PushEvent oauth-wg/oauth-identity-chaining

Mailarchive Signals

Next Actions

  1. Evaluate the top 3 items in Top Priorities as weekly deep-dive candidates.
  2. Separately track comment deadlines for In Last Call / In WG Last Call drafts.
  3. For repos with a sudden spike in activity, create a scaffold in deep-dives/ to capture key discussion points.

Weekly Digest 2026-W18

OAuth WG Weekly Digest - 2026-W18

Window: 2026-04-20 to 2026-04-27 Generated at: 2026-04-27T10:02:53Z

Summary

  • Drafts updated this week: 5
  • PRs touched this week: 25
  • Issues touched this week: 24

Drafts Updated This Week

Draft Rev Updated States
draft-ietf-oauth-identity-chaining 10 2026-04-25T13:31:23Z Active, Last Call Requested, Submitted to IESG for Publication
draft-ietf-oauth-sd-jwt-vc 16 2026-04-24T18:54:46Z Active, I-D Exists, WG Consensus: Waiting for Write-Up
draft-ietf-oauth-identity-assertion-authz-grant 03 2026-04-22T22:16:37Z Active, I-D Exists, WG Document
draft-ietf-oauth-rfc7523bis 10 2026-04-20T20:12:59Z Active, Reviews assigned, Version Changed - Review Needed
draft-ietf-oauth-status-list 20 2026-04-20T11:14:05Z Active, Expert Reviews OK, Version Changed - Review Needed

Top Deep-Dive Candidates

Rank Draft Score Reasons
1 draft-ietf-oauth-rfc7523bis 118 lifecycle: IESG Evaluation (+70); updated within 7 days (+18); repo activity: 20 (+30)
2 draft-ietf-oauth-transaction-tokens 116 lifecycle: In WG Last Call (+70); updated within 30 days (+8); repo activity: 55 (+30)
3 draft-ietf-oauth-sd-jwt-vc 105 lifecycle: WG Consensus: Waiting for Write-Up (+50); updated within 3 days (+25); repo activity: 46 (+30)
4 draft-ietf-oauth-identity-chaining 100 lifecycle: Submitted to IESG for Publication (+45); updated within 3 days (+25); repo activity: 28 (+30)
5 draft-ietf-oauth-status-list 94 lifecycle: IESG Evaluation (+70); updated within 7 days (+18); repo activity: 3 (+6)
6 draft-ietf-oauth-identity-assertion-authz-grant 76 lifecycle: WG Document (+20); updated within 7 days (+18); repo activity: 59 (+30)
7 draft-ietf-oauth-cross-device-security 65 lifecycle: RFC Ed Queue (+65)
8 draft-ietf-oauth-browser-based-apps 65 lifecycle: RFC Ed Queue (+65)
9 draft-ietf-oauth-attestation-based-client-auth 58 lifecycle: WG Document (+20); repo activity: 28 (+30); open issues: 21 (+8)
10 draft-ietf-oauth-client-id-metadata-document 47 lifecycle: WG Document (+20); repo activity: 6 (+12); open issues: 38 (+15)

Active PRs This Week

  • oauth-wg/draft-ietf-oauth-attestation-based-client-auth#189 3 trust (2026-04-26T19:55:17Z)
  • oauth-wg/oauth-identity-assertion-authz-grant#91 minor corrections to the example requests (2026-04-26T17:54:17Z)
  • oauth-wg/oauth-identity-assertion-authz-grant#88 Clarify step-up authentication semantics for token exchange (2026-04-25T17:22:16Z)
  • oauth-wg/oauth-identity-chaining#185 note Aaron's move in the doc history (2026-04-24T22:31:09Z)
  • oauth-wg/oauth-identity-chaining#184 Move Mr. Parecki from contributor to author (2026-04-24T22:09:17Z)
  • oauth-wg/oauth-sd-jwt-vc#407 Document History now with more 17 (2026-04-24T19:01:00Z)
  • oauth-wg/oauth-sd-jwt-vc#405 shepherd review edits (2026-04-24T18:45:08Z)
  • oauth-wg/oauth-sd-jwt-vc#406 shepherd review edits + Move Display & Claim Metadata to be subsections of SD-JWT VC Type Metadata (2026-04-24T18:33:46Z)
  • oauth-wg/oauth-identity-chaining#183 AD comments (2026-04-24T16:56:12Z)
  • oauth-wg/oauth-identity-assertion-authz-grant#89 add headings for IdP/RAS metadata (2026-04-23T17:33:23Z)
  • oauth-wg/oauth-identity-assertion-authz-grant#87 Clarifies use of audience vs resource with token exchange request (2026-04-22T22:10:19Z)
  • oauth-wg/oauth-identity-assertion-authz-grant#82 Broadened the draft’s framing of Enterprise IdP to apply to more deployment scenarios (2026-04-22T22:10:18Z)
  • oauth-wg/oauth-identity-assertion-authz-grant#86 Add terms section and updated use of JIT to use term (2026-04-22T22:10:18Z)
  • oauth-wg/oauth-identity-assertion-authz-grant#79 Add support for "authorization_grant_profiles_supported" (2026-04-22T22:10:17Z)
  • oauth-wg/oauth-identity-assertion-authz-grant#81 Added optional support for actor_token (2026-04-22T22:10:17Z)