[Openid-specs-fapi] Cross-Browser Payment Initiation Attack

Tue Jan 8 13:30:40 UTC 2019

It gets my vote as well. Very important.

On Tue, 8 Jan 2019 at 13:29, Dave Tonge via Openid-specs-fapi <
openid-specs-fapi at lists.openid.net> wrote:

> I'm very much in favour of this.
>
> Dave
>
> On Mon, 7 Jan 2019 at 22:25, n-sakimura via Openid-specs-fapi <
> openid-specs-fapi at lists.openid.net> wrote:
>
>> Thanks Torsten and Daniel,
>>
>> This seems to be a very good starting point for a white paper/technical
>> report. Is there any objection to starting a work based on this?
>>
>> If so, please speak up by the end of this week.
>>
>> Best,
>>
>> Nat Sakimura
>> Chair, FAPI WG.
>>
>> Outlook for iOS <https://aka.ms/o0ukef> を入手
>>
>> ------------------------------
>> *差出人:* Openid-specs-fapi <openid-specs-fapi-bounces at lists.openid.net>
>> (Torsten Lodderstedt via Openid-specs-fapi <
>> openid-specs-fapi at lists.openid.net> の代理)
>> *送信日時:* 火曜日, 1月 8, 2019 1:33 午前
>> *宛先:* openid-specs-fapi at lists.openid.net
>> *Cc:* Torsten Lodderstedt
>> *件名:* [Openid-specs-fapi] Cross-Browser Payment Initiation Attack
>>
>> Hi all,
>>
>> Daniel and I wrote a document describing a potential kind of attack on
>> redirect based flows used to authorize and initiate payments.
>>
>> We would like to contribute this document to the working group.
>>
>> kind regards,
>> Torsten.
>>
>> _______________________________________________
>> Openid-specs-fapi mailing list
>> Openid-specs-fapi at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-specs-fapi
>> _______________________________________________
>> Openid-specs-fapi mailing list
>> Openid-specs-fapi at lists.openid.net
>> http://lists.openid.net/mailman/listinfo/openid-specs-fapi
>>
>
>
> --
>
>
> DISCLAIMER: This email (including any attachments) is subject to
> copyright, and the information in it is confidential. Use of this email or
> of any information in it other than by the addressee is unauthorised and
> unlawful. Whilst reasonable efforts are made to ensure that any attachments
> are virus-free, it is the recipient's sole responsibility to scan all
> attachments for viruses. All calls and emails to and from this company may
> be monitored and recorded for legitimate purposes relating to this
> company's business. Any opinions expressed in this email (or in any
> attachments) are those of the author and do not necessarily represent the
> opinions of Moneyhub Financial Technology Limited or of any other group
> company.
> _______________________________________________
> Openid-specs-fapi mailing list
> Openid-specs-fapi at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-fapi
>

-- 
<https://www.pingidentity.com>[image: Ping Identity]
<https://www.pingidentity.com>
Rob Otto
EMEA Field CTO/Solutions Architect
robotto at pingidentity.com

c: +44 (0) 777 135 6092
Connect with us: [image: Glassdoor logo]
<https://www.glassdoor.com/Overview/Working-at-Ping-Identity-EI_IE380907.11,24.htm>
[image:
LinkedIn logo] <https://www.linkedin.com/company/21870> [image: twitter
logo] <https://twitter.com/pingidentity> [image: facebook logo]
<https://www.facebook.com/pingidentitypage> [image: youtube logo]
<https://www.youtube.com/user/PingIdentityTV> [image: Google+ logo]
<https://plus.google.com/u/0/114266977739397708540> [image: Blog logo]
<https://www.pingidentity.com/en/blog.html>
<https://www.google.com/url?q=https://www.pingidentity.com/content/dam/ping-6-2-assets/Assets/faqs/en/consumer-attitudes-post-breach-era-3375.pdf?id%3Db6322a80-f285-11e3-ac10-0800200c9a66&source=gmail&ust=1541693608526000&usg=AFQjCNGBl5cPHCUAVKGZ_NnpuFj5PHGSUQ>

-- 
_CONFIDENTIALITY NOTICE: This email may contain confidential and privileged 
material for the sole use of the intended recipient(s). Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately 
by e-mail and delete the message and any file attachments from your 
computer. Thank you._
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-fapi/attachments/20190108/9f8e4de3/attachment-0001.html>