[Openid-specs-fapi] FAPI Security Model

Dave Tonge dave.tonge at momentumft.co.uk
Thu Nov 14 17:21:29 UTC 2019

Dear WG

We discussed this issue:
the call yesterday.

It is an important issue and I would ask all WG members to review the
issue, especially the comment from Daniel and the linked spreadsheet (

We plan to review the ticket and the linked document on the next call.

We noted on the call the need to:
1. Check whether there are other attacker capabilities we want to protect
2. Check whether given the documented attacker capabilities, are there
other possible attacks that we can document
3. Document our assumptions


Dave Tonge
FAPI WG Co-Chair
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-fapi/attachments/20191114/8ba3749e/attachment.html>

More information about the Openid-specs-fapi mailing list