[Openid-specs-ab] Fwd: REMINDER: Requesting Feedback on OWASP ASVS 5.0
Nat Sakimura
nat at sakimura.org
Wed Mar 12 15:08:07 UTC 2025
Dear AB/C WG:
We should at least strive to correct apparent errors like "id-token" (it
should be "id_token").
I suggest adding this as an agenda item and creating an ad-hoc group to
deal with the response.
Best regards,
Nat Sakimura
---------- Forwarded message ---------
From: Mike Leszcz <mike.leszcz at oidf.org>
Date: 2025年3月12日(水) 23:27
Subject: REMINDER: Requesting Feedback on OWASP ASVS 5.0
To: Nat Sakimura <nat at sakimura.org>, Mark Haine <Mark.Haine at oidf.org>
Cc: openid-specs-ab at lists.openid.net <openid-specs-ab at lists.openid.net>,
openid-specs-fapi-owner at lists.openid.net <
openid-specs-fapi-owner at lists.openid.net>, Gail Hodges <gail at oidf.org>
Hello AB/Connect & FAPI WG Co-Chairs & Contributors,
This is a friendly reminder to review and provide comments on OWASP's
updated Application Security Verification Standard per Mark Haine's email
below.
WG co-chairs — please add this topic/reminder to your upcoming call agendas.
Kind regards,
Mike
MIKE LESZCZ : OPERATIONS DIRECTOR : OPENID FOUNDATION
*mike.leszcz at oidf.org <mike.leszcz at oidf.org>* : +1 803.239.7750
------------------------------
*From:* Nat Sakimura <nat at sakimura.org>
*Sent:* Monday, March 3, 2025 7:49 AM
*To:* Mark Haine <Mark.Haine at oidf.org>
*Cc:* openid-specs-ab at lists.openid.net <openid-specs-ab at lists.openid.net>;
openid-specs-fapi-owner at lists.openid.net <
openid-specs-fapi-owner at lists.openid.net>; Gail Hodges <gail at oidf.org>;
Mike Leszcz <mike.leszcz at oidf.org>
*Subject:* Re: OWASP ASVS 5.0
Thanks for sharing!
It is important to provide feedback IMHO.
2025年3月3日(月) 21:47 Mark Haine <Mark.Haine at oidf.org>:
Hi AB/Connect and FAPI people,
There was a presentation at OSW2025 where I learned that OWASP are working
on a major revision to their Application Security Verification Standard.
As part of that revision, they are adding content relating to “OAuth and
OIDC” (sic). Some of you might wish to review and provide comment. If
having an OIDF set of collated feedback is desirable I may be able to find
time to aggregate your thoughts and comments. If that is the case please
let me know. I shall do my best to review for the OIDF in any case.
https://github.com/OWASP/ASVS/tree/master
Specific section on OAuth and OIDC is in:
https://github.com/OWASP/ASVS/blob/master/5.0/en/0x51-V51-OAuth2.md
I have reached out to the presenter to see if there is any other guidance
for reviewers. If I get anything back I’ll add it to this mail thread.
Best Regards,
Mark Haine
+44 (0) 777 555 0344 <+447775550344> | mark.haine at oidf.org |
[image: OpenID Logo] <https://www.considrd.consulting/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20250313/29cd36a4/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 1347447 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20250313/29cd36a4/attachment-0001.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 6115 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20250313/29cd36a4/attachment-0001.png>
More information about the Openid-specs-ab
mailing list