[Openid-specs-fapi] Cross-Browser Payment Initiation Attack

Dave Tonge dave.tonge at momentumft.co.uk
Tue Jan 8 13:28:52 UTC 2019


I'm very much in favour of this.

Dave

On Mon, 7 Jan 2019 at 22:25, n-sakimura via Openid-specs-fapi <
openid-specs-fapi at lists.openid.net> wrote:

> Thanks Torsten and Daniel,
>
> This seems to be a very good starting point for a white paper/technical
> report. Is there any objection to starting a work based on this?
>
> If so, please speak up by the end of this week.
>
> Best,
>
> Nat Sakimura
> Chair, FAPI WG.
>
> Outlook for iOS <https://aka.ms/o0ukef> を入手
>
> ------------------------------
> *差出人:* Openid-specs-fapi <openid-specs-fapi-bounces at lists.openid.net>
> (Torsten Lodderstedt via Openid-specs-fapi <
> openid-specs-fapi at lists.openid.net> の代理)
> *送信日時:* 火曜日, 1月 8, 2019 1:33 午前
> *宛先:* openid-specs-fapi at lists.openid.net
> *Cc:* Torsten Lodderstedt
> *件名:* [Openid-specs-fapi] Cross-Browser Payment Initiation Attack
>
> Hi all,
>
> Daniel and I wrote a document describing a potential kind of attack on
> redirect based flows used to authorize and initiate payments.
>
> We would like to contribute this document to the working group.
>
> kind regards,
> Torsten.
>
> _______________________________________________
> Openid-specs-fapi mailing list
> Openid-specs-fapi at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-fapi
> _______________________________________________
> Openid-specs-fapi mailing list
> Openid-specs-fapi at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-fapi
>


-- 


DISCLAIMER: This email (including any attachments) is subject to copyright,
and the information in it is confidential. Use of this email or of any
information in it other than by the addressee is unauthorised and unlawful.
Whilst reasonable efforts are made to ensure that any attachments are
virus-free, it is the recipient's sole responsibility to scan all
attachments for viruses. All calls and emails to and from this company may
be monitored and recorded for legitimate purposes relating to this
company's business. Any opinions expressed in this email (or in any
attachments) are those of the author and do not necessarily represent the
opinions of Moneyhub Financial Technology Limited or of any other group
company.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-fapi/attachments/20190108/13bf16f1/attachment.html>


More information about the Openid-specs-fapi mailing list