[Openid-specs-fapi] FAPI Security Model
Dave Tonge
dave.tonge at momentumft.co.uk
Thu Nov 14 17:21:29 UTC 2019
Dear WG
We discussed this issue:
https://bitbucket.org/openid/fapi/issues/163/more-description-of-the-security-model
on
the call yesterday.
It is an important issue and I would ask all WG members to review the
issue, especially the comment from Daniel and the linked spreadsheet (
https://docs.google.com/spreadsheets/d/1PtG4f-Svils7wHBa7cGaZubbh-6lGifce38c_oShSss/edit?usp=sharing
)
We plan to review the ticket and the linked document on the next call.
We noted on the call the need to:
1. Check whether there are other attacker capabilities we want to protect
against
2. Check whether given the documented attacker capabilities, are there
other possible attacks that we can document
3. Document our assumptions
Thanks
--
Dave Tonge
FAPI WG Co-Chair
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-fapi/attachments/20191114/8ba3749e/attachment.html>
More information about the Openid-specs-fapi
mailing list