[Openid-specs-fapi] Issue #491: Link attacker model to FAPI 2 Advanced (openid/fapi)
dgtonge
issues-reply at bitbucket.org
Wed Apr 6 13:52:22 UTC 2022
New issue 491: Link attacker model to FAPI 2 Advanced
https://bitbucket.org/openid/fapi/issues/491/link-attacker-model-to-fapi-2-advanced
Dave Tonge:
The FAPI 2 Attacker model has these defined messages that need non-repudiation:
```
* NR1: Pushed Authorization Requests
* NR2: Responses to Pushed Authorization Requests
* NR3: Authorization Requests (Front-Channel)
* NR4: Authorization Responses (Front-Channel)
* NR5: ID Token Contents
* NR6: Introspection Responses
* NR7: Userinfo Responses
* NR8: Resource Requests
* NR9: Resource Responses
```
We should probably reference them in the advanced profile - or at the very least check they are in alignment
Responsible: Dave Tonge
More information about the Openid-specs-fapi
mailing list