[Openid-specs-fapi] Issue #641: Scope states "stated attacker model" without explicitly referencing it (openid/fapi)
Nat
issues-reply at bitbucket.org
Tue Jan 9 05:32:26 UTC 2024
New issue 641: Scope states "stated attacker model" without explicitly referencing it
https://bitbucket.org/openid/fapi/issues/641/scope-states-stated-attacker-model-without
Nat Sakimura:
Currently, it goes:
> 1. Scope
>
> This specification is a general purpose high security profile of OAuth 2.0 that has been proved by formal analysis to meet the stated attacker model. This document specifies the requirements for:
It is not clear what what is the **stated attacker model**. It should be explicit.
Proposes:
Replace “the stated” with “FAPI 2.0 - Part 1: Attacker model”
More information about the Openid-specs-fapi
mailing list