[Openid-specs-fapi] Issue #655: Normatively require Attackermodel (openid/fapi)
Nat
issues-reply at bitbucket.org
Tue Jan 9 07:26:23 UTC 2024
New issue 655: Normatively require Attackermodel
https://bitbucket.org/openid/fapi/issues/655/normatively-require-attackermodel
Nat Sakimura:
The current text does not require Attackermodel document. I think this is not right. We should make it so that there is a requirement that references the attackermodel document.
One way of doing it is to \(while it is a bit weird to read\):
Make
> 5.1. Introduction
>
> The FAPI 2.0 Security Profile is an API security profile based on the OAuth 2.0 Authorization Framework \[RFC6749\], that aims to reach the security goals laid out in the Attacker Model \[attackermodel\].
into
> 5.1. Introduction
>
> The FAPI 2.0 Security Profile is an API security profile based on the OAuth 2.0 Authorization Framework \[RFC6749\], that ~~aims to reach~~ shall fulfill the security goals laid out in the Attacker Model \[attackermodel\].
More information about the Openid-specs-fapi
mailing list