Link attacker model to FAPI 2 Advanced

Issue #491 resolved
Dave Tonge created an issue

The FAPI 2 Attacker model has these defined messages that need non-repudiation:

  * NR1: Pushed Authorization Requests
  * NR2: Responses to Pushed Authorization Requests
  * NR3: Authorization Requests (Front-Channel)
  * NR4: Authorization Responses (Front-Channel)
  * NR5: ID Token Contents
  * NR6: Introspection Responses
  * NR7: Userinfo Responses
  * NR8: Resource Requests
  * NR9: Resource Responses

We should probably reference them in the advanced profile - or at the very least check they are in alignment

Comments (1)

  1. Log in to comment