Link attacker model to FAPI 2 Advanced

The FAPI 2 Attacker model has these defined messages that need non-repudiation:

  * NR1: Pushed Authorization Requests
  * NR2: Responses to Pushed Authorization Requests
  * NR3: Authorization Requests (Front-Channel)
  * NR4: Authorization Responses (Front-Channel)
  * NR5: ID Token Contents
  * NR6: Introspection Responses
  * NR7: Userinfo Responses
  * NR8: Resource Requests
  * NR9: Resource Responses

We should probably reference them in the advanced profile - or at the very least check they are in alignment

‌

Comments (2)