- changed status to resolved
Link attacker model to FAPI 2 Advanced
Issue #491
resolved
The FAPI 2 Attacker model has these defined messages that need non-repudiation:
* NR1: Pushed Authorization Requests
* NR2: Responses to Pushed Authorization Requests
* NR3: Authorization Requests (Front-Channel)
* NR4: Authorization Responses (Front-Channel)
* NR5: ID Token Contents
* NR6: Introspection Responses
* NR7: Userinfo Responses
* NR8: Resource Requests
* NR9: Resource Responses
We should probably reference them in the advanced profile - or at the very least check they are in alignment
Comments (2)
-
reporter -
- changed component to FAPI2: Message Signing
- Log in to comment
PR merged