- changed component to FAPI2: Baseline
Attackers A7/A8 break session integrity
Issue #535
resolved
Recommendation: See screenshot.
Comments (5)
-
-
-
assigned issue to
-
assigned issue to
-
reporter This is covered by https://bitbucket.org/openid/fapi/pull-requests/381/change-attacker-model-to-reflect-formal
I thought about document the attack a little more - at the end of the day, all we can recommend is to protect resource servers well, just like any other server participating in the FAPI protocol. I don’t think we need an explicit section for this in the document.
-
- changed status to resolved
-
- changed component to FAPI2: Security Profile
- Log in to comment