Create terms and definition as well as the abbreviations for the attacker model document
Issue #656
new
3. Terms and definitions
For the purposes of this document, the terms and definitions given in RFC6749 and OpenID Connect [OIDC] and the following apply.
3.1
A1
web attacker
Note to entry: Refer to subclause x.a for its capability.
3.2
A1a
web attacker participating as authorization server
Note to entry: Refer to subclause x.b for its capability.
3.3
A2
network attacker
Note to entry: Refer to subclause x.c for its capability.
3.4
A3a
attacker at the authorization endpoint with read authorization request capability
Note to entry: Refer to subclause x.d for its capability.
3.5
A5
attacker at the token endpoint with read and tamper with token requests and responses capability
Note to entry: Refer to subclause x.e for its capability.
3.6
A7
attacker at the resource server with read resource requests capability
Note to entry: Refer to subclause x.f for its capability.
Comments (2)
-
-
- changed title to Create terms and definition as well as the abbreviations for the attacker model document
-
assigned issue to
Daniel Fett
- Log in to comment
- Assignee
- Type
- Priority
- Status
- new
- Component
- FAPI2: Attacker Model
- Milestone
- FINAL
- Votes
- 0
- Watchers
- 1
I don’t think that a long list with separate subsection like this would be particularly helpful. I would be fine with a sentence saying something along the lines of “The attacker modelss A1, A1a, A2, A3, A4, and A5 are defined in the respective subsections of Section X.”
WDYT?