Create terms and definition as well as the abbreviations for the attacker model document
3. Terms and definitions
For the purposes of this document, the terms and definitions given in RFC6749 and OpenID Connect [OIDC] and the following apply.
3.1
A1
web attacker
Note to entry: Refer to subclause x.a for its capability.
3.2
A1a
web attacker participating as authorization server
Note to entry: Refer to subclause x.b for its capability.
3.3
A2
network attacker
Note to entry: Refer to subclause x.c for its capability.
3.4
A3a
attacker at the authorization endpoint with read authorization request capability
Note to entry: Refer to subclause x.d for its capability.
3.5
A5
attacker at the token endpoint with read and tamper with token requests and responses capability
Note to entry: Refer to subclause x.e for its capability.
3.6
A7
attacker at the resource server with read resource requests capability
Note to entry: Refer to subclause x.f for its capability.
Comments (2)
-
-
- changed title to Create terms and definition as well as the abbreviations for the attacker model document
-
assigned issue to
- Log in to comment
I don’t think that a long list with separate subsection like this would be particularly helpful. I would be fine with a sentence saying something along the lines of “The attacker modelss A1, A1a, A2, A3, A4, and A5 are defined in the respective subsections of Section X.”
WDYT?