Hi all,
I just posted the new revision of the OAuth 2.0 security threat model
and considerations document as WG item
(http://tools.ietf.org/html/draft-ietf-oauth-v2-threatmodel-00).
We incoporated all feedback we got on the list and at IETF-80. Many
thanks to all people who have given us feedback. Special thanks to
Hui-Lan Lu, Francisco Corella, Eric Pflam, Shane B Weeden, Skylar
Woodward, and James H. Manger for their comments and suggestions.
New threats descriptions:
- User session impersonation
- XSRF
- Clickjacking
- DoS using manufactured authorization codes
Modification:
- renamed "session fixation" to "authorization code disclosure through
counterfeit client"
regards,
Torsten.
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth