![]() ![]() Threat: Malicious Client ObtainsĪuthorization. Threat: Obtaining Authorization "codes"įrom Authorization Server Database. Threat: Eavesdropping or LeakingĪuthorization "codes". Threat: Obtaining Client Secret by Online Guessing. Threat: Obtaining Client Secret fromĪuthorization Server Database. Threat: Disclosure of Client Credentialsĭuring Transmission. Threat: Obtaining Access Tokens fromĪuthorization Server Database. Threat: Malicious Client Obtains ExistingĪuthorization by Fraud. Threat: Password Phishing by CounterfeitĪuthorization Server. Threat: End-User Credentials Phished UsingĬompromised or Embedded Browser. The Trust Legal Provisions and are provided without warranty as Include Simplified BSD License text as described in Section 4.e of Code Components extracted from this document must Please review these documentsĬarefully, as they describe your rights and restrictions with respect This document is subject to BCP 78 and the IETF Trust's Legal Information about the current status of this document, any errata,Īnd how to provide feedback on it may be obtained atĬopyright (c) 2013 IETF Trust and the persons identified as the Not all documentsĪpproved by the IESG are a candidate for any level of Internet Internet Engineering Steering Group (IESG). Received public review and has been approved for publication by the It represents the consensus of the IETF community. This document is a product of the Internet Engineering Task Force This document is not an Internet Standards Track specification it is This document gives additional security considerations for OAuth,īeyond those in the OAuth 2.0 specification, based on a comprehensive OAuth 2.0 Threat Model and Security Considerations Request for Comments: 6819 Deutsche Telekom AG Internet Engineering Task Force (IETF) T. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |