mike1813
commented
7 months ago Addressed by adding new relationships and construction patterns. Some issues found in regression tests, requiring an extra construction pattern, now added.
The issue is therefore addressed well enough to be closed, but there is a discussion point remaining, covered by new issue #115.
In the model for using OIDC/OAuth-style services to control access to other services and data, dependencies exist between client-service relationships and relationships between the client or service and the OIDC/OAuth service.
These dependencies lead to threats, e.g., if a client can be impersonated to an OIDC service, it can be impersonated to any other service that redirects clients to the OIDC service for authentication.
The threats capturing the effect of these dependencies are too restrictive. Most currently apply only where the client-service relationship is either direct, or via a chain of credential-forwarding intermediaries. This means they don't apply to authorization channels, modelling cases where the client does not authenticate to a back-end service, but supplies authorization tokens via a front-end service.
This should be fixed. Ideally, the solution should construct new relationships between client-service relationship assets to capture their dependencies, so threats can be based on those new relationships and thus apply independently of how the dependency arose. In that way, further extensions can be handled by altering construction pattern sequences creating the new relationships.