Open philsmart opened 16 hours ago
philsmart
commented
16 hours ago Also, it is probably missing something on 'Credential Leakage' (similar to the credential management spec, which might be a sensible starter). XSS that steals the 'token': possibly usable by an attacker if a bearer token of some kind.
TallTed
commented
13 hours ago I would expect the primary organization (list) to be either by actions (each of which would have one or more identified vulnerabilities) or by vulnerabilities (each of which would have a list of actions where that vulnerability arises).
If primary organization is by actions, I would expect a second list of vulnerabilities, each with one or more (possible) mitigations.
Mitigations might then be a third list, each possibly with implementation details/suggestions.
https://github.com/w3c-fedid/FedCM/blob/8201e01294fddad742f2bffdece0067ba25b46a0/spec/index.bs#L2501
@npm1 In the context of the Security Horizontal Review https://github.com/w3c-fedid/FedCM/issues/652, should the Security Considerations section of the spec be consistently organised by the security risk/threat as opposed to the mitigation (one of them seems to be already)?
For instance, the Content Security Policy section could be titled 'Injection Attacks'. It could then introduce both the malicious Identity Provider (IdP) and endpoint XSS threats, followed by discussing CSP and the Sec-Fetch-Dest as mitigations for each.
This would make it similar to that discussed by other credential APIs, such as its parent's (I think parent) Security Considerations section.