From 38eb66151ee558d2615fbda429954455b80e5eee Mon Sep 17 00:00:00 2001 From: Hugh Nimmo-Smith Date: Thu, 4 Apr 2024 16:55:58 +0100 Subject: [PATCH] Notes on threat model --- proposals/4108-oidc-qr-login.md | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/proposals/4108-oidc-qr-login.md b/proposals/4108-oidc-qr-login.md index 23a022bac..f8ded79a1 100644 --- a/proposals/4108-oidc-qr-login.md +++ b/proposals/4108-oidc-qr-login.md @@ -1447,7 +1447,17 @@ will soon be verified. ## Security considerations -See individual threat analysis sections above. +This proposed mechanism has been designed to protects users and their devices from the following threats: + +- A malicious actor who is able to scan the QR code generated by the legitimate user. +- A malicious actor who can intercept and modify traffic on the application layer, even if protected by encryption like TLS. +- Both of the above at the same time. + +Additionally, the OIDC Provider is able to define and enforce policies that can prevent a sign in on a new device. +Such policies depend on the OIDC Provider in use and could include, but are not limited to, time of day, day of the week, +source IP address and geolocation. + +A threat analysis has been done within each of the key layers in the proposal above. ## Unstable prefix