keycloak-scim/server_admin/topics/threat.adoc

== Threat Model Mitigation

This chapter discusses possible security vulnerabilities any authentication server could have and how {project_name}
mitigates those vulnerabilities.
A good list of potential vulnerabilities and what security implementations should do to mitigate them can be found in
the https://tools.ietf.org/html/rfc6819[OAuth 2.0 Threat Model] document and its most recent extension https://tools.ietf.org/html/draft-ietf-oauth-security-topics-15[OAuth 2.0 Security Best Current Practice] put out by the IETF.
Many of those vulnerabilities are discussed here.
threat 2016-05-31 22:00:59 +00:00			`== Threat Model Mitigation`

Convert documentation to AsciiDoctor 2017-08-28 12:50:14 +00:00			`This chapter discusses possible security vulnerabilities any authentication server could have and how {project_name}`
threat 2016-05-31 22:00:59 +00:00			`mitigates those vulnerabilities.`
			`A good list of potential vulnerabilities and what security implementations should do to mitigate them can be found in`
link current best practice for OAuth It could also be considered to link the oauth.net website (https://oauth.net/2/oauth-best-practice/) instead to always point to the most recent document. 2020-05-06 12:20:29 +00:00			`the https://tools.ietf.org/html/rfc6819[OAuth 2.0 Threat Model] document and its most recent extension https://tools.ietf.org/html/draft-ietf-oauth-security-topics-15[OAuth 2.0 Security Best Current Practice] put out by the IETF.`
threat 2016-05-31 22:00:59 +00:00			`Many of those vulnerabilities are discussed here.`