Create Threat Model Note

[elf-pavlik]

LWS Charter mentions it in Other Deliverables
And W3C requires a horizontal review for security.

We have Threat Modeling Guide available as a reference.

Related

• Why are OAuth/OIDC Security Considerations applicable to SSI-CID/DID-based LWS 1.0 Authentication Suites (FPWD)? #139
• Add Privacy Considerations sections to the authentication suites #119

@renyuneyun

Tools

• https://github.com/LegReq/respec-threats
• https://likec4.dev/ - we could adopt it to use visual language from the TM guide https://github.com/likec4/example-customization)

TODO

• @elf-pavlik to reconcile the LikeC4 diagram with https://elf-pavlik.github.io/lws-auth/view/oidc/?dynamic=sequence (same model with multiple views)

[elf-pavlik]

I created custom LikeC4 styles that follow TMG visual language and with initial LWS model: https://hackers4peace.github.io/likec4-example-customization/#lws

@renyuneyun would you be able to setup initial document basing it on https://github.com/LegReq/respec-threats and I'll keep polishing the diagraming tool? For now we can only include exported image in the document with link to the separate diagram, eventually we can look at better itegrating both. There is some experimental work in

• Exploration: LikeC4 Diagramm solid/solid-oidc#251