Re: [docs-and-reports] Who is assumed to have access to first and delegated party assets? (#19) from Erik Taubeneck via GitHub on 2022-10-21 (public-patcg@w3.org from October 2022)

From: Erik Taubeneck via GitHub <sysbot+gh@w3.org>
Date: Fri, 21 Oct 2022 19:40:52 +0000
To: public-patcg@w3.org
Message-ID: <issue_comment.created-1287366489-1666381251-sysbot+gh@w3.org>

I certainly agree there is some work to do here. I think the idea was that we want to assume that an attacker might not only control some number of helper parties, but also a first or third party (this should also now be delegated party...). From there, we basically assume that the helper party could also have the first/delegated party assets. But, yes, a new issue for this would be great. I would love to get more input here.

I'm unopinionated on party vs site (though maybe we want to use site/app to be explicit.) I'll open a PR with that swap and try to get some input.

_Originally posted by @eriktaubeneck in [#14 (comment)](https://github.com/patcg/docs-and-reports/pull/14/files#r1002053146)_.

-- 
GitHub Notification of comment by eriktaubeneck
Please view or discuss this issue at https://github.com/patcg/docs-and-reports/issues/19#issuecomment-1287366489 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Friday, 21 October 2022 19:40:54 UTC