docs: Add threat model and clarify security mitigations#805
Merged
Conversation
Addresses issue #177 by adding explicit threat model documentation and clarifying which mitigations address which threats. Key changes: - Add Threat Model section with categorized threats and mitigations - Add Domain Trust Assumption section explaining OAuth limitations - Clarify that OAuth doesn't protect against domain hijacking - Update high-risk operations to focus on actual controls (request signing, short-lived tokens, spending limits) rather than auth mechanism - Rewrite Bearer Token Risks with precise threat/mitigation mapping The key insight: authentication mechanism alone doesn't determine security level. A well-implemented bearer token system with request signing and spending limits is more secure than a long-lived OAuth token without those controls. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Addresses #177 by adding explicit threat model documentation and clarifying which mitigations address which threats.
Key Changes
Key Insight
What OAuth Does vs Doesn't Provide
Provides:
Does NOT provide:
Actual Mitigations for Domain Trust Threats
Test plan
🤖 Generated with Claude Code