Is the vulnerability described in rfc6749 10.16 for implicit Flow is comparable to “man in the middle”?

I’m trying to understand if the vulnerability described in the specification for implicit flow : link is the same principle of a man in the middle attack. From what I understood, the malicious client get in the way of the access token grant and then impersonate an issuer. Yes he isn’t really “in the middle” like the aforementioned but there’s still an impersonation in place.

I’m asking here because there might be some concepts I didn’t grasp and I want to gain a full understanding of what I’m trying to implement.

Thank you in advance for enlightening me.

Understanding PDA for odd length string with middle symbol 0

I came across this pdf, which describes the language of odd length string with middle symbol 0 as follows:

enter image description here


  1. I dont understand the transition labels. In standard resources like books by Ullman et al, Linz and in wikipedia, the transition labels take following form:

    • $ a,b/ab$ means if next input symbol is $ a$ and current stack top is $ b$ , then push $ a$ on $ b$
    • $ a,b/\epsilon$ means if next input symbol is $ a$ and current stack top is $ b$ , then pop $ b$
    • $ a,b/a$ means if next input symbol is $ a$ and current stack top is $ b$ , then pop $ b$ and push $ a$

    I dont get meaning of transition labels in diagram $ a,b\rightarrow c$ . Some one explained me that its, if next next input symbol is $ a$ , pop $ b$ and push $ c$ . I feel, if this interpretation is correct, then this notation is insufficient as it will describe both $ a,b/ab$ and $ a,c/ac$ as $ a,\epsilon\rightarrow a$ . Am I right with this, or I understood the notation incorrectly?

  2. Assuming above interpretation to be correct, loop on $ q_1$ pushes all input symbols, be it 1 or 0. Then for $ 0$ at any position (not necessarily middle position), it transits to $ q_2$ . Loop at $ q_2$ pops all symbols. I dont get how above PDA forces middle symbol to be $ 0$ . Also I dont get how it ensures length of $ w$ is odd.

  3. If given PDA is incorrect, can we prepare correct one by re-labelling as follows:

    • Loop at $ q_0$ : $ \{(1,$ /1);(0,$ /1);(0,0/00);(0,1/01);(1,0/10);(0,1/01)\}$
    • Transition $ q_0-q_1$ : $ \{(0,0/0);(0,1/1)\}$
    • Loop at $ q_2$ : $ \{(0,0/\epsilon);(0,1/\epsilon);(1,0/\epsilon);(1,1/\epsilon)\}$

    So, its CFL not deterministic CFL, right?

Can a Man in the Middle attack on NFC be prevented by programming when working with NFC?

I have done research on how to authenticate NFC tags. Seeing how you can use digital signatures, or a hidden key on newer NFC tags, it seems safe. However none of it would prevent a Man in the Middle attack where a device can read and relay the commands a NFC reader/writer sends to a NFC tag, and use this to corrupt the data that is sent to be written on the NFC tag (even if the data was originally sent encrypted, it could still be turned into fake date).

trackpoint (T480s) with libinput – How can I make middle button act like it does on a regular mouse?

I’m using T480s with Ubuntu 18.04.3 LTS. I need to be be able to hold down middle mouse (*trackpad) button while moving the cursor around. However, by default Ubuntu is configured to use it for scrolling. I can disable it by setting libinput Scroll Methods Available to 0, 0, 0 with xinput. While it disables the MMB scrolling as expected, the non-standard clicking behaviour persists. Holding down the button is not recognized, instead it looks like the driver just emulates a MMB click on button’s release. I’ve tried messing around with xinput properties, but no luck so far.

How to assign custom action to mouse middle click (something like libinput-gestures for mouse)?

I am running Ubuntu 18.04.2 and I want to assign a cstom action to middle click of my mouse. How that can be done? for example libinput-gestures ( allows you to set custom actions to your trackpad gestures. Is there something like that for mouse also?