@bascule Be fair and only blame OpenSAML behaviour. SAML is too complex for its own good, but does wonders when used carefully.
-
-
-
@MiodVallat I think SAML is going about solving the problem in completely the wrong way -
@bascule Until there is a viable alternative, SAML will get used widely. At least there is a reliable enough alternative to OpenSAML: LaSSO. -
@MiodVallat needs a conceptual change, not a better implementation of the same flawed concept -
@bascule Define `flawed'. Or: what do you consider FUBAR in SAML? -
@MiodVallat access control as an identity-centric rather than resource-centric concept -
@bascule Resource-centric views are easily converted to Identity-centric views. The world order used/depicted by SAML makes sense. (2/2) -
@MiodVallat except implementation flaws hurt you every step of the way and add to attack surface (see OP). Capabilities are opaque - 1 more reply
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.