@MiodVallat I think SAML is going about solving the problem in completely the wrong way
-
-
@bascule Until there is a viable alternative, SAML will get used widely. At least there is a reliable enough alternative to OpenSAML: LaSSO. -
@MiodVallat needs a conceptual change, not a better implementation of the same flawed concept -
@bascule Define `flawed'. Or: what do you consider FUBAR in SAML? -
@MiodVallat access control as an identity-centric rather than resource-centric concept -
@bascule Resource-centric views are easily converted to Identity-centric views. The world order used/depicted by SAML makes sense. (2/2) -
@MiodVallat except implementation flaws hurt you every step of the way and add to attack surface (see OP). Capabilities are opaque -
@bascule Implementation flaws only mean that the standard is not as easy to implement as expected. (1/3)
End of conversation
New conversation -
-
-
@bascule (although it consists of mostly write-only code /-: )Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.