-
-
@bascule I know CAS is the worst, I was trolling you :) As for macaroons, last I checked they don't solve the 3rd party web auth problem. -
@benadida they do via third party caveats and discharge macaroons. Can chat with you about this in meatspace if you're curious -
@bascule in way current browsers support? Or do you basically layer openid-style redirects implemented with macaroons instead of cookies? -
@benadida needs client-side JS to obtain discharge Macaroons and attenuate the ones used in requests. But you can mostly replace cookies... -
@benadida ...and if you do (mostly) replace cookies, you fix the CSRF problem too
End of conversation
New conversation -
-
-
@bascule Bummer. I thought CAS (2/3) looked pretty decent for SSO. Sucks that we have no good answers. -
@CraigBuchek CAS is crazysauce -
@bascule Complexity, or lack of actual security? I saw CAS 4, and it looks ridiculous. But Ruby CASino implementation looks OK. -
@CraigBuchek ridiculous overcomplexity, which generally leads to both security mistakes and slowness
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.