[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [security-services] Some tech overview comments
Scott wrote: > > While you rightly point out that given a lot of design latitude > > you might do something entirely different, I've seen folks think > > of ECP as a panacea, and get mired. > > I've seen at *least* that much from people that start with the browser > profile, so if you're arguing that's going to work better, I > would have to disagree. It leads to a lot really broken and wacky > profiles. > Agreed. One leads to the other ... group hysteresis-comes-hysteria. I'm only seeking that balance ... which given the multitude of the straight-forward SSO cases, and on the other side the magnetic charm of complexity and 'enhancement', would seem to be to strike a somewhat equanimous posture about ECP. > ... this focus on keeping inside the lines is a big contributor to > SAML's "over-abstractness" and inability to compete with alternatives > that don't play nicely inside the abstract boxes. > ... but it's past time SAML profiles stop leaving everything out of > scope. We argue for days over things like AuthnInstant and still leave > 90% of the work to deployers without seeing there's a problem there. I don't argue with that, with unsatisfactory consequences in both spheres: the biota of alternatives, and the legions of deployers (defeated, cowed, scared, or trimphant). But I can hardly imagine the world-view debates once those gates opened. --Nick
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]