undefined | Better HN

Skip to content

Top New Best Ask Show Jobs

undefined | Better HN

0 pointsmichaelt1y ago0 comments

> we do, in fact, have secure implementations of SAML.

Do we?

I thought we only had implementations where with no currently known security problems.

0 comments

swiftcoder1y ago

> no currently known security problems

To be fair, that is the layman's definition of "secure"

Yes, that was my usage of "secure" here. I obviously didn't mean that we should blindly trust SAML implementations. SAML should be avoided if possible, due to inherently complicated implementation. The same goes true for JWT. Both standards have better alternatives which are viable for the majority of necessary use cases.

j / k navigate · click thread line to collapse