Comment by ucarion

Comment by ucarion a day ago

1 reply

View on Hacker News

You'll be pleased to know that we're not making a ton of progress on the "split things over N docs" front.

In recent years IETF has given us SCIM (which is sort of like "offline SAML") which is 3 RFCs (goals, schemas, http stuff), and of course JWT is actually part of a series of like 9 RFCs (including JWT, of course, but also JWK, JWS, JWE, JWA, ...).

I think there's this phenomenon where people who are like "dude, nobody cares, just do the dumbest possible thing we can get away with" aren't the people who decide to get involved in writing security specs.

victor106 a day ago

> SCIM (which is sort of like "offline SAML")

If you are talking about SCIM (System for Cross Domain Identity Management) then it’s very different from what SAML is. SCIM Is used for user provisioning where as SAML is used for SSO.

Reply View 0 replies