Comment by tptacek

Comment by tptacek a day ago

0 replies

View on Hacker News

It is drastically harder to understand than OIDC, in large part due to XML signatures, which are a demented format, mostly for the reasons stated in this blog post (but also for some reasons it shares with JWT, and also for some sui generis reasons having to do with how complicated xmldsig is and how few implementations there are of it). You really couldn't find a worse format to do cryptography with than XML.