[Openid-specs-ab] "Nobody Cares About OAuth or OpenID Connect"...
thomasclinganjones at gmail.com
Thu Jan 24 05:58:21 UTC 2019
Mike, I believe that you make a good point, but you are IMHO, not
addressing the issue, making a secure oauth or oidc is incredibly
difficult. I think the problem is rooted in the reason for their success.
The specs are so flexible, to cover all of the many possibilities, that the
capability of creating a secure standard, or a secure implementation, is
not within the capability of most devs. FAPI tries to fix this problem,
but IMHO fails to be sufficiently secure. Talking to some of the experts,
like Justin, leads me to believe this state of insecurity is intentional.
So, do you want more adopters or more security. You cannot have both. At
least not in one spec.
thx ..Tom (mobile)
On Wed, Jan 23, 2019, 9:28 PM Mike Schwartz via Openid-specs-ab <
openid-specs-ab at lists.openid.net wrote:
> If Okta is blogging about this, clearly we as a community are not doing
> enough to explain the benefits and rationale of OpenID Connect...
> Nobody Cares About OAuth or OpenID Connect
> Michael Schwartz
> Founder / CEO
> mike at gluu.org
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-ab