Android Application Question

Marc Boorshtein mboorshtein at gmail.com
Wed Jan 4 16:31:43 EST 2017


>
>
> My premise is that there is a very narrow happy medium that we can guess
> at much more precisely now with all our experience trying to enable
> applications, work with SaaS, work with IdaaS, work with federation,
> work without federation, etc. etc.  The things we added aren't always
> things we'd add today.
>
>
Thats the 80/20 of OIDC at this point (as Scott states as well).  Its
pretty easy to build into your app and at this point most web server
platforms support it (mod_auth_oidc for apache, asp.net has a couple of
dozen implementations, java has several too).



> The premise may be flat wrong, but I hope it's possible to design
> something that can be explained to application developers without asking
> or forcing them to rely on a distribution of curious pedigree.
>
>
most developers i work with that are working on "newer" tech are pretty
well versed in oidc because it aligns pretty well to the 12-step-app micro
services craze.  Wether they implement it CORRECTLY or SECURELY is another
matter entirely.  Session management is really hard and thats usually where
webapps fall down.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20170104/2cb3b78c/attachment.html>


More information about the users mailing list