This is old news. I’m mostly posting it because I found it shocking how counterproductive it could be to work on IETF committees. This should be required reading for anyone working on standards committees.
This is old news. I’m mostly posting it because I found it shocking how counterproductive it could be to work on IETF committees. This should be required reading for anyone working on standards committees.
Have there been any improvements or good alternatives that have arisen in the mean time?
I have an anti-recommendation. Jasig-CAS: convoluted, cumbersome, and very much not worth it. Ended up rolling out a Shiro based solution with no tokens (authenticated on every call). We still have no third-party authorization, so, YMMV.
N.B: I am a self-professed “stupid guy” when it comes to security implementation, and prefer off-the-shelf solutions where possible, as I don’t trust my own protocol implementation abilities. Did not want to do anything fancy with Shiro, so it’s a conservative solution.