On Fri, 31 May 2024 14:08:37 -0400 Nick Couchman <vn...@apache.org> wrote:
> I feel like I should also clarify that I'm not advocating for it to go away > - I actually think RADIUS is quite a good protocol. As Bruce mentioned, > it's the original AAA - it's also quite simple and easy to understand and > implement. > > That said, I feel like most AAA activities are headed in the direction of > SAML and OAUTH these days, in particular where your identity provider is > distinct from your service providers, in many cases to the point where one > third party company (Microsoft, Google, Amazon, etc.) actually own and run > your Identity Provider "as a service," and many of the applications > (Office365, GSuite, SalesForce, Service Now), etc., are run by completely > separate 3rd party companies. And all of the information exchange about > identity (AAA) is expected to happen over HTTPS channels. Really Nick, I seldomly read something as close to the real truth as your words here. Lets do a minimal rephrasing for better understanding: "Third party companies (Microsoft, Google, Amazon, etc) actually own .. your identity" and therefore play your Identity Provider for a deep intrusion in every corner of your life. Understand that this has in fact nothing in common with a free world any more. Because in a free world the only one who is owning your identity is _you_. And of course you need no identity provider. Because you are very able to identify yourself to any service you want to use, or rented or bought, or host yourself. Do you really think your identity is safe in above companies, when everyone can read in their balance sheets how many millions of dollars they make by selling _your data_ to the three-letter-agencies? Wake up, rethink, and then make your code compatible to a free world. I am no more than a voice in the desert. -- Regards, Stephan --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org
