Shibboleth Developers

["Scott Cantor" <>]

> In what way? (I apologise if this is a daft question, I am just trying
> to understand!)

I don't think anybody is going to agree on what constitutes good design, so
it comes down to who's writing the code, but IMHO the APIs and libraries for
doing security work are simply awful. If the interface between the code and
the security layer has to accommodate a bunch fo radically different
approaches, that's very difficult to pull off and hard to make reliable. 

The newer PKIX trust engine is a nightmare of code that barely works on a
good day thanks to all the bugs and quirks in its dependencies, and the
original one that had a separate trust file and had to map from metadata to
keys by reference was an order of magnitude worse. By comparison, the
explicit key engine is trivial (as far as these things go anyway).

The whole system hangs together much more cleanly if we confine
experimentation to the exchange and verification of input to the metadata
API behind a single interface, and the volume of security bugs will be much
lower.

-- Scott