←back to thread

189 points udev4096 | 1 comments | | HN request time: 0.218s | source
Show context
wvh ◴[] No.42138009[source]
Identity, authn and authn are hard. A failure in the code, logic or at the seams messes up everything that it tries to protect. There are a few big commercial players trying to take the market with their "social login", and a few smaller (open-source) players trying to compete and survive, walking a fine line between open-source and open-core.

I feel this is one avenue where a few open-source players should get some solid funding and support from both the organisations and governments that use their software so we don't end up with unmaintained bug-riddled code and have to login with Google or Facebook everywhere.

A lot of the government agencies I work with use open-source IdP software (because they have to privacy- and policy-wise), so some healthy funding model should be possible for people with the skill and interest.

replies(5): >>42138508 #>>42138602 #>>42139245 #>>42139296 #>>42140612 #
1. stavros ◴[] No.42138602[source]
It's one thing if your domain is hard, and another if you can't be bothered to fix a core problem in your service for ten months. Why would I trust you with my security if that's how long you leave vulnerabilities open after knowing about them?