Comment by shakna

21 hours ago

If _the government_ can't be trusted not to use a dumbass scheme, then no, it isn't a duh moment. You don't exactly get to dictate how the government implements it!

The point is that systems today, aren't really well executed. So it is unreasonable to expect them to be well executed.

If you can't trust people not to build the bomb well - then don't let them build a bomb.

7 comments

shakna

Reply
Nursie  21 hours ago

> You don't exactly get to dictate how the government implements it!

Who was talking about the government implementing it? I wasn't.

And also "This has been done poorly in the past so we should never attempt to do it again, better" seems an odd way to go about things. There are well put together schemes by international standards bodies in this area now. Neither of the above links followed them.

  • shakna  20 hours ago

    If neither follow them, why do you have such faith that anybody would...?

    • Nursie  20 hours ago

      I mean, your example of the ATO there isn't even an age verification thing, it's a defective clone of OIDC, so by that logic we should ban all SSO or identity delegation solutions?

      Because we don't believe anyone will ever use the standards in this area, despite loads of companies and government bodies actually using OIDC already?

      I'm not really sure what you're driving at.

      4 replies →