smoyer64 commented on issue #13: Add OWASP suppression to ignore false positives URL: https://github.com/apache/directory-scimple/pull/13#issuecomment-408562907 We have custom PSU clients in our repository that work with our OAuth2 server - we currently don't use OIDC. The server implementations allow the provider to dictate the security constraints and those are driven by our Apache Directory Fortress servers (ANSI RBAC) with a custom JASPI layer. I don't think there's anything proprietary in there so it might be something we're willing to move to an OSS project but I don't think we want to require those in a server implementation. Maybe a pluggable security layer that can be added? And we should probably start another thread since I expect this PR will be closed next week with or without some work on the compliance modules. Authentication and Authorization is going to be a much longer discussion. @ussmith @chrisharm @pike1212
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
