[michaelt]

> we do, in fact, have secure implementations of SAML.

Do we?

I thought we only had implementations where with no currently known security problems.

[swiftcoder]

> no currently known security problems

To be fair, that is the layman's definition of "secure"

[unscaled]

Yes, that was my usage of "secure" here. I obviously didn't mean that we should blindly trust SAML implementations. SAML should be avoided if possible, due to inherently complicated implementation. The same goes true for JWT. Both standards have better alternatives which are viable for the majority of necessary use cases.