mundane VS saml-idp

I'm the author of Mundane, which wraps BoringSSL, which is written in C. We have some internal utilities which make it safer to work with C objects by doing a certain amount of automatic memory management and lifecycle tracking.

Most problems with security specs and libraries that implement them are communication problems. They involve people incompletely describing or understanding their requirements, capabilities, or threat model. Usually this also involves providing/using interfaces that are not ergonomic (https://github.com/google/mundane/blob/master/DESIGN.md), which in turn comes from the spec trying to do too much (as XML Signature does).

I don't know how GPT could help with that. If anything I would expect it to bias toward things it has already seen, which is the opposite of what you want when writing a new spec/library aiming to avoid past mistakes.

I'm quite intrigued by mundane which is cryptography library with a Rust interface that contains lots of code from OpenSSL (via BoringSSL, which is a fork of OpenSSL).

(https://sequoia-pgp.org/, https://github.com/google/mundane, etc)

To be fair, SAML itself isn't that difficult -- Shibboleth is just not very good.

I implemented a SAML IdP [0] in MUCH less time than it took to configure Shibboleth. The specification for SAML is pretty easy to comprehend.

The implementation is really an experiment, but the configuration and usability is significantly better. Improving the implementation doesn't affect this. In some closed-source forks I've written a production version that's been in use for several years.

[0] https://github.com/rkeene/saml-idp/blob/master/lib/saml/saml...