I guess it's a matter of what the IdP attests. It's definitely possible for an I... | Hacker News

Hacker Timesnew | past | comments | ask | show | jobs | submit

		xyzzy_plugh on Jan 28, 2022 \| parent \| context \| favorite \| on: I read the federal government’s Zero-Trust Memo so... I guess it's a matter of what the IdP attests. It's definitely possible for an IdP like Okta to include a ton of client details as part of the attestation payload. Stuff like GeoIP, client certificate fields, MDM status, etc.

tptacek on Jan 28, 2022 [–]

Right, but you have to individually set up all of your apps to work with it; the proxy can be mandatory for all apps by dint of network controls.

Consider applying for YC's Summer 2026 batch! Applications are open till May 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact