Paul Madsen has blogged about the recent SAML profile that dials down the security requirements for low risk use cases. The profile is a worthy effort and I welcome the attempt to lower the barriers for adoption in domains where full crypto means no deployment. However, Paul concludes:

I don’t know just how much effort was expanded by Scott & Jeff on this work - I do know that far more would have been required to be “adding” security at this point.

As is true for haircuts - you get into trouble if you take too much off the first time.

Hey Paul, hair grows. Check out the fine mop that I sport. If I had waited until that monster had matured before being born I would have had trouble getting adopted too. Therefore I must conclude that Paul has a secret yearning to be a hairdresser since on the rare occasion I visit one they all but refuse to cut my hair too. It really is like a bad ui:

“Are you sure you want me to cut your hair?”