as for the compliance suite, there is one: https://github.com/biscuit-auth/biscuit/tree/main/samples/cu... which has been instrumental when i implemented biscuit-haskell. It might not cover anything, but it is updated everytime a new corner-case is identified.
could you elaborate wrt backward compatibility? The current model is opt-in, so you only pay for the features you use (that allows incremental updates, with biscuit-rust and biscuit-haskell leading the pack).
I see two todos in the spec indeed, i'll have a go at filling them out (they are implied by the rest of the spec and are implemented consistently across the various libraries, so it's more of a "writing things down" issue. I do agree that the spec is not airtight as it is. The compliance suite is there for that as it disambiguates a lot of things.
Other points are about library specifics. I know biscuit-rust and biscuit-haskell very well, biscuit-java less so. It is a bit lagging since the company working on it has had trouble allocating time on it.
In any case, if you have issues with specific things in libraries, don't hesitate to ping maintainers or open issues to see what we can do. biscuit-rust and its derivatives are actively maintained. biscuit-haskell is rather stable (but lacks support for snapshots). biscuit-java and biscuit-go are in need of some love, but nothing undoable
thanks for the kind words!
as for the compliance suite, there is one: https://github.com/biscuit-auth/biscuit/tree/main/samples/cu... which has been instrumental when i implemented biscuit-haskell. It might not cover anything, but it is updated everytime a new corner-case is identified.
could you elaborate wrt backward compatibility? The current model is opt-in, so you only pay for the features you use (that allows incremental updates, with biscuit-rust and biscuit-haskell leading the pack).
I see two todos in the spec indeed, i'll have a go at filling them out (they are implied by the rest of the spec and are implemented consistently across the various libraries, so it's more of a "writing things down" issue. I do agree that the spec is not airtight as it is. The compliance suite is there for that as it disambiguates a lot of things.
Other points are about library specifics. I know biscuit-rust and biscuit-haskell very well, biscuit-java less so. It is a bit lagging since the company working on it has had trouble allocating time on it.
In any case, if you have issues with specific things in libraries, don't hesitate to ping maintainers or open issues to see what we can do. biscuit-rust and its derivatives are actively maintained. biscuit-haskell is rather stable (but lacks support for snapshots). biscuit-java and biscuit-go are in need of some love, but nothing undoable