[cas-dev] Where do we discuss the CAS-4 protocol?

David Whitehurst dlwhitehurst at gmail.com
Tue Sep 23 11:25:26 EDT 2008 

Hi:

Some questions below:

1) Can CAS not logon across domains? E.g. would the following not
work, http://domain1.com/cas/login?service=http://domain2.com/application1/

If not, why?

It seems as if an application should find a CAS server in it's
vicinity or configured in isolation of the application and a specific
CAS server.  The applications should get even further disconnected
from the authentication process.

2) What's the possibility of dropping communication types and using
SAML for everything? (with CAS-4 of course.)  CAS is the "hot-dog
stand" so to speak, a service and outside of UI related texts,
choosing the communication protocol is important.

While OpenID seems to have some merit, I think that the chain,
protocol (CAS) + authentication method + identity base will always be
there.  CAS now satisfies the protocol, front door, or communication
part.  This protocol should only get easier and implementations should
get lighter.  Again, I think the application should choose to use CAS,
say yes, and when the application is requested, a CAS server (very
important that "a" server) steps up and takes the job of
authenticating the user, and then they are off.

I've had discussions about redundancy with CAS servers and with JBoss
application servers.  It goes on and on, where we need someone at the
table with a checkbook and a purchase order pad to gather resources.
It's too much.  There should be some way that the application finds
"a" CAS server to handle the job.  A very smart JAR for applications
could be developed that could try "a" CAS server and after a specified
time, try another if a response was not heard.

User authentication could someday in the future be propagated like
DNS.  Trust could be extended at the same time users on the internet
kept registering with the same username on various sites.

I'll stop here until I have more specific questions :-)


I want to keep questions in this thread as they relate to the CAS-4
requirements page.  Anything of importance here could be added to
Confluence if agreed upon.

Thanks,

David

On 9/23/08, Scott Battaglia <scott.battaglia at gmail.com> wrote:
> David,
>
> We're detailing requirements here:
> http://www.ja-sig.org/wiki/display/CAS/Protocol
>
> Discussion is welcome to happen on that document (updating it, comments,
> etc.) as well as on this list.  In addition, we're going to be having at
> least one session on it at the UnConference.  I know you probably won't be
> able to attend the UnConference but we can probably work out some form of
> video-conferencing/tele-conferencing for those who are
> interested.
>
> At a minimum we can do video chat via my MacBook Pro and point it at the
> middle of the room ;-)
>
> -Scott
>
> -Scott Battaglia
> PGP Public Key Id: 0x383733AA
> LinkedIn: http://www.linkedin.com/in/scottbattaglia
>
>
>
> On Tue, Sep 23, 2008 at 9:44 AM, David Whitehurst <dlwhitehurst at gmail.com>
> wrote:
> >
> > Hi:
> >
> > Where do we discuss the CAS-4 protocol and it's requirements gathering?
> >
> >
> > Thanks,
> >
> > David
> > _______________________________________________
> > cas-dev mailing list
> > cas-dev at tp.its.yale.edu
> > http://tp.its.yale.edu/mailman/listinfo/cas-dev
> >
>
>
> _______________________________________________
> cas-dev mailing list
> cas-dev at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas-dev
>
>

More information about the cas-dev mailing list