CryptoTicket

[Marvin S. Addison]

This is an interesting idea.  I'm curious about your needs/use cases
that motivate this feature.  Sounds like one of the driving forces is
reduction or elimination of server storage.  I wonder, though, if you'd
be trading ticket storage for key storage, unless you envision a single
encryption/decryption key pair for all tickets.  Would you mind
discussing briefly key management?

I think the violation of the single-use service ticket criterion is a
serious one.  One-time-use tokens are one of the strongest security
features of CAS, not to mention it's a MUST in the spec.  I wonder
whether your proposed solution of used ticket storage would require
_more_ storage than the current implementation of temporary storage of
valid tickets.

Marvin
-- 
Application Developer
Middleware Services
Virginia Tech