Greetings, On Tue, Feb 22, 2011 at 8:11 AM, Marvin Addison <marvin.addi...@gmail.com> wrote: >> Now that 3.4.6 is out the door, congratulations, will we see an update >> to the supported version of SAML? Thanks! > > It's certainly not reasonable to move to SAML 2 in CAS 3.4.x. While
Ok, that makes sense. I know that CAS 4.x has been in planning for quite some time though, and perhaps there's still time to update the dependency.. > it may be feasible to move to the SAML 2.x libs and use the SAML 1.1 > support therein, there seems marginal value. Other than "official" > support having ended for 1.1b, I'm not aware of any issues in > particular. Are you? I think that having one of a security product's dependency as unsupported is a pretty big deal and shouldn't be marginalized. From their own wiki[1], they state: There is NO support of any kind, including security fixes, for any previous releases. So, if they should happen to find a bug in their 1.1 support shim/mechanism they will not fix it in our branch. It also seems unlikely that they would notify the 1.1 community that they may be affected.. This seems to me to have fail written all over it. I'm not aware of any existing bugs that would themselves warrant an update to OpenSAML 2.x. -Jesse [1] https://spaces.internet2.edu/display/OpenSAML/OS1Status -- There are 10 types of people in this world, those that can read binary and those that can not. -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user