Let me see if I am getting everything straight by dividing the list of of requirements into what we currently have ala CAS3 and what is new for CAS4.
Current service information provided in CAS3: 1. Name 2. Description 3. Identifier 4. Attributes 5. Spring MVC Theme 6. Participate in SSO 7. Participate in proxy authentication Proposed additions in CAS4 (please correct me as necessary Scott on which requirements are needed for SAML) 1. Source Identifier 2. URL Pattern / Identifier 3. Endpoints 4. Organization 5. Contact People 6. Public/Private Keys 7. Group (for SSO grouping) 8. Require signed SAML stuff (SAML) 9. Authentication Attributes 10. Mark entries as read-only 11. Spring MVC View 12. Source URL for SAML metadata (SAML) I barely know %0.2 about SAML, so I cannot say whether this is adequate or what not. Perhaps you can share any references explaining SAML2 for those of us who need to catch up to this conversation. ^^; Thanks for all the good work! Andy On 2/20/09 8:51 AM, "Scott Battaglia" <scott.battag...@gmail.com> wrote: > Based on the internal requirements I've been gathering, the comments from you > guys, and talking to a few other people (plus reading the SAML metadata > document), it looks like we need to maintain the following information about > each service: > > 1. Identifier (preferably, a String so it works with LDAP) > 2. Source Identifier > 3. Name > 4. Description > 5. The Url pattern / identifier to match this service > 6. Endpoints (i.e. the SAML ones) and all associated data with that > 7. Organization > 8. Contact People > 9. Public/Private Keys > 10. Group (for SSO grouping) > 11. Whether something participates in single sign out, etc. > 12. SAML also has some data on whether assertions, authrequests, etc. must be > signed. > 13. Attributes > 14. Authentication Attributes > 15. Ability to mark entries as read-only > 16. Theme / Views > 17. Source Url for SAML Meta Data > > Other requirements: > 1. Initial data entry is from external user. I.e. they give us a SAML url or > enter the information and its stored as "not enabled". It has to be enabled > before it becomes active within the system. > 2. Ability for a user to use this system to enter their information and then > generate their SAML meta data. > > Thoughts? Additions? Volunteers to code it all? :-) > > > > On Tue, Feb 17, 2009 at 3:59 PM, Scott Battaglia <scott.battag...@gmail.com> > wrote: >> One thing we're also looking at (we haven't had any real discussions on it >> yet) is "groups" of applications for single sign on participation. >> >> -Scott >> >> >> >> On Tue, Feb 17, 2009 at 3:53 PM, Dale Ogilvie <dale.ogil...@trimble.co.nz> >> wrote: >>> A flag per service regarding participation in single-sign-out, off by >>> default. >>> >>> >>> From: Scott Battaglia [mailto:scott.battag...@gmail.com] >>> Sent: Wednesday, 18 February 2009 4:23 a.m. >>> To: cas-dev@lists.jasig.org >>> Subject: [cas-dev] Services Management Tool in CAS4 >>> >>> All, >>> >>> Before we start adding SAML2 support into CAS4, we need to flesh out the >>> Services Management tool. Please reply to this thread with the following: >>> >>> * Any requirements/needs/experiences/thoughts on a Services Management tool >>> in CAS4. This includes what you store with services, what information needs >>> to be available, etc. We're most likely to include at a minimum, the items >>> in CAS3, and the items in the SAML metadata. Anything else? >>> >>> * If you can help out with any aspect, please let me know. This includes >>> requirements gathering, use case write ups, UI, testing, code, etc. >>> >>> Thanks >>> -Scott >>> >>> -Scott Battaglia >>> PGP Public Key Id: 0x383733AA >>> LinkedIn: http://www.linkedin.com/in/scottbattaglia >> >> -- >> Andrew Feller, Analyst >> LSU University Information Services >> 200 Frey Computing Services Center >> Baton Rouge, LA 70803 >> Office: 225.578.3737 >> Fax: 225.578.6400 -- You are currently subscribed to cas-dev@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
