This is where I got a lot of the SAML2 meta data from: http://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf
URL Pattern/Identifier is also in CAS3 now. -Scott On Fri, Feb 20, 2009 at 2:25 PM, Andrew Feller <afel...@lsu.edu> wrote: > Let me see if I am getting everything straight by dividing the list of of > requirements into what we currently have ala CAS3 and what is new for CAS4. > > Current service information provided in CAS3: > > 1. Name > 2. Description > 3. Identifier > 4. Attributes > 5. Spring MVC Theme > 6. Participate in SSO > 7. Participate in proxy authentication > > > Proposed additions in CAS4 (please correct me as necessary Scott on which > requirements are needed for SAML) > > 1. Source Identifier > 2. URL Pattern / Identifier > 3. Endpoints > 4. Organization > 5. Contact People > 6. Public/Private Keys > 7. Group (for SSO grouping) > 8. Require signed SAML stuff *(SAML) * > 9. Authentication Attributes > 10. Mark entries as read-only > 11. Spring MVC View > 12. Source URL for SAML metadata *(SAML) > * > > > I barely know %0.2 about SAML, so I cannot say whether this is adequate or > what not. Perhaps you can share any references explaining SAML2 for those > of us who need to catch up to this conversation. ^^; > > Thanks for all the good work! > Andy > > > On 2/20/09 8:51 AM, "Scott Battaglia" <scott.battag...@gmail.com> wrote: > > Based on the internal requirements I've been gathering, the comments from > you guys, and talking to a few other people (plus reading the SAML metadata > document), it looks like we need to maintain the following information about > each service: > > 1. Identifier (preferably, a String so it works with LDAP) > 2. Source Identifier > 3. Name > 4. Description > 5. The Url pattern / identifier to match this service > 6. Endpoints (i.e. the SAML ones) and all associated data with that > 7. Organization > 8. Contact People > 9. Public/Private Keys > 10. Group (for SSO grouping) > 11. Whether something participates in single sign out, etc. > 12. SAML also has some data on whether assertions, authrequests, etc. must > be signed. > 13. Attributes > 14. Authentication Attributes > 15. Ability to mark entries as read-only > 16. Theme / Views > 17. Source Url for SAML Meta Data > > Other requirements: > 1. Initial data entry is from external user. I.e. they give us a SAML url > or enter the information and its stored as "not enabled". It has to be > enabled before it becomes active within the system. > 2. Ability for a user to use this system to enter their information and > then generate their SAML meta data. > > Thoughts? Additions? Volunteers to code it all? :-) > > > > On Tue, Feb 17, 2009 at 3:59 PM, Scott Battaglia < > scott.battag...@gmail.com> wrote: > > One thing we're also looking at (we haven't had any real discussions on it > yet) is "groups" of applications for single sign on participation. > > -Scott > > > > On Tue, Feb 17, 2009 at 3:53 PM, Dale Ogilvie <dale.ogil...@trimble.co.nz> > wrote: > > A flag per service regarding participation in single-sign-out, off by > default. > > ------------------------------ > *From:* Scott Battaglia > [mailto:scott.battag...@gmail.com]<scott.battag...@gmail.com%5d> > *Sent:* Wednesday, 18 February 2009 4:23 a.m. > *To:* cas-dev@lists.jasig.org > *Subject:* [cas-dev] Services Management Tool in CAS4 > > All, > > Before we start adding SAML2 support into CAS4, we need to flesh out the > Services Management tool. Please reply to this thread with the following: > > * Any requirements/needs/experiences/thoughts on a Services Management tool > in CAS4. This includes what you store with services, what information needs > to be available, etc. We're most likely to include at a minimum, the items > in CAS3, and the items in the SAML metadata. Anything else? > > * If you can help out with any aspect, please let me know. This includes > requirements gathering, use case write ups, UI, testing, code, etc. > > Thanks > -Scott > > -Scott Battaglia > PGP Public Key Id: 0x383733AA > LinkedIn: http://www.linkedin.com/in/scottbattaglia > > > -- > Andrew Feller, Analyst > LSU University Information Services > 200 Frey Computing Services Center > Baton Rouge, LA 70803 > Office: 225.578.3737 > Fax: 225.578.6400 > > -- > You are currently subscribed to cas-dev@lists.jasig.org as: > scott.battag...@gmail.com > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev > > -- You are currently subscribed to cas-dev@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
