> I don't agree with you on the management burden of per-service metadata, > you're already doing the job of configuration with the url, the name, the > description > ... of the CAS service
We rely on wildcards to register 90% of our applications. The service name and description are meaningless. We only have a handful of registered services this way and I'm much happier as a result. > I have more than a thousand applications defined as configuration in my CAS > server and it's totally manageable. It simply would not be manageable here. URLs change, applications move, go offline, etc. Big universities in the US are like federations unto themselves, and you don't have to be on the Shib list to know the fundamental difficulties with cooperation between federated services. So the crux of the difficulty here is in management over time. Wildcard services are simply much more agile. - > But if you challenge me to have the same configuration for all services, > I would tell you to make always HTTP logout calls from client side. The issue is not which checkbox but the logout URL. There is absolutely no standard for logout URL patterns that could be applied broadly, and any attempt to encourage standardization would be a failure before it had even started. I believe that would be generally true, but it's certainly true here. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
