On Tue, Jan 3, 2012 at 11:47 AM, Scott Battaglia <scott.battag...@gmail.com>wrote:
> On Tue, Jan 3, 2012 at 11:30 AM, Joachim Fritschi <jfrits...@freenet.de>wrote: > >> +1 from my side >> >> As one can see on the list countless people want attributes and struggle >> to get it running and i have also had some complaints about the >> attribute/proxy gap. >> > > Let's be clear on where the struggle is. Its typically NOT at the > integration point (i.e. the client/server calls). I typically see the > trouble at the point in which people integrate (PersonDirectory) or the > release (forgetting to set it in Services Management Tool). Extending a > protocol isn't going to solve any of those problems. > > Cheers, > Scott > While I agree that the PersonDirectory integration is a much more challenging topic (I run a custom LdapPersonAttributeDao that recursively searches for groups), the lack of CAS protocol documentation on attribute format causes unneeded confusion for others adopting the protocol or writing clients for new environments. Any non-Jasig CAS server (e.g. Ruby-CAS and the Drupal-CAS module) needs to decide what format the attributes they return should be in -- without guidance in the protocol documentation, different choices have been made. In turn, CAS clients (such as phpCAS) need to support all of the attribute formats that common CAS servers might provide (currently 3 styles listed in Client.php line 2864<https://github.com/Jasig/phpCAS/blob/master/source/CAS/Client.php>). Similarly, as we've worked with vendors to integrate their systems with our CAS server we have had to separately document the attribute format that we use and in doing so ask them to build an integration that may not work with their other customers. While these integrations don't often require proxy support, the simplicity of the CAS 2.0 protocol makes it an attractive alternative to SAML. These attribute formats don't have big differences, but their lack of standardization introduces a lot of unnecessary incompatibility. Picking an attribute format and documenting it in the protocol would allow all of the communities to begin converging on a single format. Proxy authentication is an integral part of how we integrate multiple LMS and CMS offerings with our desktop and mobile portals. Likewise, attribute release allows us to keep our applications simple and prevents every application from having to deal with the complexities of attribute lookup in one or more LDAP servers. Both authentication protocol features together are a compelling mix that greatly improves our web environment. Standardizing on the attribute format in the CAS protocol would be the icing on the cake and will improve the likelihood that vendor integrations will work out of the box. Best, Adam -- Adam Franco Senior Software Engineer - Web Applications Library and Information Services Middlebury College Middlebury, VT 05753 afra...@middlebury.edu 802.443.2244 -- You are currently subscribed to cas-dev@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
