Thanks for your feedback again. I would personaly choose SEC2a instead of SEC2b, but I saved your feedbacks on the wiki page : https://wiki.jasig.org/display/CAS/Proposals+to+mitigate+security+risks.
Any other vote ? 2013/9/10 William G. Thompson, Jr. <wgt...@gmail.com> > Jérôme, > > Thanks for compiling this list and your on-going work on the CAS > AppSec WG. One of the driving notions for the WG was "secure by > default". Many of these changes are consistent with that goal. > > Here's my take... > > SEC1: +1 for 3.5.3 and 4.0. > > SEC2a/b: +1 for 3.6 or 4.0 > > SEC3: +1 for 3.5.3 and 4.0 > > SEC4, SEC5, SEC6: need more discussion. > > SEC7: This may be best as an optional protocol addition after 4.0 ships. > > Best, > Bill > > > > > > On Tue, Sep 3, 2013 at 3:05 PM, Jérôme LELEU <lel...@gmail.com> wrote: > > Hi, > > > > As some of you may already know, a CAS AppSec Working Group has been > created > > to work on CAS security : > > https://wiki.jasig.org/display/CAS/CAS+AppSec+Working+Group. > > > > We have spent time analysing and discussing potential threats. So we are > now > > at the point where we have listed security proposals to improve CAS > security > > : > https://wiki.jasig.org/display/CAS/Proposals+to+mitigate+security+risks. > > > > I'm looking forward to your feedbacks. > > > > I'd like to draw attention also on the fact that : > > - I'm willing to implement these proposals if an agreement is reached > > through this thread > > - proposals which are easy and backward compatible can be implemented > > quickly for version 4.0. > > > > Thanks. > > Best regards, > > Jérôme > > > > -- > > You are currently subscribed to cas-dev@lists.jasig.org as: > wgt...@gmail.com > > To unsubscribe, change settings or access archives, see > > http://www.ja-sig.org/wiki/display/JSG/cas-dev > > -- > You are currently subscribed to cas-dev@lists.jasig.org as: > lel...@gmail.com > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev > > -- You are currently subscribed to cas-dev@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
