I'm still catching up on most of the thread (at which point I'll reply to specific points), but I did just want to call out one of the reasons there is sometimes a slightly rigid structure/call-pattern: basically as a security product, how do we balance flexibility with ensuring you don't accidentally break/skip/avoid a critical step in the flow.
We previously did that with one entry point (with Bill calling out that createTGT took in Credentials to ensure that we had a valid person before we created a session) but with extension points. I'm not saying that's the best option going forward, but as we introduce more flexibility, just keep in mind that as a security product we want to make it hard for people to do the wrong thing (otherwise a lot of our own hardening/analysis becomes moot). On Thu, Dec 4, 2014 at 10:06 AM, Marvin Addison <marvin.addi...@gmail.com> wrote: > There might need to be a detailed comparison and some small >> proof-of-concepts in order to choose the best. >> > > +1 > > M > > > -- > You are currently subscribed to cas-dev@lists.jasig.org as: > scott.battag...@gmail.com > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev > > -- You are currently subscribed to cas-dev@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
