Hi, A lot of good ideas that I tried to capture in this wiki page: https://wiki.jasig.org/display/CAS/CAS+5+Design.
It's a first draft where I also kept the author of the idea. Just let me know if you feel something is missing before we try to go further. Thanks. Best regards, Jérôme LELEU Founder of CAS in the cloud: www.casinthecloud.com | Twitter: @leleuj Chairman of CAS: www.jasig.org/cas | Creator of pac4j: www.pac4j.org 2014-12-04 17:57 GMT+01:00 Scott Battaglia <scott.battag...@gmail.com>: > I'm still catching up on most of the thread (at which point I'll reply to > specific points), but I did just want to call out one of the reasons there > is sometimes a slightly rigid structure/call-pattern: basically as a > security product, how do we balance flexibility with ensuring you don't > accidentally break/skip/avoid a critical step in the flow. > > We previously did that with one entry point (with Bill calling out that > createTGT took in Credentials to ensure that we had a valid person before > we created a session) but with extension points. I'm not saying that's the > best option going forward, but as we introduce more flexibility, just keep > in mind that as a security product we want to make it hard for people to do > the wrong thing (otherwise a lot of our own hardening/analysis becomes > moot). > > On Thu, Dec 4, 2014 at 10:06 AM, Marvin Addison <marvin.addi...@gmail.com> > wrote: > >> There might need to be a detailed comparison and some small >>> proof-of-concepts in order to choose the best. >>> >> >> +1 >> >> M >> >> >> -- >> You are currently subscribed to cas-dev@lists.jasig.org as: >> scott.battag...@gmail.com >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-dev >> >> > -- > You are currently subscribed to cas-dev@lists.jasig.org as: lel...@gmail.com > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev > > -- You are currently subscribed to cas-dev@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
