> Thoughts on promoting this to be an officially supported > > /cas3validate > > validation endpoint?
-1 We would do well to accept the fact that SAML is the emerging standard to accomplish both attribute release and delegated authentication, and simply invest our energy to that end. > Possibly with authentication of the validating service by TLS so as to be > able to authenticate the request for attributes and even eliminate the proxy > callback? TLS authentication is already an essential part of callback validation. I honestly don't see the value in eliminating the callback other than for marginal performance improvements. Does this really simplify integration for proxy consumers? > Possibly adding an "acceptProxyTickets" URL parameter, defaulting to false, > so that client libraries and integrators can better understand the > opportunity to opt in to accepting proxy tickets and are less likely to do > it if they don't mean it? At present there's a fair amount of explicit configuration required to enable proxy support, so hardly the thing you'd enable unknowingly. This is tit for tat as I see it and gains nothing except protocol changes in the clients. Again, we're better off spending our energy on increasing SAML support. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
