On Tue, Dec 20, 2011 at 1:00 PM, Scott Battaglia <[email protected]> wrote: > On Tue, Dec 20, 2011 at 12:58 PM, William G. Thompson, Jr. > <[email protected]> wrote: >> >> On Fri, Dec 16, 2011 at 11:48 AM, Marvin Addison >> <[email protected]> wrote: >> >> enhancing the serviceValidate and proxyValidate responses to include >> >> the user attributes as additional XML elements does not break CAS client >> >> library's parsing of the response >> > >> > I suppose my wording was poor. I meant break in terms of protocol >> > specification not software processing. You're correct that nothing >> > breaks, but it's simply a fact that most clients have to be modified >> > to handle attributes in the CAS 2.0 protocol response. Why go to the >> > trouble when SAML is supported out of the box by all the major clients >> > and is a standard besides? >> >> Flexibility and the.opportunity to do the simplest thing that might >> work. As Andrew noted above some CAS integration scenarios already >> require attributes in the CAS payload. >> >> The SAML1.0 CAS response document is standards based as far as that >> goes. However, the interaction is not a SAML profile such that it >> would interop out of the box with some other non CAS SAML endpoint. >> The HE SAML community has moved on to SAML2 and all the profiles it >> prescribes. It's hard to see the benefits of continuing the support >> of the SAML1.0 CAS endpoint if attributes were available in the CAS >> protocol. >> >> Perhaps it's time for CAS Protocol 2.1. > > > Or one of the standard protocols that people are using these days (SAML2, > OpenID2, etc.)
Sure, if you want SAML2 (meaning the whole thing, not just the XML markup), go with Shibboleth. If you want OpenID, get a Google account. For folks wanting a simple solution to modest attribute release in a CAS 3.x environment let's rev the CAS Protocol doc and drop the SAML1.0 standards charade. This would have the effect of bringing the protocol and the Jasig distribution more in line with the adopting community and simplify the code base. Best, Bill -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
