On Tue, Dec 20, 2011 at 2:13 PM, Marvin Addison <[email protected]> wrote: >> For folks wanting a simple solution to modest attribute release in a >> CAS 3.x environment let's rev the CAS Protocol doc and drop the >> SAML1.0 standards charade. > > I hope you're attempting to be provocative, but for what purpose I > can't imagine. SAML 1 profiles are both current and actively used. > The proof is self evident: > > marvin:~/tmp$ grep -ic SAML:1.1 InCommon-metadata.xml > 1063
SAML1 profiles are still valid in the InCommon federation mostly via Shib, but what does that have to do with the way CAS 3.x is using SAML1 markup via samlValidate? I'd suggest little if any from a practical or interop perspective. > > How is our substantial investment in both client and server support > for a current, active protocol a charade? In practical terms you're > suggesting throwing away a large amount of code in favor of a new > protocol which would presumably need roughly equivalent amont of code. > That seems unwise at best given available resources at present. Charade in the sense that just using the SAML1.0 markup does not afford interop with non-cas-SAML entities nor has it conferred any significant benefit to the CAS3.x community. The inclusion of SAML1.0 markup and endpoints has complicated that overall CAS product and allowed the CAS protocol to stagnate. Simply adding attributes to the CAS payload via extension of the CAS protocol in hindsight seems like a better deal, and is what many in the community have done in practice. The code to add attributes to the CAS payload has been implemented by many in the community. It don't think it is as big a lift as you make it out to be, what is missing is updates to the CAS protocol doc and better support in the clients. On the otherhand, refactoring out redundant functionality (ala samlValidate) would simplify the CAS code base and make it easier to extend and maintain. Best, Bill -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
