Does anyone have an opinion on this email I received:
I think the author is right to question the need for screen scraping
credentials from the CAS login screen. I'd need more information to
determine whether it's as bad as it sounds, but if nothing else it's
against the spirit of SSO:
- Credentials presented to CAS are not shared with third parties
- CAS is a trusted consumer of authentication credentials
(The second follows from the first; your trustworthiness is damaged by
allowing the first.)
M
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
