Giesin, Peter (NBC Universal) wrote:
Pete, The functionality you're looking for seems to be a corollary to CAS's main authentication use case. There's a great writeup of "Remember Me" at Boxes and Arrows (http://www.boxesandarrows.com/view/guiding_princip) - and how it differs from logging in. An institution wide (e.g. at rutgers something like a .rutgers.edu cookie that just contained the netID or some kind of user key) but isn't trusted enough to constitute being "logged in" could enable lots of functionality within limits. It could have a longer expiration (2 weeks? 1 month?) and applications could customize display of non-confidential customized information while still forcing users to log-in (and obtain a true CAS session/TGT) to perform secure operations sounds valuable and would be simple to implement. Applications requesting a log-in page could even do neat stuff like providing the netID as a parameter on the request to allow it to be pre-filled in and password to be selected for convenience. Perhaps it's worth creating an issue in JIRA detailing this as a new feature request? Are other people interested in similar use cases? Jason -- Jason Shao Application Developer, Architecture & Engineering Team Rutgers University - Enterprise Systems & Services v. 732-445-2869 | f. 732-445-5493 | [EMAIL PROTECTED] |
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
