This is an interesting idea. I'm curious about your needs/use cases that motivate this feature. Sounds like one of the driving forces is reduction or elimination of server storage. I wonder, though, if you'd be trading ticket storage for key storage, unless you envision a single encryption/decryption key pair for all tickets. Would you mind discussing briefly key management?
I think the violation of the single-use service ticket criterion is a serious one. One-time-use tokens are one of the strongest security features of CAS, not to mention it's a MUST in the spec. I wonder whether your proposed solution of used ticket storage would require _more_ storage than the current implementation of temporary storage of valid tickets. Marvin -- Application Developer Middleware Services Virginia Tech _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
