Andrew Petro <[EMAIL PROTECTED]> wrote on May 6, 2008 10:47:48 AM -0700:
] I worry that implementing this feature locally multiple times invites ] redundant effort and local adoption of less-ideal implementations of ] this feature than could be achieved centrally. If one is going to be ] passing passwords around with CAS, one wants a solid, considered, ] secure implementation that passes the information securely and ] authenticates the the services before giving them the password and ] that doesn't break anything. It seems a waste to invite people to ] locally trip over these issues for lack of a shared implementation ] of this feature. ] ] Rutgers/Benn Oshrin have a thread going about where CAS can go next ] and what additional extension points/features would be welcome. ] I'll look to engage that thread on this idea and invite you and ] other interested people to chime in. I think I generally agree with the overall assessment which is that while nobody particularly likes this feature, enough people have a legitimate need for it that there should be some level of "support" for it, even if it requires jumping through some extra hoops and signing a disclaimer. I would imagine that the "official" implementation of this would be tied into the CAS 4 roadmap. However, given that some people may not want to wait while the roadmap is developed and revised, we can certainly start a discussion on the dev list much sooner as to what might be considered a legitimate approach. To be clear, Rutgers does not have a long-term interest in developing this feature. While we are happy to help guide the conversation, and maybe even endorse an approach, any development required by a solution accepted by the community will need to be provided by the community. -Benn- _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
