Ok, I misunderstood the notion of the service registering the data. Mvh, /Fredrik
8 feb 2012 kl. 14:21 skrev William G. Thompson, Jr.: > On Wed, Feb 8, 2012 at 3:10 AM, Fredrik Jönsson <[email protected]> wrote: >> I don't really like to discourage, but doesn't this open a whole new >> world of possibilities for cross-site-request-forgeries and the like? >> >> We've explicitly made sure that the CAS server serves all resources in >> the pages to reduce such risks, facing the fact that the CAS server is >> pretty much the only service, at all, that receives almost _all_ our >> passwords in clear text. > > All of the variable content will be server by the CAS server. Does > this ease your concerns? > > Bill > > >> >> Regards, >> /Fredrik >> >> tis 2012-02-07 klockan 15:05 -0500 skrev William G. Thompson, Jr.: >>> Folks, >>> >>> Unicon is collaborating with Columbia University on a Services >>> Registry extension for Login Screen UI. The gist is that Services can >>> specify some elements of the CAS Login UI such as: >>> >>> * Logo that appears on the login screen >>> * Help URL and text >>> * Visibility of campus navigation links >>> >>> Currently thinking about how best to extend the Services Registry with >>> ad-hoc attribtues. >>> Would welcome comments, thoughts, and general collaboration. >>> >>> Best, >>> Bill >>> >> >> >> >> -- >> You are currently subscribed to [email protected] as: [email protected] >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-dev > > -- > You are currently subscribed to [email protected] as: [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
