On Wed, Apr 17, 2013 at 10:57 AM, Daniel Fisher <[email protected]> wrote: > On Wed, Apr 17, 2013 at 10:05 AM, William G. Thompson, Jr. > <[email protected]> wrote: >> >> On Tue, Apr 16, 2013 at 11:15 AM, Daniel Fisher <[email protected]> wrote: >> > On Tue, Apr 16, 2013 at 9:32 AM, William G. Thompson, Jr. >> > <[email protected]> >> > wrote: >> >> >> >> Team, >> >> >> >> Unicon has already implemented MFA in CAS for a few clients and we >> >> were just awarded a contract to build a modular extension to the CAS >> >> Server to support multi-factor, and levels of assurance along the >> >> lines of the vision articulated in >> >> https://wiki.jasig.org/display/CAS/Level+Of+Assurance+-+Head+document >> >> >> >> This project requires that the resulting CAS server customizations be >> >> released as free and open source software for adoption with and in CAS >> >> (i.e. as cas-addons or the Jasig distribution). We intend to engage >> >> with the community throughout the implementation. >> >> >> >> This project provides a real world deployment scenario to build upon >> >> the authN API work that Marvin has completed thus far. So I think >> >> this is good news for CAS 4.1/5.0 in that we can be assured that the >> >> work to date on authN API, MFA, and LOA will yield deployable code >> >> even though it didn't ship with 4.0. >> >> >> >> In terms of "big features" for 4.0, I think we've made substantial >> >> progress along a number of paths that lead to a more supple, >> >> extensible and elegant CAS server that is a joy to install, configure >> >> and run[1]. >> >> >> >> * Externalizing SAML as an optional support >> >> * Upgrades to all dependancies >> >> * OAuth support improvements >> >> * Externalized Services Management Webapp >> >> * A bunch of security related improvements including encrypting >> >> clearpass cache by default >> >> * Many other improvements. >> > >> > >> > I don't see anything here that merits a major release. What's the >> > problem >> > with pushing the release date so the authN API features can be included >> > in >> > 4.0? >> >> Hi Dan, >> >> The current dev cycle started last summer and we've already pushed the >> release date several months. In that time, additional scope has >> continually been added. At some point in time the project has to trim >> scope and cut a release. >> >> I'm sure there would be no objection to sliding the date a few days or >> even a week or so. >> > > I can certainly appreciate the value of adhering to a schedule. If this was > a 3.x cut no one would be complaining, but it's a major release and the > features aren't indicative of one. So what's the rush? Less than 12 months > is a short dev cycle for a major release anyway. Lets push it back and give > people a reason to want 4.0.
Versioning is dictated by the release strategy described on the CAS Roadmap. The current master contains significant changes in default behavior and configuration which would require a major revision bump. Even if the authN API changes make it (and I hope they do) it would not represent a "big feature" from a deployer perspective as that work is mostly refactoring in preparation for future work. It would however also dictate a major revision since it is changing public published APIs. 12 months is a long time for the original scope agreed upon at the Jasig conference last June. The initial plan was to get a 4.0 early in 2013, knowing that folks will probably wait for 4.0.1/4.1 to really start to take a look at it. There will always be another release... Best, Bill > > --Daniel Fisher > > -- > You are currently subscribed to [email protected] as: [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
