Another thought I've been having for sometime is the need to decouple primary authentication from CAS protocol implementation via something like a Service Provider interface. Seems like the move to more fully embrace SWF might help here as well.
On Mon, Sep 16, 2013 at 9:32 AM, Marvin S. Addison <[email protected]> wrote: > Spring Webflow has arguably been one of the best design decisions for CAS. > Building on that strength, we could implement a number of valuable features > related to ticket validation as one or more webflows: > > > - Implement protocol dispatcher to call into protocol-specific subflows > - Implement SEC_4, SEC_6, and SEC_8 [1] as components/flow states in CAS > protocol validation flow > - Implement on-demand attribute query/release > > I'm confident that in addition to implementing new features, a number of > problem areas in the code base (i.e. argument extractors) could be cleaned > up. > > This could possibly be a 4.1 scope design feature if we try to keep it > tight, otherwise 5.x. > > We will leverage this approach to implement a high-assurance form of > attribute release for Virginia Tech using client certificates to address a > requirement we have locally. If we get to it before the project generally, > I'll provide feedback from the work. > > Best, > M > > [1] https://wiki.jasig.org/display/CAS/Proposals+to+mitigate+security+risks > > -- > You are currently subscribed to [email protected] as: [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
