I am not sure if 5.0 is the immediate subsequent release after, 4.1, is it? Or perhaps my more pertinent question might be ???Should it be????? I???d suggest that we incrementally march towards 5 while staying on the 4.x release line. Incremental small changes as much as we can, allow us to make quick progress, and release as often as we can, and also allow folks to upgrade easier. Jumping directly from 4.1 to 5 seems like a pretty big move and we could still do a lot of good work in between that don???t impact the codebase as a whole.
That said, I have no objections to a separate page to sort of think ahead about some major development items. By all means :) I have a few more items that we could perhaps also discuss and tackle for 4.1: - Moving the CAS protocol off the Jasig website and onto the GH pages docs site: I had a lot of trouble keeping to the syntax of the WYSIWYG editor, which truly was necessary work. So in the spirit of synchronicity, I???d like to include the protocol doc in the documentation somewhere, so that it stays with the version of the CAS software that is released. - I have been thinking about, (and have discussed this idea with a few other peers at Apereo 2014) that perhaps we should be moving off of JIRA and over to Github Issues. We are not really taking full advantage of JIRA for what it does best, and are simply treating it as a todo list. Using Github issues, allows us to track issues in relevance to the PR easier, as they are kept near the code and the docs, and also it???s easier for users to submit those issues because they don???t need to create a separate account. We could just about do everything that we currently do in terms of release management and milestones with Github too so I really don???t see the point in keeping to a separate system. I???d be glad also, to take on the responsibility of transferring the existing JIRA issues over to Github and we could take it from there??? - In addition to dropping/deprecating/moving the uber-webapp and the jboss cache modules, I???d also like to nominate the JPATicketRegistry and relevant components for deprecation. The feature hasn???t really received any attention for a while, and no longer seems like a suitable option for HA deployments and I have seen more than a few CAS deployments that have had trouble tuning and configuring the registry to really perform. We could swap in much better and more lightweight alternatives that I???d be happy to discuss details for their merit. Misagh From: J??r??me LELEU [mailto:[email protected]] Sent: Tuesday, June 3, 2014 8:52 AM To: [email protected] Subject: Re: [cas-dev] CAS 4.1.0 Yes, it makes sense to me to have also a CAS v5.0 page, or maybe the same page with issues for both versions: 4.1 and 5.0. Just to have everything on the radar... I'm not sure we can already know exactly which issues will be affected to which versions: if the development efforts are too important, we may want to postpone some features to the version 5.0... Best, 2014-06-03 17:31 GMT+02:00 Robert Oschwald <[email protected]>: I???m not sure if this thread is the correct one, but at a certain point we should look into the pending tickets which affect ticket model changes. Those are: Maybe both of them are really 5.0 issues as they need a large rewrite of the code-base. In this case, shouldn???t we already set up a 5.0 roadmap page, yet? CAS-637 Handle InvalidClassException in DefaultTicketRegistryCleaner CAS-1421 Refactor SSO Session Management API (thats the one which affects a lot of users when using rememberMe due to OOM situations on a large amount of tickets in the registry) Older conversations on this issue: http://jasig.275507.n4.nabble.com/CAS-4-0-Ticket-cleaning-enhancements-td4662373.html https://www.mail-archive.com/[email protected]/msg07823.html http://jasig.275507.n4.nabble.com/CAS-JpaTicketRegistry-Cleanup-OutOfMemory-td3079486.html Robert Am 03.06.2014 um 16:59 schrieb Misagh Moayyed <[email protected]>: > I am keeping track of proposals here: > https://wiki.jasig.org/display/CAS/CAS+4.1+Roadmap+DRAFT > > Feel free to add/remove/clarify. > > From: J??r??me LELEU [mailto:[email protected]] > Sent: Thursday, May 29, 2014 11:34 PM > To: [email protected] > Subject: Re: [cas-dev] CAS 4.1.0 > > Hi, > > It looks like we have a good meeting agenda now. Though, I just see > Misagh's reply and we talk to each other almost every month at the CAS > AppSec Working Group meetings, so I'd like to know if other committers > would be available for a conf call or if we should fallback to some > discussions on this mailing list. > Thanks. > Best regards, > J??r??me > > > > 2014-05-21 19:13 GMT+02:00 J??r??me LELEU <[email protected]>: > Hi, > > I would be interested in: > - front channel SLO > - OAuth server support (new grant types) > - LOA > > Best regards, > J??r??me > > > > 2014-05-20 21:56 GMT+02:00 Misagh Moayyed <[email protected]>: > I looked around on Jira to see if I can find any interesting candidates > that would fit the scope. Most documented issues are rather small in scope > and we should be able to knock out some as usual, but for the big picture, > here are a few features and improvements I would like to throw in for > discussion: > > - Service based authentication (which is also listed at Jerome???s > link) > > - A refactor/redesign of TGT expiration policies (work almost > done there as an extension for now) > > - Management app facelist and support for oauth > > - Thinking about dropping the uber-webapp module, and perhaps > jboss cache? > > - SWF session storage at the client side (pending pull; working > with Marvin to prep a maven dependency) > > - JSON service registry? > > > From: J??r??me LELEU [mailto:[email protected]] > Sent: Tuesday, May 20, 2014 6:53 AM > To: [email protected] > Subject: Re: [cas-dev] CAS 4.1.0 > > Sure. For information, the upgrade is already in progress for the Java CAS > client... > > > 2014-05-20 11:30 GMT+02:00 Stefan Paetow <[email protected]>: > Seconded. > > And while you???re at it, get the various distributions to update theirs > also. > > Stefan > > > From: Ganesh and Sashi Prasad [mailto:[email protected]] > Sent: 19 May 2014 22:06 > To: [email protected] > Subject: Re: [cas-dev] CAS 4.1.0 > > I think the highest priority would be to release the CAS Client versions > compatible with CAS 4.0 (mod_auth_cas and CAS Client for Java). > > Regards, > Ganesh > > > On 19 May 2014 20:31, J??r??me LELEU <[email protected]> wrote: > Hi, > > CAS 4.0 has been released and I'm almost done with the tasks on the Jasig > web site. > > So it's time to think about the future (I like to say that ;-). Maybe we > could organize some conf call to talk about the next features we want to > work on? > > At our last AppSec Working Group conf call, we tried to prioritize what we > could expect from a security point of view. > From: > https://wiki.jasig.org/display/CAS/Proposals+to+mitigate+security+risks, > we highlighted: > -- global secure flag to enable HTTP on service / proxy (SEC_2b / SEC_1) > - SEC_4 + SEC_5 > - SEC_7 + SEC_9 > - SEC_10. > > This is of course some starting point for a discussion. > > I'm looking forward to your feedbacks. > > Thanks. > Best regards, > J??r??me > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev > Janet(UK) is a trading name of Jisc Collections and Janet Limited, a > not-for-profit company which is registered in England under No. 2881024 > and whose Registered Office is at Lumen House, Library Avenue, > Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238 > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev > > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev > > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev > -- > You are currently subscribed to > [email protected] > as: [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev -- J??r??me LELEU Founder of CAS in the cloud: www.casinthecloud.com | Twitter: @leleuj Chairman of CAS: www.jasig.org/cas | Creator of pac4j: www.pac4j.org -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
