Am 05.06.2014 um 03:05 schrieb Misagh Moayyed <[email protected]>: > I am not sure if 5.0 is the immediate subsequent release after, 4.1, is it? > Or perhaps my more pertinent question might be “Should it be?”? I’d suggest > that we incrementally march towards 5 while staying on the 4.x release line. > Incremental small changes as much as we can, allow us to make quick progress, > and release as often as we can, and also allow folks to upgrade easier. > Jumping directly from 4.1 to 5 seems like a pretty big move and we could > still do a lot of good work in between that don’t impact the codebase as a > whole.
+1 It was not meant that we should immediately move towards 5.0. I think from a roadmap point of view, the protocol changes are a candidate for 5.0 (which is to be released somewhere in the feature - until then, we work on 4.x changes). > - Moving the CAS protocol off the Jasig website and onto the GH pages > docs site: I had a lot of trouble keeping to the syntax of the WYSIWYG > editor, which truly was necessary work. So in the spirit of synchronicity, > I’d like to include the protocol doc in the documentation somewhere, so that > it stays with the version of the CAS software that is released. +1 > - I have been thinking about, (and have discussed this idea with a few > other peers at Apereo 2014) that perhaps we should be moving off of JIRA and > over to Github Issues. We are not really taking full advantage of JIRA for > what it does best, and are simply treating it as a todo list. Using Github > issues, allows us to track issues in relevance to the PR easier, as they are > kept near the code and the docs, and also it’s easier for users to submit > those issues because they don’t need to create a separate account. We could > just about do everything that we currently do in terms of release management > and milestones with Github too so I really don’t see the point in keeping to > a separate system. I’d be glad also, to take on the responsibility of > transferring the existing JIRA issues over to Github and we could take it > from there… big +1! Linking PRs/commits to the tickets is a big advantage. > - In addition to dropping/deprecating/moving the uber-webapp and the > jboss cache modules, I’d also like to nominate the JPATicketRegistry and > relevant components for deprecation. The feature hasn’t really received any > attention for a while, and no longer seems like a suitable option for HA > deployments and I have seen more than a few CAS deployments that have had > trouble tuning and configuring the registry to really perform. We could swap > in much better and more lightweight alternatives that I’d be happy to discuss > details for their merit. -1 Not everyone uses CAS in a HA environment. I think JPA is currently the most used registry, isn’t it? System Complexity is the lowest when using JPA, and is self-contained in CAS when using any in-memory Java backend. Not to forget RememberMe issues with some of the other existing registry implementations on application restart. Robert > Misagh > > From: Jérôme LELEU [mailto:[email protected]] > Sent: Tuesday, June 3, 2014 8:52 AM > To: [email protected] > Subject: Re: [cas-dev] CAS 4.1.0 > > Yes, it makes sense to me to have also a CAS v5.0 page, or maybe the same > page with issues for both versions: 4.1 and 5.0. Just to have everything on > the radar... > > I'm not sure we can already know exactly which issues will be affected to > which versions: if the development efforts are too important, we may want to > postpone some features to the version 5.0... > > Best, > > > 2014-06-03 17:31 GMT+02:00 Robert Oschwald <[email protected]>: > I’m not sure if this thread is the correct one, but at a certain point we > should look into the pending tickets which affect ticket model changes. Those > are: > Maybe both of them are really 5.0 issues as they need a large rewrite of the > code-base. In this case, shouldn’t we already set up a 5.0 roadmap page, yet? > > CAS-637 Handle InvalidClassException in DefaultTicketRegistryCleaner > CAS-1421 Refactor SSO Session Management API (thats the one which affects a > lot of users when using rememberMe due to OOM situations on a large amount > of tickets in the registry) > > Older conversations on this issue: > http://jasig.275507.n4.nabble.com/CAS-4-0-Ticket-cleaning-enhancements-td4662373.html > https://www.mail-archive.com/[email protected]/msg07823.html > http://jasig.275507.n4.nabble.com/CAS-JpaTicketRegistry-Cleanup-OutOfMemory-td3079486.html > > Robert > > > Am 03.06.2014 um 16:59 schrieb Misagh Moayyed <[email protected]>: > > > I am keeping track of proposals here: > > https://wiki.jasig.org/display/CAS/CAS+4.1+Roadmap+DRAFT > > > > Feel free to add/remove/clarify. > > > > From: Jérôme LELEU [mailto:[email protected]] > > Sent: Thursday, May 29, 2014 11:34 PM > > To: [email protected] > > Subject: Re: [cas-dev] CAS 4.1.0 > > > > Hi, > > > > It looks like we have a good meeting agenda now. Though, I just see > > Misagh's reply and we talk to each other almost every month at the CAS > > AppSec Working Group meetings, so I'd like to know if other committers > > would be available for a conf call or if we should fallback to some > > discussions on this mailing list. > > Thanks. > > Best regards, > > Jérôme > > > > > > > > 2014-05-21 19:13 GMT+02:00 Jérôme LELEU <[email protected]>: > > Hi, > > > > I would be interested in: > > - front channel SLO > > - OAuth server support (new grant types) > > - LOA > > > > Best regards, > > Jérôme > > > > > > > > 2014-05-20 21:56 GMT+02:00 Misagh Moayyed <[email protected]>: > > I looked around on Jira to see if I can find any interesting candidates > > that would fit the scope. Most documented issues are rather small in scope > > and we should be able to knock out some as usual, but for the big picture, > > here are a few features and improvements I would like to throw in for > > discussion: > > > > - Service based authentication (which is also listed at Jerome’s > > link) > > > > - A refactor/redesign of TGT expiration policies (work almost done > > there as an extension for now) > > > > - Management app facelist and support for oauth > > > > - Thinking about dropping the uber-webapp module, and perhaps > > jboss cache? > > > > - SWF session storage at the client side (pending pull; working > > with Marvin to prep a maven dependency) > > > > - JSON service registry? > > > > > > From: Jérôme LELEU [mailto:[email protected]] > > Sent: Tuesday, May 20, 2014 6:53 AM > > To: [email protected] > > Subject: Re: [cas-dev] CAS 4.1.0 > > > > Sure. For information, the upgrade is already in progress for the Java CAS > > client... > > > > > > 2014-05-20 11:30 GMT+02:00 Stefan Paetow <[email protected]>: > > Seconded. > > > > And while you’re at it, get the various distributions to update theirs also. > > > > Stefan > > > > > > From: Ganesh and Sashi Prasad [mailto:[email protected]] > > Sent: 19 May 2014 22:06 > > To: [email protected] > > Subject: Re: [cas-dev] CAS 4.1.0 > > > > I think the highest priority would be to release the CAS Client versions > > compatible with CAS 4.0 (mod_auth_cas and CAS Client for Java). > > > > Regards, > > Ganesh > > > > > > On 19 May 2014 20:31, Jérôme LELEU <[email protected]> wrote: > > Hi, > > > > CAS 4.0 has been released and I'm almost done with the tasks on the Jasig > > web site. > > > > So it's time to think about the future (I like to say that ;-). Maybe we > > could organize some conf call to talk about the next features we want to > > work on? > > > > At our last AppSec Working Group conf call, we tried to prioritize what we > > could expect from a security point of view. > > From: > > https://wiki.jasig.org/display/CAS/Proposals+to+mitigate+security+risks, we > > highlighted: > > -- global secure flag to enable HTTP on service / proxy (SEC_2b / SEC_1) > > - SEC_4 + SEC_5 > > - SEC_7 + SEC_9 > > - SEC_10. > > > > This is of course some starting point for a discussion. > > > > I'm looking forward to your feedbacks. > > > > Thanks. > > Best regards, > > Jérôme > > > > -- > > You are currently subscribed to [email protected] as: > > [email protected] > > To unsubscribe, change settings or access archives, see > > http://www.ja-sig.org/wiki/display/JSG/cas-dev > > > > > > -- > > You are currently subscribed to [email protected] as: > > [email protected] > > To unsubscribe, change settings or access archives, see > > http://www.ja-sig.org/wiki/display/JSG/cas-dev > > Janet(UK) is a trading name of Jisc Collections and Janet Limited, a > > not-for-profit company which is registered in England under No. 2881024 > > and whose Registered Office is at Lumen House, Library Avenue, > > Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238 > > -- > > You are currently subscribed to [email protected] as: [email protected] > > To unsubscribe, change settings or access archives, see > > http://www.ja-sig.org/wiki/display/JSG/cas-dev > > > > > > > > -- > > You are currently subscribed to [email protected] as: > > [email protected] > > To unsubscribe, change settings or access archives, see > > http://www.ja-sig.org/wiki/display/JSG/cas-dev > > -- > > You are currently subscribed to [email protected] as: [email protected] > > To unsubscribe, change settings or access archives, see > > http://www.ja-sig.org/wiki/display/JSG/cas-dev > > > > > > > > -- > > You are currently subscribed to [email protected] as: > > [email protected] > > To unsubscribe, change settings or access archives, see > > http://www.ja-sig.org/wiki/display/JSG/cas-dev > > -- > > You are currently subscribed to > > [email protected] > > as: [email protected] > > To unsubscribe, change settings or access archives, see > > http://www.ja-sig.org/wiki/display/JSG/cas-dev > > > > > -- > You are currently subscribed to [email protected] as: [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev > > > > > -- > Jérôme LELEU > Founder of CAS in the cloud: www.casinthecloud.com | Twitter: @leleuj > Chairman of CAS: www.jasig.org/cas | Creator of pac4j: www.pac4j.org > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
