Hi, I guess we need to update and review a little more this draft ( https://wiki.jasig.org/display/CAS/CAS+5+Design), just to improve our ideas and thinking. Then, we can set up a call.
So far, it references 3 components: - the AuthenticationService deals with Credentials, Principals, ... and authenticates. It can be built using Spring Security or Shiro - the Storage service deals with storage of tickets and maybe services at the same time: it saves and retrieves theses elements - the session manager deals with SSO session. Its job is not clear to me regarding the other cmponents. So APIs and interactions between components and between compoents and UI need to be detailled. Any input will be appreciated. Thanks. Best regards, Jérôme LELEU Founder of CAS in the cloud: www.casinthecloud.com | Twitter: @leleuj Chairman of CAS: www.jasig.org/cas | Creator of pac4j: www.pac4j.org 2014-12-08 17:54 GMT+01:00 Misagh Moayyed <mmoay...@unicon.net>: > Thanks, you sort of read my mind. I was just about to do the same thing :) > > > > So what is the next logical step? Does it make sense for us to get on a > call and review action items? > > > > *From:* Jérôme LELEU [mailto:lel...@gmail.com] > *Sent:* Monday, December 8, 2014 9:35 AM > *To:* cas-dev@lists.jasig.org > *Subject:* Re: [cas-dev] Reducing CASImpl's complexity: ArgExtractors and > more > > > > Hi, > > > > A lot of good ideas that I tried to capture in this wiki page: > https://wiki.jasig.org/display/CAS/CAS+5+Design. > > > > It's a first draft where I also kept the author of the idea. > > > > Just let me know if you feel something is missing before we try to go > further. > > > > Thanks. > > Best regards, > > > Jérôme LELEU > > Founder of CAS in the cloud: www.casinthecloud.com | Twitter: @leleuj > > Chairman of CAS: www.jasig.org/cas | Creator of pac4j: www.pac4j.org > > > > 2014-12-04 17:57 GMT+01:00 Scott Battaglia <scott.battag...@gmail.com>: > > I'm still catching up on most of the thread (at which point I'll reply to > specific points), but I did just want to call out one of the reasons there > is sometimes a slightly rigid structure/call-pattern: basically as a > security product, how do we balance flexibility with ensuring you don't > accidentally break/skip/avoid a critical step in the flow. > > > > We previously did that with one entry point (with Bill calling out that > createTGT took in Credentials to ensure that we had a valid person before > we created a session) but with extension points. I'm not saying that's the > best option going forward, but as we introduce more flexibility, just keep > in mind that as a security product we want to make it hard for people to do > the wrong thing (otherwise a lot of our own hardening/analysis becomes > moot). > > > > On Thu, Dec 4, 2014 at 10:06 AM, Marvin Addison <marvin.addi...@gmail.com> > wrote: > > There might need to be a detailed comparison and some small > proof-of-concepts in order to choose the best. > > > > +1 > > > > M > > > > -- > > You are currently subscribed to cas-dev@lists.jasig.org as: > scott.battag...@gmail.com > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev > > > > -- > > You are currently subscribed to cas-dev@lists.jasig.org as: lel...@gmail.com > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev > > > > > > -- > > You are currently subscribed to cas-dev@lists.jasig.org as: > mmoay...@unicon.net > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev > > -- > You are currently subscribed to cas-dev@lists.jasig.org as: lel...@gmail.com > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev > > -- You are currently subscribed to cas-dev@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
