We can also look at the Shibboleth SP, which should be SAML compliant and thus compatible with future CAS versions. I'm not familiar with it though. Have you looked at it at all?
-Scott -Scott Battaglia PGP Public Key Id: 0x383733AA LinkedIn: http://www.linkedin.com/in/scottbattaglia On Mon, Oct 20, 2008 at 4:07 PM, Smith, Matthew J. <[EMAIL PROTECTED]>wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Being unfamiliar with SAML at the development tier ATM, I am only aware > of the opensaml C++ libs. Is anyone aware of the library availability > for the set of languages/platforms being targeted here? > > I have to admit -- looking at mod_auth_cas, currently a simple Apache > module of 1 .c file, performing very basic SSL socket handling and > minimal XML parsing, and growing to include SAML, PKI, SOAP/REST, etc, > is rather daunting, from a spec-reading and dev-time perspective. > > Of course, Phil,the real C ninja, has done 99% of the m-a-c coding, so > he may already have this all done ... ;-) > > > Scott Battaglia wrote: > > From my notes, we're looking at the follows: > > > > 1. Single Log Out > > 2. Web SSO Profile > > 3. Assertion Query/Request > > 4. Attribute > > 5. ECP > > 5. Proxying (not yet established) > > > > I'd prefer to use RESTful APIs vs. SOAP APIs if possible, and as stated > > before would like to look for some method sharing keys that doesn't > > require explicit key exchanges and updates on servers. Any thoughts on > > that would be appreciated. > > > > Thanks > > -Scott > > > > -Scott Battaglia > > PGP Public Key Id: 0x383733AA > > LinkedIn: http://www.linkedin.com/in/scottbattaglia > > > > > > On Mon, Oct 20, 2008 at 8:17 AM, Scott Battaglia > > <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> wrote: > > > > Matt, > > > > There's a few profiles that we're looking at. Eric Pierce and I > > spent some time at the UnConference looking this stuff over. The > > notes are on my notebook so when I turn it on later, I'll send the > > notes out to the list. > > > > I want to be very careful about making sure that CAS is still as > > easy to deploy as before, despite using SAML so I'll be looking for > > feedback from the CAS client developers on the profiles. I'm also > > interested in creating RESTful bind points instead of using SOAP, > > and relying on temporary key exchanges if possible instead of > > sharing public keys between the IdP and SPs if possible (or some > > other appropriate method). Any thoughts on that would be > > appreciated ;-) > > > > Off to start up my notebook... > > > > -Scott > > > > -Scott Battaglia > > PGP Public Key Id: 0x383733AA > > LinkedIn: http://www.linkedin.com/in/scottbattaglia > > > > > > On Fri, Oct 17, 2008 at 5:19 PM, Matt Smith <[EMAIL PROTECTED] > > <mailto:[EMAIL PROTECTED]>> wrote: > > > > Scott- > > Are you looking for CAS clients to support SAML multi-profile > > support (Artifact, POST, SLO?) for a coordinated roll-out? > > -Matt > > > > On Fri, Oct 17, 2008 at 2:01 PM, Scott Battaglia > > <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> > > wrote: > > > CAS Client Developers (I'm looking at you phpCAS, > > mod_auth_cas, etc.), > > > > > > If you recently attended the UnConference you're familiar with > > the fact that > > > CAS4 will be supporting a few SAML profiles (more details on > > that later) in > > > addition to the CAS1 and CAS2 protocols. I've been charged by > > the steering > > > committee to construct the finalized CAS4 roadmap based on the > > existing > > > vision and roadmap. I'd like to coordinate with the major > > (and possibly > > > all) CAS client developers to make sure that the CAS clients > > are ready for > > > when CAS4 comes out for those who want to take advantage of > > the new SAML > > > features. > > > > > > We're currently targeting a Spring '09 release of CAS4. > > Please let me know > > > how that correlates to the develop roadmaps for the various > > CAS clients. > > > > > > Thanks! > > > -Scott > > > > > > -Scott Battaglia > > > PGP Public Key Id: 0x383733AA > > > LinkedIn: http://www.linkedin.com/in/scottbattaglia > > > > > > _______________________________________________ > > > cas-dev mailing list > > > [email protected] <mailto:[email protected]> > > > http://tp.its.yale.edu/mailman/listinfo/cas-dev > > > > > > > > > > > > > > -- > > [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > > Key ID:D6EEC5B5 > > _______________________________________________ > > cas-dev mailing list > > [email protected] <mailto:[email protected]> > > http://tp.its.yale.edu/mailman/listinfo/cas-dev > > > > > > > > > > ------------------------------------------------------------------------ > > > > _______________________________________________ > > cas-dev mailing list > > [email protected] > > http://tp.its.yale.edu/mailman/listinfo/cas-dev > > > - -- > Matthew J. Smith > University of Connecticut ITS > [EMAIL PROTECTED] > PGP KeyID: 0xE9C5244E > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.6 (GNU/Linux) > > iD8DBQFI/OTzGP63pOnFJE4RAm4pAJ9V9JIxl9Y3VYmWtd9Z5LumCzzq4gCdFmmO > QfgcwM6eImGelft+ZivJHik= > =0dT8 > -----END PGP SIGNATURE----- > _______________________________________________ > cas-dev mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas-dev >
_______________________________________________ cas-dev mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas-dev
