Using the REST design here: http://www.ja-sig.org/wiki/display/CASUM/RESTful+API
Does this mean that SAML would replace e.g. an LDAP authenticator specified in a deployerConfigContext.xml and require some SAML client at the server holding the user credentials? Or, would SAML be used to send and return the calls to the CAS server only? I've been discussing the need for a black-box authentication interface i.e. any authentication protocol on the input and any protocol on the output. If a single protocol were used for these communications you could assure quality, consistency, and security in all using implementations. I'm not sure if SAML is a fit for this but a single language would be beneficial. I firmly believe that this problem should have a resolution and an end. You give or share the code for the resolution and the "only" code that users/developers don't have are the cryptographic pieces. David _______________________________________________ cas-dev mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas-dev
