| Panel |
|---|
Your Conference Line will be E; Press 5 off the voicemail tree. Conference DN: 203-432-8598 Participants |
Attending: Scott, Howard, Joe, Jen, Susan
Review Policy definition and discussion from 7/12
- compare policy definition to MACE paccman definition if one exists
What does the policy object need to do?
Howard suggests bus logic to presentation interface is in terms of 3 questions: Am I there yet? Do I already have this credential? If I were to get this credential, would it be useful? or ask what credentials do you need?
Should a certificate be authenticated if not needed for the service? Does a policy need to answer whether a certain credential is needed? Or should CAS always look for all non-interactive credentials and validate those?
Service API function is to request access and return yes or no and return why. getServiceTicket answers yes or no and why? Scott wants more logic behind the service such as what's missing. Changes the meaning of getServiceTicket to expect result is not a service ticket.
Howard - should flow run through all the steps to gather credentials all the time? Or will the policy give a list of needed credentials?
Should all the credentials succeed or fail as a set? Or individually? Right now they succeed or fail as a set because they have to map to the same principal. To return which failed as individuals need to have an id for each credential. Howard had suggested the identifier could be its type name.
Howard's approach - presentation structured around presentation knowing what credentials it can get.
CAS 3.5 Architecture
We didn't get to this really.