2010-8-17 MFA Call

Administrative

Attendees: ScottS, Howard Gilbert

Notes

  • Hashed Ticket Identifiers
    • Useful for distributed ticket registries without built in encryption methods (or buggy ones)
    • Best option seems to modify AbstractDistributedTicketRegistry to enable/disable hashing
  • Subject Alt Id
    • CAS needs to resolve to one ID, or it leads to confusion server-side and client-side
    • CAS protocol depends on it, SAML, et al., would find it highly useful
    • CAS Server can possibly send back alternate Ids in addition to canonical one
    • CAS Server has no way of actually resolving alternate ids to the same principal
  • Renew = true?
    • Does multi-factor affect it at all?
  • Return Principal on Match Failures
    • Don't recall my note on this
  • Preferences
    • Notion of a user may wish to store some preferences related to their authentication for a particular machine