2010-8-17 MFA Call
Administrative
Attendees: ScottS, Howard Gilbert
Notes
- Hashed Ticket Identifiers
- Useful for distributed ticket registries without built in encryption methods (or buggy ones)
- Best option seems to modify AbstractDistributedTicketRegistry to enable/disable hashing
- Subject Alt Id
- CAS needs to resolve to one ID, or it leads to confusion server-side and client-side
- CAS protocol depends on it, SAML, et al., would find it highly useful
- CAS Server can possibly send back alternate Ids in addition to canonical one
- CAS Server has no way of actually resolving alternate ids to the same principal
- Renew = true?
- Does multi-factor affect it at all?
- Return Principal on Match Failures
- Don't recall my note on this
- Preferences
- Notion of a user may wish to store some preferences related to their authentication for a particular machine