2005.02.02 Yale discussion
Housekeeping
Andy will no longer be doing meeting notetaking duty on account of needing to context switch too much.
Andrew took notes this meeting
Howard and Authentication Walkthroughs document
Howard produced and reported upon whitepaper Extended Authentication Walkthroughs which he posted into CAS wiki immediately after meeting.
Strategy
Approach of reconsidering domain model de novo and making broad proposals about CAS 3 code was educational but no longer useful. New strategy: assume CAS 3 code as implemented in HEAD is sufficient, embrace its aesthetics and model, apply use cases to exercise it and propose concrete specific enhancements to accomodate use cases that are not currently accomodated.
Concrete points to look at
- Idea that AuthenticationManager == AuthenticationHandler
- Information characterizing authentication failures and how that gets back to the view layer. Do AuthenticationHandlers throw exceptions representing failures? Or do they return AuthenticationResults which may be AuthenticationFailures that characterize the error? Driven by "Your account is locked" use case.
Walkthroughs
We need walkthroughs of how use cases are accomplished with CAS 3 code.
- Howard: walkthroughs for Shib and NTLM.
On types of authentication
Validation side
Type of authentication is characterized in the SAML of the validation response.
Login side
Client needs way to communicate to CAS Server at Login what types of authentication will be accepted at validation, so that CAS Server can provide a compelling user experience. E.g., if a client will require a client cert at validation, it needs a way of communicating to CAS at login so that CAS will not paint the username/password screen but will instead either obtain a client cert or inform the user that one is required but was not present.
Concrete tasks
Video conference equipment issues
- Andy, Drew will test sound
- Room already reserved, need to reserve equipment.
Howard's walkthroughs doc
Howard publishes to Wiki, Andrew provides tech assist
We need to formulate an agenda for Video Conference.
Project timeline
Setting the timeline requires requirements, functional spec. To get those, we need use cases.
CAS 3 CAS2/CAS1 compliance
Must test CAS 3 for CAS2/CAS1 protocol compliance. Requires CAS2 / CAS1 spec. Drew tasked with this, he expects to finish by end of next week (by 2.11.05).
CAS3 protocol spec
Should be a deliverable of CAS 3 project.
Agenda for Monday meeting
Draft / outline of CAS 2 spec.