2005.02.02 Yale discussion

Owned by Andrew Petro
Last updated: Feb 02, 2005Version comment

Housekeeping

Andy will no longer be doing meeting notetaking duty on account of needing to context switch too much.
Andrew took notes this meeting

Howard and Authentication Walkthroughs document

Howard produced and reported upon whitepaper Extended Authentication Walkthroughs which he posted into CAS wiki immediately after meeting.

Strategy

Approach of reconsidering domain model de novo and making broad proposals about CAS 3 code was educational but no longer useful. New strategy: assume CAS 3 code as implemented in HEAD is sufficient, embrace its aesthetics and model, apply use cases to exercise it and propose concrete specific enhancements to accomodate use cases that are not currently accomodated.

Concrete points to look at

  • Idea that AuthenticationManager == AuthenticationHandler
  • Information characterizing authentication failures and how that gets back to the view layer. Do AuthenticationHandlers throw exceptions representing failures? Or do they return AuthenticationResults which may be AuthenticationFailures that characterize the error? Driven by "Your account is locked" use case.

Walkthroughs

We need walkthroughs of how use cases are accomplished with CAS 3 code.

  • Howard: walkthroughs for Shib and NTLM.

On types of authentication

Validation side

Type of authentication is characterized in the SAML of the validation response.

Login side

Client needs way to communicate to CAS Server at Login what types of authentication will be accepted at validation, so that CAS Server can provide a compelling user experience. E.g., if a client will require a client cert at validation, it needs a way of communicating to CAS at login so that CAS will not paint the username/password screen but will instead either obtain a client cert or inform the user that one is required but was not present.

Concrete tasks

Video conference equipment issues

  • Andy, Drew will test sound
  • Room already reserved, need to reserve equipment.

Howard's walkthroughs doc

Howard publishes to Wiki, Andrew provides tech assist

We need to formulate an agenda for Video Conference.

Project timeline

Setting the timeline requires requirements, functional spec. To get those, we need use cases.

CAS 3 CAS2/CAS1 compliance

Must test CAS 3 for CAS2/CAS1 protocol compliance. Requires CAS2 / CAS1 spec. Drew tasked with this, he expects to finish by end of next week (by 2.11.05).

CAS3 protocol spec

Should be a deliverable of CAS 3 project.

Agenda for Monday meeting

Draft / outline of CAS 2 spec.