/
2010-05-24 CAS Steering Committee Conference Call

2010-05-24 CAS Steering Committee Conference Call

Jun 08, 2010

Logistics

Time: Monday, May 24 @ 12:00 pm Eastern (11:00 am Central) (9:00 am Arizona)
Conference Bridge: (641) 715-3200 640123#
Attendees: Marvin, Jonathan, Susan, Eric, @Andrew Petro
Absent: Scott Battaglia
Volunteered acting chair: Marvin
Note Taker: @Andrew Petro

Agenda

  1. Roll Call; Choose Note Taker

  2. Targets for Jasig membership and commercial affiliateness via CAS

  3. Review Old Action Items

  4. Status of the Thing that Will Not Be Named

    1. @Andrew Petro has taken on coordinating this, since Scott has papers to finish

  5. Multi-Factor Status

  6. CAS Community Calls

  7. Releases

  8. Apache 2 License

Notes

Initial administrivia

  • Marvin (was) volunteered to chair this call

  • @Andrew Petro volunteered to take notes

Boosting Member and Affiliate Quantity

  • Marvin, Andrew drew attention to CAS Leads - Private

  • Jonathan Markow provided some context for the initiative to boost membership rolls, need for revenue

  • How CAS steering can help: identify targets, identify individuals (CIOs?) as targets, identify companies offering services around CAS, identify companies using CAS. Email to jjm and/or use the private page in the wiki

Followup on purported CSRF vulnerability

  • Need to get on top of this

  • @Andrew Petro to complete March 2010 Purported CSRF vulnerability and follow up with Scott Battaglia to finalize this messaging

  • Marvin and JJM on importance of a timely response and holding scope under control

  • Marvin: when do we want a draft? Marvin may have time to work on this this week. Andrew also has blocked time this week to work on this.

Multifactor authentication

  • Susan updated on status of this. Little progress, need to circle back with Scott Battaglia.

Development status

  • Marvin wants progress on a particular Java CAS client feature for which he submitted a patch.

  • Marvin: ideas for formalizing communication about timeline, availability, invocation of lazy consensus

  • Development roadmap items needing checked on: CAS Server 3.5, Java CAS client, multifactor authentication

CAS community call

  • Had one a few weeks ago, Marvin thought it went well.

  • Scheduling of this call? Monthly on second Wednesday of the month, at noon Eastern.

  • Who will be responsible for announcing this? Does Scott want to be responsible for announcing this? Announce a week in advance, with agenda. Get this onto the website?

  • Kim from Pepperdine volunteered to let Jasig use Elluminate to share slides / desktop / agenda.

  • JJM: Jasig has a Vimeo account now, so a video with audio could then be posted to Vimeo. (Slides and audio could also go onto Slideshare).

  • Need for rehearsal for participants to be familiar with Elluminate

  • How solicit presentations? email to cas-user@ list? This week. Marvin volunteered to write this email.

Apache2 Licensing

  • Discussion of (easy, mostly technical rather than political) steps to changing license, belief that all necessary ICLAs have been signed.

  • Susan points out these excellent resources.

  • Does CAS ship a binary, or is it only built by adopters via Maven?

  • uPortal Quickstart? Not directly the CAS steering committee's problem, but we don't envy the uPortal folks having to deal with notices for gzillions of dependencies...

Action items

  • @ScottS to review completeness of road map document and document goals and mission statement (carried over from previous action item list) - Draft sent to Jonathan

  • @Andrew Petro leading response on "we think CAS is insecure because it amounts to bearer credentials authentication" issue (carried over from previous action item list). Marvin working on this this week.

  • Launch discussion of shipping VASCO authentication handler support in CAS. (@Andrew Petro and @ScottS particularly interested) (carried over from previous action item list)

  • JJM to follow up with @ScottS on his desire to announce next CAS community call or tasking someone else with this announcement announced multiple times

  • Marvin to recruit ideas for community call agenda items and brief presentations/showcases/demos of cool CAS usages

  • JJM to create new private page / update existing private page to organize seeking additional Jasig memberships, affiliates, and revenue particularly connected to interest in Jasig CAS

  • All committee members to identify targets, identify individuals (CIOs?) as targets, identify companies offering services around CAS, identify companies using CAS. Email to jjm and/or use the private page in the wiki and/or any new page JJM creates and notifies committee about

  • JJM to check with Scott Battaglia on status generally, status of specific development items noted above

  • Marvin to draft response to CSRF vulnerability by Monday, May 31