2010-04-26 Conference Call
Logistics
Time: Monday, April 26 @ 12:00 pm Eastern (11:00 am Central)
Conference Bridge: (641) 715-3200 640123#
Attendees: Marvin, Scott, Jonathan, Susan, Eric, Andrew Petro
Absent: None!
Note Taker: Andrew Petro
Agenda
- Roll Call; Choose Note Taker
- Review Old Action Items
- Review steering committee artifact openness (Andrew Petro)
- These call notes are publicly available
- CAS-steering-committee email list archives require authentication (and membership on the email list?) to access
- Status of the Thing that Will Not Be Named
- Andrew Petro has taken on coordinating this, since Scott has papers to finish
- Multi-Factor Status
- Organizing/publicizing CAS Community Calls
- Releases
- Apache 2 License
- Volunteer Positions
- Identifying other Clients to bring under the Jasig umbrella
Notes
Administrivia
- Andrew Petro volunteered to take notes for this call.
- Andrew Petro is at Internet2 Membership Meeting this week
- ScottS becomes more available after Tuesday, when his paper is due
Old action items
- ScottS completed road map but is still to document goals and mission statement
Review of openness characteristics of CAS steering committee communication mechanisms
- The notes from these conference calls are publicly available
- The archives of the cas-steering-committee@ email list are not
Addressing report of CSRF issue
This issue was generally discussed. Some of the salient points:
- Andrew Petro leading this, since ScottS has his paper to write
- Partial progress authoring response in private page in Jasig Confluence
- Requires additional effort
- Potentially requires coordination with the communities of similar projects
- Andrew Petro to continue to draft response in private Confluence page in Jasig wiki
- ScottS to review and add to this when he becomes available
- Requires communication specifically with BK
- Andrew Petro and ScottS to discuss after Tuesday when Scott turns in his paper
- goal of publishing a response mid-May
Multifactor authentication in CAS
Discussion of Scott-Yale discussions to date, the availability of notes for these in the wiki, potential in eliciting wider discussions of this.
Discussion of relationship of these discussions and work to the Unicon-VASCO proof of concept integration work (basically, no relation).
Andrew Petro apparently missed the latest of these calls, wherein possibly shipping more specific VASCO support in CAS was discussed. Agreement on this call to launch additional email discussion of this idea.
Next step for this: another conference call once logistics for Scott to join not-from-Rutgers are addressed, likely in the next month.
CAS Community Calls
Discussion of issues in making people aware of the schedule for these calls, having enough lead time to prepare and become aware of an agenda. Potential in Jasig Bedework instance in helping with calendaring logistics. Andrew Petro's perspective that calendaring tooling isn't the biggest problem here.
Review of goals and current format for the calls, fostering collaboration,, discussion, participation, making people more aware of CAS progress.
Discussion of doing something more like the uPortal community calls in showcasing/marketing success with CAS.
Discussion of a hybrid format that would afford 15 minutes for a showcase presentation every-other call, with a 15 minute design/feature focus on the not-showcase calls, and continuing to use the 45 minute portion for the current review of progress, discussion of next steps, discussion forum format.
See Ideas for Showcase Pieces of Calls, below.
Jonathan Markow to focus on building Jasig membership numbers
Jonathan informed the committee that the Board has instructed him to focus over the next six months on building Jasig membership and commercial affiliate counts, which will necessarily involve less attention to internal project management and progress prodding efforts.
This led to the idea of adding to the next meeting's agenda discussion specifically of how to build Jasig membership and commercial affiliation in the context of Jasig CAS.
Action Items
- DONE Andrew Petro to fix SusanBramhall access to private-to-committee page
- ScottS to review completeness of road map document and document goals and mission statement
- Andrew Petro leading response on "we think CAS is insecure because it amounts to bearer credentials authentication" issue
- Launch discussion of shipping VASCO authentication handler support in CAS. (Andrew Petro and ScottS particularly interested)
- ScottS to "schedule" (date is already set, needs a time of day he can make?) and announce next CAS community call, including on email list and on Jasig CAS website. Bonus points for sending a calendar event addable to one's calendar of choice!
- To discuss on next call: How to sell Jasig membership and commercial affiliations to CAS adopters and integrators. Jonathan Markow to add this to next call's agenda.
Ideas for Showcase Pieces of Calls
The idea of collecting these ideas was discussed on the CAS steering call, but not the actual ideas. This add-on to the page is to collect some of these ideas as an outcome from this call and input to the next steering committee meeting and/or further discussion.
Ideas for showcase pieces of calls (would need to convince presenters to be willing to present, none of these presenters have been approached yet at this brainstorming topic ideas phase):
- a call with CAS's extensible Web flow as its theme, hearing from Adam Rybicki, Unicon clients, others who have successfully customized the login web flow
- asking Unicon/Cisco to present on their use of Jasig CAS in the Workforce Retraining Initiative site (including CAS-Shibboleth integration)
- a call with multi-factor authentication as its theme, with Yale/Scott summarizing discussion to date, review of what Berkeley is doing along these lines in production, and focusing the discussion piece of the call on interest in and plans for multifactor authentication support in CAS
- Bill Thompson on bringing proxy CAS support to Liferay and/or on a more modern, secure, and elegant approach to CASifying Outlook Web Access.