2008-08-15 Conference Call

2008-8-15 Conference Call about CAS Vision and Roadmap

This is an open conference call. Notice has been sent to the JASIG CAS mailing lists. If you wish to join in on this conference call, please contact Benn Oshrin for the information.

Please be familiar with the CAS Vision and Roadmap as well as the Governance Model for the call.

Attendees

Agenda

  1. Re-cap (Benn)
  2. Governance Model Update (Scott)
  3. What are we looking for in CAS4?
  4. OpenId 2 and OAuth Investigation
  5. Other topics as identified

Notes

  • UnConference
    • Use UnConference for finalizing stuff from this meeting and meeting of steering committee
    • Please put your name on the tentative list for the Unconference!
    • Use developer days to possibly do some architecture and get all new developers on the same page, update developer guidelines
  • Governance Model
    • Got some feedback and comments
    • Proposal to go before the JASIG Board 8/18
    • Nominations through 8/22 at noon, then voting through 9/5 at noon
  • Vision and Roadmap
    • OpenID/Lightweight Federation
      • Why? At Rutgers, NetID is bound to stuff (historically, but inappropriately), using OpenID short-circuits having to break all those ties in the short term. Would need to integrate with CAS so applications can still just point to cas.rutgers.edu.
      • CAS should accept a hint to indicate what type of authentication to accept (local, OpenID, Shib, etc).
      • Individual universities, and even individual applications within a university, will likely have different requirements.
      • What about attribute release? If Rutgers gets attributes from UConn, UConn might only want them to go to Rutgers Sakai and not Rutgers Student Portal. In the lightweight model, UConn would trust Rutgers to "do the right thing", which is a violation of the "SAML purist" view.
      • Discussion of SAML assertions, endpoints, trust, etc.
      • What would the best model for CAS be? Is CAS a single endpoint, with local institutions having a second attribute release policy? Or is CAS a collection of per application attribute endpoints?
      • Should CAS be a Swiss Army knife of protocol translators?
      • Possible objective: if current federation models are too complex, establish a simpler model.
      • Simplicity is a good thing for the vast community of applications that don't need and can't handle complexity.
      • Options for attribute release: OpenID+OAuth, SAML 1.1, SAML 2.0
      • Should draw up some use cases, including both simple and complex requirements.
      • SAML/Shib more implies end-to-end communication, whereas CAS would be more of a man in the middle approach to facilitate simplicity.
      • CAS would need a locally implementable attribute service (eg: to say Yale Faculty | Rutgers Faculty = Local Faculty Definition)
      • What about the WAYF?
      • Scott B is in touch with the OpenID people.
    • Andrew: Unicon will soon opensource a password return extension. This might make a good topic for the Unconference.
    • Is there a short list of projects that might be appropriate for student work? Can this be part of the CAS 4 roadmap? Does this relate to the JASIG incubator?
  • One more call sometime around the second week of September, then meet at the Unconference.

Action Items

  1. All: Identify use cases for "simple" and "complex" federation.
  2. Benn: Schedule next call.
  3. Benn, Scott: Prepare next agenda.
    1. More Roadmap
    2. OpenID/Federation use cases
    3. WAYF