Shibboleth Developers

["Scott Cantor" <>]

> Yes, it would be a great win (for logout) if the session/state itself 
> could be shared.

I'm pretty sure that's *not* a deliverable we're planning on. If others want
to explore it, they can. I don't know what the implications of that are, but
I'm pretty sure it amounts to a profile handler for CAS. I'm sure it can be
extended to support CAS by somebody in terms of combining that into the
session that would already be tracking SAML 1/2 and ADFS protocol.

> However the biggest issue with authentication handlers 
> is that it is a highly *specific* need for every deployer (a combination 
> of X.509, username/pass, digipass, SPNEGO/kerberos, RADIUS, LDAP, 
> SQL...).

I think you're saying "we use CAS for complex authentication requirements
and we're not going to change that". So you're stuck having to make two
systems work together and want them to be one system, so until they're one,
it's less good. So again, I think it's either option (a) above or hoping we
come up with a session bridging capability for logout/etc. that makes the
integration of the two cleaner.

> CAS is popular (in Europe) because it makes integration easy 
> and flexible.

Integration with....? Are we still talking about authentication?

-- Scott