CoSign: Collaborative Single Sign-On  

cosign-discuss at
general discussion of cosign development and deployment

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: status of JavaCosign?

Hey Will,

On Sep 16, 2005, at 9:12 AM, Will Jaynes wrote:

Now that I've gotten a version of JavaCosign working on my development machine, I'd like to better understand the current status of JavaCosign.

The version on the download page (and the one I got working) is 1.0b1. In the cvs repository there are three tagged versions, 1.0b1, 1.0b2, and 1.0. Why does the download page only have the beta2 version? Are these other versions not released/supported/ recommended?

Probably we'll just change the download to be 1.0, which is the most recent and currently recommended version.

There's some Kerberos related stuff in the current code. Is that related to JavaCosign in some way, or can I ignore it?

I'm not super familiar with the JavaCosign code base, so I'm not really sure to what part of the code you might be referring. But you can probably just ignore it :) ( i think it's just an example )

Who is currently responsible for / working on the JavaCosign code? If I have questions/suggestions who can I talk to?

An excellent question. :) The authors of the original JavaCosign filter ( Paul Saxman and Tony Chan ) are no longer in the jobs they were in when they wrote the filter, and so it's a grey area right now. The 1.0 version contains their original code plus a series of bug fixes and enhancements. This version was modified by our summer temp, a Masters student in CS ( Jason Dillaman ), but he no longer works with us, either. No one on the current core cosign team programs in Java. We are, however, pursuing this in several directions right now - a current staff member is in the process of learning Java, we've been allotted some help from a Java programmer in another group, and we're about to hire a new web programmer ( this position will require some knowledge of Java).

Someone in the Umich or larger cosign community who is actively using the JavaCosign fiilter could also become one of the maintainers.

I'm not yet sure whether the Med School will be using Cosign, but I suspect we will in at least some applications. Since we use the Spring Framework and the Acegi Security framework for Spring, I'll probably be writing an Acegi security provider for Cosign. I imagine this would look a lot like the CAS provider, so it shouldn't be too hard to do. I'll know more when I get back from vacation after next week.

Great! We have a test server that you can use for testing, and we can give you access to logs and such if that will help your development process.

Copyright © 2002 - 2004 Regents of the University of Michigan :  Page last updated 15-December-2010