Yale University ITS Technology & Planning
| Who we are Technology & Planning exists to promote effective technical planning within Yale ITS. Our work ranges from recommendations regarding longer-term architectural directions to immediate development of concrete project deliverables to solve current and expected problems. T&P advances architectures and approaches which enable ITS to provide better products and services. T&P also serves as a dynamically applicable resource to resolve problems and provide technical advice where it is needed most. We are programmers, and when we aren't evaluating new technologies, troubleshooting problems, or consulting with others in ITS on technical issues, we are writing code and building systems. The Central Authentication Service is a current project typical of the work of Technology & Planning. CAS is at once a concrete deliverable, an elegant and secure architecture, and a client library which empowers others to write web applications serving authenticated members of the Yale community. |
Current projects
Central Authentication Service
Howard Gilbert is currently working on extensions to CAS 3 in accordance with funding from The Mellon Foundation via the Mellon Award for Technology Collaboration.
Howard writes:
There are simple one line changes that you make to meet local security policy where CAS does not provide a standard option. All you need to know here is how to rebuild and test CAS after you make the change.
Sometimes you need to test a new version of CAS (or new CAS options) without replacing an existing CAS. You may even want to run a test CAS 3 under aproduction CAS 2. Or, you may want to do a CAS-based security Federation where one state college trusts the students of another state college when they have logged on to the other college's CAS. For these cases, TrustedOtherCAS is a modification that creates a Bean that can be incorporated into the login Web Flow. It may be triggered all the time, by IP address, or when the user presses a button. Basically, it is a version of the CAS Client Filter rewritten so it can be used as part of the login flow of another CAS. In the end, the user is logged into both CAS systems and can access services that validate to either of them, but the user only enters the userid and password once (to the Other Trusted CAS). CAS topics covered here include the Spring Webflow and the configuration of the Authentication Manager.
ScriptedValidate extends the standard service ticket validation protocol. After the ticket has been validated, but before the response is sent back to the service, a service-designed JavaScript unit is run under CAS. It has access to the CAS ticket information and such other sources of institutional data as the administrator configures through Spring. These data sources appear as JavaScript variables available for the script to make Access Control decisions. For example, the script can test if the user is a member of an Active Directory Group through one plugin object, or is a member of a Sakai site through another. If the user is rejected, then this is fed back as a new Service Ticket validation failure code. This type of function is more difficult to package, so an institution needs a development environment to create or modify plugins to gain access to different sources of institutional data to make better access control decisions.
YaleInfo Portal
YaleInfo is a local implentation and customization of the uPortal portal framework.
NetReg
Sakai
Other resources
Technology & Planning staff
- Andy Newman, director
- Susan Bramhall
- Roger V. Despres
- Howard Gilbert
- Rod Gustavson
- Joseph Valerio (AIM: joevalerio)
- Eric Wittmann (AIM: epwittmann)
Technology & Planning alumni
- Shawn Bayern '03
- Peter Furmonavicius '03
- Matthew Moser '04
- Drew Mazurek '06
- Jen Bourey '08
- Dustin Schultz '09
