[cas-dev] Multiple security levels (aka the circle of trust)

Scott Battaglia scott.battaglia at gmail.com
Tue Nov 28 14:31:01 EST 2006 

Andres,

This is something that we could possibly be interested in supporting in
CAS.  I'd be interested in seeing your use cases and what modifications (if
any) would be needed in CAS to support this.

-Scott


On 11/20/06, March, Andres <amarch at soe.sony.com> wrote:
>
>  Driven out of the need for "remember me" functionality, my organization
> is considering adding multiple levels of trust to our CAS implementation.
> The idea is that some authentications aren't as trusted as others.
> Basically, I want them to be able to be logged into a forums type site for a
> very long time between browser sessions but not into a billing info site.
> The gateway and renew flags are very useful in this respect but we need a
> bit more.  We would like some low security sites to accept an auth created
> from previous browser sessions but for higher security sites to not accept
> it.  Obviously we would like users going from a higher security type site to
> a lesser one to be auth'd.
>
>
>
> There are many issues and questions around the use cases for this type of
> functionality but I wanted to ask the list if any thought has put into this
> type of scenario.  Since my requirements are mainly drawn from the need to
> keep around the TGC for varying periods of time, I have considered using
> multiple TGC cookies to accomplish this need.  In addition to a default TGC
> with a browser session expiry, I could add others based upon the service
> parameter passed to /login.  Lower security services would have one or more
> TGC added that would be used during subsequent /login calls for other
> services.  If the browser session has ended and the client did not still
> have a TGC that the passed service required, then the user would have to
> reauth.
>
>
>
> Basically, I have to implement multiple security realms where some realms
> include others.  Thoughts?
>
>
>
> -----------------------------------------
>
> Andres March
>
> Platform - Apps Engineering
>
> Sony Online Entertainment
>
> desk: 858.577.3373
>
> cell:   619.519.1519
>
>
>
> _______________________________________________
> cas-dev mailing list
> cas-dev at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas-dev
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas-dev/attachments/20061128/a3a8ef78/attachment.html

More information about the cas-dev mailing list