[cas-dev] OpenID use case
J. David Beutel
jbeutel at hawaii.edu
Mon Nov 3 21:53:52 EST 2008
Phillip Rhodes wrote:
> J. David Beutel wrote:
>
>> I have a use case for CAS as an OpenID client (i.e., Relying Party).
>> I'm developing a second-level CAS for multi-level authentication. (I
>> call it second-level because it first forces a username and password
>> authentication on our regular CAS.) It's protecting the user's bank
>> account number, which the user can input and read later. It uses
>> secret questions and answers (a.k.a. challenge/response), like many
>> bank and credit card web sites currently do.
>
> I've recently been interested in "CAS as an OpenID Relying Party" as
> well... any chance you have any observations, notes, code, etc. you'd be
> willing to share? I was planning to start from scratch on rolling my
> own such implementation so any and all advice or assistance is much
> appreciated.
Sorry, I haven't done any coding for OpenID yet. It's a nice-to-have
that falls below my priority of making an authentication method which
everyone can use that's better than challenge/response. OpenID is still
too user-surly for everyone, but would be a nice adapter for those with
special hardware or needs.
I should reiterate that OpenID looks like a good adapter for optional,
additional authentication which the user can trust, but it doesn't prove
anything to CAS and the service. Its authentication ranges from strong
to nonexistent.
Cheers,
11011011
More information about the cas-dev
mailing list