Security Review of CAS
Scott Battaglia
scott.battaglia at gmail.com
Thu Dec 6 14:48:10 EST 2007
Chris,
If your team has what you feel are legitimate security concerns, please
contact the JASIG Security Team:
http://www.ja-sig.org/wiki/display/JSG/Security+Contact+Group
If you have questions about how CAS works or do not understand particular
details, please detail your questions/comments/concerns to the list. Please
do not merely state "some concerns were raised" and not follow through on
raising them as that leaves everyone here wondering what is going on when it
may or may not be a real concern.
I'm not sure what you mean by formal security review. Are you interested
in a comparison of the CAS protocol or the CAS server application? Because
comparing it to SAML compares the protocol, while comparing it to Shibboleth
compares the applications.
Thanks
-Scott
On Dec 6, 2007 1:25 PM, Chris Hatton <chris.hatton at gmail.com> wrote:
> Hello, everyone,
>
> I am considering adoption of CAS for an third-party integration with our
> platform, but we require formal security reviews prior to adoption of any
> new means of authentication. We conducted a brief review internally, but
> some concerns were raised (admittedly those concerns could be related
> entirely to our own naivety).
>
> Is anyone aware of any formal security reviews that have been conducted on
> CAS? Any relative comparisons of CAS vs. SAML? CAS vs. Shibboleth?
>
> Any information you could provide is appreciated...
>
> Thanks,
> Chris Hatton
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
--
-Scott Battaglia
LinkedIn: http://www.linkedin.com/in/scottbattaglia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20071206/af41968a/attachment.html
More information about the cas
mailing list