CAS, Yale, Authorization and the Logout...

Harry Ng harryworld at gmail.com
Sun Dec 16 20:40:20 EST 2007 

Hi,

It's really good to hear that an article will be posted on some magazines,
even in different languages. Can you please post back a link after that
article is published if possible? We can create a section in Confluence,
collecting published articles as a social reference.

Thanks,
Harry


Jakob Külzer-2 wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hello list,
> we are currently working on an article about JA-SIG CAS for the  
> german JavaMagazine and i got most of the article up and standing,  
> but there are some questions left open so far.  I hope this is the  
> correct list to ask such questions -- if not, please excuse me for  
> being so bold and be so kind and forward it to the correct list.   
> Thank you!
> 
> But back to topic, my first question is about the history and status  
> of the CAS project.  I'm quite confused about CAS version 2 (and as  
> we focus on version 2 in the article, i'm keen on getting this  
> right).  If i read the web site and parts of the mailing list  
> correctly, the yale distribution of CAS and the JA-SIG distribution  
> are roughly the same. Is this correct?  If not, what is the difference?
> 
> CAS is an authentication service and therefore does not offer any  
> authorization functionality; so the philosophy for performing  
> authorization is to create a custom component that does authorization  
> based on the username provided by the CAS authentication?
> 
> What about Cross Domain SSO? This should not be a problem as no  
> cookies are involved but all ST's and PT's are transmitted via GET- 
> requests. Do you know of cases where a CAS based CDSSO has  
> successfully been introduced?
> 
> My next question is about the logout functionality.  CAS version 2  
> supports logout, but can only enforce deletion of the TGC and  
> destruction of the session of the application requesting the logout  
> while all other authenticated session remain intact.  So may i  
> conclude there is no "global logout" for CAS 2 (at least vanilla CAS)?
> 
> My final question: Is it correct that basically every service may  
> participate in a CAS based SSO network without any ... well ...  
> registration? I found a page in the deeps of the wiki concerning this  
> (http://www.ja-sig.org/wiki/display/CAS2/Registered+services%2C+Global 
> +logoff%2C+Service-specific+includes) but it's not part of vanilla  
> CAS 2?
> 
> Please correct me if i got anything wrong, i'd hate to write some  
> wrong facts about your great project. :)
> 
> Thank you very much in advance for all answers.
> 
> Regards,
> - ---------  BEGIN SIGNATURE ----------
> Jakob Külzer
> OPTIMAbit GmbH,  Amtsgericht Muenchen HRB 154057, Geschaeftsfuehrer  
> Dr. Bruce Sams
> Weidenweg 2   85375 Neufahrn   GERMANY
> mail: jakob.kuelzer at optimabit.com
> tel: +49 (0) 8165 65095
> web: www.optimabit.com
> 
> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.5 (Darwin)
> 
> iD8DBQFHYT3DLFnyZ4/kHZ4RAmWnAJ98qX2v7e2WwITLA/VbVDKhQ1/M4ACfcfiD
> ugm1R3f+5jMhFmVDtxQQuhU=
> =FKSl
> -----END PGP SIGNATURE-----
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
> 
> 

-- 
View this message in context: http://www.nabble.com/CAS%2C-Yale%2C-Authorization-and-the-Logout...-tp14317038p14368830.html
Sent from the CAS Users mailing list archive at Nabble.com.

More information about the cas mailing list