CAS as general single sign on solution for Internet app

Smith, Matt matt.smith at uconn.edu
Fri Jan 18 14:21:44 EST 2008 

The University of Connecticut is successfully using CAS with a number of
external vendor applications.  So, in this regard, we are acting as the
"Identity Provider" to "Service Providers" all across the Internet.
This has been a very positive experience, as the extranet applications
can appear to be part of our service environment.

Acting as a Service Provider, allowing OpenID authentication is
sufficient if you trust users to *each* be their own "Identity Provider"
-- but there are risks that need to be considered.  My biggest one --
how do you vet the identity of the user, and the security of their
OpenID provider?

Running CAS as a single Identity Provider has very little cost, and the
benefits are centralized, well-vetted identity, maintained by
experienced system administrators.  

HTH,
-Matt


On Fri, 2008-01-18 at 13:11 -0400, David Pratt wrote:
> Hi. I am generally familiar with the use of CAS authentication for the 
> intranets. As such I had not properly considered it for a larger 
> Internet application. Can or should CAS be used in the wild for internet 
> applications as single sign on?
> 
> Overall, OpenID is emerging in this area as a potential generic 
> standard. Despite this, I would welcome any insight in using CAS for a 
> larger scale web application for Internet authentication. All the 
> largest providers like Google, Yahoo, Microsoft all have their own brand 
> of authentication - but the mechanisms are very CAS-like.
> 
> If it can be used, anything things to watch out for, or anyone already 
> doing this that can shed light on how it may be working. Any links to 
> documents or blogs articles as reference would be appreciated. No lack 
> of information on general mechanism of CAS on Google, just anything 
> specific about using it as Internet single sign on. Many thanks.
> 
> Regards
> David
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
-- 
Matt Smith
matt.smith at uconn.edu
University Information Technology Services (UITS)
University of Connecticut
PGP Key ID: 0xE9C5244E
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://tp.its.yale.edu/pipermail/cas/attachments/20080118/af4874d5/attachment.bin

More information about the cas mailing list