remote UserDetailsService implementation

[Sadegh Aliakbary]

Hi
I want to create a CAS-based central authentication and authorization server reading user information 
from DB, but I know that cas-clients should implement a UserDetailsService which connecting to DB retrieves
user information. 
Now I want to centralize the user information in the central CAS-based server, and offer web-based user 
information service. I mean I will create a secure web page on cas server acting like a web service: it 
takes username as the input and returns user information as the output. Now in cas-clients I should implement
a method based on http-client, which connects to cas-server secure method and retrieves the user information.
In short: I want a UserDetailsService implementation on clients which connects to cas-server and retrieves user
information.
(I don't use webservice because I don't know how web service method authentication integrates with cas authentication.)
This architecture has some benefits: Authentication and user information is centralized in a separate isolated server 
and other clients do not know anything about db schema and authentication implementation mechanisms.

Now I have two questions:
Do you have any comment on this architecture?
How can I express cookie information in HTTP-CLIENT application, so that cas-server can ensure the validity of 
http-client remote applications?

Excuse me for the long question
Best Regards

Sadegh Aliakbary


       
---------------------------------
Be a better friend, newshound, and know-it-all with Yahoo! Mobile.  Try it now.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20080129/e14a6975/attachment.html