Implementation of Services Management

Scott Battaglia scott.battaglia at gmail.com
Fri Sep 19 09:58:36 EDT 2008 

What we essentially do here at Rutgers and its worked relatively well so far
(but might change if/when we release attributes via CAS) is that we're
pretty lenient with internal Rutgers applications (i.e. we may authorize an
entire host, i.e. sims.rutgers.edu) whereas for external, 3rd party
applications, such as the voting application, the url is much more
restrictive and requires each application to be registered (so that rogue
3rd party applications can't pretend they have an RU affiliation).

-Scott

-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn: http://www.linkedin.com/in/scottbattaglia


On Thu, Sep 18, 2008 at 1:27 PM, Tom Freestone <tefreestone at gmail.com>wrote:

> We are will be rolling CAS 3.3 to BYU campus community in the next
> month.  We would like to encourage adoption by the other campus IT shops
> so that BYU can reap the benefits of CAS.
>
> There is interest in restricting CAS using services management.  As we
> have looked at the problem, there seem to be a couple obvious
> solutions.  First, restrict all access and allow campus applications to
> use CAS in a pre-registration model (eg.  white list of first-class
> citizens).  My hesitation with a white list is there is the temptation
> for our operation staff and security administrators to be heavy handed
> and the pre-registration process  becomes to painful to get CAS access.
> BYU hasn't had any luck with pre-registration models.  Also, the rule
> set in white lists can become unwieldy when the rule set is large.
>
> On the other hand we could allow all campus application access to CAS
> and black list those applications that are problems.  Both techniques
> have the pros and cons.  I was curious of people are currently doing as
> far as  Service Management rules and what worked or didn't.  Thanks!
>
> tom
>
> --
>
>
> ********************************
> Tom Freestone
> (tom_freestone at byu.edu)
> Engineering
> Office of Information Technology
> Brigham Young University
> ********************************
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20080919/fd23668a/attachment.html

More information about the cas mailing list