I just read an article about how Twitter is making use of the OAuth protocol to support CAS-style delegated authentication. Here is the article: http://hueniverse.com/2009/04/introducing-sign-in-with-twitter-oauth-style-connect/
Here are details from Twitter's website: http://apiwiki.twitter.com/Sign-in-with-Twitter So now we can add OAuth to SAML and OpenID as a delegated authentication method that can work similarly to CAS. As demonstrated with SAML, CAS could be extended to support these protocols natively as an identity provider (IdP). On the flip side, I am considering creating authentication providers to allow CAS to act as a consumer for at least some of these protocols. This would allow our users to access some of our CAS-protected sites using, for example, their Yahoo account (via OpenID). (We also plan to support facebook connect as an identity consumer, though it probably wouldn't make sense to support that protocol as an identity provider.) If multiple authentication mechanisms and IdP protocols are used in combination with "level-of-authentication" (LOA) concepts, CAS becomes a federation hub. I could imagine a user accessing a SAML-enabled application and signing in with their Twitter account. Interesting. -Nathan -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
