Chris, If your team has what you feel are legitimate security concerns, please contact the JASIG Security Team: http://www.ja-sig.org/wiki/display/JSG/Security+Contact+Group
If you have questions about how CAS works or do not understand particular details, please detail your questions/comments/concerns to the list. Please do not merely state "some concerns were raised" and not follow through on raising them as that leaves everyone here wondering what is going on when it may or may not be a real concern. I'm not sure what you mean by formal security review. Are you interested in a comparison of the CAS protocol or the CAS server application? Because comparing it to SAML compares the protocol, while comparing it to Shibboleth compares the applications. Thanks -Scott On Dec 6, 2007 1:25 PM, Chris Hatton <[EMAIL PROTECTED]> wrote: > Hello, everyone, > > I am considering adoption of CAS for an third-party integration with our > platform, but we require formal security reviews prior to adoption of any > new means of authentication. We conducted a brief review internally, but > some concerns were raised (admittedly those concerns could be related > entirely to our own naivety). > > Is anyone aware of any formal security reviews that have been conducted on > CAS? Any relative comparisons of CAS vs. SAML? CAS vs. Shibboleth? > > Any information you could provide is appreciated... > > Thanks, > Chris Hatton > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > > -- -Scott Battaglia LinkedIn: http://www.linkedin.com/in/scottbattaglia
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
