-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello list, we are currently working on an article about JA-SIG CAS for the german JavaMagazine and i got most of the article up and standing, but there are some questions left open so far. I hope this is the correct list to ask such questions -- if not, please excuse me for being so bold and be so kind and forward it to the correct list. Thank you!
But back to topic, my first question is about the history and status of the CAS project. I'm quite confused about CAS version 2 (and as we focus on version 2 in the article, i'm keen on getting this right). If i read the web site and parts of the mailing list correctly, the yale distribution of CAS and the JA-SIG distribution are roughly the same. Is this correct? If not, what is the difference? CAS is an authentication service and therefore does not offer any authorization functionality; so the philosophy for performing authorization is to create a custom component that does authorization based on the username provided by the CAS authentication? What about Cross Domain SSO? This should not be a problem as no cookies are involved but all ST's and PT's are transmitted via GET- requests. Do you know of cases where a CAS based CDSSO has successfully been introduced? My next question is about the logout functionality. CAS version 2 supports logout, but can only enforce deletion of the TGC and destruction of the session of the application requesting the logout while all other authenticated session remain intact. So may i conclude there is no "global logout" for CAS 2 (at least vanilla CAS)? My final question: Is it correct that basically every service may participate in a CAS based SSO network without any ... well ... registration? I found a page in the deeps of the wiki concerning this (http://www.ja-sig.org/wiki/display/CAS2/Registered+services%2C+Global +logoff%2C+Service-specific+includes) but it's not part of vanilla CAS 2? Please correct me if i got anything wrong, i'd hate to write some wrong facts about your great project. :) Thank you very much in advance for all answers. Regards, - --------- BEGIN SIGNATURE ---------- Jakob Külzer OPTIMAbit GmbH, Amtsgericht Muenchen HRB 154057, Geschaeftsfuehrer Dr. Bruce Sams Weidenweg 2 85375 Neufahrn GERMANY mail: [EMAIL PROTECTED] tel: +49 (0) 8165 65095 web: www.optimabit.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) iD8DBQFHYT3DLFnyZ4/kHZ4RAmWnAJ98qX2v7e2WwITLA/VbVDKhQ1/M4ACfcfiD ugm1R3f+5jMhFmVDtxQQuhU= =FKSl -----END PGP SIGNATURE----- _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
