The University of Connecticut is successfully using CAS with a number of external vendor applications. So, in this regard, we are acting as the "Identity Provider" to "Service Providers" all across the Internet. This has been a very positive experience, as the extranet applications can appear to be part of our service environment.
Acting as a Service Provider, allowing OpenID authentication is sufficient if you trust users to *each* be their own "Identity Provider" -- but there are risks that need to be considered. My biggest one -- how do you vet the identity of the user, and the security of their OpenID provider? Running CAS as a single Identity Provider has very little cost, and the benefits are centralized, well-vetted identity, maintained by experienced system administrators. HTH, -Matt On Fri, 2008-01-18 at 13:11 -0400, David Pratt wrote: > Hi. I am generally familiar with the use of CAS authentication for the > intranets. As such I had not properly considered it for a larger > Internet application. Can or should CAS be used in the wild for internet > applications as single sign on? > > Overall, OpenID is emerging in this area as a potential generic > standard. Despite this, I would welcome any insight in using CAS for a > larger scale web application for Internet authentication. All the > largest providers like Google, Yahoo, Microsoft all have their own brand > of authentication - but the mechanisms are very CAS-like. > > If it can be used, anything things to watch out for, or anyone already > doing this that can shed light on how it may be working. Any links to > documents or blogs articles as reference would be appreciated. No lack > of information on general mechanism of CAS on Google, just anything > specific about using it as Internet single sign on. Many thanks. > > Regards > David > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas -- Matt Smith [EMAIL PROTECTED] University Information Technology Services (UITS) University of Connecticut PGP Key ID: 0xE9C5244E
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
