We are will be rolling CAS 3.3 to BYU campus community in the next month. We would like to encourage adoption by the other campus IT shops so that BYU can reap the benefits of CAS.
There is interest in restricting CAS using services management. As we have looked at the problem, there seem to be a couple obvious solutions. First, restrict all access and allow campus applications to use CAS in a pre-registration model (eg. white list of first-class citizens). My hesitation with a white list is there is the temptation for our operation staff and security administrators to be heavy handed and the pre-registration process becomes to painful to get CAS access. BYU hasn't had any luck with pre-registration models. Also, the rule set in white lists can become unwieldy when the rule set is large. On the other hand we could allow all campus application access to CAS and black list those applications that are problems. Both techniques have the pros and cons. I was curious of people are currently doing as far as Service Management rules and what worked or didn't. Thanks! tom -- ******************************** Tom Freestone ([EMAIL PROTECTED]) Engineering Office of Information Technology Brigham Young University ******************************** _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
